|
| ||
| Help! My server is down and it can't get up!! Hi - Downloaded Malwarebytes Anti-Malware. It found 63 infections and then said it removed them. Problem still exists. Ran it again, it found three more...problem still exists. Essentially the issue is that my browser greets me with a server down error. I know the server works because I am using it now on another computer. I have the logs but know there may be more you need. I would really appreciate your help. I cannot access the internet from the infected computer so any logs have to be transferred etc. Please help...thanks. Frustrated |
| ||
| Re: Help! My server is down and it can't get up!! Which version of MBAM do you have? Latest database for it is 1615 I think. Post the MBAM log and an hijackthis log after rebooting your pc. |
| ||
| Re: Help! My server is down and it can't get up!! Hi Crunchie, MBAM is 1.31 looks like there is a 1.32 from updating but I cannot get that on the infected computer because I can't get online. I will post my logs asap. Thanks |
| ||
| Re: Help! My server is down and it can't get up!! Crunchie, Here are both log results from full scan and quick scan as well as the hijack this log. Just FYI, I performed another full scan and no infections were found, but problem still exists. Malwarebytes' Anti-Malware 1.31 Database version: 1456 Windows 5.1.2600 Service Pack 2 1/2/2009 2:12:10 PM mbam-log-2009-01-02 (14-12-10).txt Scan type: Full Scan (C:\|D:\|Z:\|) Objects scanned: 117041 Time elapsed: 51 minute(s), 17 second(s) Memory Processes Infected: 3 Memory Modules Infected: 2 Registry Keys Infected: 6 Registry Values Infected: 3 Registry Data Items Infected: 0 Folders Infected: 6 Files Infected: 63 Memory Processes Infected: C:\Program Files\Ascentive\ActiveSpeed\AS.exe (Rogue.Multiple) -> Unloaded process successfully. C:\Program Files\Ascentive\PC SpeedScan Pro\PCSpeedScan.exe (Rogue.Multiple) -> Unloaded process successfully. C:\Program Files\Ascentive\Performance Center\ApcMain.exe (Rogue.Multiple) -> Unloaded process successfully. Memory Modules Infected: C:\Program Files\Ascentive\ActiveSpeed\ASRes.dll (Rogue.Multiple) -> Delete on reboot. C:\Program Files\Ascentive\PC SpeedScan Pro\SSRes.dll (Rogue.Multiple) -> Delete on reboot. Registry Keys Infected: HKEY_CLASSES_ROOT\TypeLib\{497dddb6-6eee-4561-9621-b77dc82c1f84} (Rogue.AscentivePerformance) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{4e980492-027b-47f1-a7ab-ab086dacbb9e} (Rogue.AscentivePerformance) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{5ead8321-fcbb-4c3f-888c-ac373d366c3f} (Rogue.AscentivePerformance) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{31f3cf6e-a71a-4daa-852b-39ac230940b4} (Rogue.AscentivePerformance) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\antispywarexp2009 (Rogue.AntispywareXP) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\tdss (Trojan.Agent) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\system32\SysRestore.dll (Rogue.AscentivePerformance) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\PC SpeedScan Pro (Rogue.PCSpeedScan) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Performance Center (Rogue.PCSpeedScan) -> Quarantined and deleted successfully. Registry Data Items Infected: (No malicious items detected) Folders Infected: C:\Program Files\Ascentive (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Program Files\Ascentive\ActiveSpeed (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Program Files\Ascentive\PC SpeedScan Pro (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Program Files\Ascentive\Performance Center (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Program Files\Ascentive\Spyware Striker (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Start Menu\Programs\Ascentive (Rogue.Multiple) -> Quarantined and deleted successfully. Files Infected: C:\Documents and Settings\Francine.Macdonald\Local Settings\Temp\TDSSd5eb.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINDOWS\system32\SysRestore.dll (Rogue.AscentivePerformance) -> Quarantined and deleted successfully. C:\WINDOWS\system32\TDSScrxx.dll (Trojan.TDSS) -> Delete on reboot. C:\WINDOWS\system32\TDSSottu.dll (Trojan.TDSS) -> Delete on reboot. C:\WINDOWS\system32\TDSSyavu.dll (Trojan.TDSS) -> Delete on reboot. C:\WINDOWS\system32\drivers\TDSSmhot.sys (Trojan.TDSS) -> Delete on reboot. C:\WINDOWS\Temp\TDSS2303.tmp (Trojan.TDSS) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\TDSS25e1.tmp (Trojan.TDSS) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\TDSS28ee.tmp (Trojan.TDSS) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\TDSS2c1b.tmp (Trojan.TDSS) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\TDSS30ce.tmp (Trojan.TDSS) -> Quarantined and deleted successfully. C:\Program Files\Ascentive\Performance Centertemp.htm (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Program Files\Ascentive\ActiveSpeed\AS.exe (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Program Files\Ascentive\ActiveSpeed\ascbalon.dll (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Program Files\Ascentive\ActiveSpeed\ascIP95.DLL (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Program Files\Ascentive\ActiveSpeed\ascIPNT.DLL (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Program Files\Ascentive\ActiveSpeed\ASRes.dll (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Program Files\Ascentive\PC SpeedScan Pro\PCSpeedScan.exe (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Program Files\Ascentive\PC SpeedScan Pro\SSRes.dll (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Program Files\Ascentive\PC SpeedScan Pro\WatchList.ini (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Program Files\Ascentive\Performance Center\APCLang.dll (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Program Files\Ascentive\Performance Center\ApcMain.exe (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Program Files\Ascentive\Performance Center\GUID (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Program Files\Ascentive\Performance Center\SOUND.WAV (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Program Files\Ascentive\Spyware Striker\Activex.dat (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Program Files\Ascentive\Spyware Striker\Activex.txt (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Program Files\Ascentive\Spyware Striker\adnetworklist.dat (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Program Files\Ascentive\Spyware Striker\adnetworklist.xml (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Program Files\Ascentive\Spyware Striker\bholist.dat (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Program Files\Ascentive\Spyware Striker\bholist.xml (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Program Files\Ascentive\Spyware Striker\CLSID.dat (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Program Files\Ascentive\Spyware Striker\CLSID.ini (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Program Files\Ascentive\Spyware Striker\MD5.dat (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Program Files\Ascentive\Spyware Striker\MD5.ini (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Program Files\Ascentive\Spyware Striker\psapi.dll (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Program Files\Ascentive\Spyware Striker\Registry.dat (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Program Files\Ascentive\Spyware Striker\Registry.ini (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Program Files\Ascentive\Spyware Striker\SpywareStriker.exe (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Program Files\Ascentive\Spyware Striker\SSRev3Res.dll (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Program Files\Ascentive\Spyware Striker\startuplist.dat (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Program Files\Ascentive\Spyware Striker\startuplist.ini (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Program Files\Ascentive\Spyware Striker\threats.dat (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Program Files\Ascentive\Spyware Striker\threats.ini (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Program Files\Ascentive\Spyware Striker\WatchList.ini (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Start Menu\Programs\Ascentive\ActiveSpeed.lnk (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Start Menu\Programs\Ascentive\PC SpeedScan Pro.lnk (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Start Menu\Programs\Ascentive\Performance Center.lnk (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Start Menu\Programs\Ascentive\Spyware Striker Pro.lnk (Rogue.Multiple) -> Quarantined and deleted successfully. C:\WINDOWS\system32\delself.bat (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\system32\~.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\WINDOWS\system32\wini10801.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Francine.Macdonald\Cookies\wijabapyfe.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\Documents and Settings\Francine.Macdonald\Local Settings\Temp\wrdwn2 (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Francine.Macdonald\Local Settings\Temp\wrdwn3 (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Francine.Macdonald\Local Settings\Temp\wrdwn4 (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Francine.Macdonald\Local Settings\Temp\wrdwn5 (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Francine.Macdonald\Local Settings\Temp\wrdwn6 (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Francine.Macdonald\Local Settings\Temp\wrdwn7 (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Desktop\Spyware Striker Update.url (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Desktop\Spyware Striker.lnk (Rogue.Multiple) -> Quarantined and deleted successfully. C:\WINDOWS\system32\TDSSnmxh.log (Trojan.TDSS) -> Delete on reboot. C:\WINDOWS\system32\TDSSnpur.dll (Rootkit.Agent) -> Delete on reboot. C:\WINDOWS\system32\TDSSpaxt.dll (Rootkit.Agent) -> Delete on reboot. Malwarebytes' Anti-Malware 1.31 Database version: 1456 Windows 5.1.2600 Service Pack 2 1/2/2009 3:01:05 PM mbam-log-2009-01-02 (15-01-05).txt Scan type: Quick Scan Objects scanned: 65037 Time elapsed: 10 minute(s), 55 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 3 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\WINDOWS\Temp\TDSS1ead.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\TDSS9d16.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Francine.Macdonald\Local Settings\Temp\TDSSd5cb.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 6:17:38 PM, on 1/2/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\brsvc01a.exe C:\WINDOWS\system32\brss01a.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\basfipm.exe C:\Program Files\Symantec AntiVirus\DefWatch.exe C:\Program Files\Dell\OpenManage\Client\Iap.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\Program Files\Symantec AntiVirus\SavRoam.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Symantec AntiVirus\Rtvscan.exe C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\hkcmd.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\Program Files\Dell\QuickSet\quickset.exe C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\PROGRA~1\SYMANT~1\VPTray.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\Program Files\Logitech\Video\LogiTray.exe C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Microsoft Location Finder\LocationFinder.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe C:\Program Files\Logitech\Video\FxSvr2.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqimzone.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.com/ R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe O4 - HKLM\..\Run: [KeyAccess] C:\WINDOWS\keyacc32.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Microsoft Location Finder] "C:\Program Files\Microsoft Location Finder\LocationFinder.exe" O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" AcPro7_0_8 -reboot 1 O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ? O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Bluetooth Manager.lnk = ? O4 - Global Startup: Digital Line Detect.lnk = ? O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqthb08.exe O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe O4 - Global Startup: hpoddt01.exe.lnk = ? O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Program Files\MP3 Player Utilities 4.00\AMVConverter\grab.html O8 - Extra context menu item: Add to Media Manager... - C:\Program Files\MP3 Player Utilities 4.00\MediaManager\grab.html O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813 O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.costcophotocenter.com/CostcoActivia.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1202945026906 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = csuci.edu O17 - HKLM\Software\..\Telephony: DomainName = csuci.edu O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = csuci.edu O20 - AppInit_DLLs: karna.dat KATRACK.DLL O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Broadcom ASF IP monitoring service v6.0.4 (BAsfIpM) - Broadcom Corp. - C:\WINDOWS\system32\basfipm.exe O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: Iap - Dell Inc - C:\Program Files\Dell\OpenManage\Client\Iap.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPZipm12.exe O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe O23 - Service: WLANKEEPER - IntelĀ® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe -- End of file - 13369 bytes |
| ||
| Re: Help! My server is down and it can't get up!! Go here; http://www.gt500.org/malwarebytes/database.jsp and download the latest database. Save it to whatever you are using to go between the pc's, then run the update on the infected pc. Re-run MBAM again doing a full scan and remove what is found. Reboot the machine and post a new hijackthis log and the MBAM log. Let me know if you can get online. |
| ||
| Re: Help! My server is down and it can't get up!! New database and version found no infections. Everything like it was. Problem still exists. Just searches and then comes up with page cannot be displayed. |
| ||
| Re: Help! My server is down and it can't get up!! Hi - Problem is fixed. Not sure what the issue was, but after realizing that my computer has no infections I decided to reinstall the browser. Once I did that, it worked! I am happy again. Thanks for your help on this. |
| ||
| Re: Help! My server is down and it can't get up!! No worries. Go to add/remove programs and uninstall all entries for Java. Go to http://www.java.com/en/download/manual.jsp and download the latest version. You should also go into msconfig | startups and and disable some of those 04 entries from starting with Windows. They must be killing your pc. |
| All times are GMT -4. The time now is 3:08 pm. |
Forum system based on vBulletin Copyright ©2000 - 2009, Jelsoft Enterprises Ltd.
©2003 - 2009 DaniWeb® LLC