|
PLEASE HELP....not even sure which virus I have, but it's a bad one!
|
|
|
megz77
Suspended due to non-functional email address
|
21. November 2008 @ 13:40 |
Link to this message
|
Hello:
Please help me! I've been fighting with a virus for a week on my HP Pavilion laptop, it will not allow me to use my internet browsers (Mozilla Firefox and Internet Explorer), it seems to have turned off my display (screen is black, no image when I shine a flashlight on the screen when booting), however if I attach an external monitor it comes up with no problems. When I try to activate the laptop in monitor in display properties it tries, but will not activate my laptop screen. I've run ccleaner, mcafee, system mechanic and malwarebytes (had to change the name of the exe to get this to run, but it will not allow me out to the internet to update the software). I am an IT person and totally at my wits end with this laptop. PLEASE, any help will be GREATLY appreciated....I'm really trying to avoid wiping my hard drive because I do not have a copy of XP.
Thanks,
Megan
Here is my Hijack This log...ran in safe mode...can run in normal mode if you need me to. Thanks again!
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:28:55, on 11/21/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Safe mode
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\scanner\scanner.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://register.hp.com/servlet/WebReg.servlets.ProdReg1Servlet?appID=java_wreg_wreg_genpg&modelID=PR447UA&product_full_name=Pavilion%20zv5000&PROD_SERIAL_ID=CND50908J8&PURCH_DT_MONTH=04&PURCH_DT_DAY=01&PURCH_DT_YEAR=2005&gwCountry=US&language=EN&prodOS=011
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MPSExe] c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart17.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Program Files\MP3 Player Utilities 3.75\AMVConverter\grab.html
O8 - Extra context menu item: Add to Media Manager... - C:\Program Files\MP3 Player Utilities 3.75\MediaManager\grab.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q105&bd=pavilion&pf=laptop
O16 - DPF: {0713E8D2-850A-101B-AFC0-4210102A8DA7} (Microsoft ProgressBar Control, version 5.0 (SP2)) - http://download.mcafee.com/molbin/Shared...22/ComCtl32.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.com/SnapfishActivia.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared...01/mcinsctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared...,26/mcgdmgr.cab
O16 - DPF: {FE92D9C3-4A69-4EC7-8651-1DC8531D0075} (TSBnwCam Control) - http://74.214.51.52:4001/user/TSBnwCam.CAB
O20 - AppInit_DLLs: karna.dat
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
--
End of file - 7867 bytes
|
|
Advertisement
|
|
|
|
Senior Member
|
22. November 2008 @ 03:43 |
Link to this message
|
Hey megz77
Please reboot your computer into Safe Mode With Networking by doing the following:
? Restart your computer
? After pressing the power button, repeatedly tap the F8 key.
? Instead of Windows loading as normal, the Advanced Options Menu should appear;
? Select the option to run Windows in Safe Mode With Networking, then press Enter.
? Choose the administrator's account.
Now, please download ComboFix.
With ComboFix, at the download window, please rename it to Combo-Fix(.exe) before downloading it. Save it to your Desktop.
Please disable all security programs, such as antiviruses, antispywares, and firewalls.
? Run Combo-Fix.exe and follow the prompts.
? Accept the End-User License Agreement.
? Allow the Recovery Console to be installed.
? When you see the window below, click on Yes.
? When the Recovery Console has been installed, click on Yes to start the scan.
**Understand that things like your system clock changing and your desktop disappearing might happen. Do not worry, because all will be restored later.
? Wait for the scan to be fully completed.
? If it requires a reboot, please do so.
? After the scan has completed entirely, please post the log here. The log will be located at C:\ComboFix(.txt)
Do not click on the ComoboFix window, as it may cause it to stall.
Best Regards :D
Life is but a dream; you dont feel any pain unless you want to or you fall off the bed.
Success is relative; the more success the more relatives.
A computer once beat me at chess, but it was no match for me at kickboxing.
To be or not to be; thats a dumb question.
|
|
megz77
Suspended due to non-functional email address
|
24. November 2008 @ 09:24 |
Link to this message
|
|
Hi cdavefrew....I will do this tonight when I get home from work and post the log here. Thanks again for your help!
|
|
megz77
Suspended due to non-functional email address
|
24. November 2008 @ 22:46 |
Link to this message
|
|
Ran combo-fix. It fixed quite a few problems. My laptop was set to chkdsk upon first reboot and this would not work prior to running to combo-fix. My system time and date are in military time, and I still cannot get my monitor to function on my laptop. I'm going to run McAfee because it keeps trying to run. There was nothing in the log except the following...
ComboFix 08-11-23.02 - XXXXXXXX 2008-11-24 19:57:09.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.684 [GMT -5:00]
* Resident AV is active
|
Senior Member
|
25. November 2008 @ 04:45 |
Link to this message
|
Life is but a dream; you dont feel any pain unless you want to or you fall off the bed.
Success is relative; the more success the more relatives.
A computer once beat me at chess, but it was no match for me at kickboxing.
To be or not to be; thats a dumb question.
|
|
megz77
Suspended due to non-functional email address
|
25. November 2008 @ 09:13 |
Link to this message
|
Hi cdavfrew,
I am running Windows XP, should I still try the Antivir Rescue CD? Safe mode is working, chkdsk ran (I think it totally ran, I left the room when it was in 5 of 5 and when I came back later my laptop was off), and IE and Firefox are working better than before (not redirecting to crazy websites telling me to buy rouge antivirus software).
Do you think I need to try re-installing my display driver? I have an ATI video card and turned off the ATI service when I kept getting multiple instances of ati2evxx.exe proceses running on my machine. Do you think this could have to do with why I cannot see my laptop monitor but can see the display if I connect my laptop to an external monitor? The laptop showed no signs of the lcd going bad...I did the flashlight test and cannot see any graphics, so it's not a backight issue. Any more help would be greatly appreciated.
Thanks again for all of your help so far!
|
|
megz77
Suspended due to non-functional email address
|
25. November 2008 @ 19:04 |
Link to this message
|
Hello again. I tried re-running Combofix. I was reading through some forums and noticed that it said to make sure you save the exe to your desktop. I was running it from a flash drive. Sorry about that....
Here's my Combo-fix log....hopefully this helps. Let me know if you still want me to try the rescue disk you suggested as well.
Thanks again! :)
ComboFix 08-11-26.01 - Administrator 2008-11-25 18:47:34.2 - NTFSx86 NETWORK
Running from: c:\documents and settings\Administrator\Desktop\Combo-Fix.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\windows\system32\_000006_.tmp.dll
c:\windows\system32\_000007_.tmp.dll
c:\windows\system32\drivers\TDSSmhct.sys
c:\windows\system32\mfc45.dll
c:\windows\system32\TDSSbrsr.dll
c:\windows\system32\TDSSkkdu.log
c:\windows\system32\TDSSlxwp.dll
c:\windows\system32\TDSSnmxh.log
c:\windows\system32\TDSSoiqh.dll
c:\windows\system32\TDSSorvd.dat
c:\windows\system32\TDSSrhyp.log
c:\windows\system32\TDSSriqp.dll
c:\windows\system32\TDSSsihc.dll
c:\windows\system32\TDSSxfum.dll
c:\windows\system32\wsys.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_TDSSSERV.SYS
-------\Legacy_TDSSSERV.SYS
-------\Legacy_EXAMPLE
-------\Legacy_NETH
-------\Service_Neth
-------\Legacy_EXAMPLE
-------\Legacy_NETH
((((((((((((((((((((((((( Files Created from 2008-10-26 to 2008-11-26 )))))))))))))))))))))))))))))))
.
2008-11-24 19:45 . 2004-11-18 21:09 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Symantec
2008-11-24 19:45 . 2004-11-18 20:58 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Sonic
2008-11-24 19:45 . 2004-11-18 21:08 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Apple Computer
2008-11-24 19:45 . 2008-11-24 19:45 <DIR> d-------- c:\documents and settings\Administrator.
2008-11-21 13:27 . 2008-11-21 13:29 <DIR> d-------- C:\scanner
2008-11-21 11:53 . 2008-11-21 11:53 <DIR> d-------- c:\program files\Yahoo!
2008-11-21 11:52 . 2008-11-21 11:58 <DIR> d-------- c:\program files\CCleaner
2008-11-18 22:02 . 2008-11-18 22:02 <DIR> d-------- c:\documents and settings\LocalService\Application Data\iolo
2008-11-18 20:13 . 2008-11-18 20:13 406 --a------ c:\windows\system32\ioloBootDefrag.cfg
2008-11-18 20:09 . 2008-11-21 10:33 <DIR> d-------- c:\program files\iolo
2008-11-18 20:05 . 2008-11-18 22:52 <DIR> d-------- c:\documents and settings\Jim\Application Data\iolo
2008-11-18 20:05 . 2008-11-21 10:33 <DIR> d-------- c:\documents and settings\All Users\Application Data\iolo
2008-11-14 15:28 . 2008-11-14 15:28 <DIR> d-------- c:\documents and settings\All Users\Application Data\PC Drivers HeadQuarters
2008-11-14 14:22 . 2008-11-14 14:23 <DIR> d-------- c:\documents and settings\Jim\Application Data\RegClean
2008-11-14 14:03 . 2008-11-14 14:03 10 --a------ c:\windows\WININIT.INI
2008-11-14 13:52 . 2008-11-14 13:52 <DIR> d-------- c:\documents and settings\Administrator
2008-11-11 21:28 . 2008-10-24 06:21 455,296 --------- c:\windows\system32\dllcache\mrxsmb.sys
2008-11-11 21:27 . 2008-09-04 12:15 1,106,944 --------- c:\windows\system32\dllcache\msxml3.dll
2008-11-07 15:34 . 2004-08-04 08:00 4,224 --a------ c:\windows\system32\dllcache\beep.sys
2008-11-06 23:04 . 2008-11-06 23:04 <DIR> d-------- c:\documents and settings\All Users\Application Data\hpqwmi
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-19 04:09 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-18 23:46 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2008-11-08 03:08 --------- d-----w c:\documents and settings\All Users\Application Data\McAfee.com Personal Firewall
2008-11-05 05:16 --------- d-----w c:\documents and settings\Jim\Application Data\SolidWorks
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-04-17 17:18 4 ----a-w c:\documents and settings\Jim \FO933.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2004-11-22 307200]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2003-10-07 159744]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592]
"eabconfg.cpl"="c:\program files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-08-19 290816]
"MSKAGENTEXE"="c:\progra~1\McAfee\SPAMKI~1\MskAgent.exe" [2005-09-26 110592]
"MCAgentExe"="c:\progra~1\mcafee.com\agent\mcagent.exe" [2005-09-22 303104]
"MCUpdateExe"="c:\progra~1\mcafee.com\agent\mcupdate.exe" [2006-01-11 212992]
"MSKDetectorExe"="c:\progra~1\McAfee\SPAMKI~1\MSKDetct.exe" [2006-11-07 1121280]
"VSOCheckTask"="c:\progra~1\McAfee.com\VSO\mcmnhdlr.exe" [2005-07-08 151552]
"VirusScan Online"="c:\program files\McAfee.com\VSO\mcvsshld.exe" [2005-08-10 163840]
"OASClnt"="c:\program files\McAfee.com\VSO\oasclnt.exe" [2005-08-11 53248]
"MPSExe"="c:\progra~1\mcafee.com\mps\mscifapp.exe" [2006-03-30 296488]
"MPFExe"="c:\progra~1\McAfee.com\PERSON~1\MpfTray.exe" [2005-11-11 1005096]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2006-03-13 233472]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2004-06-04 15:38 286720 c:\program files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2008-04-13 19:12 1695232 c:\program files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIModeChange]
--a------ 2001-09-04 12:24 28672 c:\windows\system32\Ati2mdxx.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Windows sharing object"=2 (0x2)
"SolidWorks Licensing Service"=3 (0x3)
"ose"=3 (0x3)
"Neth"=2 (0x2)
"iPodService"=3 (0x3)
"Adobe LM Service"=3 (0x3)
"MskService"=2 (0x2)
"mnmsrvc"=3 (0x3)
"mcupdmgr.exe"=3 (0x3)
"McTskshd.exe"=2 (0x2)
"McShield"=2 (0x2)
"McDetect.exe"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
R0 atiide;atiide;c:\windows\system32\DRIVERS\atiide.sys [2004-11-18 5632]
R2 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2008-11-18 596840]
R2 ioloSystemService;iolo System Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2008-11-18 596840]
S2 DirectX common;DirectX common; []
S4 Windows sharing object;Windows sharing object; []
.
Contents of the 'Scheduled Tasks' folder
2008-11-26 c:\windows\Tasks\McAfee.com Scan for Viruses - My Computer (Jim).job
- c:\program files\mcafee.com\vso\mcmnhdlr.exe [2005-07-08 17:18]
2008-11-14 c:\windows\Tasks\RegClean Scheduled Scan.job
- c:\program files\RegClean\RegClean.exe []
2008-11-14 c:\windows\Tasks\RegClean Scheduled Scan.job
- c:\program files\RegClean []
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-Malwarebytes Anti-Malware (reboot) - c:\program files\Malwarebytes' Anti-Malware\mbam.exe
MSConfigStartUp-brastk - brastk.exe
.
------- Supplementary Scan -------
.
FireFox -: Profile - c:\documents and settings\Jim\Application Data\Mozilla\Firefox\Profiles\uve2uzyg.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1434207&SearchSource=3&q=
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF -: plugin - c:\program files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
FF -: plugin - c:\program files\Java\jre1.5.0_06\bin\NPJava11.dll
FF -: plugin - c:\program files\Java\jre1.5.0_06\bin\NPJava12.dll
FF -: plugin - c:\program files\Java\jre1.5.0_06\bin\NPJava13.dll
FF -: plugin - c:\program files\Java\jre1.5.0_06\bin\NPJava14.dll
FF -: plugin - c:\program files\Java\jre1.5.0_06\bin\NPJava32.dll
FF -: plugin - c:\program files\Java\jre1.5.0_06\bin\NPJPI150_06.dll
FF -: plugin - c:\program files\Java\jre1.5.0_06\bin\NPOJI610.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npsnapfish.dll
FF -: plugin - c:\program files\Yahoo!\Common\npyaxmpb.dll
.
.
------- File Associations -------
.
JSEFile=NOTEPAD.EXE %1
VBEFile=NOTEPAD.EXE %1
VBSFile=NOTEPAD.EXE %1
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-26 18:52:40
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'lsass.exe'(716)
c:\windows\system32\mclsp.dll
c:\windows\system32\SPORDER.dll
c:\windows\system32\mclsphlr\gdlsphlr.dll
c:\windows\system32\McRtl32.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\LexBceS.exe
c:\windows\system32\Lexpps.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\progra~1\McAfee.com\PERSON~1\MpfService.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\progra~1\McAfee.com\VSO\McVSEscn.exe
c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe
c:\program files\Windows Desktop Search\WindowsSearch.exe
c:\program files\Apoint2K\ApntEx.exe
c:\program files\Windows Desktop Search\WindowsSearchIndexer.exe
c:\progra~1\McAfee.com\PERSON~1\MpfAgent.exe
c:\program files\Windows Desktop Search\WindowsSearchFilter.exe
.
**************************************************************************
.
Completion time: 2008-11-26 18:56:42 - machine was rebooted [Jim]
ComboFix-quarantined-files.txt 2008-11-26 23:56:38
Pre-Run: 65,555,791,872 bytes free
Post-Run: 64,327,430,144 bytes free
203 --- E O F --- 2008-11-12 08:02:12
|
Senior Member
|
26. November 2008 @ 04:53 |
Link to this message
|
Hey Megan
Ahhh... that's better. Your log looks clean now.
Perhaps your laptop monitor has spoiled, and you might want to try bringing it to a computer repair shop to check it.
I would also like you to follow these instructions:
Find this folder- C:\Qoobox, zip it up, and upload it to http://www.uploadmalware.com/
Best Regards :D
Life is but a dream; you dont feel any pain unless you want to or you fall off the bed.
Success is relative; the more success the more relatives.
A computer once beat me at chess, but it was no match for me at kickboxing.
To be or not to be; thats a dumb question.
|
|
megz77
Suspended due to non-functional email address
|
26. November 2008 @ 08:46 |
Link to this message
|
Hello again cdavfrew
Thanks so much for your help, the laptop is running great now, except for the monitor that is. :( When I got into Display Properties, Settings, my laptop is seeing both my external monitor that I am running off of currently, and my LCD laptop screen, however, when I try to toggle between screens (function F4 on my laptop) my external monitor flashes black, then comes back up. It seems like it's trying to switch to the LCD, but something is holding it up. Also, when I try to drag my #2 monitor to be the #1 monitor, it will not allow me to check "make this my primarty display". I tried disabling monitor #2, but apparently I didn't do this correctly because all it did was disable the ATI driver and revert to the basic display drivers. Any suggestions on things to try? I will follow your instructions and zip up the Qoobox and upload when I get home tonight.
Thanks again for all of your help! You're a life saver! :)
|
Senior Member
|
26. November 2008 @ 09:52 |
Link to this message
|
|
Hey Megan
Sadly, I cannot determine what is wrong with your laptop moniitor without physical access. Perhaps you should get it to a computer repair shop instead.
Best Wishes :D
Life is but a dream; you dont feel any pain unless you want to or you fall off the bed.
Success is relative; the more success the more relatives.
A computer once beat me at chess, but it was no match for me at kickboxing.
To be or not to be; thats a dumb question.
|
|
megz77
Suspended due to non-functional email address
|
26. November 2008 @ 11:57 |
Link to this message
|
|
Unfortunately money is a big issue right now, and I don't want to get ripped off it it's just something that's disabled due to whatever virus I had. I guess I'll have to just keep searching Google (no help so far, but maybe a miracle will happen).
Thanks again
|
|
megz77
Suspended due to non-functional email address
|
26. November 2008 @ 19:41 |
Link to this message
|
|
Hi cdavfrew...
File submitted as requested. Thanks again!
|
Senior Member
|
29. November 2008 @ 09:10 |
Link to this message
|
|
Hey megz77
Sorry to hear that you cannot fix your computer at a computer repair store... problems like yours can be quite tedious in research for a fix, as it can be due to driver, wire, video card, etc problems, and can be quite hard to narrow down. Wish you good luck though!
Best Regards :D
Life is but a dream; you dont feel any pain unless you want to or you fall off the bed.
Success is relative; the more success the more relatives.
A computer once beat me at chess, but it was no match for me at kickboxing.
To be or not to be; thats a dumb question.
|
|
megz77
Suspended due to non-functional email address
|
1. December 2008 @ 09:41 |
Link to this message
|
Thanks...I'll probably just wait until after the holidays and take it in to be repaired.
BTW< my laptop picked up Antivirus 2009 again. I was able to clean it quickly this time....but wow, is this an agressive virus. Any suggestions to keep it at bay? Apparently it disables my mcafee. I had to re-enable everything once I cleaned it.
|
Senior Member
|
2. December 2008 @ 04:14 |
Link to this message
|
Life is but a dream; you dont feel any pain unless you want to or you fall off the bed.
Success is relative; the more success the more relatives.
A computer once beat me at chess, but it was no match for me at kickboxing.
To be or not to be; thats a dumb question.
|
|
megz77
Suspended due to non-functional email address
|
2. December 2008 @ 10:39 |
Link to this message
|
|
Thanks again! :)
|
|
Advertisement
|
|
|
Senior Member
|
2. December 2008 @ 22:31 |
Link to this message
|
|
Hey megz77
You're welcome! Cheers :D
Life is but a dream; you dont feel any pain unless you want to or you fall off the bed.
Success is relative; the more success the more relatives.
A computer once beat me at chess, but it was no match for me at kickboxing.
To be or not to be; thats a dumb question.
|
