Jump to content

Can't get Malwarebytes to work, run-time errors


Recommended Posts

Hello

hopefully this is te right place to post this. I am working on my Pastors laptop, grandchildren loaded a lot of games on it. And with it came some viruses and malware. I have been trying to get malwarebyes to work because I trust it more that any other malware software but just can't seem to get it to run. I've loaded on his laptop, tried to run it and it failed. I've cleaned it off tried to load and run it again and still I get the same run-time errors. I've ran a DDS scan, was advided to do that by Bleepingcomputers. com and was recommended that I post the situation here. Here is the current DDS and attach file.:

DDS (Ver_2012-11-20.01) - NTFS_x86

Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 10.9.2

Run by Rev. Evans at 15:31:02 on 2012-12-06

.

============== Running Processes ================

.

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\HP\QuickPlay\QPService.exe

C:\WINDOWS\system32\igfxtray.exe

C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\Windows Media Player\WMPNSCFG.exe

C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\Program Files\Java\jre7\bin\jqs.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\WINDOWS\ehome\mcrdsvc.exe

C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\System32\alg.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\Program Files\Real\RealPlayer\update\realsched.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k NetworkService

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\WINDOWS\system32\svchost.exe -k LocalService

.

============== Pseudo HJT Report ===============

.

uSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=presario&pf=laptop

mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=presario&pf=laptop

uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=presario&pf=laptop

uURLSearchHooks: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll

BHO: {02478D38-C3F9-4EFB-9B51-7695ECA05670} - <orphaned>

BHO: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - <orphaned>

BHO: DealCabby: {0B4A07CF-45EB-4B10-B6BB-35568A2F89BE} - c:\documents and settings\rev. evans\local settings\application data\dealcabby\ie\dealcabby_20121029030001.dll

BHO: {3049C3E9-B461-4BC5-8870-4C09146192CA} - <orphaned>

BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll

BHO: DefaultTab Browser Helper: {7F6AFBF1-E065-4627-A2FD-810366367D01} -

BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\alwil software\avast5\aswWebRepIE.dll

BHO: CNavExtBho Class: {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} -

BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.7529.1424\swg.dll

BHO: {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} - <orphaned>

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll

BHO: Zoom Downloader: {E5C66DD8-308B-4a4f-AF0A-3D04F25B5343} -

TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll

TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll

TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\alwil software\avast5\aswWebRepIE.dll

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [spybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe

uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe

mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [Reminder] c:\windows\creator\Remind_XP.exe

mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"

mRun: [igfxtray] c:\windows\system32\igfxtray.exe

mRun: [igfxpers] c:\windows\system32\igfxpers.exe

mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe

mRun: [hpWirelessAssistant] c:\program files\hpq\hp wireless assistant\HP Wireless Assistant.exe

mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe

mRun: [Cpqset] c:\program files\hewlett-packard\default settings\cpqset.exe

mRun: [AVG_UI] "c:\program files\avg\avg2013\avgui.exe" /TRAYONLY

mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot

mRun: [QlbCtrl] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start

mRun: [iSUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start

mRun: [iSUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup

mRun: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe

mRun: [KernelFaultCheck] c:\windows\system32\dumprep 0 -k

dRun: [Exetender] "c:\program files\free ride games\GPlayer.exe" /runonstartup

uPolicies-Explorer: NoDriveTypeAutoRun = dword:145

mPolicies-Explorer: NoDriveTypeAutoRun = dword:145

IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000

IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre7\bin\jp2iexp.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} -

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab

TCP: NameServer = 192.168.1.1

TCP: Interfaces\{2AC8DF53-482E-4BBE-8ED6-D8B50C06A018} : DHCPNameServer = 192.168.1.1

Notify: igfxcui - igfxdev.dll

SSODL: SysTray - <orphaned>

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\rev. evans\application data\mozilla\firefox\profiles\6xfb52qk.default\

FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll

FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll

FF - plugin: c:\documents and settings\rev. evans\application data\mozilla\firefox\profiles\6xfb52qk.default\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2}\plugins\npAclmPlugin.dll

FF - plugin: c:\documents and settings\rev. evans\application data\mozilla\firefox\profiles\6xfb52qk.default\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2}\plugins\npProductDetectPlugin.dll

FF - plugin: c:\documents and settings\rev. evans\application data\mozilla\firefox\profiles\6xfb52qk.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll

FF - plugin: c:\program files\free ride games\npExentCtl.dll

FF - plugin: c:\program files\free ride games\npGameTreatWidget.dll

FF - plugin: c:\program files\google\update\1.3.21.123\npGoogleUpdate3.dll

FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll

FF - plugin: c:\program files\real\realplayer\netscape6\nprpplugin.dll

FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_5_502_110.dll

FF - plugin: c:\windows\system32\npDeployJava1.dll

FF - plugin: c:\windows\system32\npptools.dll

FF - ExtSQL: 2012-11-09 23:35; {0153E448-190B-4987-BDE1-F256CADA672F}; c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\Ext

FF - ExtSQL: 2012-11-13 14:24; wrc@avast.com; c:\program files\alwil software\avast5\webrep\FF

FF - ExtSQL: 2012-11-16 18:22; {e001c731-5e37-4538-a5cb-8168736a2360}; c:\documents and settings\rev. evans\application data\mozilla\firefox\profiles\6xfb52qk.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}

FF - ExtSQL: 2012-11-16 19:11; {ab91efd4-6975-4081-8552-1b3922ed79e2}; c:\documents and settings\rev. evans\application data\mozilla\firefox\profiles\6xfb52qk.default\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2}

.

============= SERVICES / DRIVERS ===============

.

R? avast! Antivirus;avast! Antivirus

R? MBAMSwissArmy;MBAMSwissArmy

S? aswFsBlk;aswFsBlk

S? aswSnx;aswSnx

S? aswSP;aswSP

S? AVGIDSAgent;AVGIDSAgent

S? AVGIDSDriver;AVGIDSDriver

S? AVGIDSHX;AVGIDSHX

S? AVGIDSShim;AVGIDSShim

S? Avgldx86;AVG AVI Loader Driver

S? Avglogx;AVG Logging Driver

S? Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield

S? Avgrkx86;AVG Anti-Rootkit Driver

S? Avgtdix;AVG TDI Driver

S? avgwd;AVG WatchDog

S? McrdSvc;Media Center Extender Service

S? X4HSEx_Pr143;X4HSEx_Pr143

.

=============== File Associations ===============

.

FileExt: .reg: regfile=c:\windows\system32\NOTEPAD.EXE %1 [default=edit]

.

=============== Created Last 30 ================

.

2012-11-30 23:54:46 89088 ----a-w- C:\mbr.exe

2012-11-28 22:20:49 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2012-11-28 22:20:49 -------- d-----w- c:\documents and settings\rev. evans\application data\Malwarebytes

2012-11-28 22:20:36 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes

2012-11-28 22:20:33 22856 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-11-28 22:20:33 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-11-28 20:55:42 -------- d-----w- C:\Malwarebytes

2012-11-28 03:48:53 -------- d-----w- c:\documents and settings\rev. evans\local settings\application data\QuickPlay

2012-11-20 04:22:12 -------- d-----w- c:\documents and settings\rev. evans\local settings\application data\dealcabby

2012-11-20 03:48:28 -------- d-----w- c:\program files\Kaspersky Security Scan

2012-11-20 03:47:22 -------- d-----w- c:\program files\WinZip System Utilities Suite

2012-11-20 03:39:33 -------- d-----w- c:\documents and settings\rev. evans\application data\WinZip

2012-11-19 21:47:28 -------- d-----w- c:\documents and settings\rev. evans\local settings\application data\jZip

2012-11-19 21:46:42 -------- d-----w- c:\program files\jZip

2012-11-19 04:55:07 -------- d-----w- c:\documents and settings\rev. evans\local settings\application data\WinZip

2012-11-19 03:31:06 -------- d-----w- c:\documents and settings\rev. evans\local settings\application data\Identities

2012-11-18 23:45:10 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-11-18 23:45:10 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-11-18 01:13:47 13894 ----a-w- c:\windows\system32\dllcache\zonelibm.dll

2012-11-18 01:13:46 29760 ----a-w- c:\windows\system32\dllcache\znetm.dll

2012-11-18 01:13:46 113222 ----a-w- c:\windows\system32\dllcache\zoneclim.dll

2012-11-18 01:13:45 4677 ----a-w- c:\windows\system32\dllcache\zeeverm.dll

2012-11-18 01:13:45 41029 ----a-w- c:\windows\system32\dllcache\zcorem.dll

2012-11-18 01:13:45 36937 ----a-w- c:\windows\system32\dllcache\zclientm.exe

2012-11-18 01:13:44 116224 ----a-w- c:\windows\system32\dllcache\xrxwiadr.dll

2012-11-18 01:13:40 23040 ----a-w- c:\windows\system32\dllcache\xrxwbtmp.dll

2012-11-18 01:13:36 17408 ----a-w- c:\windows\system32\dllcache\xrxscnui.dll

2012-11-18 01:13:31 27648 ----a-w- c:\windows\system32\dllcache\xrxftplt.exe

2012-11-18 01:13:26 4608 ----a-w- c:\windows\system32\dllcache\xrxflnch.exe

2012-11-18 01:12:57 99865 ----a-w- c:\windows\system32\dllcache\xlog.exe

2012-11-18 01:12:51 16970 ----a-w- c:\windows\system32\dllcache\xem336n5.sys

2012-11-18 01:12:48 19455 ----a-w- c:\windows\system32\dllcache\wvchntxx.sys

2012-11-18 01:12:44 19328 ----a-w- c:\windows\system32\dllcache\wstcodec.sys

2012-11-18 01:12:42 12063 ----a-w- c:\windows\system32\dllcache\wsiintxx.sys

2012-11-18 01:12:40 8192 ----a-w- c:\windows\system32\dllcache\wshirda.dll

2012-11-18 01:12:33 221184 ----a-w- c:\windows\system32\dllcache\wmpns.dll

2012-11-18 01:12:18 154624 ----a-w- c:\windows\system32\dllcache\wlluc48.sys

2012-11-18 01:12:13 34890 ----a-w- c:\windows\system32\dllcache\wlandrv2.sys

2012-11-18 01:12:01 771581 ----a-w- c:\windows\system32\dllcache\winacisa.sys

2012-11-18 01:10:59 48256 ----a-w- c:\windows\system32\dllcache\w32.dll

2012-11-18 01:09:57 793598 ----a-w- c:\windows\system32\dllcache\usr1806.sys

2012-11-18 01:08:54 211968 ----a-w- c:\windows\system32\dllcache\um54scan.dll

2012-11-18 01:07:58 31744 ----a-w- c:\windows\system32\dllcache\tp4.dll

2012-11-18 01:06:56 36640 ----a-w- c:\windows\system32\dllcache\t2r4mini.sys

2012-11-18 01:05:57 16896 ----a-w- c:\windows\system32\dllcache\stcusb.sys

2012-11-18 01:04:55 7168 ----a-w- c:\windows\system32\dllcache\EXCH_snprfdll.dll

2012-11-18 01:03:59 29184 ----a-w- c:\windows\system32\dllcache\sm8cw.dll

2012-11-18 01:02:46 161568 ----a-w- c:\windows\system32\dllcache\sgsmusb.sys

2012-11-18 01:02:43 18400 ----a-w- c:\windows\system32\dllcache\sgsmld.sys

2012-11-18 01:02:39 98080 ----a-w- c:\windows\system32\dllcache\sgiulnt5.sys

2012-11-18 01:02:35 386560 ----a-w- c:\windows\system32\dllcache\sgiul50.dll

2012-11-18 01:02:31 36480 ----a-w- c:\windows\system32\dllcache\sfmanm.sys

2012-11-18 01:02:20 6784 ----a-w- c:\windows\system32\dllcache\serscan.sys

2012-11-18 01:02:17 17664 ----a-w- c:\windows\system32\dllcache\sermouse.sys

2012-11-18 01:02:15 26112 ----a-w- c:\windows\system32\dllcache\EXCH_seos.dll

2012-11-18 01:02:15 221696 ----a-w- c:\windows\system32\dllcache\seo.dll

2012-11-18 01:02:09 6912 ----a-w- c:\windows\system32\dllcache\seaddsmc.sys

2012-11-18 01:02:04 10880 ----a-w- c:\windows\system32\dllcache\scsiscan.sys

2012-11-18 01:02:00 11648 ----a-w- c:\windows\system32\dllcache\scsiprnt.sys

2012-11-18 01:00:57 41216 ----a-w- c:\windows\system32\dllcache\s3mt3d.sys

2012-11-18 00:59:59 4096 ----a-w- c:\windows\system32\dllcache\rpcref.dll

2012-11-18 00:58:56 3328 ----a-w- c:\windows\system32\dllcache\qv2kux.sys

2012-11-18 00:58:56 16384 ----a-w- c:\windows\system32\dllcache\quser.exe

2012-11-18 00:58:54 9728 ----a-w- c:\windows\system32\dllcache\query.exe

2012-11-18 00:58:41 6016 ----a-w- c:\windows\system32\dllcache\qic157.sys

2012-11-18 00:58:34 7680 ----a-w- c:\windows\system32\dllcache\pwsdata.dll

2012-11-18 00:58:29 130942 ----a-w- c:\windows\system32\dllcache\ptserlv.sys

2012-11-18 00:58:25 112574 ----a-w- c:\windows\system32\dllcache\ptserlp.sys

2012-11-18 00:58:18 128286 ----a-w- c:\windows\system32\dllcache\ptserli.sys

2012-11-18 00:58:17 159232 ----a-w- c:\windows\system32\dllcache\ptpusd.dll

2012-11-18 00:58:14 5632 ----a-w- c:\windows\system32\dllcache\ptpusb.dll

2012-11-18 00:58:06 35328 ----a-w- c:\windows\system32\dllcache\psisload.dll

2012-11-18 00:56:57 16384 ----a-w- c:\windows\system32\dllcache\philcam1.dll

2012-11-18 00:55:56 41984 ----a-w- c:\windows\system32\dllcache\ovui2rc.dll

2012-11-18 00:54:55 54528 ----a-w- c:\windows\system32\dllcache\opl3sax.sys

2012-11-18 00:54:33 1897408 ----a-w- c:\windows\system32\dllcache\nv4_mini.sys

2012-11-18 00:54:32 4274816 ----a-w- c:\windows\system32\dllcache\nv4_disp.dll

2012-11-18 00:54:28 198144 ----a-w- c:\windows\system32\dllcache\nv3.sys

2012-11-18 00:54:23 123776 ----a-w- c:\windows\system32\dllcache\nv3.dll

2012-11-18 00:54:13 180360 ----a-w- c:\windows\system32\dllcache\ntmtlfax.sys

2012-11-18 00:53:49 51552 ----a-w- c:\windows\system32\dllcache\ntgrip.sys

2012-11-18 00:53:48 38912 ----a-w- c:\windows\system32\dllcache\EXCH_ntfsdrv.dll

2012-11-18 00:53:39 9344 ----a-w- c:\windows\system32\dllcache\ntapm.sys

2012-11-18 00:53:34 7552 ----a-w- c:\windows\system32\dllcache\nsmmc.sys

2012-11-18 00:53:31 44544 ----a-w- c:\windows\system32\dllcache\nsepm.dll

2012-11-18 00:53:29 28672 ----a-w- c:\windows\system32\dllcache\nscirda.sys

2012-11-18 00:53:27 226816 ----a-w- c:\windows\system32\dllcache\npdrmv2.dll

2012-11-18 00:53:15 87040 ----a-w- c:\windows\system32\dllcache\nm6wdm.sys

2012-11-18 00:53:11 126080 ----a-w- c:\windows\system32\dllcache\nm5a2wdm.sys

2012-11-18 00:53:04 32840 ----a-w- c:\windows\system32\dllcache\ngrpci.sys

2012-11-18 00:53:03 53248 ----a-w- c:\windows\system32\dllcache\nextlink.dll

2012-11-18 00:53:00 132695 ----a-w- c:\windows\system32\dllcache\netwlan5.sys

2012-11-18 00:52:42 65278 ----a-w- c:\windows\system32\dllcache\netflx3.sys

2012-11-18 00:52:35 39264 ----a-w- c:\windows\system32\dllcache\neo20xx.sys

2012-11-18 00:52:31 60480 ----a-w- c:\windows\system32\dllcache\neo20xx.dll

2012-11-18 00:52:28 15872 ----a-w- c:\windows\system32\dllcache\ne2000.sys

2012-11-18 00:52:24 10880 ----a-w- c:\windows\system32\dllcache\ndisip.sys

2012-11-18 00:52:17 85376 ----a-w- c:\windows\system32\dllcache\nabtsfec.sys

2012-11-18 00:52:13 91488 ----a-w- c:\windows\system32\dllcache\n9i3disp.dll

2012-11-18 00:52:10 27936 ----a-w- c:\windows\system32\dllcache\n9i3d.sys

2012-11-18 00:52:06 33088 ----a-w- c:\windows\system32\dllcache\n9i128v2.sys

2012-11-18 00:52:02 59104 ----a-w- c:\windows\system32\dllcache\n9i128v2.dll

2012-11-18 00:50:51 5504 ----a-w- c:\windows\system32\dllcache\mstee.sys

2012-11-18 00:50:49 49024 ----a-w- c:\windows\system32\dllcache\mstape.sys

2012-11-18 00:50:38 12416 ----a-w- c:\windows\system32\dllcache\msriffwv.sys

2012-11-18 00:50:19 2944 ----a-w- c:\windows\system32\dllcache\msmpu401.sys

2012-11-18 00:50:16 40960 ----a-w- c:\windows\system32\dllcache\msiregmv.exe

2012-11-18 00:50:14 22016 ----a-w- c:\windows\system32\dllcache\msircomm.sys

2012-11-18 00:50:12 98304 ----a-w- c:\windows\system32\dllcache\msir3jp.dll

2012-11-18 00:49:57 35200 ----a-w- c:\windows\system32\dllcache\msgame.sys

2012-11-18 00:49:52 6016 ----a-w- c:\windows\system32\dllcache\msfsio.sys

2012-11-18 00:49:50 51328 ----a-w- c:\windows\system32\dllcache\msdv.sys

2012-11-18 00:49:19 15360 ----a-w- c:\windows\system32\dllcache\mpe.sys

2012-11-18 00:49:09 16128 ----a-w- c:\windows\system32\dllcache\modemcsa.sys

2012-11-18 00:47:58 58368 ----a-w- c:\windows\system32\dllcache\m3091dc.dll

2012-11-18 00:46:57 33792 ----a-w- c:\windows\system32\dllcache\lmmib2.dll

2012-11-18 00:45:56 7168 ----a-w- c:\windows\system32\dllcache\kbdibm02.dll

2012-11-18 00:44:57 23552 ----a-w- c:\windows\system32\dllcache\irmk7.sys

2012-11-18 00:43:59 311359 ----a-w- c:\windows\system32\dllcache\imepadsv.exe

2012-11-18 00:42:57 141056 ----a-w- c:\windows\system32\dllcache\icam3.sys

2012-11-18 00:41:56 488383 ----a-w- c:\windows\system32\dllcache\hsf_v124.sys

2012-11-18 00:40:58 32768 ----a-w- c:\windows\system32\dllcache\hpgtmcro.dll

2012-11-18 00:39:59 36864 ----a-w- c:\windows\system32\dllcache\hanjadic.dll

2012-11-18 00:38:54 442240 ----a-w- c:\windows\system32\dllcache\fpnpbase.sys

2012-11-18 00:37:59 45568 ----a-w- c:\windows\system32\dllcache\esunib.dll

2012-11-18 00:36:55 19996 ----a-w- c:\windows\system32\dllcache\em556n4.sys

2012-11-18 00:35:56 28062 ----a-w- c:\windows\system32\dllcache\dp83820.sys

2012-11-18 00:34:59 65622 ----a-w- c:\windows\system32\dllcache\digiasyn.dll

2012-11-18 00:33:59 3072 ----a-w- c:\windows\system32\dllcache\cwbmidi.sys

2012-11-18 00:32:59 14336 ----a-w- c:\windows\system32\dllcache\chgusr.exe

2012-11-17 21:13:33 -------- d-----w- c:\program files\Spybot - Search & Destroy

2012-11-17 21:13:33 -------- d-----w- c:\documents and settings\all users\application data\Spybot - Search & Destroy

2012-11-17 04:47:22 119296 ----a-w- c:\windows\system32\dllcache\camext30.dll

2012-11-17 04:47:19 236032 ----a-w- c:\windows\system32\dllcache\camext20.dll

2012-11-17 04:47:17 74240 ----a-w- c:\windows\system32\dllcache\camexo20.dll

2012-11-17 04:47:15 171264 ----a-w- c:\windows\system32\dllcache\camdrv30.sys

2012-11-17 04:47:14 223232 ----a-w- c:\windows\system32\dllcache\camdrv21.sys

2012-11-17 04:47:13 314752 ----a-w- c:\windows\system32\dllcache\camdro21.sys

2012-11-17 04:47:07 6656 ----a-w- c:\windows\system32\dllcache\c_is2022.dll

2012-11-17 04:47:06 218112 ----a-w- c:\windows\system32\dllcache\c_g18030.dll

2012-11-17 04:45:59 2944 ----a-w- c:\windows\system32\dllcache\brfilt.sys

2012-11-17 04:44:52 23552 ----a-w- c:\windows\system32\dllcache\atixbar.sys

2012-11-17 04:43:59 56623 ----a-w- c:\windows\system32\dllcache\ati1btxx.sys

2012-11-17 04:42:59 6144 ----a-w- c:\windows\system32\dllcache\admxprox.dll

2012-11-17 04:41:58 4639 ----a-w- c:\windows\system32\dllcache\mplayer2.exe

2012-11-17 04:41:44 7168 ----a-w- c:\windows\system32\dllcache\wamregps.dll

2012-11-17 04:41:34 32827 ----a-w- c:\windows\system32\dllcache\tcptest.exe

2012-11-17 04:41:34 16384 ----a-w- c:\windows\system32\dllcache\tcptsat.dll

2012-11-17 04:41:32 8192 ----a-w- c:\windows\system32\dllcache\staxmem.dll

2012-11-17 04:41:31 2134528 ----a-w- c:\windows\system32\dllcache\smtpsnap.dll

2012-11-17 04:41:30 189440 ----a-w- c:\windows\system32\dllcache\smtpadm.dll

2012-11-17 04:41:29 20536 ----a-w- c:\windows\system32\dllcache\shtml.dll

2012-11-17 04:41:29 16437 ----a-w- c:\windows\system32\dllcache\shtml.exe

2012-11-17 04:41:19 66048 ----a-w- c:\windows\system32\dllcache\s3legacy.dll

2012-11-16 23:26:53 -------- d-----w- c:\program files\ESET

2012-11-16 23:22:48 -------- d-----w- c:\documents and settings\rev. evans\application data\QuickScan

2012-11-16 22:06:29 -------- d-----w- c:\windows\pss

2012-11-16 22:06:19 158208 ----a-w- c:\windows\system32\msconfig.exe

2012-11-16 20:51:09 -------- d-----w- c:\documents and settings\all users\application data\Alwil Software

2012-11-13 19:20:30 738504 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2012-11-13 19:19:44 -------- d-----w- c:\documents and settings\all users\application data\AVAST Software

2012-11-13 18:33:53 26496 ----a-w- c:\windows\system32\dllcache\usbstor.sys

2012-11-13 17:20:04 -------- d-----w- c:\program files\msn gaming zone

2012-11-13 16:46:14 -------- d-----w- c:\windows\system32\CatRoot_bak

2012-11-13 16:03:47 -------- d-----w- c:\documents and settings\rev. evans\application data\Nico Mak Computing

2012-11-13 16:03:16 17224 ----a-w- c:\windows\system32\roboot.exe

2012-11-13 15:50:52 -------- d-----w- c:\documents and settings\rev. evans\application data\DriverCure

2012-11-13 15:50:51 -------- d-----w- c:\documents and settings\rev. evans\application data\PC Utility Kit

2012-11-13 15:49:58 -------- d-----w- c:\documents and settings\all users\application data\PC Utility Kit

2012-11-13 13:22:33 81920 ----a-w- c:\windows\system32\ieencode.dll

2012-11-13 13:22:33 81920 ----a-w- c:\windows\system32\dllcache\ieencode.dll

2012-11-13 13:22:33 -------- dc----w- c:\windows\ie8

2012-11-12 17:55:53 -------- d-----w- C:\c409a21d9461da821dd6b38ec4

2012-11-12 17:47:31 -------- d-----w- c:\documents and settings\rev. evans\application data\AVG2013

2012-11-12 17:42:46 -------- d-----w- c:\documents and settings\rev. evans\application data\TuneUp Software

2012-11-12 17:42:19 -------- d-----w- c:\documents and settings\all users\application data\AVG2013

2012-11-12 17:42:19 -------- d-----w- C:\$AVG

2012-11-12 17:41:49 -------- d-----w- c:\program files\AVG

2012-11-12 16:24:11 -------- d-----w- c:\documents and settings\all users\application data\Common Files

2012-11-12 16:24:10 -------- d-----w- c:\documents and settings\rev. evans\local settings\application data\MFAData

2012-11-12 16:24:10 -------- d-----w- c:\documents and settings\rev. evans\local settings\application data\Avg2013

2012-11-12 16:24:10 -------- d-----w- c:\documents and settings\all users\application data\MFAData

2012-11-12 16:15:00 41224 ----a-w- c:\windows\avastSS.scr

2012-11-12 14:48:17 940544 ----a-w- c:\documents and settings\rev. evans\local settings\application data\log4cxx.dll

2012-11-12 14:48:17 196608 ----a-w- c:\documents and settings\rev. evans\local settings\application data\common_functions.dll

2012-11-12 14:34:21 -------- d-----w- c:\windows\system32\LogFiles

2012-11-10 05:48:11 -------- d-----w- C:\Remote Programs

2012-11-10 05:48:07 1132448 ----a-w- c:\windows\system32\d3dx9_32.dll

2012-11-10 05:48:07 -------- d-----w- c:\documents and settings\all users\application data\Free Ride Games

2012-11-10 05:48:03 57824 ------w- c:\windows\ExentInfo.exe

2012-11-10 05:48:01 -------- d-----w- c:\program files\Free Ride Games

2012-11-10 05:47:41 -------- d-----w- c:\documents and settings\rev. evans\local settings\application data\WeatherBug

2012-11-10 05:47:29 -------- d-----w- c:\documents and settings\rev. evans\application data\WeatherBug

2012-11-10 05:47:22 -------- d-----w- c:\program files\AWS

2012-11-10 05:08:12 821736 ----a-w- c:\windows\system32\npDeployJava1.dll

2012-11-10 05:08:12 746984 ----a-w- c:\windows\system32\deployJava1.dll

2012-11-10 05:08:12 143872 ----a-w- c:\windows\system32\javacpl.cpl

2012-11-10 05:07:58 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll

2012-11-10 04:57:02 -------- d-----w- c:\windows\system32\appmgmt

2012-11-10 04:36:14 -------- d-----w- c:\documents and settings\rev. evans\local settings\application data\Real

2012-11-10 04:35:41 -------- d-----w- c:\program files\common files\xing shared

2012-11-10 04:32:24 -------- d-----w- c:\documents and settings\rev. evans\local settings\application data\Google

2012-11-10 04:32:23 -------- d-----w- c:\documents and settings\rev. evans\local settings\application data\Shopping Sidekick

2012-11-10 04:31:39 -------- d-----w- c:\documents and settings\rev. evans\local settings\application data\Zoom_Downloader

2012-11-10 04:31:30 -------- d-----w- c:\program files\Zoom Downloader

2012-11-10 04:31:30 -------- d-----w- c:\documents and settings\rev. evans\local settings\application data\DownloadManager

2012-11-10 03:43:23 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys

2012-11-10 03:43:23 25856 ----a-w- c:\windows\system32\dllcache\usbprint.sys

2012-11-10 03:11:00 -------- d-----w- c:\documents and settings\rev. evans\local settings\application data\Sun

2012-11-09 00:12:35 -------- d-sh--w- c:\documents and settings\rev. evans\PrivacIE

2012-11-09 00:08:38 -------- d-sh--w- c:\documents and settings\rev. evans\IETldCache

2012-11-07 03:41:28 -------- d-----w- c:\documents and settings\rev. evans\local settings\application data\Help

.

==================== Find3M ====================

.

2012-10-22 18:02:46 179936 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys

2012-10-15 08:48:52 55776 ----a-w- c:\windows\system32\drivers\avgidshx.sys

2012-10-02 08:30:38 159712 ----a-w- c:\windows\system32\drivers\avgldx86.sys

2012-09-21 08:46:06 164832 ----a-w- c:\windows\system32\drivers\avgtdix.sys

2012-09-21 08:46:00 177376 ----a-w- c:\windows\system32\drivers\avglogx.sys

2012-09-21 08:45:54 19936 ----a-w- c:\windows\system32\drivers\avgidsshimx.sys

2012-09-14 08:05:20 35552 ----a-w- c:\windows\system32\drivers\avgrkx86.sys

.

=================== ROOTKIT ====================

.

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net

Windows 5.1.2600

.

CreateFile("\\.\PHYSICALDRIVE0"): The process cannot access the file because it is being used by another process.

device: opened successfully

user: error reading MBR

.

Disk trace:

called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll iaStor.sys

c:\windows\system32\drivers\iaStor.sys Intel Corporation Intel Matrix Storage Manager driver

1 ntkrnlpa!IofCallDriver[0x804EDF3C] -> \Device\Harddisk0\DR0[0x82BAD618]

3 CLASSPNP[0xF855605B] -> ntkrnlpa!IofCallDriver[0x804EDF3C] -> \Device\00000083[0x82B98970]

5 ACPI[0xF83CC620] -> ntkrnlpa!IofCallDriver[0x804EDF3C] -> \Device\Ide\IAAStorageDevice-0[0x82BD0030]

kernel: MBR read successfully

_asm { XOR DI, DI; MOV SI, 0x200; MOV SS, DI; MOV SP, 0x7a00; MOV BX, 0x7a0; MOV CX, SI; MOV DS, BX; MOV ES, BX; REP MOVSB ; JMP FAR 0x7a0:0x7a; }

user != kernel MBR !!!

.

============= FINISH: 15:36:11.33 ===============

attach.txt

And for some strange reason, the cd drive keeps popping out for no reason. Can't figure that one out

Link to post
Share on other sites

  • Staff

Please do the following:

Please download TDSSKiller.zip

  • Extract it to your desktop
  • Double click TDSSKiller.exe
  • when the window opens, click on Change Parameters
  • under ”Additional options”, put a check mark in the box next to “Detect TDLFS File System”
  • click OK
  • Press Start Scan
    • If Malicious objects are found then ensure Cure is selected
    • If TDLFS File System is found then ensure Cure is selected (if Cure is not available, select Skip)
    • Then click Continue > Reboot now

    [*]Copy and paste the log in your next reply

    • A copy of the log will be saved automatically to the root of the drive (typically C:\)

NEXT

Download ComboFix from the following location:

Link 1

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

  • Double click on ComboFix.exe & follow the prompts.

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

CF_RC_notice.png

  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

cfRC_screen_2.png

  • Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Notes:

1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.

2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.