Jump to content

cant run hjt, mbam or gmer..


Recommended Posts

Hi,

I went through the steps of Im infected - What do I do now?..

MBAM closes after a few seconds

DeFogger ran, said it was finished, but never prompted me to restart

DDS ran and gave me the two reports

GMER closed after I clicked on the scan button, and when I tried to run it again I got an error - "Windows cannot access the specified device, path or file. You may not have the appropriate permissions to access the file."

Here is the DeFogger disable log just in case, as well as the DDS log. And I've attached the Attach log from DDS.

Thanks for the help!!!!

-Sean

DeFogger Log

--------------------------------

defogger_disable by jpshortstuff (23.02.10.1)

Log created at 13:46 on 19/10/2010 (Tom)

Checking for autostart values...

HKCU\~\Run values retrieved.

HKLM\~\Run values retrieved.

Checking for services/drivers...

SPTD -> Already disabled

-=E.O.F=-

---------------------------------

DDS Log

--------------------------------

DDS (Ver_10-10-10.03) - NTFSx86

Run by Tom at 14:01:28.03 on Tue 10/19/2010

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_18

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.894.128 [GMT -7:00]

AV: avast! antivirus 4.8.1229 [VPS 080930-0] *On-access scanning disabled* (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k rpcss

C:\WINDOWS\system32\svchost -k DcomLaunch

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

C:\WINDOWS\system32\svchost.exe -k NetworkService

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Visioneer\OneTouch 4.0\OtService.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

"C:\WINDOWS\system32\svchost.exe"

C:\WINDOWS\System32\alg.exe

"\\.\globalroot\Device\svchost.exe\svchost.exe"

C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\WINDOWS\login.exe

C:\WINDOWS\wininst.exe

C:\WINDOWS\win16.exe

C:\WINDOWS\mdm.exe

C:\WINDOWS\system.exe

C:\WINDOWS\sysedit.exe

C:\WINDOWS\user.exe

C:\WINDOWS\setup.exe

C:\WINDOWS\hexdump.exe

C:\WINDOWS\iexplarer.exe

C:\WINDOWS\win.exe

C:\WINDOWS\nvsvc32.exe

C:\WINDOWS\spoolsv.exe

C:\WINDOWS\taskmgr.exe

C:\WINDOWS\avp32.exe

C:\WINDOWS\drweb.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\login.exe

C:\WINDOWS\wininst.exe

C:\WINDOWS\win16.exe

C:\WINDOWS\mdm.exe

C:\WINDOWS\system.exe

C:\WINDOWS\sysedit.exe

C:\WINDOWS\user.exe

C:\WINDOWS\setup.exe

C:\WINDOWS\hexdump.exe

C:\WINDOWS\iexplarer.exe

C:\WINDOWS\win.exe

C:\WINDOWS\nvsvc32.exe

C:\WINDOWS\spoolsv.exe

C:\WINDOWS\taskmgr.exe

C:\WINDOWS\avp32.exe

C:\WINDOWS\drweb.exe

C:\Program Files\WhiskeyMilitia\Desktop Alert\WM-Desktop-Alert.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\explorer.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\Documents and Settings\Tom\Desktop\dds.scr

============== Pseudo HJT Report ===============

uInternet Settings,ProxyOverride = <local>

BHO: c:\windows\system32\pwvrpzgte.dll: {d6ba40a1-a502-59bd-f413-04b03a2c8953} - c:\windows\system32\pwvrpzgte.dll

TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll

TB: Delicious Toolbar: {61d1c847-df80-423a-8c6d-dc03b97e6ebe} - c:\program files\delicious add-on for internet explorer\DeliciousExtension.dll

EB: Delicious Sidebar: {9d19c405-ba93-461b-871f-97992cc45972} - c:\program files\delicious add-on for internet explorer\DeliciousExtension.dll

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [Google Update] "c:\documents and settings\tom\local settings\application data\google\update\GoogleUpdate.exe" /c

uRun: [HNUjHTgph] c:\docume~1\tom\locals~1\temp\setup.exe

uRun: [MKcrc] c:\windows\login.exe

uRun: [MKfre] c:\windows\wininst.exe

uRun: [MKfPc] c:\windows\win16.exe

uRun: [MKayc] c:\windows\csrss.exe

uRun: [MKeg] c:\windows\smss.exe

uRun: [HNUjHTgruf] c:\docume~1\tom\locals~1\temp\wininst.exe

uRun: [MKcZ] c:\windows\mdm.exe

uRun: [HNUjHTgre] c:\docume~1\tom\locals~1\temp\smss.exe

uRun: [HNUjHTgoe] c:\docume~1\tom\locals~1\temp\avp.exe

uRun: [MKexe] c:\windows\system.exe

uRun: [HNUjHTgrvg] c:\docume~1\tom\locals~1\temp\spoolsv.exe

uRun: [HNUjHTgrsc] c:\docume~1\tom\locals~1\temp\winlogon.exe

uRun: [HNUjHTgrA] c:\docume~1\tom\locals~1\temp\win16.exe

uRun: [MKaZ] c:\windows\cmd.exe

uRun: [MKetc] c:\windows\sysedit.exe

uRun: [MKee] c:\windows\user.exe

uRun: [MKeta] c:\windows\services.exe

uRun: [HNUjHTgta] c:\docume~1\tom\locals~1\temp\user.exe

uRun: [MKevc] c:\windows\setup.exe

uRun: [MKbtc] c:\windows\hexdump.exe

uRun: [MKbuqc] c:\windows\iexplarer.exe

uRun: [HNUjHTgne] c:\docume~1\tom\locals~1\temp\mdm.exe

uRun: [HNUjHTglb] c:\docume~1\tom\locals~1\temp\debug.exe

uRun: [HNUjHTgmve] c:\docume~1\tom\locals~1\temp\hexdump.exe

uRun: [MKfa] c:\windows\win.exe

uRun: [MKfsc] c:\windows\winlogon.exe

uRun: [HNUjHTgrrc] c:\docume~1\tom\locals~1\temp\winamp.exe

uRun: [HNUjHTgpb] c:\docume~1\tom\locals~1\temp\login.exe

uRun: [MKdw+] c:\windows\nvsvc32.exe

uRun: [HNUjHTgoh] c:\docume~1\tom\locals~1\temp\csrss.exe

uRun: [MKeuf] c:\windows\spoolsv.exe

uRun: [HNUjHTgob] c:\docume~1\tom\locals~1\temp\drweb.exe

uRun: [HNUjHTgsfP] c:\docume~1\tom\locals~1\temp\nvsvc32.exe

uRun: [MKerb] c:\windows\taskmgr.exe

uRun: [MKZSc] c:\windows\avp32.exe

uRun: [MKese] c:\windows\svchost.exe

uRun: [MKasc] c:\windows\drweb.exe

uRun: [HNUjHTgotd] c:\docume~1\tom\locals~1\temp\install.exe

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe

mRun: [PaperPort PTD] "c:\program files\scansoft\paperport\pptd40nt.exe"

mRun: [hpbdfawep] c:\program files\hp\dfawep\bin\hpbdfawep.exe 1

mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [HNUjHTgph] c:\docume~1\tom\locals~1\temp\setup.exe

mRun: [MKcrc] c:\windows\login.exe

mRun: [MKfre] c:\windows\wininst.exe

mRun: [MKfPc] c:\windows\win16.exe

mRun: [MKayc] c:\windows\csrss.exe

mRun: [MKeg] c:\windows\smss.exe

mRun: [HNUjHTgruf] c:\docume~1\tom\locals~1\temp\wininst.exe

mRun: [MKcZ] c:\windows\mdm.exe

mRun: [HNUjHTgre] c:\docume~1\tom\locals~1\temp\smss.exe

mRun: [HNUjHTgoe] c:\docume~1\tom\locals~1\temp\avp.exe

mRun: [MKexe] c:\windows\system.exe

mRun: [HNUjHTgrvg] c:\docume~1\tom\locals~1\temp\spoolsv.exe

mRun: [HNUjHTgrsc] c:\docume~1\tom\locals~1\temp\winlogon.exe

mRun: [HNUjHTgrA] c:\docume~1\tom\locals~1\temp\win16.exe

mRun: [MKaZ] c:\windows\cmd.exe

mRun: [MKetc] c:\windows\sysedit.exe

mRun: [MKee] c:\windows\user.exe

mRun: [MKeta] c:\windows\services.exe

mRun: [HNUjHTgta] c:\docume~1\tom\locals~1\temp\user.exe

mRun: [MKevc] c:\windows\setup.exe

mRun: [MKbtc] c:\windows\hexdump.exe

mRun: [MKbuqc] c:\windows\iexplarer.exe

mRun: [HNUjHTgne] c:\docume~1\tom\locals~1\temp\mdm.exe

mRun: [HNUjHTglb] c:\docume~1\tom\locals~1\temp\debug.exe

mRun: [HNUjHTgmve] c:\docume~1\tom\locals~1\temp\hexdump.exe

mRun: [MKfa] c:\windows\win.exe

mRun: [MKfsc] c:\windows\winlogon.exe

mRun: [HNUjHTgrrc] c:\docume~1\tom\locals~1\temp\winamp.exe

mRun: [HNUjHTgpb] c:\docume~1\tom\locals~1\temp\login.exe

mRun: [MKdw+] c:\windows\nvsvc32.exe

mRun: [HNUjHTgoh] c:\docume~1\tom\locals~1\temp\csrss.exe

mRun: [MKeuf] c:\windows\spoolsv.exe

mRun: [HNUjHTgob] c:\docume~1\tom\locals~1\temp\drweb.exe

mRun: [HNUjHTgsfP] c:\docume~1\tom\locals~1\temp\nvsvc32.exe

mRun: [MKerb] c:\windows\taskmgr.exe

mRun: [MKZSc] c:\windows\avp32.exe

mRun: [MKese] c:\windows\svchost.exe

mRun: [MKasc] c:\windows\drweb.exe

mRun: [HNUjHTgotd] c:\docume~1\tom\locals~1\temp\install.exe

dRunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N

mExplorerRun: [RTHDBPL] c:\documents and settings\tom\application data\systemproc\lsass.exe

StartupFolder: c:\docume~1\tom\startm~1\programs\startup\limewi~1.lnk - c:\program files\limewire\LimeWire.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wm-des~1.lnk - c:\program files\whiskeymilitia\desktop alert\WM-Desktop-Alert.exe

uPolicies-explorer: NoFolderOptions = 1 (0x1)

uPolicies-system: DisableRegistryTools = 1 (0x1)

dPolicies-explorer: ForceClassicControlPanel = 1 (0x1)

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture

Attach.zip

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.