help with issues please

View previous topic View next topic Go down

help with issues please

Post by cbjpl31 on Wed Mar 18, 2009 3:14 pm

I'm getting a notice that Microsoft Firewall is not on when in fact it is. Spyware maybe? I've run a scan and it's not finding anything. Hoping maybe you'll find something my program couldn't detect. Here's my HijackThis log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:03:23 AM, on 3/18/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sygate\SEA\smc.exe
C:\Program Files\Sygate\SEA\snac.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Network Associates\Common Framework\UdaterUI.exe
C:\Program Files\Network Associates\Common Framework\McTray.exe
C:\Program Files\QuickTime\QTTask.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\Sygate\SEA\SmcGui.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Documents and Settings\Owner\Desktop\hijackgpthis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = [You must be registered and logged in to see this link.]
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKUS\S-1-5-18\..\Run: [Power2GoExpress] NA (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [SSAWrapper] C:\WINDOWS\TEMP\sg_rd.bat (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Power2GoExpress] NA (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [SSAWrapper] C:\WINDOWS\TEMP\sg_rd.bat (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NWePO.lnk = C:\Program Files\Network Associates\NWePO.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - [You must be registered and logged in to see this link.]
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: [You must be registered and logged in to see this link.]
O15 - Trusted Zone: [You must be registered and logged in to see this link.]
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - [You must be registered and logged in to see this link.]
O17 - HKLM\System\CCS\Services\Tcpip\..\{4C6967D9-F09E-48E8-9FDA-2E3741CBE7B9}: NameServer = 10.69.14.100,10.197.14.100
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Symantec Enforcement Agent 5.1 (SmcService) - Symantec Corporation - C:\Program Files\Sygate\SEA\smc.exe
O23 - Service: Symantec NAC Service (SNAC) - Symantec Corporation - C:\Program Files\Sygate\SEA\snac.exe

--
End of file - 6275 bytes

cbjpl31
Novice
Novice

Posts Posts : 34
Joined Joined : 2008-12-06
OS OS : xp
Points Points : 29232
# Likes # Likes : 0

View user profile

Back to top Go down

Re: help with issues please

Post by Belahzur on Wed Mar 18, 2009 3:17 pm

Hello.
Is this that fake zafi.b warning causing it?


  • Please download DDS by sUBs to your Desktop (Important!!) from one of these locations:
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]
  • Double click DDS.scr to run
  • When complete, DDS.txt will open.
  • Save the report to your Desktop.
  • Copy and paste DDS.txt back here, I don't need to see attach.txt.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: help with issues please

Post by cbjpl31 on Wed Mar 18, 2009 3:57 pm

Here is the DDS.txt file.


DDS (Ver_09-03-16.01) - NTFSx86
Run by Owner at 11:52:36.87 on Wed 03/18/2009
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_12
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.446.139 [GMT -4:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)
AV: *On-access scanning disabled* (Updated)
FW: *disabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\Program Files\Sygate\SEA\smc.exe
svchost.exe
svchost.exe
C:\Program Files\Sygate\SEA\snac.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Network Associates\Common Framework\UdaterUI.exe
C:\Program Files\Network Associates\Common Framework\McTray.exe
C:\Program Files\QuickTime\QTTask.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Sygate\SEA\SmcGui.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Owner\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearch Bar = [You must be registered and logged in to see this link.]
uSearch Page = [You must be registered and logged in to see this link.]
mDefault_Page_URL = [You must be registered and logged in to see this link.]
mDefault_Search_URL = [You must be registered and logged in to see this link.]
mStart Page = [You must be registered and logged in to see this link.]
uInternet Connection Wizard,ShellNext = [You must be registered and logged in to see this link.]
uSearchAssistant = [You must be registered and logged in to see this link.]
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
mSearchAssistant = [You must be registered and logged in to see this link.]
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
EB: &Discuss: {bdeade7f-c265-11d0-bced-00a0c90ab50f} - shdocvw.dll
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
mRun: [McAfeeUpdaterUI] "c:\program files\network associates\common framework\UdaterUI.exe" /StartedFromRunKey
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
dRun: [Power2GoExpress] NA
dRunOnce: [SSAWrapper] c:\windows\temp\sg_rd.bat
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\nwepo.lnk - c:\program files\network associates\NWePO.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
Trusted Zone: skilldialogue.com
Trusted Zone: skillport.com
DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} - [You must be registered and logged in to see this link.]
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - [You must be registered and logged in to see this link.]
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
TCP: {4C6967D9-F09E-48E8-9FDA-2E3741CBE7B9} = 10.69.14.100,10.197.14.100
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\9a66ewzi.default\
FF - plugin: c:\documents and settings\owner\application data\mozilla\firefox\profiles\9a66ewzi.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp071101000055.dll

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-3-9 325640]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-3-9 27656]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-3-9 107912]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-3-9 298264]
R2 McAfeeFramework;McAfee Framework Service;c:\program files\network associates\common framework\FrameworkService.exe [2007-8-26 103744]
R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [2007-8-25 200192]
S3 AMDMSRIO;AMDMSRIO;\??\c:\docume~1\owner\locals~1\temp\safe to delete 3_0_4_8\amdmsrio.sys --> c:\docume~1\owner\locals~1\temp\safe to delete 3_0_4_8\AMDMSRIO.sys [?]

=============== Created Last 30 ================

2009-03-18 11:11 --d----- c:\docume~1\owner\applic~1\Malwarebytes
2009-03-18 11:11 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-03-18 11:11 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-18 11:11 --d----- c:\program files\Malwarebytes' Anti-Malware
2009-03-18 11:11 --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-03-18 10:00 410,984 a------- c:\windows\system32\deploytk.dll
2009-03-18 10:00 73,728 a------- c:\windows\system32\javacpl.cpl
2009-03-18 09:51 --d----- c:\documents and settings\owner\.SunDownloadManager
2009-03-11 21:34 --d----- c:\program files\Messenger
2009-03-11 21:33 --d----- c:\windows\system32\scripting
2009-03-11 21:33 --d----- c:\windows\l2schemas
2009-03-11 21:33 --d----- c:\windows\system32\en
2009-03-11 21:33 --d----- c:\windows\system32\bits
2009-03-11 21:26 --d----- c:\windows\ServicePackFiles
2009-03-11 21:20 --d----- c:\windows\network diagnostic
2009-03-11 21:10 --d----- c:\windows\EHome
2009-03-09 12:13 --d-h--- C:\$AVG8.VAULT$
2009-03-09 11:34 --d----- C:\Rummy Royal
2009-03-09 11:05 --d----- c:\windows\pss
2009-03-09 10:12 10,520 a------- c:\windows\system32\avgrsstx.dll
2009-03-09 10:12 107,912 a------- c:\windows\system32\drivers\avgtdix.sys
2009-03-09 10:12 325,640 a------- c:\windows\system32\drivers\avgldx86.sys
2009-03-09 10:12 --d----- c:\windows\system32\drivers\Avg
2009-03-09 10:11 --d----- c:\program files\AVG
2009-03-09 10:11 --d----- c:\docume~1\alluse~1\applic~1\avg8
2009-02-27 16:17 3,901 -------- c:\windows\system32\drivers\siint5.dll
2009-02-27 16:17 10,240 -------- c:\windows\system32\drivers\sffp_mmc.sys
2009-02-27 16:17 32,768 -------- c:\windows\system32\setupn.exe
2009-02-27 16:17 166,912 -------- c:\windows\system32\drivers\s3gnbm.sys
2009-02-27 16:17 397,056 -------- c:\windows\system32\s3gnb.dll
2009-02-27 16:17 30,592 -------- c:\windows\system32\drivers\rndismpx.sys
2009-02-27 16:17 290,304 -------- c:\windows\system32\rhttpaa.dll
2009-02-27 16:17 59,136 -------- c:\windows\system32\drivers\rfcomm.sys
2009-02-27 16:17 13,776 -------- c:\windows\system32\drivers\recagent.sys
2009-02-27 16:17 61,952 -------- c:\windows\system32\rasqec.dll
2009-02-27 16:17 76,800 -------- c:\windows\system32\qutil.dll
2009-02-27 16:17 62,464 -------- c:\windows\system32\qcliprov.dll
2009-02-27 16:15 106,496 -------- c:\windows\system32\mmcfxcommon.dll
2009-02-27 16:15 33,792 -------- c:\windows\system32\mmcperf.exe
2009-02-27 16:15 397,312 -------- c:\windows\system32\mmcex.dll
2009-02-27 16:15 184,320 -------- c:\windows\system32\microsoft.managementconsole.dll
2009-02-27 16:15 37,376 -------- c:\windows\system32\l2gpstore.dll
2009-02-27 16:15 61,440 -------- c:\windows\system32\kmsvc.dll
2009-02-27 16:15 6,144 -------- c:\windows\system32\kbdpash.dll
2009-02-27 16:15 6,144 -------- c:\windows\system32\kbdnepr.dll
2009-02-27 16:15 6,144 -------- c:\windows\system32\kbdiultn.dll
2009-02-27 16:15 6,144 -------- c:\windows\system32\kbdbhc.dll
2009-02-27 16:13 4,255 -------- c:\windows\system32\drivers\adv01nt5.dll
2009-02-27 16:13 3,967 -------- c:\windows\system32\drivers\adv02nt5.dll
2009-02-27 16:13 3,775 -------- c:\windows\system32\drivers\adv11nt5.dll
2009-02-27 16:13 3,711 -------- c:\windows\system32\drivers\adv09nt5.dll
2009-02-27 16:13 3,647 -------- c:\windows\system32\drivers\adv07nt5.dll
2009-02-27 16:13 3,615 -------- c:\windows\system32\drivers\adv05nt5.dll
2009-02-27 16:13 3,135 -------- c:\windows\system32\drivers\adv08nt5.dll
2009-02-27 16:13 136,192 -------- c:\windows\system32\aaclient.dll
2009-02-27 16:11 619,520 -c------ c:\windows\system32\dllcache\urlmon.dll
2009-02-27 16:11 1,499,136 -c------ c:\windows\system32\dllcache\shdocvw.dll
2009-02-26 22:17 10 a------- c:\windows\WININIT.INI
2009-02-26 21:53 1,846,784 -c------ c:\windows\system32\dllcache\win32k.sys
2009-02-26 21:53 2,189,184 -c------ c:\windows\system32\dllcache\ntoskrnl.exe
2009-02-26 21:53 2,145,280 -c------ c:\windows\system32\dllcache\ntkrnlmp.exe
2009-02-26 21:53 2,023,936 -c------ c:\windows\system32\dllcache\ntkrpamp.exe
2009-02-26 21:53 2,066,048 -c------ c:\windows\system32\dllcache\ntkrnlpa.exe
2009-02-26 21:52 455,296 -c------ c:\windows\system32\dllcache\mrxsmb.sys
2009-02-26 21:52 333,952 -c------ c:\windows\system32\dllcache\srv.sys
2009-02-26 21:51 691,712 -c------ c:\windows\system32\dllcache\inetcomm.dll
2009-02-26 21:50 337,408 -c------ c:\windows\system32\dllcache\netapi32.dll
2009-02-26 21:50 2 a------- c:\windows\msoffice.ini

==================== Find3M ====================

2009-03-11 21:39 76,487 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-02-09 07:13 1,846,784 a------- c:\windows\system32\win32k.sys
2008-03-19 18:59 46,456 ac------ c:\docume~1\owner\applic~1\GDIPFONTCACHEV1.DAT

============= FINISH: 11:53:49.17 ===============

cbjpl31
Novice
Novice

Posts Posts : 34
Joined Joined : 2008-12-06
OS OS : xp
Points Points : 29232
# Likes # Likes : 0

View user profile

Back to top Go down

Re: help with issues please

Post by Belahzur on Wed Mar 18, 2009 4:05 pm

Hello.
Do you know what this IP is? 10.197.14.100

It's got private settings so it can't be traced, seems suspicious to me.

Download [You must be registered and logged in to see this link.] by screen317 and save it to your Desktop.

  • Unzip SecurityCheck.zip and a folder named Security Check should appear.
  • Open the Security Check folder and double-click Security Check.bat
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
Note: if a security program requests permission from dig.exe to access the Internet, allow it to do so.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: help with issues please

Post by cbjpl31 on Wed Mar 18, 2009 4:08 pm

Hmmm...not sure what that's all about. I'll run the program and report back.

cbjpl31
Novice
Novice

Posts Posts : 34
Joined Joined : 2008-12-06
OS OS : xp
Points Points : 29232
# Likes # Likes : 0

View user profile

Back to top Go down

Re: help with issues please

Post by cbjpl31 on Wed Mar 18, 2009 4:23 pm

checkup.txt:

Results of screen317's Security Check version 0.98.1
ECHO is off.
Error creating install.txt after 3 tries! Trying alternate method...
``````````````````````````````
Antivirus/Firewall Check:
``````````````````````````````

Windows Firewall Enabled!
``````````````````````````````
Anti-malware/Other Utilities Check:
``````````````````````````````

``````````````````````````````
Process Check:
objlist.exe by Laurent
``````````````````````````````

``````````````````````````````
DNS Vulnerability Check:
``````````````````````````````

GREAT! (Very random)

Scan took 29 seconds.
`````````End of Log```````````

cbjpl31
Novice
Novice

Posts Posts : 34
Joined Joined : 2008-12-06
OS OS : xp
Points Points : 29232
# Likes # Likes : 0

View user profile

Back to top Go down

Re: help with issues please

Post by Belahzur on Wed Mar 18, 2009 4:27 pm

Well it says the Firewall is enabled.

Now open a new notepad file.
Input this into the notepad file:

@echo off
sc config "AMDMSRIO" start= disabled
sc stop "AMDMSRIO"
sc delete "AMDMSRIO"
del fix.bat
exit

Save this as fix.bat, save it to your desktop.
Double click fix.bat and the black cmd window will open and close, this is normal.

Do you only get the warning the Firewall is off at startup?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: help with issues please

Post by cbjpl31 on Wed Mar 18, 2009 4:28 pm

yep. only at startup.

cbjpl31
Novice
Novice

Posts Posts : 34
Joined Joined : 2008-12-06
OS OS : xp
Points Points : 29232
# Likes # Likes : 0

View user profile

Back to top Go down

Re: help with issues please

Post by Belahzur on Wed Mar 18, 2009 4:31 pm

Hello.
Delete Security Check now, it's not needed.
I think you get the message because I see Sygate products installed, Sygate have their own firewall in their package.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: help with issues please

Post by cbjpl31 on Wed Mar 18, 2009 4:33 pm

ahhh....ok. Glad to know it's not something malicious at least. Smile

cbjpl31
Novice
Novice

Posts Posts : 34
Joined Joined : 2008-12-06
OS OS : xp
Points Points : 29232
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum