|
|
|
|
|||||
|
|
|
|
|
|
|||
| Welcome
to Tech Support Forum home to more then 136,000 problems solved. Issues
have included: Spyware, Malware, Virus Issues, Windows, Microsoft,
Linux, Networking, Security, Hardware, and Gaming Getting your
problem solved is as easy as: 1. Registering for a free account 2. Asking your question 3. Receiving an answer Registered members: * See fewer ads. * And much more..
|
| Want to know how to post a question? click here | Having problems with spyware and pop-ups? First Steps |
|
|||||||
| Resolved HJT Threads Resolved spyware and popup issues. |
|
|
LinkBack | Thread Tools |
07-20-2007, 03:13 PM
|
#1 (permalink) |
|
Registered User
|
home pc windows firewall stuck in off, grayed out, log results
these are the scan results from my home computer as followed by the 5 step instructions. however, i encountered a problem in that the pandasoftware scan site wouldn't load on IE, (or firefox). My windows firewall will not allow me, the administrator, to turn on my firewall. it is grayed out in the off position, and says something about group policy controlling it. i also had a problem with task manager and msconfig opening up, but this problem disappeared all of a sudden. So i think there is some sort of malware on my pc that is still preventing me from turning on my firewall, so here are the scan results...
Deckard's System Scanner v20070711.54 Run by Administrator on 2007-07-20 at 16:59:38 Computer is in Normal Mode. -------------------------------------------------------------------------------- Backed up registry hives. Performed disk cleanup. -- HijackThis (run as Administrator.exe) --------------------------------------- Unable to find log (file not found); running clone. -- HijackThis Clone ------------------------------------------------------------ Emulating logfile of HijackThis v1.99.1 Scan saved at 2007-07-20 17:03:46 Platform: Windows 2003 Service Pack 2 (5.02.3790) MSIE: Internet Explorer (7.00.6000.16473) Running processes: C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\RTHDCPL.exe C:\WINDOWS\SysWOW64\ctfmon.exe C:\WINDOWS\system32\winbo32.exe C:\Program Files (x86)\iPod\bin\iPodService.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\ASUS\AASP\1.00.15\aaCenter.exe C:\Documents and Settings\Administrator\Desktop\dss.exe C:\Program Files (x86)\Trend Micro\HijackThis\Administrator.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie F2 - REG:system.ini: UserInit=userinit O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.6.0_01\bin\ssv.dll O4 - HKLM\..\Run: [winbo32] winbo32.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Launch PC Probe II] "C:\Program Files (x86)\ASUS\PC Probe II\Probe2.exe" 1 O4 - HKLM\..\RunServices: [winbo32] winbo32.exe O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneCmd.exe" clear O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\RunServices: [ATI Video Driver Control] btorrent.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1179514302781 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1182369442500 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab O18 - Protocol: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files (x86)\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files (x86)\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL O20 - Winlogon Notify: ScCertProp - C:\WINDOWS\system32\wlnotify.dll (file missing) O20 - Winlogon Notify: Schedule - C:\WINDOWS\system32\wlnotify.dll (file missing) O20 - Winlogon Notify: SensLogn - C:\WINDOWS\system32\WlNotify.dll (file missing) O20 - Winlogon Notify: wlballoon - C:\WINDOWS\system32\wlnotify.dll (file missing) O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe /com O23 - Service: Event Log (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe O23 - Service: HTTP SSL (HTTPFilter) - Unknown owner - C:\WINDOWS\System32\lsass.exe O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe O23 - Service: Distributed Transaction Coordinator (MSDTC) - Unknown owner - C:\WINDOWS\system32\msdtc.exe O23 - Service: Net Logon (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe O23 - Service: NT LM Security Support Provider (NtLmSsp) - Unknown owner - C:\WINDOWS\system32\lsass.exe O23 - Service: nTune Service (nTuneService) - Unknown owner - C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe /StartService O23 - Service: NVIDIA Display Driver Service (NVSvc) - Unknown owner - C:\WINDOWS\system32\nvsvc64.exe O23 - Service: Plug and Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe O23 - Service: IPSEC Services (PolicyAgent) - Unknown owner - C:\WINDOWS\system32\lsass.exe O23 - Service: Protected Storage (ProtectedStorage) - Unknown owner - C:\WINDOWS\system32\lsass.exe O23 - Service: Remote Desktop Help Session Manager (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe O23 - Service: Security Accounts Manager (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe O23 - Service: Telnet (TlntSvr) - Unknown owner - C:\WINDOWS\system32\tlntsvr.exe O23 - Service: Virtual Disk Service (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe O23 - Service: Volume Shadow Copy (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe O23 - Service: WMI Performance Adapter (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe -- HijackThis Fixed Entries (C:\Documents and Settings\Administrator\My Documents\Downloads\HiJackThis_v2\backups\) -------------------------------------------------------------------------------- backup-20070622-181849-367 O4 - HKLM\..\Run: [NeroFilterCheck] "C:\Program Files (x86)\Common Files\Ahead\Lib\NeroCheck.exe" -- File Associations ----------------------------------------------------------- .cpl - cplfile - shell\runas\command - rundll32.exe shell32.dll,Control_RunDLLAsUser "%1",%* -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- R0 ACPI (Microsoft ACPI Driver) - c:\windows\system32\drivers\acpi.sys (file missing) R0 atapi (Standard IDE/ESDI Hard Disk Controller) - c:\windows\system32\drivers\atapi.sys (file missing) R0 crcdisk (CRC Disk Filter Driver) - c:\windows\system32\drivers\crcdisk.sys (file missing) R0 Disk (Disk Driver) - c:\windows\system32\drivers\disk.sys (file missing) R0 dmio (Logical Disk Manager Driver) - c:\windows\system32\drivers\dmio.sys (file missing) R0 dmload - c:\windows\system32\drivers\dmload.sys (file missing) R0 FltMgr - c:\windows\system32\drivers\fltmgr.sys (file missing) R0 Ftdisk (Volume Manager Driver) - c:\windows\system32\drivers\ftdisk.sys (file missing) R0 isapnp (PnP ISA/EISA Bus Driver) - c:\windows\system32\drivers\isapnp.sys (file missing) R0 KSecDD - c:\windows\system32\drivers\ksecdd.sys (file missing) R0 MountMgr (Mount Point Manager) - c:\windows\system32\drivers\mountmgr.sys (file missing) R0 Mup - c:\windows\system32\drivers\mup.sys (file missing) R0 NDIS (NDIS System Driver) - c:\windows\system32\drivers\ndis.sys (file missing) R0 PartMgr (Partition Manager) - c:\windows\system32\drivers\partmgr.sys (file missing) R0 PCI (PCI Bus Driver) - c:\windows\system32\drivers\pci.sys (file missing) R0 PCIIde - c:\windows\system32\drivers\pciide.sys (file missing) R0 sr (System Restore Filter Driver) - c:\windows\system32\drivers\sr.sys (file missing) R0 ViaIde - c:\windows\system32\drivers\viaide.sys (file missing) R0 videX64 - c:\windows\system32\drivers\videx64.sys (file missing) R0 VolSnap (Storage volumes) - c:\windows\system32\drivers\volsnap.sys (file missing) R0 xfiltx64 (VIA SATA IDE Hot-plug Driver) - c:\windows\system32\drivers\xfiltx64.sys (file missing) R1 Aavmker4 (avast! Asynchronous Virus Monitor) - c:\windows\system32\drivers\aavmker4.sys (file missing) R1 AFD - c:\windows\system32\drivers\afd.sys (file missing) R1 aswTdi (avast! Network Shield Support) - c:\windows\system32\drivers\aswtdi.sys (file missing) R1 Beep - c:\windows\system32\drivers\beep.sys (file missing) R1 Cdrom (CD-ROM Driver) - c:\windows\system32\drivers\cdrom.sys (file missing) R1 Fips - c:\windows\system32\drivers\fips.sys (file missing) R1 i8042prt (i8042 Keyboard and PS/2 Mouse Port Driver) - c:\windows\system32\drivers\i8042prt.sys (file missing) R1 imapi (CD-Burning Filter Driver) - c:\windows\system32\drivers\imapi.sys (file missing) R1 IPSec (IPSEC driver) - c:\windows\system32\drivers\ipsec.sys (file missing) R1 Kbdclass (Keyboard Class Driver) - c:\windows\system32\drivers\kbdclass.sys (file missing) R1 kbdhid (Keyboard HID Driver) - c:\windows\system32\drivers\kbdhid.sys (file missing) R1 mnmdd - c:\windows\system32\drivers\mnmdd.sys (file missing) R1 Mouclass (Mouse Class Driver) - c:\windows\system32\drivers\mouclass.sys (file missing) R1 MRxSmb - c:\windows\system32\drivers\mrxsmb.sys (file missing) R1 Msfs - c:\windows\system32\drivers\msfs.sys (file missing) R1 NetBIOS (NetBIOS Interface) - c:\windows\system32\drivers\netbios.sys (file missing) R1 NetBT (NetBios over Tcpip) - c:\windows\system32\drivers\netbt.sys (file missing) R1 Npfs - c:\windows\system32\drivers\npfs.sys (file missing) R1 Null - c:\windows\system32\drivers\null.sys (file missing) R1 RasAcd (Remote Access Auto Connection Driver) - c:\windows\system32\drivers\rasacd.sys (file missing) R1 Rdbss - c:\windows\system32\drivers\rdbss.sys (file missing) R1 RDPCDD - c:\windows\system32\drivers\rdpcdd.sys (file missing) R1 redbook (Digital CD Audio Playback Filter Driver) - c:\windows\system32\drivers\redbook.sys (file missing) R1 Serial (Serial port driver) - c:\windows\system32\drivers\serial.sys (file missing) R1 Tcpip (TCP/IP Protocol Driver) - c:\windows\system32\drivers\tcpip.sys (file missing) R1 TermDD (Terminal Device Driver) - c:\windows\system32\drivers\termdd.sys (file missing) R1 VgaSave (VGA Display Controller.) - c:\windows\system32\drivers\vga.sys (file missing) R2 aswMon2 (avast! Standard Shield Support) - c:\windows\system32\drivers\aswmon2.sys (file missing) R2 CdaC15BA - c:\windows\system32\drivers\cdac15ba.sys (file missing) R2 CdaD10BA - c:\windows\system32\drivers\cdad10ba.sys (file missing) R2 Secdrv (Security Driver) - c:\windows\system32\drivers\secdrv.sys (file missing) R3 aswRdr - c:\windows\system32\drivers\aswrdr.sys (file missing) R3 AtcL001 (NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Adapter) - c:\windows\system32\drivers\atl01_64.sys (file missing) R3 audstub (Audio Stub Driver) - c:\windows\system32\drivers\audstub.sys (file missing) R3 Fdc (Floppy Disk Controller Driver) - c:\windows\system32\drivers\fdc.sys (file missing) R3 Flpydisk (Floppy Disk Driver) - c:\windows\system32\drivers\flpydisk.sys (file missing) R3 Gpc (Generic Packet Classifier) - c:\windows\system32\drivers\msgpc.sys (file missing) R3 HDAudBus (Microsoft UAA Bus Driver for High Definition Audio) - c:\windows\system32\drivers\hdaudbus.sys (file missing) R3 hidusb (Microsoft HID Class Driver) - c:\windows\system32\drivers\hidusb.sys (file missing) R3 HTTP - c:\windows\system32\drivers\http.sys (file missing) R3 IntcAzAudAddService (Service for Realtek HD Audio (WDM)) - c:\windows\system32\drivers\rtkhda64.sys (file missing) R3 IpNat (IP Network Address Translator) - c:\windows\system32\drivers\ipnat.sys (file missing) R3 kmixer (Microsoft Kernel Wave Audio Mixer) - c:\windows\system32\drivers\kmixer.sys (file missing) R3 ksthunk (Kernel Streaming WOW64 Thunk Service) - c:\windows\system32\drivers\ksthunk.sys (file missing) R3 Modem - c:\windows\system32\drivers\modem.sys (file missing) R3 MRxDAV (WebDav Client Redirector) - c:\windows\system32\drivers\mrxdav.sys (file missing) R3 mssmbios (Microsoft System Management BIOS Driver) - c:\windows\system32\drivers\mssmbios.sys (file missing) R3 MTsensor (ATK0110 ACPI UTILITY) - c:\windows\system32\drivers\asacpi.sys (file missing) R3 NdisTapi (Remote Access NDIS TAPI Driver) - c:\windows\system32\drivers\ndistapi.sys (file missing) R3 Ndisuio (NDIS Usermode I/O Protocol) - c:\windows\system32\drivers\ndisuio.sys (file missing) R3 NdisWan (Remote Access NDIS WAN Driver) - c:\windows\system32\drivers\ndiswan.sys (file missing) R3 NDProxy (NDIS Proxy) - c:\windows\system32\drivers\ndproxy.sys (file missing) R3 nv - c:\windows\system32\drivers\nv4_mini.sys (file missing) R3 Parport (Parallel port driver) - c:\windows\system32\drivers\parport.sys (file missing) R3 PptpMiniport (WAN Miniport (PPTP)) - c:\windows\system32\drivers\raspptp.sys (file missing) R3 Processor (Processor Driver) - c:\windows\system32\drivers\processr.sys (file missing) R3 PSched (QoS Packet Scheduler) - c:\windows\system32\drivers\psched.sys (file missing) R3 Ptilink (Direct Parallel Link Driver) - c:\windows\system32\drivers\ptilink.sys (file missing) R3 Rasl2tp (WAN Miniport (L2TP)) - c:\windows\system32\drivers\rasl2tp.sys (file missing) R3 RasPppoe (Remote Access PPPOE Driver) - c:\windows\system32\drivers\raspppoe.sys (file missing) R3 Raspti (Direct Parallel) - c:\windows\system32\drivers\raspti.sys (file missing) R3 rdpdr (Terminal Server Device Redirector Driver) - c:\windows\system32\drivers\rdpdr.sys (file missing) R3 ROOTMODEM (Microsoft Legacy Modem Driver) - c:\windows\system32\drivers\rootmdm.sys (file missing) R3 serenum (Serenum Filter Driver) - c:\windows\system32\drivers\serenum.sys (file missing) R3 Srv - c:\windows\system32\drivers\srv.sys (file missing) R3 swenum (Software Bus Driver) - c:\windows\system32\drivers\swenum.sys (file missing) R3 sysaudio (Microsoft Kernel System Audio Device) - c:\windows\system32\drivers\sysaudio.sys (file missing) R3 Update (Microcode Update Driver) - c:\windows\system32\drivers\update.sys (file missing) R3 usbccgp (Microsoft USB Generic Parent Driver) - c:\windows\system32\drivers\usbccgp.sys (file missing) R3 usbehci (Microsoft USB 2.0 Enhanced Host Controller Miniport Driver) - c:\windows\system32\drivers\usbehci.sys (file missing) R3 usbhub (USB2 Enabled Hub) - c:\windows\system32\drivers\usbhub.sys (file missing) R3 usbuhci (Microsoft USB Universal Host Controller Miniport Driver) - c:\windows\system32\drivers\usbuhci.sys (file missing) R3 Wanarp (Remote Access IP ARP Driver) - c:\windows\system32\drivers\wanarp.sys (file missing) R3 wdmaud (Microsoft WINMM WDM Audio Compatibility Driver) - c:\windows\system32\drivers\wdmaud.sys (file missing) R4 Cdfs - c:\windows\system32\drivers\cdfs.sys (file missing) R4 Ntfs - c:\windows\system32\drivers\ntfs.sys (file missing) S1 Sfloppy - c:\windows\system32\drivers\sfloppy.sys (file missing) S3 aec (Microsoft Kernel Acoustic Echo Canceller) - c:\windows\system32\drivers\aec.sys (file missing) S3 AsyncMac (RAS Asynchronous Media Driver) - c:\windows\system32\drivers\asyncmac.sys (file missing) S3 Atmarpc (ATM ARP Client Protocol) - c:\windows\system32\drivers\atmarpc.sys (file missing) S3 hpdriver - c:\windows\system32\hpdriver.sys (file missing) S3 Ip6Fw (IPv6 Windows Firewall Driver) - c:\windows\system32\drivers\ip6fw.sys (file missing) S3 IpFilterDriver (IP Traffic Filter Driver) - c:\windows\system32\drivers\ipfltdrv.sys (file missing) S3 IpInIp (IP in IP Tunnel Driver) - c:\windows\system32\drivers\ipinip.sys (file missing) S3 IRENUM (IR Enumerator Service) - c:\windows\system32\drivers\irenum.sys (file missing) S3 mouhid (Mouse HID Driver) - c:\windows\system32\drivers\mouhid.sys (file missing) S3 MSKSSRV (Microsoft Streaming Service Proxy) - c:\windows\system32\drivers\mskssrv.sys (file missing) S3 MSPCLOCK (Microsoft Streaming Clock Proxy) - c:\windows\system32\drivers\mspclock.sys (file missing) S3 MSPQM (Microsoft Streaming Quality Manager Proxy) - c:\windows\system32\drivers\mspqm.sys (file missing) S3 PLUsbbcamd64 (USB Bridge Cable Driver) - c:\windows\system32\drivers\usbbca64.sys (file missing) S3 RDPWD - c:\windows\system32\drivers\rdpwd.sys (file missing) S3 splitter (Microsoft Kernel Audio Splitter) - c:\windows\system32\drivers\splitter.sys (file missing) S3 swmidi (Microsoft Kernel GS Wavetable Synthesizer) - c:\windows\system32\drivers\swmidi.sys (file missing) S3 TDPIPE - c:\windows\system32\drivers\tdpipe.sys (file missing) S3 TDTCP - c:\windows\system32\drivers\tdtcp.sys (file missing) S3 usbprint (Microsoft USB PRINTER Class) - c:\windows\system32\drivers\usbprint.sys (file missing) S3 usbscan (USB Scanner Driver) - c:\windows\system32\drivers\usbscan.sys (file missing) S3 USBSTOR (USB Mass Storage Driver) - c:\windows\system32\drivers\usbstor.sys (file missing) S3 vga - c:\windows\system32\drivers\vgapnp.sys (file missing) S4 ACPIEC - c:\windows\system32\drivers\acpiec.sys (file missing) S4 dmboot - c:\windows\system32\drivers\dmboot.sys (file missing) S4 Fastfat - c:\windows\system32\drivers\fastfat.sys (file missing) S4 Pcmcia - c:\windows\system32\drivers\pcmcia.sys (file missing) S4 Udfs - c:\windows\system32\drivers\udfs.sys (file missing) -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled -------------------- R2 Eventlog (Event Log) - c:\windows\system32\services.exe (file missing) R2 nTuneService (nTune Service) - c:\program files (x86)\nvidia corporation\ntune\ntuneservice.exe /startservice R2 NVSvc (NVIDIA Display Driver Service) - c:\windows\system32\nvsvc64.exe (file missing) R2 PlugPlay (Plug and Play) - c:\windows\system32\services.exe (file missing) R2 PolicyAgent (IPSEC Services) - c:\windows\system32\lsass.exe (file missing) R2 ProtectedStorage (Protected Storage) - c:\windows\system32\lsass.exe (file missing) R2 SamSs (Security Accounts Manager) - c:\windows\system32\lsass.exe (file missing) R3 HTTPFilter (HTTP SSL) - c:\windows\system32\lsass.exe (file missing) S3 dmadmin (Logical Disk Manager Administrative Service) - c:\windows\system32\dmadmin.exe /com (file missing) S3 ImapiService (IMAPI CD-Burning COM Service) - c:\windows\system32\imapi.exe (file missing) S3 MSDTC (Distributed Transaction Coordinator) - c:\windows\system32\msdtc.exe (file missing) S3 Netlogon (Net Logon) - c:\windows\system32\lsass.exe (file missing) S3 NtLmSsp (NT LM Security Support Provider) - c:\windows\system32\lsass.exe (file missing) S3 RDSessMgr (Remote Desktop Help Session Manager) - c:\windows\system32\sessmgr.exe (file missing) S3 vds (Virtual Disk Service) - c:\windows\system32\vds.exe (file missing) S3 VSS (Volume Shadow Copy) - c:\windows\system32\vssvc.exe (file missing) S3 WmiApSrv (WMI Performance Adapter) - c:\windows\system32\wbem\wmiapsrv.exe (file missing) S4 TlntSvr (Telnet) - c:\windows\system32\tlntsvr.exe (file missing) -- Scheduled Tasks ------------------------------------------------------------- 2007-07-20 15:56:58 296 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job -- Files created between 2007-06-20 and 2007-07-20 ----------------------------- 2007-07-20 17:00:43 0 d-------- C:\Program Files (x86)\Trend Micro 2007-07-20 15:59:20 0 d-------- C:\Program Files (x86)\iPod 2007-07-20 15:57:53 0 d-------- C:\Program Files (x86)\QuickTime 2007-07-20 15:56:53 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple 2007-07-13 22:08:23 0 d-------- C:\WINDOWS\LastGood.Tmp 2007-07-07 21:34:54 0 d-------- C:\Documents and Settings\All Users\Application Data\Google 2007-06-27 01:41:02 1366 --a------ C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache 2007-06-26 01:59:56 0 d-------- C:\Documents and Settings\Administrator\.housecall6.6 <HOUSEC~1.6> 2007-06-26 01:59:38 0 d-------- C:\WINDOWS\Sun 2007-06-26 01:59:38 0 d-------- C:\Documents and Settings\Administrator\Application Data\Sun 2007-06-23 13:03:37 0 d-------- C:\Program Files (x86)\SpywareBlaster 2007-06-23 11:46:42 0 d-------- C:\Documents and Settings\Administrator\Application Data\Uniblue 2007-06-22 18:13:04 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft -- Find3M Report --------------------------------------------------------------- 2007-07-20 15:59:24 0 d-------- C:\Program Files (x86)\iTunes 2007-07-20 15:56:54 0 d-------- C:\Program Files (x86)\Apple Software Update 2007-07-17 17:55:47 0 d-------- C:\Program Files (x86)\Minefield 2007-07-15 19:32:25 0 d-------- C:\Program Files (x86)\Steam 2007-07-13 22:12:38 0 d-------- C:\Program Files (x86)\World of Warcraft 2007-06-19 13:21:09 0 d-------- C:\Documents and Settings\Administrator\Application Data\WinRAR 2007-06-19 11:03:33 0 d-------- C:\Documents and Settings\Administrator\Application Data\LimeWire 2007-06-18 10:54:35 0 d-------- C:\Program Files (x86)\NVIDIA Corporation 2007-06-15 11:24:50 0 d-------- C:\Program Files (x86)\MobMapUpdater 2007-06-13 13:33:49 0 d-------- C:\Program Files (x86)\Finale 2007 2007-06-12 18:44:36 66833 --a------ C:\WINDOWS\x64ins02.dat 2007-06-12 18:41:27 0 d-------- C:\Program Files (x86)\HP 2007-06-12 18:41:27 0 d-------- C:\Program Files (x86)\Common Files\Hewlett-Packard 2007-06-10 10:29:27 0 d-------- C:\Program Files (x86)\Common Files\Adobe 2007-06-05 12:52:48 0 d-------- C:\Program Files (x86)\Google Earth 2007-06-05 12:52:22 0 d-------- C:\Program Files (x86)\Belkin 2007-06-05 12:43:30 26032 --a------ C:\Documents and Settings\Administrator\Application Data\GDIPFONTCACHEV1.DAT 2007-06-05 12:31:44 737280 --a------ C:\WINDOWS\iun6002.exe <Not Verified; Indigo Rose Corporation; Setup Factory 6.0 Runtime Module> 2007-06-05 12:31:44 0 d-------- C:\Program Files (x86)\Replay Converter 2007-06-05 11:55:02 0 d-------- C:\Program Files (x86)\FLVPlayer 2007-06-05 11:13:20 0 d-------- C:\Program Files (x86)\Common Files\Blizzard Entertainment 2007-06-04 18:46:22 0 d-------- C:\Documents and Settings\Administrator\Application Data\BitTorrent 2007-06-04 17:19:09 0 d-------- C:\Program Files (x86)\LimeWire 2007-06-04 17:04:28 0 d-------- C:\Program Files (x86)\WoW-BurningCrusade-enUS-Full-Installer 2007-06-03 17:39:05 0 d-------- C:\Program Files (x86)\Native Instruments 2007-06-03 17:38:53 0 d-------- C:\Program Files (x86)\Finale GPO 2.0 2007-06-03 17:35:36 0 d-------- C:\Program Files (x86)\SmartMusic 9 2007-06-03 17:13:49 0 d-------- C:\Program Files (x86)\Smart Projects 2007-06-03 16:37:02 0 d-------- C:\Program Files (x86)\Java 2007-06-02 18:02:09 0 d-------- C:\Program Files (x86)\Common Files\Java 2007-06-02 10:47:24 1180 --a------ C:\WINDOWS\mozver.dat 2007-06-02 10:03:59 0 d-------- C:\Program Files (x86)\Common Files\Ahead 2007-06-02 08:14:09 0 d-------- C:\Program Files (x86)\BitLord 2007-06-02 08  50 0 d-------- C:\Documents and Settings\Administrator\Application Data\Viewpoint2007-05-31 17:10:55 0 d-------- C:\Documents and Settings\Administrator\Application Data\AdobeUM 2007-05-31 17:10:27 0 d-------- C:\Documents and Settings\Administrator\Application Data\Adobe 2007-05-30 19:40:19 0 d-------- C:\Program Files (x86)\Finale 2007 Demo 2007-05-30 15:26:37 0 d-------- C:\Program Files (x86)\Realtek 2007-05-30 15:26:37 0 d--h----- C:\Program Files (x86)\InstallShield Installation Information 2007-05-30 15:26:23 0 d-------- C:\Documents and Settings\Administrator\Application Data\InstallShield 2007-05-30 15:18:39 0 d-------- C:\Program Files (x86)\NETGEAR 2007-05-28 21:09:24 0 d-------- C:\Documents and Settings\Administrator\Application Data\acccore 2007-05-28 21:09:01 0 d-------- C:\Program Files (x86)\AIM6 2007-05-28 21:08:35 0 d-------- C:\Program Files (x86)\Viewpoint 2007-05-28 21:08:18 0 d-------- C:\Program Files (x86)\Common Files\AOL 2007-05-28 21:08:06 335 --a------ C:\WINDOWS\nsreg.dat 2007-05-28 21:08:06 0 d-------- C:\Documents and Settings\Administrator\Application Data\Mozilla 2007-05-27 14:59:09 0 d-------- C:\Program Files (x86)\Doom 3 2007-05-27 13:18:21 0 d-------- C:\Documents and Settings\Administrator\Application Data\Lavasoft 2007-05-27 13:18:13 0 d-------- C:\Program Files (x86)\Lavasoft 2007-05-27 10:56:04 0 d-------- C:\Documents and Settings\Administrator\Application Data\Google 2007-05-27 10:55:11 0 d-------- C:\Program Files (x86)\Google 2007-05-26 20:24:53 0 d-------- C:\Documents and Settings\Administrator\Application Data\Ahead 2007-05-26 19:58:06 0 d-------- C:\Documents and Settings\Administrator\Application Data\Apple Computer 2007-05-26 18:27:17 0 d-------- C:\Program Files (x86)\Funcom 2007-05-26 15:05:46 0 d-------- C:\Documents and Settings\Administrator\Application Data\InterVideo 2007-05-26 14:33:02 0 d-------- C:\Program Files (x86)\Microsoft ActiveSync 2007-05-26 12:33:10 0 d-------- C:\Program Files (x86)\PCLinq2 High-Speed USB Bridge Cable 2007-05-24 21:11:18 0 d-------- C:\Program Files (x86)\ASUS 2007-05-24 21:05:29 194560 --a------ C:\WINDOWS\ASUS_Ai_Proactive_Screensaver (E).scr <Not Verified; ScreenTime Media; ScreenTime For Flash> 2007-05-24 21:05:26 12288 --a------ C:\WINDOWS\impborl.dll 2007-05-24 21:05:26 606848 --a------ C:\WINDOWS\flashax.exe <Not Verified; Microsoft Corporation; Microsoft(R) Windows NT(R) Operating System> 2007-05-21 11:39:26 262144 --a------ C:\WINDOWS\system32\wrap_oal.dll <Not Verified; Creative Labs; Creative Labs OpenAL32> 2007-05-21 11:39:26 86016 --a------ C:\WINDOWS\system32\OpenAL32.dll <Not Verified; Portions (C) Creative Labs Inc. and NVIDIA Corp.; Standard OpenAL(TM) Library> 2007-05-21 11:29:55 0 d-------- C:\Program Files (x86)\InterVideo 2007-05-21 11:28:40 0 d-------- C:\Program Files (x86)\Common Files\InstallShield 2007-05-21 11:09:20 487424 --a------ C:\WINDOWS\RtlExUpd.dll <Not Verified; Realtek Semiconductor Corp.; RtlExUpd Dynamic Link Library> 2007-05-21 11:09:19 49152 --a------ C:\WINDOWS\system32\ChCfg.exe 2007-05-21 10:58:35 0 d-------- C:\Program Files (x86)\VIA 2007-05-21 10:12:32 0 d-------- C:\Documents and Settings\Administrator\Application Data\Macromedia 2007-05-18 14:38:12 0 -rahs---- C:\MSDOS.SYS 2007-05-18 14:38:12 0 -rahs---- C:\IO.SYS 2007-05-18 14:38:12 0 --a------ C:\CONFIG.SYS 2007-05-18 14:38:12 0 --a------ C:\AUTOEXEC.BAT 2007-05-18 10:23:35 62 --ahs---- C:\Documents and Settings\Administrator\Application Data\desktop.ini 2007-04-20 06:05:00 1019904 --a------ C:\WINDOWS\system32\nvwimg.dll 2007-04-20 06:05:00 1474560 --a------ C:\WINDOWS\system32\nview.dll -- Registry Dump --------------------------------------------------------------- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects] {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} C:\Program Files (x86)\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\Program Files (x86)\Java\jre1.6.0_01\bin\ssv.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "winbo32"="winbo32.exe" "QuickTime Task"="\"C:\\Program Files (x86)\\QuickTime\\QTTask.exe\" -atboottime" "iTunesHelper"="\"C:\\Program Files (x86)\\iTunes\\iTunesHelper.exe\"" "Launch PC Probe II"="\"C:\\Program Files (x86)\\ASUS\\PC Probe II\\Probe2.exe\" 1" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] "Aim6"="" "NVIDIA nTune"="\"C:\\Program Files (x86)\\NVIDIA Corporation\\nTune\\nTuneCmd.exe\" clear" "ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runservices] "ATI Video Driver Control"="btorrent.exe" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices] "winbo32"="winbo32.exe" [HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce] "tscuninstall"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,65,6d,\ 33,32,5c,74,73,63,75,70,67,72,64,2e,65,78,65,00 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "scforceoption"=dword:00000000 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoActiveDesktop"=dword:00000001 "NoActiveDesktopChanges"=dword:00000001 "ForceActiveDesktopOn"=dword:00000000 HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\EFS [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "system"="lsass.exe" HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa Authentication Packages REG_MULTI_SZ msv1_0\0\0 Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0 Notification Packages REG_MULTI_SZ scecli\0\0 HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Driver HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Guard HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\wd.sys [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost] iasjet REG_MULTI_SZ IASJet\0\0 LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0W32Time\0RemoteRegistry\0upnphost\0SSDPSRV\0WinHttpAutoProxySvc\0\0 NetworkService REG_MULTI_SZ 6to4\0DHCP\0DnsCache\0\0 WinErr REG_MULTI_SZ ERsvc\0\0 rpcss REG_MULTI_SZ RpcSs\0\0 DcomLaunch REG_MULTI_SZ DcomLaunch\0\0 imgsvc REG_MULTI_SZ StiSvc\0\0 hklm\software\Microsoft\Windows NT\CurrentVersion\Svchost *netsvcs* AeLookupSvc -- Hosts ----------------------------------------------------------------------- 127.0.0.1 symantec.com 127.0.0.1 mcafee.com 127.0.0.1 f-secure.com 127.0.0.1 kaspersky.com 127.0.0.1 kaspersky-labs.com 127.0.0.1 my-etrust.com 127.0.0.1 nai.com 127.0.0.1 update.symantec.com 127.0.0.1 trendmicro.com 127.0.0.1 pandasoftware.com 6 more entries in hosts file. -- End of Deckard's System Scanner: finished at 2007-07-20 at 17:04:18 --------- |
|
     |
| Important Information |
|
Join the #1 Tech Support Forum Today - It's Totally Free!
TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free. Join TechSupportforum.com Today - Click Here |
|
07-23-2007, 06:04 PM
|
#2 (permalink) |
|
Expert Analyst, Moderator, Security Team
Join Date: Sep 2006
Posts: 1,648
OS: xp
|
Re: home pc windows firewall stuck in off, grayed out, log results
Hi masterxplodr
"my firewall. it is grayed out in the off position, and says something about group policy controlling it." Quote the entire message please. Launch Notepad (not wordpad), and copy and paste the contents of the code box below into a new text file. Save it as file name: "fixme.reg" (not including the quotes). Save as file type: All files (*.*) and save it on your Desktop. Code:
Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "winbo32"=- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices] "winbo32"=- [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunServices] "ATI Video Driver Control"=- ; Update Your avast program then Schedule and run a boot time scan . Start avast! > Right click the skin > Schedule a boot-time scanning. Select for scanning archives. Boot. write down the file names and locations of any files it cannot cure or delete. Put in place a good hosts file http://www.mvps.org/winhelp2002/hosts.htm Was that done ? Post a HijackThis log http://www.trendsecure.com/portal/en...hijackthis.php |
|
|
|
|
07-23-2007, 08:51 PM
|
#3 (permalink) |
|
Registered User
|
Re: home pc windows firewall stuck in off, grayed out, log results
ok i did the reg fix thing, made sure my avast was updated, but when i right click the skin to schedule a boot time scan, that option is grayed out so it wont let me. im going to do a regular full scan with it now so im letting you know incase that would mess something up
as far as the error message for the firewall goes, it only displays the message when something pops up on its own saying that it has detected that my firewall is off, and recommends that i turn it on. when i click whatever button it gives me to turn it on, thats when it says that it cant turn it on because its controlled by the group policy. i cant see this message whenever i want, only when like i restart my computer with a hard restart ( i really dont know i havent seen it in so long), but the point of it is that it says it couldnt enable my firewall because some settings like this are controlled by the group policy, as if i wasnt the administrator but the main problem now is i cant schedule a "boot time run" for avast |
|
|
|
|
07-23-2007, 10:28 PM
|
#4 (permalink) |
|
Expert Analyst, Moderator, Security Team
Join Date: Sep 2006
Posts: 1,648
OS: xp
|
Re: home pc windows firewall stuck in off, grayed out, log results
The boot-time scan might not be an option for win 2003
Couse the windows firewall message (by trying to turn it on in network settings) then write it down exacly as its shown, easy to search when its qouted word for word Last edited by LonnyRJones; 07-23-2007 at 10:30 PM. |
|
|
|
|
07-23-2007, 11:39 PM
|
#6 (permalink) |
|
Expert Analyst, Moderator, Security Team
Join Date: Sep 2006
Posts: 1,648
OS: xp
|
Re: home pc windows firewall stuck in off, grayed out, log results
Opps. Network connections, Rather than get there that way open the windows control panel > and open the "windows firewall"
try changing it should bring up that message |
|
|
|
|
07-23-2007, 11:51 PM
|
#8 (permalink) |
|
Registered User
|
Re: home pc windows firewall stuck in off, grayed out, log results
also in the original post of my problem before the scan http://www.techsupportforum.com/microsoft-support/windows-xp-support/168835-firewall-stuck-off-maybe-malware-maybe-not.html#post995686
someone saw that theres a certain worm that does this (turns off firewall, records keystrokes etc.) and my sophos scan detected it also |
|
|
|
|
07-24-2007, 02:32 AM
|
#9 (permalink) | |
|
Expert Analyst, Moderator, Security Team
Join Date: Sep 2006
Posts: 1,648
OS: xp
|
Re: home pc windows firewall stuck in off, grayed out, log results
Go ahead and do the avast scan if you havent already.
note any files it cannot cure or delete for us Quote:
"Windows Firewall options are grayed out" http://windowsxp.mvps.org/resetfwpol.htm Did that help ? Try the panda online scan again, if there are problems here is an alternative Kaspersky Lab - Free Online scan: http://www.kaspersky.com/virusscanner Click scan settings and place a check next to use [x]extended this database etc etc. Click ok. Then choose: my computer: scan all your hard drives and mapped disks. when finished click save as text and post that in your reply. Last edited by LonnyRJones; 07-24-2007 at 02:37 AM. |
|
|
|
|
|
07-24-2007, 04:26 PM
|
#11 (permalink) |
|
Registered User
|
Re: home pc windows firewall stuck in off, grayed out, log results
nevermind i did it another way. ill attach 3 files, each is a part of the picture of all of the things from the avast scan.
nevermind, the pictures are too big. how am i supposed to note all of these 167 files? second edit: i deleted the registry key for the windows firewall and restarted my computer as was advised in one of those help links and it worked. i can now turn my firewall on and off freely. however, that still leaves the problem of getting rid of the W32/Rbot-GRU worm that caused it in the first place. its probably still on my computer recording my keystrokes and stuff... Last edited by masterxplodr; 07-24-2007 at 04:44 PM. Reason: update |
|
|
|
|
07-24-2007, 06:55 PM
|
#14 (permalink) |
|
Expert Analyst, Moderator, Security Team
Join Date: Sep 2006
Posts: 1,648
OS: xp
|
Re: home pc windows firewall stuck in off, grayed out, log results
Thanks
Do a file search for lsass.exe and post back with the results, im looking for it in odd locations It should normaly only be in windows\system32\ and some service pack folders |
|
|
|
|
07-24-2007, 10:20 PM
|
#16 (permalink) |
|
Expert Analyst, Moderator, Security Team
Join Date: Sep 2006
Posts: 1,648
OS: xp
|
Re: home pc windows firewall stuck in off, grayed out, log results
Run hijackthis Hit "config" then "msic tools" > "open proccess manager'
select this items and choose KILL Proccess (if present) C:\System Volume Information\_restore{97219171-B67D-4D87-A9EC-CD2B83114FCC}\RP106\A0057097.exe Hit >back< then > Scan and Place a check next to these items. F2 - REG:system.ini: UserInit=userinit O4 - HKLM\..\RunServices: [winbo32] winbo32.exe ==================================== Hit fix checked and close Hijackthis. Restart the PC ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Temporaraly Turn off/Disable system restore thats in control panel > system > system restore tab Restart your PC Thanks for the kaspersky report, now try pandas and post its reports please (kaspersky realy didnt show much) Make and post a new hijackthis log |
|
|
|
|
07-25-2007, 11:21 AM
|
#17 (permalink) |
|
Registered User
|
Re: home pc windows firewall stuck in off, grayed out, log results
i followed those steps and i am attaching the log for the fresh hijackthis scan. however, i could not get the panda activescan website to show up. i made sure i was using internet explorer 32bit. but other than that i did everything else.
also the scan only produced a main.txt and no extra.txt |
|
|
|
|
07-25-2007, 04:37 PM
|
#18 (permalink) |
|
Expert Analyst, Moderator, Security Team
Join Date: Sep 2006
Posts: 1,648
OS: xp
|
Re: home pc windows firewall stuck in off, grayed out, log results
Thats a dds log
I see my instructions could be better, by hijackthis i mean either use the hijackthis shortcut on your desktop or run C:\Program Files (x86)\TREND MICRO\HIJACKTHIS\HijackThis.exe Lets move on Launch Notepad (not wordpad), and copy and paste the contents of the code box below into a new text file. Save it as file name: "fixme.reg" (not including the quotes). Save as file type: All files (*.*) and save it on your Desktop. Code:
REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "system"=- "system"="" ; I see you have AVG Anti-Spyware already. Please update it's definitions, and run a scan where I have placed it in this fix. Run AVG Anti-Spyware
Reboot your computer in "SAFE MODE" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode". (Note: When run in safe mode, sometimes the GUI is larger than the screen and the buttons at the bottom are partly or completely hidden, making them unaccessible for doing a scan. If this is the case, then you may have to run your scan in normal mode and advise your helper afterwards.) Run AVG Anti-Spyware with it's updated definitions:(...it's important that all windows must be closed)
While still in safe mode do a full scan with your antivirus program ===================== Reboot windows back to normal Post the Report-Scan from avg anti-spy |
|
|
|
| Thread Tools | |
|
|
