Jump to content

Recommended Posts

I ran the two things told to run but the system will not let me install malwarebytes it keeps saying denied but I do have it installed on my system from before this.

Here is one of the attachments:

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702

Run by cherida at 9:16:23 on 2011-11-29

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.883 [GMT -6:00]

.

AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}

AV: Symantec AntiVirus Corporate Edition *Enabled/Outdated* {FB06448E-52B8-493A-90F3-E43226D3305C}

FW: Webroot Desktop Firewall *Enabled*

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

svchost.exe

svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe

C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe

C:\WINDOWS\system32\CSHelper.exe

C:\Program Files\Symantec AntiVirus\DefWatch.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\Program Files\PDF Complete\pdfsvc.exe

C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\Program Files\Spyware Doctor\pctsAuxs.exe

c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\Program Files\Symantec AntiVirus\Rtvscan.exe

C:\Webroot\Spy Sweeper\SpySweeper.exe

C:\Program Files\AT&T Inc\AT&T Tech Support 360 Desktop Client\PCMonitoringService.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\PDF Complete\pdfsty.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\PROGRA~1\SYMANT~1\VPTray.exe

C:\WINDOWS\SMINST\Scheduler.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Nuance\PaperPort\pptd40nt.exe

C:\Program Files\Nuance\PDF Viewer Plus\pdfpro5hook.exe

C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe

C:\Documents and Settings\All Users\Application Data\GGyfLFDEWNT.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Documents and Settings\All Users\Application Data\FLEXnet\Connect\11\ISUSPM.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\zstatus.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

C:\Documents and Settings\All Users\Application Data\mKJvxrPC10jOni.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Spyware Doctor\pctsSvc.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com

uSearch Page = hxxp://www.google.com

uSearch Bar = hxxp://www.google.com/ie

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

mSearch Bar =

uInternet Settings,ProxyServer = 127.0.0.1:81

uInternet Settings,ProxyOverride = local

uSearchAssistant = hxxp://www.google.com/ie

uCustomizeSearch =

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

mSearchAssistant = hxxp://www.google.com/ie

mURLSearchHooks: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - c:\program files\adawaretb\adawareDx.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll

BHO: {37153479-1976-43c3-a1ee-557513977b64} - No File

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll

BHO: PlusIEEventHelper Class: {551a852f-39a6-44a7-9c13-afbec9185a9d} - c:\program files\nuance\pdf viewer plus\bin\PlusIEContextMenu.dll

BHO: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - c:\program files\adawaretb\adawareDx.dll

BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_06\bin\ssv.dll

BHO: {8CA5ED52-F3FB-4414-A105-2E3491156990} - No File

BHO: {E8DAAA30-6CAA-4b58-9603-8E54238219E2} - No File

BHO: {F0626A63-410B-45E2-99A1-3F2475B2D695} - No File

TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll

TB: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - c:\program files\adawaretb\adawareDx.dll

TB: {5BED3930-2E9E-76D8-BACC-80DF2188D455} - No File

uRun: [spySweeper] "e:\webroot\spy sweeper\SpySweeper.exe" /0

uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background

uRun: [spybotSD TeaTimer] "c:\program files\spybot - search & destroy\TeaTimer.exe"

uRun: [Google Update] "c:\documents and settings\cherida\local settings\application data\google\update\GoogleUpdate.exe" /c

uRun: [ProxyWay] c:\program files\proxyway\proxyway.exe

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [Easy Dock] c:\documents and settings\cherida\my documents\rca easyrip\EZDock.exe

uRun: [AT&&T Backup and Go] "c:\program files\tech360\backupandgo\BackupAndGoAgent.exe" -boot

uRun: [iSUSPM] c:\documents and settings\all users\application data\flexnet\connect\11\ISUSPM.exe -scheduler

uRun: [ApplecfgSched] rundll32.exe "c:\documents and settings\cherida\local settings\application data\catdbmainagent\ApplecfgSched.dll",usrmapAgent iecfgman

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [PDF Complete] "c:\program files\pdf complete\pdfsty.exe"

mRun: [sDMSSplash] "c:\program files\hp_sdms\sdmssplash\launcher.exe" "launchdir=c:\program files\hp_sdms\SDMSSplash"

mRun: [setRefresh] "c:\program files\compaq\setrefresh\SetRefresh.exe"

mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"

mRun: [vptray] c:\progra~1\symant~1\VPTray.exe

mRun: [Recguard] c:\windows\sminst\Recguard.exe

mRun: [Reminder] c:\windows\creator\Remind_XP.exe

mRun: [scheduler] c:\windows\sminst\Scheduler.exe

mRun: [hp 1000 firmware] "c:\program files\hp laserjet 1000\fwdl.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot

mRun: [iSTray] "c:\program files\spyware doctor\pctsTray.exe"

mRun: [Easy Dock]

mRun: [indexSearch] "c:\program files\nuance\paperport\IndexSearch.exe"

mRun: [PaperPort PTD] "c:\program files\nuance\paperport\pptd40nt.exe"

mRun: [PPort12reminder] "c:\program files\nuance\paperport\ereg\ereg.exe" -r "c:\documents and settings\all users\application data\scansoft\paperport\12\config\ereg\Ereg.ini"

mRun: [PDFHook] c:\program files\nuance\pdf viewer plus\pdfpro5hook.exe

mRun: [PDF5 Registry Controller] c:\program files\nuance\pdf viewer plus\RegistryController.exe

mRun: [Ad-Aware Browsing Protection] "c:\documents and settings\all users\application data\ad-aware browsing protection\adawarebp.exe"

mRun: [GGyfLFDEWNT.exe] c:\documents and settings\all users\application data\GGyfLFDEWNT.exe

StartupFolder: c:\docume~1\cherida\startm~1\programs\startup\at&tte~1.lnk - c:\program files\at&t inc\at&t tech support 360 desktop client\DesktopClient.exe

StartupFolder: c:\docume~1\cherida\startm~1\programs\startup\doodad~1.lnk - c:\program files\doodad2\Doodad2Lite.exe

uPolicies-explorer: NoDesktop = 1 (0x1)

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000

IE: Open with PDF Viewer Plus - c:\program files\nuance\pdf viewer plus\bin\PlusIEContextMenu.dll/PlusIEContextMenu.htm

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_06\bin\ssv.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll

LSP: c:\program files\common files\pc tools\lsp\PCTLsp.dll

DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab

DPF: {41F841C1-AE16-11D5-8817-0050DA6EF5E5} - hxxps://www.vestica.com/services/SPR32X60.cab

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1177202509218

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1178036078877

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab

DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

DPF: {D99BE4AD-A0AF-54E3-BF0E-904D5456A190} - hxxps://www.ntradmin.com/main2/mod/beta0/plugins/npNTRPlugin22046.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 192.168.1.254

TCP: Interfaces\{7A29C289-D273-488C-BBB5-778697FB5E0E} : NameServer = 127.0.0.1,192.168.1.254

TCP: Interfaces\{7A29C289-D273-488C-BBB5-778697FB5E0E} : DhcpNameServer = 192.168.1.254

Notify: igfxcui - igfxdev.dll

Notify: NavLogon - c:\windows\system32\NavLogon.dll

Notify: WRNotifier - WRLogonNTF.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

Hosts: 127.0.0.1 www.spywareinfo.com

.

============= SERVICES / DRIVERS ===============

.

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-3-26 64512]

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-3-5 207280]

R1 pwipf2;pwipf2;c:\windows\system32\drivers\pwipf2.sys [2007-4-26 32768]

R1 SAVRT;SAVRT;c:\program files\symantec antivirus\savrt.sys [2005-2-4 324232]

R1 SAVRTPEL;SAVRTPEL;c:\program files\symantec antivirus\Savrtpel.sys [2005-2-4 53896]

R2 ATTMonitoringService;AT&T Monitoring Service;c:\program files\at&t inc\at&t tech support 360 desktop client\PCMonitoringService.exe [2010-7-8 14456]

R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\spyware doctor\bdt\BDTUpdateService.exe [2010-3-5 112592]

R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2005-12-21 186016]

R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2005-12-21 177824]

R2 CSHelper;CopySafe Helper Service;c:\windows\system32\CSHelper.exe [2009-8-4 266240]

R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2011-11-3 2152152]

R2 pdfcDispatcher;PDF Document Manager;c:\program files\pdf complete\pdfsvc.exe [2007-3-10 535064]

R2 PDFProFiltSrvPP;PDFProFiltSrvPP;c:\program files\nuance\paperport\PDFProFiltSrvPP.exe [2010-3-8 144672]

R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2010-3-5 365280]

R2 Symantec AntiVirus;Symantec AntiVirus;c:\program files\symantec antivirus\Rtvscan.exe [2006-7-14 1730288]

R2 WebrootSpySweeperService;Webroot Spy Sweeper Engine;c:\webroot\spy sweeper\SpySweeper.exe [2007-4-26 3572592]

R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20070715.002\naveng.sys [2007-7-16 77688]

R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20070715.002\navex15.sys [2007-7-16 852824]

S2 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2010-3-5 1141712]

S3 ccPwdSvc;Symantec Password Validation;c:\program files\common files\symantec shared\ccPwdSvc.exe [2005-12-21 83616]

S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2011-11-3 15232]

S3 SavRoam;SAVRoam;c:\program files\symantec antivirus\SavRoam.exe [2006-7-14 124656]

S3 VtcDrv;Philips SA60xx Recovery Device;c:\windows\system32\drivers\vtcdrv.sys [2008-7-1 18560]

S3 WebrootDesktopFirewallDataService;Webroot Desktop Firewall Data Service;c:\program files\webroot\desktop firewall\WDFDataService.exe [2007-4-26 665600]

S3 WebrootFirewall;Webroot Desktop Firewall;c:\program files\webroot\desktop firewall\FirewallNTService.exe [2007-4-26 192512]

.

=============== Created Last 30 ================

.

.

==================== Find3M ====================

.

2011-11-03 18:06:56 64512 ---ha-w- c:\windows\system32\drivers\Lbd.sys

2011-10-10 14:22:41 692736 ---ha-w- c:\windows\system32\inetcomm.dll

2011-09-28 07:06:50 599040 ---ha-w- c:\windows\system32\crypt32.dll

2011-09-26 16:41:20 611328 ---ha-w- c:\windows\system32\uiautomationcore.dll

2011-09-26 16:41:20 220160 ---ha-w- c:\windows\system32\oleacc.dll

2011-09-26 16:41:14 20480 ---ha-w- c:\windows\system32\oleaccrc.dll

2011-09-06 13:20:51 1858944 ---ha-w- c:\windows\system32\win32k.sys

2011-09-02 14:17:40 398760 ---ha-r- c:\windows\system32\cpnprt2.cid

.

============= FINISH: 9:17:50.79 ===============

The other one said not to attach it I guess. I do not know if I did this right but any help would be appreciated. Thank you.

I also am having a problem starting in safe mode. It keeps telling me I need a password but my password is not working so I have to keep opening in normal.

Link to post
Share on other sites

Hello and :welcome:

Please post me also attach.txt

COMBOFIX

---------------

Please download ComboFix from one of these locations:


Bleepingcomputer
ForoSpyware

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Query_RC.gif

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

RC_successful.gif

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\Combofix.txt in your next reply.

We need to scan the system with this special tool:

* Please download and save:

Junction.zip

* Unzip it and place Junction.exe in the Windows directory (C:\Windows).

* Go to Start => Run... => Copy and paste the following command in the Run box and click OK:

cmd /c junction -s c:\ >log.txt&log.txt& del log.txt

A command window opens starting to scan the system. Wait until a log file opens. Copy and paste the log in your next reply.

Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.