Mustang_Sally

Members
  • Content count

    8
  • Joined

  • Last visited

About Mustang_Sally

  • Rank
    New Member

Contact Methods

  • ICQ
    0

Profile Information

  • Location
    between a rock and a hard place
  1. Thank-you so very much!! I think things are running fine now. Here is the log from NOD32... ESETSmartInstaller@High as CAB hook log: OnlineScanner.ocx - registred OK # version=6 # iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339) # OnlineScanner.ocx=1.0.0.6050 # api_version=3.0.2 # EOSSerial=9909393678047945974fc495022d025c # end=finished # remove_checked=false # archives_checked=false # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2009-10-06 11:56:32 # local_time=2009-10-06 05:56:32 (-0600, Canada Central Standard Time) # country="Canada" # lang=1033 # osver=6.0.6001 NT Service Pack 1 # compatibility_mode=1026 61 83 95 3463708262000 # compatibility_mode=5889 61 66 100 541018741753508 # scanned=224308 # found=0 # cleaned=0 # scan_time=3333
  2. I hooked up another computer and downloaded Root Repeal & HijackThis. I put them on a memory stick and ran them from there. I was able to start Root Repeal, however, when I ran a scan, it seemed to be going very slow. It scanned for about 12 hours and it still wasn't done. I shut it down after that, so i don't have a log for Root Repeal. Below is my HijackThis log... Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 8:11:41 PM, on 05/10/2009 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v8.00 (8.00.6001.18813) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Program Files\Windows Defender\MSASCui.exe C:\hp\support\hpsysdrv.exe C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe C:\WINDOWS\RtHDVCpl.exe C:\Program Files\AVG\AVG8\avgtray.exe C:\Windows\system32\schtasks.exe C:\Program Files\HP\HP Software Update\hpwuSchd2.exe C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe C:\Program Files\Microsoft IntelliPoint\ipoint.exe C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE C:\WINDOWS\ehome\ehtray.exe C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Windows\System32\mobsync.exe C:\Windows\Explorer.exe C:\hp\kbd\kbd.exe C:\Program Files\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.theweathernetwork.com/weather/CASK0176 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: Watch for Browser Events - {42A7CE31-CEE7-4CCE-A060-A44A7E52E062} - C:\PROGRA~1\KEYBOA~1\kie.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file) O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [sunJavaUpdateReg] "C:\Windows\system32\jureg.exe" O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe" O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent O4 - Startup: Keyboard Express 3.lnk = ? O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab O16 - DPF: {076169AA-8C3D-4CFC-AC23-3ACA88FC21B5} (F-Secure Online Scanner Launcher) - http://download.sp.f-secure.com/ols/f-secu.../fslauncher.cab O16 - DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} (20-20 3D Viewer) - http://design-concept.ca/Core/Player/2020PlayerAX_Win32.cab O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games
  3. I ran Combo Fix with the Notepad doc put in it. I then ran Malwarebytes. I tried to download Root Repeal and I was not able to. First I tried to save it in C:\Rootrepeal and I received this message, " You don't have permission to save in this location. Contact the administrtor to obtain permission." I then tried to download it to a different location. It appeared to download, but when I went to retrieved the file, it was not there. Combo Fix Log ComboFix 09-10-01.05 - Mitchell 02/10/2009 19:28.2.2 - NTFSx86 Microsoft
  4. I ran Combo Fix and attached the log. I tried to unistall HiJack This, however, I was not able to do so. It wouldn't allow me to run it either. ComboFix.txt
  5. I ran Win32diag. Hurray something ran After that, I reinstalled Malwarebytes and was able to run it. It found a few things. I tried to uninstall Hijack This, but it still wouldn't let me. So, I tried to run it... no go. I uninstalled/reinstalled Malwarebytes and scanned again.... it said no infections. My computer still won't download any programs and it gives the " Windows can not access the specified device, path, or file. You may not have the appropriate permissions to access the item" message. I didn't want to go too much further or try running any other programs until some one has look at my logs and gives a suggestion. I tried to post the Win32diag log, but i got an error that it was too long of a post. I have attached it now. Malwarebytes Log Malwarebytes' Anti-Malware 1.41 Database version: 2874 Windows 6.0.6001 Service Pack 1 29/09/2009 11:52:45 PM mbam-log-2009-09-29 (23-52-45).txt Scan type: Quick Scan Objects scanned: 92067 Time elapsed: 5 minute(s), 2 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 3 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 3 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CURRENT_USER\SOFTWARE\NordBull (Malware.Trace) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\poprock (Trojan.Downloader) -> Quarantined and deleted successfully. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\$Recycle.Bin\S-1-5-21-4152655313-2468411337-1519091781-1000\$RGYJFY0.exe (Rogue.MalwareScanner) -> Quarantined and deleted successfully. C:\WINDOWS\System32\cngaudit.dll (Trojan.Sirefef) -> Quarantined and deleted successfully. C:\WINDOWS\win32k.sys (Trojan.Dropper) -> Quarantined and deleted successfully. Malwarebytes Log 2nd Run Malwarebytes' Anti-Malware 1.41 Database version: 2876 Windows 6.0.6001 Service Pack 1 30/09/2009 9:09:31 AM mbam-log-2009-09-30 (09-09-31).txt Scan type: Quick Scan Objects scanned: 92102 Time elapsed: 5 minute(s), 46 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) Win32kDiag.txt
  6. Hi there! I am running Vista Home Premium. I have Malwarebytes, but when I go to use it, it starts and then quickly disappears. When I try to use it again I get " Windows can not access the specified device, path, or file. You may not have the appropriate permissions to access the item" The same thing happens with Hijack This. I have tried to download other removal tools. It looks like they download, however, when I go to the saved location, they are no there. The last one i tried to download was RootRepeal and it didn't show up either. I have tried to rename mbam, but that didn't work. I set the exceptions for the 3 malwarebytes .exe files in AVG, didn't help. I am not getting any fake warning pop-ups. I do get browser redirects and it won't let me do windows updates for SP2. I'm not sure what to try next. Help!
  7. Thanks for the quick reply and sorry for posting in the wrong forum. I will give it a go tomorrow after i get some much needed rest.
  8. Hello! I have been trying to fix my problems all day with out much success. After alot of reading and trying various solutions from the net I felt your forum would be the best place to get the help I need. I am running Vista Home Premium. I was able to download Malwarebytes today and it updated. I started the quick scan, the elapsed time counter goes to 1 and then the program disappears. There is no evidence of it running after that. Then when I try to start the program again, I get " Windows can not access the specified device, path, or file. You may not have the appropriate permissions to access the item" Several times I have uninstalled/reinstalled the program. I have tried re-naming it, but the same thing happens. I tried starting the program with a right click and "run as administrator" no luck. Other issues I am having are.... some google search results are redirected, windows updates won't let me install SP2. After Malwarebytes wouldn't run, I tried downloading 3 other anti-malware programs. It looked as if they downloaded, but when I went to the folder they were not there. I searched my computer and they were not found. At the end of the download it had a pop-up that said something about copying the files. I can't recall all that it said but it seemed like a step that didn't normally happen when I download something. I have AVG antivirus and it did not find any problems. I set the exceptions for the 3 malwarebytes .exe files in AVG and tried to scan again, but the same thing as mentioned above happened. I also downloaded Hijack This. It downloaded fine, but then when I went to run it, it started and disappeared. When I tried to start it again, i got the message "Windows can not access the specified device..." I tried to unistall Hijack This and it would not allow me to do that. I'm sure I have forgot to mention some of the things I have tried today, but hopefully that is enough info to give you an idea of what I am dealing with. I look forward to you reply.