 [Resolved] My PC is going wacky., denied access to pages and controls |
Welcome! Register for a free account (or login) > How does it work?
|
|
 Jun 26 2009, 06:53 PM
Post
#1
|
|||||
 Authentic Member  Group: Authentic Member Posts: 193 Joined: 22-August 07 From: U.S.A. Member No.: 72,355 Operating System: Windows XP  |
Note: I cannot log on to my email nor WTT using my PC, now. I am using a friend's PC at this moment. HELP!
 Hello, Tech Team!  I could not log into my e-mail account today. I got this:
I ended up installing IE 8. My Symantec will not enable. I get this:
and on Windows Security Center I get this:
These screens are not really responding to me. I did a quick scan with mbam after updating and I have an HJT log but when I tried to run Kaspersky online, I got this:
Here's my mbam log: Malwarebytes' Anti-Malware 1.38 Database version: 2340 Windows 5.1.2600 Service Pack 3 6/26/2125 7:33:18 PM mbam-log-2125-06-26 (19-33-18).txt Scan type: Quick Scan Objects scanned: 93555 Time elapsed: 15 minute(s), 16 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) and here's my HJT log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 7:48:03 PM, on 6/26/2125 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\WgaTray.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\McAfee\SiteAdvisor\McSACore.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Java\jre6\bin\java.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\mspaint.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.juno.com/s/sp R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.4.8.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1237127157128 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1237127143308 O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/p...obat/nos/gp.cab O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe O23 - Service: Symantec Network Access Control (SNAC) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe -- End of file - 7827 bytes I appreciate your help, thank you!  Kathy
This post has been edited by Kathy: Jun 27 2009, 01:50 PM |
||||
 |
 
|
||||
|
Replies
|
Jul 2 2009, 04:56 AM
Post
#2
|
||
|
Authentic Member Group: Authentic Member Posts: 193 Joined: 22-August 07 From: U.S.A. Member No.: 72,355 Operating System: Windows XP |
Hello, Tomk!
 Here's the new ComboFix log: ComboFix 09-07-01.03 - User 07/02/2009 6:33.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.531 [GMT -4:00] Running from: c:\documents and settings\User\My Documents\Downloads\ComboFix.exe Command switches used :: c:\documents and settings\User\Desktop\CFScript.txt AV: Symantec Endpoint Protection *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C} . ((((((((((((((((((((((((( Files Created from 2009-06-02 to 2009-07-02 ))))))))))))))))))))))))))))))) . 2125-07-01 23:20 . 2125-07-01 23:20 -------- d-----w- C:\Rooter$ 2125-07-01 23:07 . 2125-07-01 23:07 -------- d-----w- C:\_OTM 2125-06-27 02:21 . 2125-06-27 02:38 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2125-06-26 20:51 . 2125-06-26 20:53 -------- dc-h--w- c:\windows\ie8 2009-07-02 04:21 . 2009-07-02 04:21 0 ----a-w- c:\windows\nsreg.dat 2009-07-02 04:21 . 2009-07-02 04:21 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\Mozilla 2009-06-11 11:57 . 2009-04-30 21:22 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll 2009-06-11 11:57 . 2009-04-30 21:22 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll 2009-06-07 12:01 . 2009-06-07 12:01 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet 2009-06-06 22:03 . 2009-06-06 22:03 -------- d-----w- c:\program files\Adobe Media Player 2009-06-06 21:40 . 2009-06-06 21:40 -------- d-----w- c:\program files\Common Files\Macrovision Shared 2009-06-05 03:51 . 2009-06-05 12:00 -------- d-----w- c:\documents and settings\User\Application Data\Download Manager 2009-06-05 00:06 . 2009-06-05 00:06 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache 2009-06-03 19:04 . 2009-06-03 19:04 -------- d-sh--w- c:\documents and settings\User\PrivacIE 2009-06-03 19:04 . 2009-06-03 19:04 -------- d-sh--w- c:\documents and settings\User\IETldCache 2009-06-03 11:06 . 2125-06-26 20:45 -------- d-----w- c:\windows\ie8updates 2009-06-03 11:06 . 2009-05-12 05:11 102912 -c----w- c:\windows\system32\dllcache\iecompat.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2125-07-02 01:14 . 2009-03-18 02:09 1744 ----a-w- c:\windows\system32\d3d9caps.dat 2125-06-27 01:53 . 2009-03-12 21:44 -------- d-----w- c:\documents and settings\LocalService\Application Data\SACore 2125-06-26 21:04 . 2008-06-26 08:30 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2125-06-26 21:04 . 2008-06-26 08:32 3561743 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe 2009-06-17 15:27 . 2009-03-22 16:08 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-06-17 15:27 . 2008-06-26 08:30 19096 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-06-12 20:05 . 2009-05-27 00:21 -------- d-----w- c:\documents and settings\User\Application Data\gtk-2.0 2009-06-10 23:56 . 2009-03-12 22:21 -------- d-----w- c:\program files\ieSpell 2009-06-07 12:02 . 2009-03-19 21:33 42944 ----a-w- c:\documents and settings\User\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-06-06 22:07 . 2009-05-04 11:24 -------- d-----w- c:\program files\Common Files\Adobe 2009-05-27 00:30 . 2009-03-14 06:22 -------- d-----w- c:\program files\Google 2009-05-26 23:18 . 2009-05-26 23:18 -------- d-----w- c:\program files\GIMP-2.0 2009-05-07 15:32 . 2004-08-03 22:56 345600 ----a-w- c:\windows\system32\localspl.dll 2009-05-04 11:25 . 2009-05-04 11:25 -------- d-----w- c:\program files\Common Files\Adobe AIR 2009-05-04 11:12 . 2009-05-04 11:11 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS 2009-05-04 11:11 . 2009-05-04 11:11 -------- d-----w- c:\program files\NOS 2009-05-01 18:30 . 2009-05-01 18:30 3366912 ----a-w- c:\windows\system32\GPhotos.scr 2009-04-17 12:26 . 2004-08-03 21:17 1847168 ----a-w- c:\windows\system32\win32k.sys 2009-04-15 14:51 . 2004-08-03 22:56 585216 ----a-w- c:\windows\system32\rpcrt4.dll . ((((((((((((((((((((((((((((( SnapShot@2009-07-02_04.55.44 ))))))))))))))))))))))))))))))))))))))))) . + 2009-07-02 10:00 . 2009-07-02 10:00 16384 c:\windows\Temp\Perflib_Perfdata_80c.dat + 2009-07-02 10:00 . 2009-07-02 10:00 16384 c:\windows\Temp\Perflib_Perfdata_2f4.dat + 2009-07-02 10:00 . 2009-07-02 10:00 16384 c:\windows\Temp\Perflib_Perfdata_15c.dat + 2009-06-06 22:03 . 2009-06-06 22:03 23552 c:\windows\Installer\3b040.msi + 2009-05-04 11:25 . 2009-05-04 11:25 20480 c:\windows\Installer\20673d.msi + 2009-05-04 11:25 . 2009-05-04 11:25 26112 c:\windows\Installer\206738.msi + 2009-03-17 07:06 . 2004-07-17 09:41 366080 c:\windows\ServicePackFiles\i386\digreqex.msi + 2009-03-17 07:06 . 2004-07-17 09:41 863232 c:\windows\ServicePackFiles\i386\digopt.msi + 2008-06-11 18:02 . 2008-06-11 18:02 830464 c:\windows\Installer\3a168.msp + 2008-07-28 18:59 . 2008-07-28 18:59 180736 c:\windows\Installer\3a154.msp + 2007-12-18 09:00 . 2007-12-18 09:00 264704 c:\windows\Installer\1aefd.msi + 2004-07-17 09:35 . 2004-07-17 09:35 1326080 c:\windows\system32\webfldrs.msi + 2009-03-17 07:07 . 2004-07-17 09:35 1326080 c:\windows\ServicePackFiles\i386\webfldrs.msi + 2009-03-17 07:07 . 2004-07-17 09:41 5080576 c:\windows\ServicePackFiles\i386\msnmsgs.msi + 2009-05-12 17:01 . 2009-05-12 17:01 6818816 c:\windows\Installer\a93c18.msp + 2009-05-28 16:32 . 2009-05-28 16:32 5518848 c:\windows\Installer\a93c03.msp + 2009-04-23 21:57 . 2009-04-23 21:57 7672832 c:\windows\Installer\a93bee.msp + 2009-03-23 16:10 . 2009-03-23 16:10 1633792 c:\windows\Installer\9017cb.msi + 2009-03-26 12:55 . 2009-03-26 12:56 8992256 c:\windows\Installer\7c601c.msi + 2009-03-26 12:54 . 2009-03-26 12:54 1549312 c:\windows\Installer\7c6018.msi + 2005-10-26 18:59 . 2005-10-26 18:59 2883072 c:\windows\Installer\40d1c2.msp + 2009-02-11 19:02 . 2009-02-11 19:02 5519872 c:\windows\Installer\40d1ad.msp + 2009-06-06 22:15 . 2009-06-06 22:15 3573248 c:\windows\Installer\3b070.msi + 2009-06-06 22:11 . 2009-06-06 22:11 3085824 c:\windows\Installer\3b06b.msi + 2009-06-06 22:10 . 2009-06-06 22:10 3285504 c:\windows\Installer\3b065.msi + 2009-06-06 22:07 . 2009-06-06 22:07 3174400 c:\windows\Installer\3b060.msi + 2009-06-06 22:06 . 2009-06-06 22:06 3096064 c:\windows\Installer\3b05b.msi + 2009-06-06 22:05 . 2009-06-06 22:05 4908544 c:\windows\Installer\3b055.msi + 2009-06-06 22:05 . 2009-06-06 22:05 4915200 c:\windows\Installer\3b04f.msi + 2009-06-06 22:04 . 2009-06-06 22:04 3076608 c:\windows\Installer\3b04a.msi + 2009-06-06 22:04 . 2009-06-06 22:04 3076608 c:\windows\Installer\3b045.msi + 2009-06-06 22:03 . 2009-06-06 22:03 3117056 c:\windows\Installer\3b035.msi + 2009-06-06 22:02 . 2009-06-06 22:02 3095552 c:\windows\Installer\3b030.msi + 2009-06-06 22:00 . 2009-06-06 22:00 3831808 c:\windows\Installer\3b02b.msi + 2009-06-06 21:58 . 2009-06-06 21:58 3073024 c:\windows\Installer\3b025.msi + 2009-06-06 21:57 . 2009-06-06 21:57 3073536 c:\windows\Installer\3b020.msi + 2009-06-06 21:57 . 2009-06-06 21:57 3074048 c:\windows\Installer\3b01a.msi + 2009-06-06 21:57 . 2009-06-06 21:57 3073024 c:\windows\Installer\3b014.msi + 2009-06-06 21:56 . 2009-06-06 21:56 3073536 c:\windows\Installer\3b00e.msi + 2009-06-06 21:56 . 2009-06-06 21:56 3075072 c:\windows\Installer\3b006.msi + 2009-06-06 21:55 . 2009-06-06 21:55 3089408 c:\windows\Installer\3b001.msi + 2009-06-06 21:54 . 2009-06-06 21:54 3078656 c:\windows\Installer\3affc.msi + 2009-06-06 21:53 . 2009-06-06 21:53 3146240 c:\windows\Installer\3aff7.msi + 2009-06-06 21:52 . 2009-06-06 21:52 3150848 c:\windows\Installer\3aff2.msi + 2009-06-06 21:51 . 2009-06-06 21:51 3083776 c:\windows\Installer\3afea.msi + 2009-06-06 21:51 . 2009-06-06 21:51 3087360 c:\windows\Installer\3afe5.msi + 2009-06-06 21:50 . 2009-06-06 21:50 3186176 c:\windows\Installer\3afe0.msi + 2009-06-06 21:49 . 2009-06-06 21:49 3094016 c:\windows\Installer\3afdb.msi + 2009-06-06 21:49 . 2009-06-06 21:49 3073024 c:\windows\Installer\3afd6.msi + 2009-06-06 21:48 . 2009-06-06 21:48 3273216 c:\windows\Installer\3afd0.msi + 2009-06-06 21:46 . 2009-06-06 21:46 3110912 c:\windows\Installer\3afcb.msi + 2009-06-06 21:45 . 2009-06-06 21:45 3178496 c:\windows\Installer\3afc6.msi + 2009-06-06 21:43 . 2009-06-06 21:43 3076096 c:\windows\Installer\3afc1.msi + 2009-06-06 21:43 . 2009-06-06 21:43 3079680 c:\windows\Installer\3afbc.msi + 2009-06-06 21:42 . 2009-06-06 21:42 3228160 c:\windows\Installer\3afb7.msi + 2009-06-06 21:39 . 2009-06-06 21:39 3070976 c:\windows\Installer\3afb2.msi + 2009-06-06 21:35 . 2009-06-06 21:35 3174400 c:\windows\Installer\3afad.msi + 2008-06-11 19:05 . 2008-06-11 19:05 9994240 c:\windows\Installer\3a25b.msp + 2008-10-23 02:43 . 2008-10-23 02:43 6820352 c:\windows\Installer\3a242.msp + 2008-10-23 02:48 . 2008-10-23 02:48 7672832 c:\windows\Installer\3a218.msp + 2008-04-01 18:33 . 2008-04-01 18:33 5479936 c:\windows\Installer\3a203.msp + 2008-01-31 14:30 . 2008-01-31 14:30 9947648 c:\windows\Installer\3a1d6.msp + 2008-01-14 20:53 . 2008-01-14 20:53 5213696 c:\windows\Installer\3a1ba.msp + 2008-10-25 13:15 . 2008-10-25 13:15 6227456 c:\windows\Installer\3a1a6.msp + 2008-07-08 15:27 . 2008-07-08 15:27 8436736 c:\windows\Installer\3a17d.msp + 2007-11-08 15:42 . 2007-11-08 15:42 4158464 c:\windows\Installer\3a140.msp + 2009-03-05 19:40 . 2009-03-05 19:40 6819840 c:\windows\Installer\33aa2db.msp + 2009-05-01 19:49 . 2009-05-01 19:49 4328960 c:\windows\Installer\2dd9a8.msp + 2009-04-06 21:00 . 2009-04-06 21:00 5518336 c:\windows\Installer\256aeea.msp + 2007-12-17 21:34 . 2007-12-17 21:34 6456320 c:\windows\Installer\20a1fa.msi + 2007-12-18 09:08 . 2007-12-18 09:08 5922816 c:\windows\Installer\1af0b.msi + 2007-12-18 09:12 . 2007-12-18 09:12 12951040 c:\windows\Installer\b84ec.msi + 2008-07-30 12:50 . 2008-07-30 12:50 12506112 c:\windows\Installer\3a22d.msp + 2008-06-04 17:29 . 2008-06-04 17:29 16905728 c:\windows\Installer\3a1eb.msp + 2008-01-14 19:24 . 2008-01-14 19:24 10721280 c:\windows\Installer\3a191.msp + 2009-05-04 11:25 . 2009-05-04 11:25 21084160 c:\windows\Installer\206733.msi + 2007-12-17 21:33 . 2007-12-17 21:33 21000192 c:\windows\Downloaded Installations\Diskeeper Professional\{65010B9F-3027-4882-B034-36EAE4AD1551}\Diskeeper Professional Edition.msi + 2007-07-27 13:03 . 2007-07-27 13:03 119977472 c:\windows\Installer\40d197.msp . -- Snapshot reset to current date -- . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-16 68856] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2007-08-06 115560] "WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2008-10-09 333120] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-04-01 5562368] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Symantec\\Symantec Endpoint Protection\\Smc.exe"= "c:\\Program Files\\Symantec\\Symantec Endpoint Protection\\SNAC.EXE"= "c:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe"= "c:\\Program Files\\Java\\jre6\\bin\\java.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "5353:TCP"= 5353:TCP:Adobe CSI CS4 R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [3/12/2009 5:43 PM 210216] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [3/12/2009 1:50 PM 101936] S3 getPlus® Helper;getPlus® Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [5/4/2009 7:11 AM 33176] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] "c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP . Contents of the 'Scheduled Tasks' folder 2009-06-22 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34] . . ------- Supplementary Scan ------- . uStart Page = hxxp://my.juno.com/s/sp FF - ProfilePath - c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\ey58sq72.default\ FF - prefs.js: browser.startup.homepage - hxxp://my.juno.com/s/sp FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200); c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess"); c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120); c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1); c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1); c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072); c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35"); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json"); . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-07-02 06:39 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(516) c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll c:\program files\Symantec\Symantec Endpoint Protection\SnacNp.dll - - - - - - - > 'explorer.exe'(3380) c:\program files\McAfee\SiteAdvisor\saHook.dll c:\program files\BillP Studios\WinPatrol\PATROLPRO.DLL c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\OneX.DLL c:\windows\system32\eappprxy.dll . Completion time: 2009-07-02 6:41 ComboFix-quarantined-files.txt 2009-07-02 10:41 ComboFix2.txt 2009-07-02 04:57 Pre-Run: 140,976,173,056 bytes free Post-Run: 140,962,009,088 bytes free 257 --- E O F --- 2009-06-11 15:06 When I tried to run the Kaspersky Online Scanner, a warning window popped up which said,"[ERROR: Key is expired]":
To what key does this refer?  Kathy
|
|
|
|
|
|
Posts in this topic
Kathy [Resolved] My PC is going wacky. Jun 26 2009, 06:53 PM
Tomk Welcome back Kathy,
You have have to transfer the... Jun 29 2009, 11:39 AM Kathy Hello, Tomk!!
It's so good to t... Jun 30 2009, 04:43 PM Tomk Kathy,
The biggest thing I see is that your Syman... Jun 30 2009, 04:53 PM Kathy Hi, Tomk!
I've lost control. I cannot e... Jun 30 2009, 05:06 PM Tomk Kathy,
Maybe but I'm not seeing it.
Can you ... Jun 30 2009, 05:16 PM Kathy Hi, Tomk!
My Windows firewall is already on. ... Jun 30 2009, 05:24 PM Tomk Kathy,
Not positive, but you apparently did at so... Jun 30 2009, 05:30 PM Kathy Okey-dokey! I'll get right to it as soon a... Jun 30 2009, 05:34 PM Tomk Kathy,
Not a problem. That's why we're h... Jun 30 2009, 05:47 PM Kathy Hello, Tomk!
ZoneAlarm does not show in my uni... Jun 30 2009, 08:09 PM Tomk Kathy,
Well, all I'm finding is the wonky dri... Jun 30 2009, 09:48 PM Kathy Hello, Tomk!
Here's the OTM log:
All proc... Jul 1 2009, 05:52 PM Tomk Kathy,
Well that was a fairly uneventful. Do you... Jul 1 2009, 06:04 PM Kathy Hello, Tomk!
I am now able to log on to WTT (Y... Jul 1 2009, 06:43 PM Tomk Kathy,
I've heard of people having trouble wi... Jul 1 2009, 07:15 PM Kathy Hello, Tomk!
I followed links through that ... Jul 1 2009, 10:19 PM Tomk Kathy,
Yep. That sounds pretty hinky. Let's ... Jul 1 2009, 10:29 PM Kathy Hello, Tomk!
When ComboFix finished, I found ... Jul 1 2009, 11:23 PM Tomk Kathy,
Not sure. Appears to be a registry issue ... Jul 1 2009, 11:39 PM Tomk Kathy,
I don't know about Kaspersky.
Let... Jul 2 2009, 07:03 AM Kathy Hello, Tomk!
My PC won't boot. I'd g... Jul 2 2009, 03:30 PM Tomk Kathy,
Restart your computer.
When the machine fi... Jul 2 2009, 05:07 PM Kathy Hello, Tomk!
I couldn't get it to boot. It... Jul 2 2009, 09:09 PM Tomk Kathy,
Do you have your Windows CD? Jul 2 2009, 09:34 PM Kathy Hello, Tomk!
No, it came preinstalled from my ... Jul 2 2009, 10:42 PM Tomk Kathy,
I don't know anything about, and there... Jul 2 2009, 11:01 PM Kathy Hello, Tonk!
Yes, I could not boot into safe m... Jul 2 2009, 11:04 PM Tomk Kathy,
OK then. I suggest that you post in the W... Jul 2 2009, 11:10 PM Kathy Okay, Tomk!
I have to leave right now, but I... Jul 2 2009, 11:18 PM Tomk RE: [Resolved] My PC is going wacky. Jul 2 2009, 11:27 PM Kathy Hello, Tomk!
I posted a new topic, I cannot b... Jul 3 2009, 04:38 AM Tomk RE: [Resolved] My PC is going wacky. Jul 3 2009, 09:35 AM Tomk Kathy,
Are you out there somewhere? Jul 9 2009, 05:28 PM Tomk Kathy,
Where are we at with this little beasty? Jul 15 2009, 11:35 AM Kathy Hello, Tomk!
I hope that you are having a G... Jul 18 2009, 11:39 AM Tomk Kathy,
I'll wait to hear what your computer g... Jul 19 2009, 08:31 PM Kathy Okay, Tom! Jul 19 2009, 11:44 PM Tomk Kathy,
Good Luck. Jul 20 2009, 08:30 AM
Tomk Since this issue appears to be resolved ... this T... Jul 26 2009, 08:21 AM |
Similar Topics
| Topic Title | Replies | Topic Starter | Views | Last Action | |||
|---|---|---|---|---|---|---|---|
 |
13 | improv | 200 | Yesterday, 08:14 PM Last post by: SweetTech |
|||
|
8 | pacificjade | 72 | Yesterday, 07:26 PM Last post by: LDTate |
|||
|
10 | Vilya | 66 | Yesterday, 06:23 PM Last post by: LDTate |
|||
|
11 | Kilmez | 150 | Yesterday, 05:08 PM Last post by: CatByte |
|||
|
Time is now: 16th March 2010 - 02:08 AM |
Member site: Alliance of Security Analysis Professionals | UNITE Against Malware
Memory Forums | Auto Repair Forum
© Geeks to Go, Inc. | All Rights Reserved | Privacy Policy
