Jump to content

Zimby

Members
  • Posts

    4
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Hello and thank you for your response. Sorry about the long delay I had to leave town for thanksgiving and just recently got home...Anyway just an update, after I ran ComboFix the first time I was able to install MBAM and run it (along with a few other malware tools) and I'm happy to say that my computer is running at full speed again. In fact after all the cleaning and deleting of junk I did its even running faster...Anyway even though I ended up not needing the reply to fix the situation I did get the answers off the forums, so I wanted to pop in and thank everyone for posting such useful info around the forums, it brings a smile to my face knowing that there are people with the know how willing to help just to be good fellas. Much appreciation and respect goes out to all who help/maintain/and answer topics...if I ever have any problems I know where to find a helping hand. In summation the only thing better then MBAM are the guys on the forums, you guys rock
  2. ComboFix 09-11-21.01 - Zimby 11/22/2009 2:12.1.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1693 [GMT -5:00] Running from: c:\documents and settings\Zimby\Desktop\ComboFix.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Zimby\Local Settings\Tempals_inst.exe c:\program files\Mozilla Firefox\extensions\{F78D3355-58F5-4A54-9B05-8CA4EE33D625} c:\program files\Mozilla Firefox\extensions\{F78D3355-58F5-4A54-9B05-8CA4EE33D625}\chrome.manifest c:\program files\Mozilla Firefox\extensions\{F78D3355-58F5-4A54-9B05-8CA4EE33D625}\chrome\content\overlay.xul c:\program files\Mozilla Firefox\extensions\{F78D3355-58F5-4A54-9B05-8CA4EE33D625}\install.rdf c:\windows\msa.exe c:\windows\run.log c:\windows\system32\scvhost c:\windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job c:\windows\Tasks\bdsztbem.job F:\autorun.inf Infected copy of c:\windows\system32\eventlog.dll was found and disinfected Restored copy from - c:\windows\ServicePackFiles\i386\eventlog.dll . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED} ((((((((((((((((((((((((( Files Created from 2009-10-22 to 2009-11-22 ))))))))))))))))))))))))))))))) . 2009-11-22 06:26 . 2009-08-13 16:14 472064 ----a-w- C:\RootRepeal.exe 2009-11-22 06:20 . 2009-11-22 06:22 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-11-22 04:15 . 2009-11-22 07:15 -------- d--h--w- c:\windows\PIF 2009-11-22 04:03 . 2009-10-08 16:31 149456 ----a-w- c:\windows\SGDetectionTool.dll 2009-11-22 04:03 . 2009-10-08 16:31 165840 ----a-w- c:\windows\PCTBDRes.dll 2009-11-22 04:03 . 2009-10-08 16:31 1636304 ----a-w- c:\windows\PCTBDCore.dll 2009-11-22 04:03 . 2009-10-08 16:31 767952 ----a-w- c:\windows\BDTSupport.dll 2009-11-22 04:03 . 2009-10-02 19:19 1152470 ----a-w- c:\windows\UDB.zip 2009-11-22 04:03 . 2008-11-26 17:08 131 ----a-w- c:\windows\IDB.zip 2009-11-22 04:01 . 2009-11-22 05:35 -------- d-----w- c:\program files\Spyware Doctor 2009-11-22 03:55 . 2009-11-22 06:04 0 ----a-r- c:\windows\win32k.sys 2009-11-22 03:33 . 2009-11-22 03:33 -------- d-----w- c:\windows\system32\TVUAx 2009-11-12 05:30 . 2009-09-04 22:44 515416 ----a-w- c:\windows\system32\XAudio2_5.dll 2009-11-12 05:30 . 2009-09-04 22:44 238936 ----a-w- c:\windows\system32\xactengine3_5.dll 2009-11-12 05:30 . 2009-09-04 22:29 5501792 ----a-w- c:\windows\system32\d3dcsx_42.dll 2009-11-12 05:30 . 2009-09-04 22:29 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll 2009-11-12 05:30 . 2009-09-04 22:29 453456 ----a-w- c:\windows\system32\d3dx10_42.dll 2009-11-12 05:30 . 2009-09-04 22:29 235344 ----a-w- c:\windows\system32\d3dx11_42.dll 2009-11-12 05:30 . 2009-09-04 22:29 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll 2009-11-08 17:41 . 2009-11-08 17:41 51304 ----a-w- c:\windows\system32\drivers\atnt40k.sys 2009-11-08 17:41 . 2009-11-08 17:41 186443 ----a-w- c:\windows\system32\atasnt40.dll 2009-11-06 17:00 . 2009-11-22 05:07 79488 ----a-w- c:\documents and settings\Zimby\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll 2009-11-06 03:42 . 2009-11-08 17:43 256 ----a-w- c:\windows\system32\pool.bin 2009-11-06 03:38 . 2009-11-06 03:38 -------- d-----w- c:\documents and settings\All Users\Application Data\InstallShield 2009-11-06 03:38 . 2009-11-06 03:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Sonic 2009-11-06 03:37 . 2009-11-08 18:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Roxio 2009-11-06 03:37 . 2009-11-08 18:14 -------- d-----w- c:\program files\Common Files\Roxio Shared 2009-11-06 03:36 . 2007-01-18 15:24 26496 ----a-r- c:\windows\system32\drivers\RimSerial.sys 2009-11-06 03:02 . 2008-04-13 19:45 32128 -c--a-w- c:\windows\system32\dllcache\usbccgp.sys 2009-11-06 03:02 . 2008-04-13 19:45 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys 2009-11-04 04:15 . 2009-11-04 04:15 -------- d-----w- c:\documents and settings\All Users\Application Data\BioWare 2009-10-27 18:33 . 2009-10-27 18:33 -------- d-----w- c:\documents and settings\Default User\Local Settings\Application Data\Microsoft Help . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-11-22 07:18 . 2008-08-14 15:43 -------- d---a-w- c:\documents and settings\All Users\Application Data\temp 2009-11-22 05:15 . 2008-03-30 03:29 -------- d-----w- c:\documents and settings\Zimby\Application Data\DNA 2009-11-22 05:04 . 2007-10-14 21:19 -------- d-----w- c:\program files\Steam 2009-11-22 05:01 . 2008-03-30 03:29 -------- d-----w- c:\program files\DNA 2009-11-22 04:02 . 2007-10-14 20:54 24304 ----a-w- c:\documents and settings\Zimby\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-11-12 04:44 . 2009-09-27 20:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help 2009-11-06 03:37 . 2007-10-14 20:02 -------- d-----w- c:\program files\Common Files\InstallShield 2009-11-04 04:14 . 2007-12-31 22:28 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard 2009-11-04 04:14 . 2008-10-23 17:22 -------- d-----w- c:\program files\AGEIA Technologies 2009-11-03 16:09 . 2009-09-16 18:14 -------- d-----w- c:\program files\NCSoft 2009-10-31 18:45 . 2007-11-04 16:41 22328 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys 2009-10-31 18:45 . 2007-11-04 16:41 22328 ----a-w- c:\documents and settings\Zimby\Application Data\PnkBstrK.sys 2009-10-31 18:45 . 2007-11-04 16:41 22328 ----a-w- c:\documents and settings\Zimby\Application Data\PnkBstrK.sys 2009-10-31 18:45 . 2007-11-04 16:41 107832 ----a-w- c:\windows\system32\PnkBstrB.exe 2009-10-31 18:45 . 2008-06-18 16:02 2250024 ----a-w- c:\windows\system32\pbsvc.exe 2009-10-31 18:45 . 2007-11-04 16:41 66872 ----a-w- c:\windows\system32\PnkBstrA.exe 2009-10-31 17:15 . 2009-10-18 16:35 3132 ----a-w- c:\documents and settings\Zimby\FilterData.dat 2009-10-25 21:44 . 2009-05-12 04:37 25 ----a-w- c:\windows\popcinfot.dat 2009-10-19 04:44 . 2009-09-22 04:44 3695616 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\AutoLaunch.exe 2009-10-19 04:44 . 2009-06-22 04:44 2353992 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\Ad-Aware.exe 2009-10-16 07:50 . 2009-10-16 07:50 2520888 ----a-w- c:\documents and settings\Zimby\Application Data\Mozilla\Firefox\Profiles\mmx5nsm2.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll 2009-10-14 14:57 . 2009-10-14 14:57 -------- d-----w- c:\program files\Common Files\Apple 2009-10-14 14:57 . 2009-10-14 14:57 -------- d-----w- c:\program files\QuickTime 2009-10-06 07:33 . 2009-10-06 05:39 -------- d-----w- c:\documents and settings\Zimby\Application Data\Stardock 2009-10-06 05:45 . 2009-02-08 18:13 -------- d-----w- c:\documents and settings\Zimby\Application Data\Azureus 2009-10-03 19:59 . 2008-08-21 15:16 -------- d-----w- c:\documents and settings\Zimby\Application Data\LimeWire 2009-09-27 20:51 . 2009-08-20 03:37 -------- d-----w- c:\documents and settings\Zimby\Application Data\GetRightToGo 2009-09-27 20:45 . 2009-09-27 20:45 -------- d-----w- c:\program files\Microsoft Works 2009-09-27 20:45 . 2009-09-27 20:45 -------- d-----w- c:\program files\Microsoft.NET 2009-09-12 04:56 . 2009-09-12 04:56 1925024 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player.exe 2009-09-11 14:18 . 2001-08-23 12:00 136192 ----a-w- c:\windows\system32\msv1_0.dll 2009-09-04 22:44 . 2009-09-16 19:55 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll 2009-09-04 21:03 . 2001-08-23 12:00 58880 ----a-w- c:\windows\system32\msasn1.dll 2009-08-29 08:08 . 2001-08-23 12:00 916480 ----a-w- c:\windows\system32\wininet.dll 2009-08-26 08:00 . 2001-08-23 12:00 247326 ----a-w- c:\windows\system32\strmdll.dll 2009-01-11 16:22 . 2008-05-14 00:35 457 --sh--w- c:\windows\system32\boothide.reg 2009-01-11 16:33 . 2008-05-14 00:35 172 --sh--w- c:\windows\system32\bootrun.reg . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "RunNarrator"="Narrator.exe" - c:\windows\system32\narrator.exe [2008-04-14 53760] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "RoxLiveShare9"=2 (0x2) [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Steam\\Steam.exe"= "c:\\Program Files\\Steam\\steamapps\\zimby\\day of defeat source\\hl2.exe"= "c:\\Program Files\\Steam\\steamapps\\zimby\\team fortress 2\\hl2.exe"= "c:\\Program Files\\Steam\\steamapps\\zimby\\counter-strike source\\hl2.exe"= "c:\\WINDOWS\\system32\\PnkBstrA.exe"= "c:\\WINDOWS\\system32\\PnkBstrB.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\WINDOWS\\system32\\dpvsetup.exe"= "c:\\Program Files\\Xfire\\xfire.exe"= "c:\\Program Files\\Steam\\steamapps\\zimby\\source sdk base\\hl2.exe"= "c:\\Program Files\\DNA\\btdna.exe"= "c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"= "c:\\Program Files\\THQ\\Dawn of War - Soulstorm\\Soulstorm.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\WINDOWS\\system32\\tlntsvr.exe"= "c:\\WINDOWS\\system32\\tftp.exe"= "c:\\Program Files\\Vuze\\Azureus.exe"= "f:\\Music\\LimeWire\\LimeWire.exe"= "c:\\Program Files\\Steam\\steamapps\\common\\plants vs zombies\\PlantsVsZombies.exe"= "c:\\Program Files\\Steam\\steamapps\\zimby\\age of chivalry\\hl2.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Steam\\steamapps\\common\\dragon age origins\\bin_ship\\daupdatersvc.service.exe"= "c:\\Program Files\\Steam\\steamapps\\common\\dragon age origins\\bin_ship\\DAOrigins.exe"= "c:\\Program Files\\Steam\\steamapps\\common\\dragon age origins\\DAOriginsLauncher.exe"= "c:\\Program Files\\Steam\\steamapps\\common\\call of duty modern warfare 2\\iw4sp.exe"= "c:\\Program Files\\Steam\\steamapps\\common\\call of duty modern warfare 2\\iw4mp.exe"= "c:\\Program Files\\Steam\\steamapps\\common\\left 4 dead 2\\left4dead2.exe"= R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2/10/2009 12:44 AM 64160] R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [9/10/2008 10:59 AM 717296] R0 ViBus;ViBus;c:\windows\system32\drivers\ViBus.sys [9/6/2008 12:41 AM 16896] R0 ViPrt;VIA SATA IDE Device Driver;c:\windows\system32\drivers\ViPrt.sys [9/6/2008 12:41 AM 52224] R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [10/14/2007 3:00 PM 13696] R2 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [10/28/2008 4:42 PM 156968] S0 blqwvc;blqwvc;c:\windows\system32\drivers\oloolkd.sys --> c:\windows\system32\drivers\oloolkd.sys [?] S2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [11/21/2009 11:03 PM 112592] S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [1/18/2009 4:34 PM 1028432] S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files\Steam\steamapps\common\dragon age origins\bin_ship\daupdatersvc.service.exe [11/2/2009 11:04 AM 25832] S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?] S3 PciCon;PciCon;\??\d:\pcicon.sys --> d:\PciCon.sys [?] S3 rt2870;Linksys 802.11n USB Wireless LAN Card Driver;c:\windows\system32\DRIVERS\rt2870.sys --> c:\windows\system32\DRIVERS\rt2870.sys [?] . Contents of the 'Scheduled Tasks' folder 2009-11-17 c:\windows\Tasks\Ad-Aware Update (Weekly).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 04:44] 2009-11-04 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34] . . ------- Supplementary Scan ------- . uStart Page = hxxp://search.mywebsearch.com/mywebsearch/default.jhtml?ptnrS=ZJfox000&ptb=xponXWBKqDBqO7uq5ZxqzA uInternet Connection Wizard,ShellNext = iexplore IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 FF - ProfilePath - c:\documents and settings\Zimby\Application Data\Mozilla\Firefox\Profiles\mmx5nsm2.default\ FF - prefs.js: network.proxy.type - 4 FF - plugin: c:\documents and settings\Zimby\Application Data\Mozilla\Firefox\Profiles\mmx5nsm2.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll FF - plugin: c:\program files\Download Manager\npfpdlm.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ . ************************************************************************** scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc] "ImagePath"="c:\windows\system32\GameMon.des -service" . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-1390067357-1383384898-725345543-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] "??"=hex:00,80,b5,61,54,08,f6,d5,d0,fc,fc,7a,10,18,bf,bf,55,ba,d3,8e,9f,63,8b, 34,f3,d2,15,08,f6,18,ca,df,74,f8,33,7d,28,d9,8d,95,fe,2b,91,24,69,08,22,34,\ "??"=hex:ca,77,30,b4,4f,7b,b1,cc,74,06,61,09,17,4f,2e,f1 [HKEY_USERS\S-1-5-21-1390067357-1383384898-725345543-1003\Software\SecuROM\License information*] "datasecu"=hex:9e,e3,e8,e5,5e,8c,8b,06,2b,06,d6,24,df,c6,02,80,43,e5,ad,63,63, af,da,38,d0,b7,28,7d,a1,ba,d0,f6,c3,45,c8,86,07,35,0f,55,a0,92,fc,18,e3,e7,\ "rkeysecu"=hex:22,a3,31,c4,07,33,03,0d,33,e0,a9,50,04,df,98,04 . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'explorer.exe'(3868) c:\windows\system32\WININET.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Java\jre6\bin\jqs.exe c:\windows\system32\nvsvc32.exe c:\windows\system32\PnkBstrA.exe c:\windows\system32\PnkBstrB.exe c:\program files\Windows Media Player\WMPNetwk.exe . ************************************************************************** . Completion time: 2009-11-22 02:23 - machine was rebooted ComboFix-quarantined-files.txt 2009-11-22 07:22 Pre-Run: 19,236,982,784 bytes free Post-Run: 28,594,249,728 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn - - End Of File - - 6F8FB70297167E2B5BF783448817ABE1
  3. A little update here...here I tried running Hijack This and it also is shut down once its processes start in fact the only service ive gotten to run from start to finish is ComboFix...im posting my log below
  4. Hello I recently hit a small snag...well a big virus called Privacy Center today. While I followed several sets of procedures online to kill it and managed to (seemingly) get my computer clean I can no longer use MBAM or Adaware. Uninstalling and reinstalling has no effect, sure it installs fine but after 2 sec (and yes always at the 2 sec mark) the MBAM program shuts down and becomes unusable. I've read the sticky about this problem and went to install the RootRepeal program which installs fine but also stops mid-scan and displays a message that goes exactly like... "Windows cannot access the specified device, path or file. You may not have appropriate permissions to access the item." The thing is Im the only user of this computer and the admin. Im wondering if anyone would be able to tell me the steps to get any kind of malware cleaning program up (hopefully MBAM) so I can scan and kill whatever might be left on my PC. Please let me know if you need any other details...thanks.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.