Login | Live Chat & Podcast at 1:00PM Eastern on Sunday! |
 Search | |
| |
18-Oct-2009, 03:39 PM
#1 | ||||||
| no user login screen windows vista home premium dell inspiron 1525 avast free version i got home from running some errands to a blank screen with a working cursor....it's not a bsod my daughter's boyfriend is real apologetic, said he downloaded a game  ....then extracted it onto my desktop....tried the .exe file and nothing happened, so he tried the readme filegot a "notepad is not working" message and clicked on the "find a solution the web" link got a "firefox is not working" message at this point he panicked, i guess, and deleted the game folder and the zipped.rar file and shut down. rebooted, entered the computer password (yes my daughter knows it), and everything seemed fine, 'cept he never got to the windows icon that precedes the user login prompt....it's just sittin on the dark screen with the working cursor....no harddrive activity whatsoever (near as i can tell, anyway) so i shut down and booted into safe mode, and i see a lot of error messages in the event log surrounding this game. windows security/firewall is turned off and won't turn (i don't know if this normal for safe mode or not.....pretty much a technodope) tried a system restore to a time early this morning when i downloaded some updates, and rebooted....no difference i logged in in safe mode again and changed to boot settings to safe mode with diagnostics (thinking that might help....remember, technodope).....booting up that was leaves me at the same screen as a normal boot. i'm currently running a scan through avast, and plan on posting a hijack this log as soon as i can... but i wanted to lay this out and see what sort of comments y'all got.
__________________ "When we face the empire, we face ourselves... to survive, it is imperative that we cease to lie to ourselves about our condition." |
| |
18-Oct-2009, 07:44 PM
#2 | ||||||
| |
18-Oct-2009, 11:42 PM
#3 | ||||||
| Quote:
Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:01:59 PM, on 10/18/2009 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18294) Boot mode: Safe mode Running processes: C:\Windows\Explorer.EXE G:\hijackthis\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Users\Bob\rpbrowserrecordplugin.dll O2 - BHO: EmailBHO - {647FD14A-C4F1-46F4-8FC3-0B40F54226F7} - C:\Program Files\jZip\WebmailPlugin.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User '?') O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User '?') O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll O13 - Gopher Prefix: O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll -- End of file - 4002 bytes
__________________ "When we face the empire, we face ourselves... to survive, it is imperative that we cease to lie to ourselves about our condition." |
19-Oct-2009, 10:45 AM
#5 | ||||||
| Quote:
other scans, as suggested, found nothing more than the usual adware i always collect i think the only thing left to do is make a startup repair disk, and try that 
__________________ "When we face the empire, we face ourselves... to survive, it is imperative that we cease to lie to ourselves about our condition." |
19-Oct-2009, 01:04 PM
#7 | |||||
| Quote:
To boot that dvd you need to start tapping f12 after powering up then select boot the dvd....this is a one time boot option thus preventing you from having to change bios settings For whats its worth..the memory that came out in these units are junk.Mine failed twice...and friend of mine has one of these units his also failed...you can have some very strange symptoms with failing ram...If you can boot to f12 and select diagnostics,,it will check the ram
__________________ I Was Wrong Once But Later On Found Out I Was Right Last edited by aka Brett; 19-Oct-2009 at 01:33 PM.. |
19-Oct-2009, 01:28 PM
#8 | ||||||||||||||||||
| Quote:
Quote:
Quote:
Quote:
1. this is an error that occured downloading the upgrades yesterday morning around 6:00am (10/18) Quote:
Quote:
Quote:
Quote:
Quote:
Quote:
Quote:
Quote:
Quote:
Quote:
Quote:
Quote:
Quote:
Quote:
__________________ "When we face the empire, we face ourselves... to survive, it is imperative that we cease to lie to ourselves about our condition." |
19-Oct-2009, 01:35 PM
#9 | ||||||
| Quote:
 Quote:
 that might explain why CS3 started acting odd last week, tho |
19-Oct-2009, 02:34 PM
#11 | |||||
| You have a TDSS rootkit infection. I trust you have backed up any important documents, photos, etc. If not, I suggest you do so now as the machine is unstable. Please visit Combofix Guide & Instructions for instructions for installing the recovery console and downloading and running ComboFix. The only thing different from the instructions there is that when downloading and saving the ComboFix.exe I would like you to rename it to puppy.exe please. Post the log from ComboFix when you've accomplished that along with a new HijackThis log. Important notes regarding ComboFix: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser. This can easily be changed once we're finished. ComboFix also prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you, please let me know. This can be undone manually when we're finished. Read HERE for an article written by dvk01 on why we disable autoruns.
__________________ Microsoft MVP - Consumer Security Last edited by Cookiegal; 19-Oct-2009 at 04:16 PM.. Reason: To fix typo |
19-Oct-2009, 04:04 PM
#12 | ||||||
| Quote:
....ok....security's off, and puppy is on the desktop one quick question....should i leave normal boot on (for the puppy.exe reboots), or set it to one of the safe mode options? |
19-Oct-2009, 04:14 PM
#13 | |||||
| Quote:
 |
19-Oct-2009, 04:24 PM
#14 | ||||||
| Quote:
thanks.... here's hoping  |
19-Oct-2009, 05:03 PM
#15 | ||||||
| that didn't take very long  still in safe mode, tho.....so we're not done yet here's the puppy log and a new hjt log btw...combo fix tells me i've got super anti-spyware running....and it's not on my computer (i ran it remotely yesterday) anyway....combo fix log here....hjt, next post. ComboFix 09-10-18.06 - Bob 10/19/2009 12:33.1.2 - NTFSx86 NETWORK Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3573.3004 [GMT -7:00] Running from: c:\users\Bob\Desktop\puppy.exe SP: SUPERAntiSpyware *enabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\$recycle.bin\S-1-5-21-2773397201-2855733099-4214572315-500 c:\$recycle.bin\S-1-5-21-308377154-4036065607-1672078067-1001 c:\$recycle.bin\S-1-5-21-308377154-4036065607-1672078067-1002 c:\$recycle.bin\S-1-5-21-308377154-4036065607-1672078067-1003 c:\$recycle.bin\S-1-5-21-308377154-4036065607-1672078067-500 C:\install.exe c:\windows\system32\AutoRun.inf c:\windows\system32\oem8.inf . ((((((((((((((((((((((((( Files Created from 2009-09-19 to 2009-10-19 ))))))))))))))))))))))))))))))) . 2009-10-19 03:49 . 2009-10-19 03:49 -------- d-----w- c:\users\Bob\AppData\Roaming\Malwarebytes 2009-10-19 03:49 . 2009-09-10 21:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-10-19 03:49 . 2009-10-19 03:49 -------- d-----w- c:\programdata\Malwarebytes 2009-10-19 03:49 . 2009-10-19 03:49 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-10-19 03:49 . 2009-09-10 21:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-10-19 03:04 . 2009-10-19 03:04 -------- d-----w- c:\users\Bob\AppData\Roaming\SUPERAntiSpyware.com 2009-10-19 03:04 . 2009-10-19 03:04 -------- d-----w- c:\programdata\SUPERAntiSpyware.com 2009-10-18 23:37 . 2009-10-19 13:40 -------- d-----w- c:\windows\system32\wbem\repository 2009-10-15 13:26 . 2009-09-14 09:44 144896 ----a-w- c:\windows\system32\drivers\srv2.sys 2009-10-15 13:26 . 2009-09-10 17:30 213504 ----a-w- c:\windows\system32\msv1_0.dll 2009-10-15 13:26 . 2009-08-05 14:22 3597896 ----a-w- c:\windows\system32\ntkrnlpa.exe 2009-10-15 13:26 . 2009-08-05 14:22 3546184 ----a-w- c:\windows\system32\ntoskrnl.exe 2009-10-15 13:26 . 2009-09-04 12:24 61440 ----a-w- c:\windows\system32\msasn1.dll 2009-10-15 13:26 . 2009-04-02 12:37 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL 2009-10-03 12:00 . 2009-10-01 17:29 195440 ----a-w- c:\windows\system32\MpSigStub.exe . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-10-19 19:35 . 2009-05-05 14:25 6648 ----a-w- c:\users\Bob\AppData\Local\d3d9caps.dat 2009-10-18 23:59 . 2009-08-12 17:55 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard 2009-10-18 23:32 . 2009-03-05 16:51 -------- d-----w- c:\programdata\HP Product Assistant 2009-09-10 16:48 . 2009-09-10 16:48 118784 ----a-w- C:\J3rhaO9w.exe 2009-09-10 16:48 . 2009-09-10 16:48 -------- d-----w- c:\program files\Company 2009-09-10 16:48 . 2009-09-10 16:48 7984187 ----a-w- C:\ErosAdv03Full.exe 2009-09-04 21:09 . 2008-06-06 15:55 -------- d-----w- c:\program files\Google 2009-09-04 21:08 . 2009-09-04 21:08 -------- d-----w- c:\programdata\Google Updater 2009-09-04 21:08 . 2009-09-04 21:08 1246328 ----a-w- c:\program files\Google Updater.exe 2009-09-03 18:00 . 2009-09-03 18:00 -------- d-----w- c:\program files\Microsoft Silverlight 2009-08-29 15:15 . 2009-03-05 14:13 -------- d-----w- c:\program files\Java 2009-08-28 12:39 . 2009-09-02 13:38 28672 ----a-w- c:\windows\system32\Apphlpdm.dll 2009-08-28 10:15 . 2009-09-02 13:38 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll 2009-08-23 21:30 . 2008-08-25 18:20 60376 ----a-w- c:\users\Bob\AppData\Local\GDIPFONTCACHEV1.DAT 2009-08-21 16:52 . 2008-09-01 22:51 -------- d-----w- c:\program files\Mozilla Thunderbird 2009-08-17 16:10 . 2008-08-26 01:28 1279456 ----a-w- c:\windows\system32\aswBoot.exe 2009-08-17 16:05 . 2008-08-26 01:28 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys 2009-08-17 16:05 . 2008-08-26 01:28 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2009-08-17 16:05 . 2008-08-26 01:28 53328 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2009-08-17 16:04 . 2008-08-26 01:28 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2009-08-17 16:04 . 2008-08-26 01:28 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2009-08-17 16:02 . 2008-08-26 01:28 97480 ----a-w- c:\windows\system32\AvastSS.scr 2009-08-14 17:07 . 2009-09-12 14:41 897608 ----a-w- c:\windows\system32\drivers\tcpip.sys 2009-08-14 16:29 . 2009-09-12 14:41 104960 ----a-w- c:\windows\system32\netiohlp.dll 2009-08-14 16:29 . 2009-09-12 14:41 17920 ----a-w- c:\windows\system32\netevent.dll 2009-08-14 14:16 . 2009-09-12 14:41 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE 2009-08-14 14:16 . 2009-09-12 14:41 17920 ----a-w- c:\windows\system32\ROUTE.EXE 2009-08-14 14:16 . 2009-09-12 14:41 11264 ----a-w- c:\windows\system32\MRINFO.EXE 2009-08-14 14:16 . 2009-09-12 14:41 27136 ----a-w- c:\windows\system32\NETSTAT.EXE 2009-08-14 14:16 . 2009-09-12 14:41 19968 ----a-w- c:\windows\system32\ARP.EXE 2009-08-14 14:16 . 2009-09-12 14:41 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE 2009-08-14 14:16 . 2009-09-12 14:41 10240 ----a-w- c:\windows\system32\finger.exe 2009-07-25 12:23 . 2008-12-14 16:42 411368 ----a-w- c:\windows\system32\deploytk.dll 2008-06-06 15:49 . 2008-06-06 15:49 76 --sh--r- c:\windows\CT4CET.bin . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000] "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-11-23 185872] "SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-11-12 405504] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696] "Persistence"="c:\windows\system32\igfxpers.exe" [2008-03-06 133656] "OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2008-03-04 36864] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-03-06 141848] "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 174872] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-12 49152] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-03-06 166424] "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-06-06 29744] "dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-03-11 16384] "DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064] "DELL Webcam Manager"="c:\program files\Dell\Dell Webcam Manager\DellWMgr.exe" [2007-07-27 118784] "Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-12-12 3444736] "Apoint"="c:\program files\DellTPad\Apoint.exe" [2007-09-07 159744] "Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2009-02-27 38768] "Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2009-02-27 640376] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280] "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "GrpConv"="grpconv -o" [X] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2009-09-10 420176] c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-6-6 50688] HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520] QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2007-9-7 1180952] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\syste m] "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist] 2008-06-06 16:02 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GOEC62~1.DLL [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf010 00.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDef end] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc] "AntiVirusOverride"=dword:00000001 S1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [8/25/2008 6:28 PM 114768] S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\AEstSrv.exe [6/6/2008 3:34 AM 73728] S2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [8/25/2008 6:28 PM 20560] S2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [8/25/2008 6:28 PM 53328] S2 gupdate1ca2da3ff288ddd;Google Update Service (gupdate1ca2da3ff288ddd);c:\program files\Google\Update\GoogleUpdate.exe [9/4/2009 2:09 PM 133104] S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\System32\drivers\IntcHdmi.sys [6/6/2008 11:31 AM 111616] S3 OEM02Dev;Creative Camera OEM002 Driver;c:\windows\System32\drivers\OEM02Dev.sys [6/6/2008 11:30 AM 235648] S3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver;c:\windows\System32\drivers\OEM02Vfx.sys [6/6/2008 11:30 AM 7424] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . Contents of the 'Scheduled Tasks' folder 2009-10-17 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-09-04 21:08] 2009-10-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-09-04 21:09] 2009-10-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-09-04 21:09] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ uInternet Settings,ProxyOverride = *.local IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html FF - ProfilePath - c:\users\Bob\AppData\Roaming\Mozilla\Firefox\Profiles\l0d4t1gv.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.com FF - plugin: c:\program files\Google\Google Updater\2.4.1698.5652\npCIDetect13.dll FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll FF - plugin: c:\users\Bob\Netscape6\nppl3260.dll FF - plugin: c:\users\Bob\Netscape6\nprjplug.dll FF - plugin: c:\users\Bob\Netscape6\nprpjplug.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ . - - - - ORPHANS REMOVED - - - - HKCU-Run-SUPERAntiSpyware - g:\superantispyware\SUPERAntiSpyware.exe HKLM-RunOnce-<NO NAME> - (no file) ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-10-19 12:41 Windows 6.0.6001 Service Pack 1 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . Completion time: 2009-10-19 12:44 ComboFix-quarantined-files.txt 2009-10-19 19:44 Pre-Run: 171,291,848,704 bytes free Post-Run: 173,635,080,192 bytes free - - End Of File - - 66EEBF5B6B861961EB6404416368763E
__________________ "When we face the empire, we face ourselves... to survive, it is imperative that we cease to lie to ourselves about our condition." |
 |
| |
| Currently Active Users Viewing This Thread: 1 (0 members and 1 guests) | |
| Thread Tools | |
| |
| You Are Using:  |
Advertisements do not imply our endorsement of that product or service. All times are GMT -4. The time now is 02:41 AM. Copyright © 1996 - 2011 TechGuy, Inc. All rights reserved. |  |
Facebook
Twitter
TechGuy.tv
TSG Mobile