Jump to content

Marathoner

Members
  • Posts

    17
  • Joined

  • Last visited

Reputation

0 Neutral
  1. One of my laptops, running Win7, is getting a popup message constantly, that IE access to 95.211.94.7 has been blocked. When I looked up this address, I found that it is registered to Megaupload. As far as I can tell, the computer is not being used for uploading or downloading anything from megaupload. I can't find a service, file or registry entry related to Megaupload, so I don't know how to stop IE from accessing this, and hence stop the messages. Any suggestions? Thanks
  2. I found a website about this for Toshiba laptops. The flashes are giving a code, but I may have somehow managed to fry the motherboard or at least a power supply.
  3. Things are getting weirder and weirder. I didn't see fdisk in the recovery help list, so I tried one of the other options. Since the other option seemed to reinstall XP, I said no and it went to reboot. I wanted to shut it down, so I held the power button. Now if I hit the power button, I get 12 flashes of the battery light and nothing else. Help!
  4. Finally got a boot disk and did that. Now I get invalid partition table. Did this just completely hose my disk?
  5. Also, if I go into the device manager after booting from the CD, I can see the disk drive. It's just not mounted to C:
  6. In the BIOS utility, it says that there is a hard disk drive - HTS541080G9Sa00- (S1)
  7. Can't do it. When I boot from the BartPE disk, I apparently don't get a C: disk. I tried the check disk app, and it told me that there wasn't a C disk. When I checked "My computer", I also don't see a C:.
  8. Obviously, I can't do this on the infected system. Am I supposed to build one of these on another system? I'm not sure if I still have the install disks. I'll have to check. Also, as I've been saying, the current fail is very early in the boot process. I'm not sure that it will even be able to read a disk.
  9. As I said above, I've been running in safe mode, up to the last problem. When the last message appeared, I tried to get into safe mode, but I think the fail is occurring even earlier in the boot sequence, since I couldn't get the menu.
  10. bad news: We couldn't run the uninstaller in safe mode, so we booted up into normal mode. We did the uninstall, and then started the combo-fix run, still in normal mode. One of the symptoms of the problem with the computer has been that in normal (not safe) mode, it goes to an unresponsive black screen after a while. It just did that during the combo-fix run. Unfortunately, now it doesn't boot, and gives the message Intel UNDI, PXE-2.1 (Build 082) © 1997-2000 Intel Corp. For Realtek RTL8100E/8101E Fast Ethernet Network Adapter V1.01 (051222) PXE-E61: Media test failure, check cable PXE-N0F: Exiting PXE ROM Operating System not found Am I completely hosed now? Marathoner
  11. Thanks. I restarted my query with more complete info in a new thread, so I'm going to close this one.
  12. Borislav: Thanks for your help. Here are the logs. I'm running the scan again to see if the removal of the two Hijack items worked this time, since there was another item found. Malwarebytes' Anti-Malware 1.44 Database version: 3718 Windows 5.1.2600 Service Pack 3 (Safe Mode) Internet Explorer 7.0.5730.13 2/9/2010 8:46:24 PM mbam-log-2010-02-09 (20-46-24).txt Scan type: Full Scan (C:\|) Objects scanned: 318258 Time elapsed: 55 minute(s), 12 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 2 Folders Infected: 0 Files Infected: 1 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\BITS\ImagePath (Hijack.WindowsUpdates) -> Bad: (%fystemRoot%\system32\svchost.exe -k netsvcs) Good: (%SystemRoot%\System32\svchost.exe -k netsvcs) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\wuauserv\ImagePath (Hijack.WindowsUpdates) -> Bad: (%fystemroot%\system32\svchost.exe -k netsvcs) Good: (%SystemRoot%\System32\svchost.exe -k netsvcs) -> Quarantined and deleted successfully. Folders Infected: (No malicious items detected) Files Infected: C:\WINDOWS\Temp\26.tmp (Trojan.Dropper) -> Quarantined and deleted successfully. DDS (Ver_09-12-01.01) - NTFSx86 NETWORK Run by Administrator at 20:50:29.06 on Tue 02/09/2010 Internet Explorer: 7.0.5730.13 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2550.2019 [GMT -8:00] ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\system32\svchost.exe -k netsvcs svchost.exe C:\Program Files\AVG\AVG9\avgchsvx.exe svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe E:\dds.scr ============== Pseudo HJT Report =============== uStart Page = hxxp://www.toshibadirect.com/dpdstart uSearch Bar = hxxp://www.google.com/ie uSearch Page = hxxp://www.google.com uInternet Connection Wizard,ShellNext = hxxp://yme.music.yahoo.com/uninstallForm.asp mSearchAssistant = hxxp://www.google.com/ie mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_06\bin\ssv.dll BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll BHO: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.1203.0\msneshellx.dll TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg9\toolbar\IEToolbar.dll TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.1203.0\msneshellx.dll EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [TOSCDSPD] c:\program files\toshiba\toscdspd\toscdspd.exe uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background mRun: [THotkey] c:\program files\toshiba\toshiba applet\thotkey.exe mRun: [skyTel] SkyTel.EXE mRun: [NDSTray.exe] NDSTray.exe mRun: [DDWMon] c:\program files\toshiba\toshiba direct disc writer\\ddwmon.exe mRun: [RTHDCPL] RTHDCPL.EXE mRun: [Alcmtr] ALCMTR.EXE mRun: [igfxtray] c:\windows\system32\igfxtray.exe mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe mRun: [igfxpers] c:\windows\system32\igfxpers.exe mRun: [ehTray] c:\windows\ehome\ehtray.exe mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe mRun: [LtMoh] c:\program files\ltmoh\Ltmoh.exe mRun: [AGRSMMSG] AGRSMMSG.exe mRun: [TPSMain] TPSMain.exe mRun: [PadTouch] c:\program files\toshiba\touch and launch\PadExe.exe mRun: [TFncKy] TFncKy.exe mRun: [Tvs] c:\program files\toshiba\tvs\TvsTray.exe mRun: [smoothView] c:\program files\toshiba\toshiba zooming utility\SmoothView.exe mRun: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run mRun: [intelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe" mRun: [intelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless mRun: [MSKDetectorExe] c:\program files\mcafee\spamkiller\MSKDetct.exe /uninstall mRun: [CFSServ.exe] CFSServ.exe -NoClient mRun: [LogitechCommunicationsManager] "c:\program files\common files\logishrd\lcommgr\Communications_Helper.exe" mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\quickcam\Quickcam.exe" /hide mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~2.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ramasst.lnk - c:\windows\system32\RAMASST.exe dPolicies-explorer: NoSetActiveDesktop = 1 (0x1) dPolicies-explorer: NoActiveDesktopChanges = 1 (0x1) dPolicies-system: DisableTaskMgr = 1 (0x1) IE: &Google Search - c:\program files\google\GoogleToolbar1.dll/cmsearch.html IE: &Translate English Word - c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html IE: Backward Links - c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html IE: Cached Snapshot of Page - c:\program files\google\GoogleToolbar1.dll/cmcache.html IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000 IE: Similar Pages - c:\program files\google\GoogleToolbar1.dll/cmsimilar.html IE: Translate Page into English - c:\program files\google\GoogleToolbar1.dll/cmtrans.html IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_06\bin\ssv.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1238885879703 DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1238891534687 DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL Notify: avgrsstarter - avgrsstx.dll Notify: igfxcui - igfxdev.dll Hosts: 209.44.111.62 antispy.microsoft.com Hosts: 209.44.111.62 antiaware-pro.com Hosts: 209.44.111.62 www.antiaware-pro.com ================= FIREFOX =================== FF - ProfilePath - ---- FIREFOX POLICIES ---- c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true); ============= SERVICES / DRIVERS =============== R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2009-4-4 161800] R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-4-4 360584] S1 2443184e;2443184e;c:\windows\system32\drivers\2443184e.sys [2009-7-1 0] S1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-4-4 333192] S1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-4-4 28424] S2 ASKService;ASKService;c:\program files\askbardis\bar\bin\AskService.exe [2009-5-31 464264] S2 ASKUpgrade;ASKUpgrade;c:\program files\askbardis\bar\bin\ASKUpgrade.exe [2009-5-31 234888] S2 avg9wd;AVG WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-1-3 285392] S2 gupdate1ca91c36d6ca8;Google Update Service (gupdate1ca91c36d6ca8);c:\program files\google\update\GoogleUpdate.exe [2010-1-9 133104] S2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328] S2 tdudf;TOSHIBA UDF File System Driver;c:\windows\system32\drivers\tdudf.sys [2006-6-28 98816] S3 {432C1324-9DED-4418-92F499053769448A};{432C1324-9DED-4418-92F499053769448A};\??\c:\windows\temp\27.tmp --> c:\windows\temp\27.tmp [?] S3 {DDF23EE7-54C2-46EC-A86A0722EA189FB0};{DDF23EE7-54C2-46EC-A86A0722EA189FB0};c:\windows\system32\svchost.exe -k netsvcs [2006-7-18 14336] S3 SVRPEDRV;SVRPEDRV;\??\c:\sysprep\pedrv.sys --> c:\sysprep\PEDrv.sys [?] =============== Created Last 30 ================ 2010-02-08 14:27:59 0 d-----w- c:\docume~1\admini~1\applic~1\Malwarebytes 2010-02-08 01:47:30 0 ----a-w- c:\documents and settings\administrator\defogger_reenable 2010-01-22 03:29:12 0 d-----w- c:\program files\common files\Remote Control Software Common 2010-01-22 03:27:48 0 d-----w- c:\program files\common files\Remote Control USB Driver 2010-01-14 00:09:14 0 d-----w- C:\Downloads ==================== Find3M ==================== 2010-01-08 00:07:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-01-08 00:07:04 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-01-03 21:36:32 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys 2010-01-03 21:36:32 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2010-01-03 21:36:10 161800 ----a-w- c:\windows\system32\drivers\avgrkx86.sys 2010-01-03 21:36:10 12464 ----a-w- c:\windows\system32\avgrsstx.dll 2010-01-02 04:32:06 60248 ---ha-w- c:\windows\system32\mlfcache.dat 2009-05-25 22:43:13 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009052520090526\index.dat 2009-06-12 06:36:56 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009061120090612\index.dat 2009-06-15 05:13:09 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009061420090615\index.dat ============= FINISH: 20:51:09.59 ===============
  13. I've been infected with Hijack.Windows.Updates. Repeated runs of MalwareBytes don't seem to be effective in removing it. Attached find MBAM, DDS and GMER logs. DDS (Ver_09-12-01.01) - NTFSx86 NETWORK Run by Administrator at 17:48:31.23 on Sun 02/07/2010 Internet Explorer: 7.0.5730.13 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2550.2063 [GMT -8:00] ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\system32\svchost.exe -k netsvcs C:\Program Files\AVG\AVG9\avgchsvx.exe svchost.exe svchost.exe C:\WINDOWS\Explorer.EXE E:\dds.scr ============== Pseudo HJT Report =============== uStart Page = hxxp://www.toshibadirect.com/dpdstart uSearch Bar = hxxp://www.google.com/ie uSearch Page = hxxp://www.google.com uInternet Connection Wizard,ShellNext = hxxp://yme.music.yahoo.com/uninstallForm.asp mSearchAssistant = hxxp://www.google.com/ie mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_06\bin\ssv.dll BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll BHO: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.1203.0\msneshellx.dll TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg9\toolbar\IEToolbar.dll TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.1203.0\msneshellx.dll EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [TOSCDSPD] c:\program files\toshiba\toscdspd\toscdspd.exe uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background mRun: [THotkey] c:\program files\toshiba\toshiba applet\thotkey.exe mRun: [skyTel] SkyTel.EXE mRun: [NDSTray.exe] NDSTray.exe mRun: [DDWMon] c:\program files\toshiba\toshiba direct disc writer\\ddwmon.exe mRun: [RTHDCPL] RTHDCPL.EXE mRun: [Alcmtr] ALCMTR.EXE mRun: [igfxtray] c:\windows\system32\igfxtray.exe mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe mRun: [igfxpers] c:\windows\system32\igfxpers.exe mRun: [ehTray] c:\windows\ehome\ehtray.exe mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe mRun: [LtMoh] c:\program files\ltmoh\Ltmoh.exe mRun: [AGRSMMSG] AGRSMMSG.exe mRun: [TPSMain] TPSMain.exe mRun: [PadTouch] c:\program files\toshiba\touch and launch\PadExe.exe mRun: [TFncKy] TFncKy.exe mRun: [Tvs] c:\program files\toshiba\tvs\TvsTray.exe mRun: [smoothView] c:\program files\toshiba\toshiba zooming utility\SmoothView.exe mRun: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run mRun: [intelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe" mRun: [intelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless mRun: [MSKDetectorExe] c:\program files\mcafee\spamkiller\MSKDetct.exe /uninstall mRun: [CFSServ.exe] CFSServ.exe -NoClient mRun: [LogitechCommunicationsManager] "c:\program files\common files\logishrd\lcommgr\Communications_Helper.exe" mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\quickcam\Quickcam.exe" /hide mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~2.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ramasst.lnk - c:\windows\system32\RAMASST.exe dPolicies-explorer: NoSetActiveDesktop = 1 (0x1) dPolicies-explorer: NoActiveDesktopChanges = 1 (0x1) dPolicies-system: DisableTaskMgr = 1 (0x1) IE: &Google Search - c:\program files\google\GoogleToolbar1.dll/cmsearch.html IE: &Translate English Word - c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html IE: Backward Links - c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html IE: Cached Snapshot of Page - c:\program files\google\GoogleToolbar1.dll/cmcache.html IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000 IE: Similar Pages - c:\program files\google\GoogleToolbar1.dll/cmsimilar.html IE: Translate Page into English - c:\program files\google\GoogleToolbar1.dll/cmtrans.html IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_06\bin\ssv.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1238885879703 DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1238891534687 DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL Notify: avgrsstarter - avgrsstx.dll Notify: igfxcui - igfxdev.dll Hosts: 209.44.111.62 antispy.microsoft.com Hosts: 209.44.111.62 antiaware-pro.com Hosts: 209.44.111.62 www.antiaware-pro.com ================= FIREFOX =================== FF - ProfilePath - ---- FIREFOX POLICIES ---- c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true); ============= SERVICES / DRIVERS =============== R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2009-4-4 161800] R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-4-4 360584] S1 2443184e;2443184e;c:\windows\system32\drivers\2443184e.sys [2009-7-1 0] S1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-4-4 333192] S1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-4-4 28424] S2 ASKService;ASKService;c:\program files\askbardis\bar\bin\AskService.exe [2009-5-31 464264] S2 ASKUpgrade;ASKUpgrade;c:\program files\askbardis\bar\bin\ASKUpgrade.exe [2009-5-31 234888] S2 avg9wd;AVG WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-1-3 285392] S2 gupdate1ca91c36d6ca8;Google Update Service (gupdate1ca91c36d6ca8);c:\program files\google\update\GoogleUpdate.exe [2010-1-9 133104] S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-1-2 235344] S2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328] S2 tdudf;TOSHIBA UDF File System Driver;c:\windows\system32\drivers\tdudf.sys [2006-6-28 98816] S3 {432C1324-9DED-4418-92F499053769448A};{432C1324-9DED-4418-92F499053769448A};\??\c:\windows\temp\27.tmp --> c:\windows\temp\27.tmp [?] S3 {DDF23EE7-54C2-46EC-A86A0722EA189FB0};{DDF23EE7-54C2-46EC-A86A0722EA189FB0};c:\windows\system32\svchost.exe -k netsvcs [2006-7-18 14336] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-1-2 19160] S3 SVRPEDRV;SVRPEDRV;\??\c:\sysprep\pedrv.sys --> c:\sysprep\PEDrv.sys [?] =============== Created Last 30 ================ 2010-02-08 01:47:30 0 ----a-w- c:\documents and settings\administrator\defogger_reenable 2010-01-22 03:29:12 0 d-----w- c:\program files\common files\Remote Control Software Common 2010-01-22 03:27:48 0 d-----w- c:\program files\common files\Remote Control USB Driver 2010-01-14 00:09:14 0 d-----w- C:\Downloads ==================== Find3M ==================== 2010-01-03 21:36:32 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys 2010-01-03 21:36:32 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2010-01-03 21:36:10 161800 ----a-w- c:\windows\system32\drivers\avgrkx86.sys 2010-01-03 21:36:10 12464 ----a-w- c:\windows\system32\avgrsstx.dll 2010-01-02 04:32:06 60248 ---ha-w- c:\windows\system32\mlfcache.dat 2009-12-30 22:55:24 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-12-30 22:54:58 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-05-25 22:43:13 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009052520090526\index.dat 2009-06-12 06:36:56 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009061120090612\index.dat 2009-06-15 05:13:09 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009061420090615\index.dat ============= FINISH: 17:49:23.39 =============== Malwarebytes' Anti-Malware 1.43 Database version: 3458 Windows 5.1.2600 Service Pack 3 (Safe Mode) Internet Explorer 7.0.5730.13 2/8/2010 10:10:34 PM mbam-log-2010-02-08 (22-10-21).txt Scan type: Full Scan (C:\|) Objects scanned: 310657 Time elapsed: 56 minute(s), 20 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 2 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\BITS\ImagePath (Hijack.WindowsUpdates) -> Bad: (%fystemRoot%\system32\svchost.exe -k netsvcs) Good: (%SystemRoot%\System32\svchost.exe -k netsvcs) -> No action taken. HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\wuauserv\ImagePath (Hijack.WindowsUpdates) -> Bad: (%fystemroot%\system32\svchost.exe -k netsvcs) Good: (%SystemRoot%\System32\svchost.exe -k netsvcs) -> No action taken. Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) Attach.zip
  14. I tried posting this once before, but I don't see it in the list, so please forgive me if this is a repeat. I have an XP laptop that had a problem with the screen going unrecoverably blank after a few minutes. I ended up running MBAM in safe mode, since the computer wouldn't stay up long enough in normal mode to run a scan. When I did, I discovered 2 Hijack.WindowsUpdates infections. I removed them and reran MBAM, whereupon I found them again. So I think I need something stronger. Please lend me what help you can. Thanks
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.