 [Resolved] My PC is going wacky., denied access to pages and controls |
Welcome! Register for a free account (or login) > How does it work?
|
|
 Jun 26 2009, 06:53 PM
Post
#1
|
|||||
 Authentic Member  Group: Authentic Member Posts: 193 Joined: 22-August 07 From: U.S.A. Member No.: 72,355 Operating System: Windows XP  |
Note: I cannot log on to my email nor WTT using my PC, now. I am using a friend's PC at this moment. HELP!
 Hello, Tech Team!  I could not log into my e-mail account today. I got this:
I ended up installing IE 8. My Symantec will not enable. I get this:
and on Windows Security Center I get this:
These screens are not really responding to me. I did a quick scan with mbam after updating and I have an HJT log but when I tried to run Kaspersky online, I got this:
Here's my mbam log: Malwarebytes' Anti-Malware 1.38 Database version: 2340 Windows 5.1.2600 Service Pack 3 6/26/2125 7:33:18 PM mbam-log-2125-06-26 (19-33-18).txt Scan type: Quick Scan Objects scanned: 93555 Time elapsed: 15 minute(s), 16 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) and here's my HJT log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 7:48:03 PM, on 6/26/2125 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\WgaTray.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\McAfee\SiteAdvisor\McSACore.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Java\jre6\bin\java.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\mspaint.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.juno.com/s/sp R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.4.8.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1237127157128 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1237127143308 O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/p...obat/nos/gp.cab O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe O23 - Service: Symantec Network Access Control (SNAC) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe -- End of file - 7827 bytes I appreciate your help, thank you!  Kathy
This post has been edited by Kathy: Jun 27 2009, 01:50 PM |
||||
 |
 
|
||||
|
Replies
|
Jul 1 2009, 11:23 PM
Post
#2
|
|
|
Authentic Member Group: Authentic Member Posts: 193 Joined: 22-August 07 From: U.S.A. Member No.: 72,355 Operating System: Windows XP |
Hello, Tomk!
 When ComboFix finished, I found Symantec enabled!Here's the ComboFix log: ComboFix 09-07-01.01 - User 07/02/2009 0:50.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.496 [GMT -4:00] Running from: c:\documents and settings\User\My Documents\Downloads\ComboFix.exe AV: Symantec Endpoint Protection *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C} . ((((((((((((((((((((((((( Files Created from 2009-06-02 to 2009-07-02 ))))))))))))))))))))))))))))))) . 2125-07-01 23:20 . 2125-07-01 23:20 -------- d-----w- C:\Rooter$ 2125-07-01 23:07 . 2125-07-01 23:07 -------- d-----w- C:\_OTM 2125-06-27 02:21 . 2125-06-27 02:38 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2125-06-26 20:51 . 2125-06-26 20:53 -------- dc-h--w- c:\windows\ie8 2009-07-02 04:21 . 2009-07-02 04:21 0 ----a-w- c:\windows\nsreg.dat 2009-07-02 04:21 . 2009-07-02 04:21 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\Mozilla 2009-06-11 11:57 . 2009-04-30 21:22 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll 2009-06-11 11:57 . 2009-04-30 21:22 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll 2009-06-07 12:01 . 2009-06-07 12:01 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet 2009-06-06 22:03 . 2009-06-06 22:03 -------- d-----w- c:\program files\Adobe Media Player 2009-06-06 21:40 . 2009-06-06 21:40 -------- d-----w- c:\program files\Common Files\Macrovision Shared 2009-06-05 03:51 . 2009-06-05 12:00 -------- d-----w- c:\documents and settings\User\Application Data\Download Manager 2009-06-05 00:06 . 2009-06-05 00:06 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache 2009-06-03 19:04 . 2009-06-03 19:04 -------- d-sh--w- c:\documents and settings\User\PrivacIE 2009-06-03 19:04 . 2009-06-03 19:04 -------- d-sh--w- c:\documents and settings\User\IETldCache 2009-06-03 11:06 . 2125-06-26 20:45 -------- d-----w- c:\windows\ie8updates 2009-06-03 11:06 . 2009-05-12 05:11 102912 -c----w- c:\windows\system32\dllcache\iecompat.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2125-07-02 01:14 . 2009-03-18 02:09 1744 ----a-w- c:\windows\system32\d3d9caps.dat 2125-06-27 01:53 . 2009-03-12 21:44 -------- d-----w- c:\documents and settings\LocalService\Application Data\SACore 2125-06-26 21:04 . 2008-06-26 08:30 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2125-06-26 21:04 . 2008-06-26 08:32 3561743 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe 2009-06-17 15:27 . 2009-03-22 16:08 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-06-17 15:27 . 2008-06-26 08:30 19096 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-06-12 20:05 . 2009-05-27 00:21 -------- d-----w- c:\documents and settings\User\Application Data\gtk-2.0 2009-06-10 23:56 . 2009-03-12 22:21 -------- d-----w- c:\program files\ieSpell 2009-06-07 12:02 . 2009-03-19 21:33 42944 ----a-w- c:\documents and settings\User\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-06-06 22:07 . 2009-05-04 11:24 -------- d-----w- c:\program files\Common Files\Adobe 2009-05-27 00:30 . 2009-03-14 06:22 -------- d-----w- c:\program files\Google 2009-05-26 23:18 . 2009-05-26 23:18 -------- d-----w- c:\program files\GIMP-2.0 2009-05-07 15:32 . 2004-08-03 22:56 345600 ----a-w- c:\windows\system32\localspl.dll 2009-05-04 11:25 . 2009-05-04 11:25 -------- d-----w- c:\program files\Common Files\Adobe AIR 2009-05-04 11:12 . 2009-05-04 11:11 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS 2009-05-04 11:11 . 2009-05-04 11:11 -------- d-----w- c:\program files\NOS 2009-05-01 18:30 . 2009-05-01 18:30 3366912 ----a-w- c:\windows\system32\GPhotos.scr 2009-04-17 12:26 . 2004-08-03 21:17 1847168 ----a-w- c:\windows\system32\win32k.sys 2009-04-15 14:51 . 2004-08-03 22:56 585216 ----a-w- c:\windows\system32\rpcrt4.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-16 68856] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2007-08-06 115560] "WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2008-10-09 333120] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-04-01 5562368] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus] @="Service" HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Symantec\\Symantec Endpoint Protection\\Smc.exe"= "c:\\Program Files\\Symantec\\Symantec Endpoint Protection\\SNAC.EXE"= "c:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe"= "c:\\Program Files\\Java\\jre6\\bin\\java.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "5353:TCP"= 5353:TCP:Adobe CSI CS4 R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [3/12/2009 5:43 PM 210216] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [3/12/2009 1:50 PM 101936] S3 getPlus® Helper;getPlus® Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [5/4/2009 7:11 AM 33176] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] "c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP . Contents of the 'Scheduled Tasks' folder 2009-06-22 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34] . - - - - ORPHANS REMOVED - - - - SafeBoot-Symantec Antvirus MSConfigStartUp-CTFMON - (no file) . ------- Supplementary Scan ------- . uStart Page = hxxp://my.juno.com/s/sp FF - ProfilePath - c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\ey58sq72.default\ FF - prefs.js: browser.startup.homepage - hxxp://my.juno.com/s/sp FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200); c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess"); c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120); c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1); c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1); c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072); c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35"); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json"); . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-07-02 00:55 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vsdatant] "ImagePath"="a" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(516) c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll c:\program files\Symantec\Symantec Endpoint Protection\SnacNp.dll - - - - - - - > 'explorer.exe'(1644) c:\program files\McAfee\SiteAdvisor\saHook.dll c:\program files\BillP Studios\WinPatrol\PATROLPRO.DLL c:\windows\system32\ieframe.dll c:\windows\system32\OneX.DLL c:\windows\system32\eappprxy.dll c:\windows\system32\webcheck.dll . Completion time: 2009-07-02 0:57 ComboFix-quarantined-files.txt 2009-07-02 04:57 Pre-Run: 140,921,180,160 bytes free Post-Run: 141,002,764,288 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect 187 --- E O F --- 2009-06-11 15:06  So, what happened? Kathy
|
|
|
|
Posts in this topic
Kathy [Resolved] My PC is going wacky. Jun 26 2009, 06:53 PM
Tomk Welcome back Kathy,
You have have to transfer the... Jun 29 2009, 11:39 AM Kathy Hello, Tomk!!
It's so good to t... Jun 30 2009, 04:43 PM Tomk Kathy,
The biggest thing I see is that your Syman... Jun 30 2009, 04:53 PM Kathy Hi, Tomk!
I've lost control. I cannot e... Jun 30 2009, 05:06 PM Tomk Kathy,
Maybe but I'm not seeing it.
Can you ... Jun 30 2009, 05:16 PM Kathy Hi, Tomk!
My Windows firewall is already on. ... Jun 30 2009, 05:24 PM Tomk Kathy,
Not positive, but you apparently did at so... Jun 30 2009, 05:30 PM Kathy Okey-dokey! I'll get right to it as soon a... Jun 30 2009, 05:34 PM Tomk Kathy,
Not a problem. That's why we're h... Jun 30 2009, 05:47 PM Kathy Hello, Tomk!
ZoneAlarm does not show in my uni... Jun 30 2009, 08:09 PM Tomk Kathy,
Well, all I'm finding is the wonky dri... Jun 30 2009, 09:48 PM Kathy Hello, Tomk!
Here's the OTM log:
All proc... Jul 1 2009, 05:52 PM Tomk Kathy,
Well that was a fairly uneventful. Do you... Jul 1 2009, 06:04 PM Kathy Hello, Tomk!
I am now able to log on to WTT (Y... Jul 1 2009, 06:43 PM Tomk Kathy,
I've heard of people having trouble wi... Jul 1 2009, 07:15 PM Kathy Hello, Tomk!
I followed links through that ... Jul 1 2009, 10:19 PM Tomk Kathy,
Yep. That sounds pretty hinky. Let's ... Jul 1 2009, 10:29 PM Tomk Kathy,
Not sure. Appears to be a registry issue ... Jul 1 2009, 11:39 PM Kathy Hello, Tomk!
Here's the new ComboFix log:
... Jul 2 2009, 04:56 AM Tomk Kathy,
I don't know about Kaspersky.
Let... Jul 2 2009, 07:03 AM Kathy Hello, Tomk!
My PC won't boot. I'd g... Jul 2 2009, 03:30 PM Tomk Kathy,
Restart your computer.
When the machine fi... Jul 2 2009, 05:07 PM Kathy Hello, Tomk!
I couldn't get it to boot. It... Jul 2 2009, 09:09 PM Tomk Kathy,
Do you have your Windows CD? Jul 2 2009, 09:34 PM Kathy Hello, Tomk!
No, it came preinstalled from my ... Jul 2 2009, 10:42 PM Tomk Kathy,
I don't know anything about, and there... Jul 2 2009, 11:01 PM Kathy Hello, Tonk!
Yes, I could not boot into safe m... Jul 2 2009, 11:04 PM Tomk Kathy,
OK then. I suggest that you post in the W... Jul 2 2009, 11:10 PM Kathy Okay, Tomk!
I have to leave right now, but I... Jul 2 2009, 11:18 PM Tomk RE: [Resolved] My PC is going wacky. Jul 2 2009, 11:27 PM Kathy Hello, Tomk!
I posted a new topic, I cannot b... Jul 3 2009, 04:38 AM Tomk RE: [Resolved] My PC is going wacky. Jul 3 2009, 09:35 AM Tomk Kathy,
Are you out there somewhere? Jul 9 2009, 05:28 PM Tomk Kathy,
Where are we at with this little beasty? Jul 15 2009, 11:35 AM Kathy Hello, Tomk!
I hope that you are having a G... Jul 18 2009, 11:39 AM Tomk Kathy,
I'll wait to hear what your computer g... Jul 19 2009, 08:31 PM Kathy Okay, Tom! Jul 19 2009, 11:44 PM Tomk Kathy,
Good Luck. Jul 20 2009, 08:30 AM
Tomk Since this issue appears to be resolved ... this T... Jul 26 2009, 08:21 AM |
Similar Topics
| Topic Title | Replies | Topic Starter | Views | Last Action | |||
|---|---|---|---|---|---|---|---|
 |
6 | ROOFIE(MTL) | 92 | Today, 06:42 AM Last post by: CatByte |
|||
 |
15 | Amebeo | 236 | Today, 06:38 AM Last post by: CatByte |
|||
|
12 | ChadA | 210 | Today, 06:36 AM Last post by: CatByte |
|||
|
21 | billed | 336 | Today, 06:15 AM Last post by: schrauber |
|||
|
Time is now: 20th March 2010 - 08:11 AM |
Member site: Alliance of Security Analysis Professionals | UNITE Against Malware
Memory Forums | Auto Repair Forum
© Geeks to Go, Inc. | All Rights Reserved | Privacy Policy
