Jump to content

my malwarebytes crashes before opening


Recommended Posts

hi my malwarebytes along with other programs fail to start or install

im more concerned with getting my malwarebytes since its the first program i noticed

this is the error i get when i try to open it i also included a snip of the window and another program error (possible same problem causing this crash too)

i already did the dds and have the two files attached

Problem signature:

Problem Event Name: BEX

Application Name: mbam.exe

Application Version: 1.70.0.9

Application Timestamp: 50a526ce

Fault Module Name: msvcrt.dll

Fault Module Version: 7.0.7601.17744

Fault Module Timestamp: 4eeaf722

Exception Offset: 00023e64

Exception Code: c0000409

Exception Data: 00000000

OS Version: 6.1.7601.2.1.0.256.48

Locale ID: 1033

Additional Information 1: 3190

Additional Information 2: 31909148a98512a0685340a2ae2a3f63

Additional Information 3: 214e

Additional Information 4: 214e0a89fb70820d1ce9fa05cff8b659

Read our privacy statement online:

http://go.microsoft....88&clcid=0x0409

If the online privacy statement is not available, please read our privacy statement offline:

C:\Windows\system32\en-US\erofflps.txt

Problem signature:

Problem Event Name: APPCRASH

Application Name: avgui.exe

Application Version: 10.0.0.1428

Application Timestamp: 509c7a2f

Fault Module Name: D3D10Warp.dll

Fault Module Version: 6.1.7601.17514

Fault Module Timestamp: 4ce7b7af

Exception Code: c0000005

Exception Offset: 00095d41

OS Version: 6.1.7601.2.1.0.256.48

Locale ID: 1033

Additional Information 1: cc54

Additional Information 2: cc54fc12496c42ffc23a10c1a6d3d251

Additional Information 3: 696a

Additional Information 4: 696a39f655f98e02a7cda97abbb81f92

Read our privacy statement online:

http://go.microsoft....88&clcid=0x0409

If the online privacy statement is not available, please read our privacy statement offline:

C:\Windows\system32\en-US\erofflps.txt

attach.txt

dds.txt

Link to post
Share on other sites

There are two security systems running with active antivirus components, Avast and Microsoft Security Essentials, that is not recommended. You must UNinstall one of those asap. Re-boot when finished.

Check system again after the UNinstall, if still problems run the following:

download RogueKiller from here http://tigzy.geeksto...RogueKiller.exe or here http://www.sur-la-to...RogueKiller.exe and save Direct to your Desktop.

  • Quit all running programs
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe
  • Wait until Prescan has finished...
  • The following EULA will appear, please select accept
    RKLicence.png
  • Ensure MBR scan, Check faked and AntiRootkit are checked
  • Select Scan
    RK1A.png
  • When the scan completes select Report, copy and paste that to your reply.
    RK2A.png
  • The log should be found in RKreport[?].txt on your Desktop
  • Exit/Close RogueKiller

Kevin

Link to post
Share on other sites

avast is not the source of the problem because i installed after the issues started to try and find the problem. i will uninstall it asap and run the programs you mentioned, please check back around 5pm as i am at work and wont be home till then to continue troubleshooting thanks in advance

Link to post
Share on other sites

I never said AVast was the issue, I tell its not good to have two antivirus programs running together. Anti-virus programs patch into the system kernel. Having more than one anti-virus patching into the system kernel will not only destabilize a system, it can corrupt system files and may cause crashes!

I`m in the UK, am not sure of the time difference between us...

Link to post
Share on other sites

RogueKiller V8.4.3 [Jan 21 2013] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/

Website : http://tigzy.geekstogo.com/roguekiller.php

Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User : Jr [Admin rights]

Mode : Scan -- Date : 01/22/2013 17:40:03

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 3 ¤¤¤

[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> C:\Windows\system32\drivers\etc\hosts

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST96812AS ATA Device +++++

--- User ---

[MBR] 8f803c31faec4ddff770ae7c5fcd66e9

[bSP] b351b341aa7fa051e2193b77edcbab25 : Windows 7/8 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 57129 Mo

User = LL1 ... OK!

User = LL2 ... OK!

+++++ PhysicalDrive1: WDC WD2500JS-63MHB5 ATA Device +++++

--- User ---

[MBR] 842e3c6148871cb68d80fb88046afa11

[bSP] 3814e5050943d81578104286bf987dd0 : Windows 7/8 MBR Code

Partition table:

0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 238472 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[1]_S_01222013_02d1740.txt >>

RKreport[1]_S_01222013_02d1740.txt

Link to post
Share on other sites

Delete any versions of Combofix that you may have on your Desktop, download a fresh copy from the following link :-

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

  • Ensure that Combofix is saved directly to the Desktop <--- Very important
  • Disable all security programs as they will have a negative effect on Combofix, instructions available here http://www.bleepingcomputer.com/forums/topic114351.html if required. Be aware the list may not have all programs listed, if you need more help please ask.
  • Close any open browsers and any other programs you might have running
  • Double click the combofix.gif icon to run the tool (Vista or Windows 7 users right click and select "Run as Administrator)
  • Instructions for running Combofix available here http://www.bleepingcomputer.com/combofix/how-to-use-combofix if required.
  • If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?" Please select yes & let it download the files it needs to do this. Once the recovery console is installed Combofix will then offer to scan for malware. Select continue or yes.
  • When finished, it will produce a report for you. Please post the "C:\ComboFix.txt" for further review

****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.

Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell us when you reply. Read here http://thespykiller.co.uk/index.php?page=20 why disabling autoruns is recommended.

*EXTRA NOTES*

  • If Combofix detects any Rootkit/Bootkit activity on your system it will give a warning and prompt for a reboot, you must allow it to do so.
  • If Combofix reboot's due to a rootkit, the screen may stay black for several minutes on reboot, this is normal
  • If after running Combofix you receive any type of warning message about registry key's being listed for deletion when trying to open certain items, reboot the system and this will fix the issue (Those items will not be deleted)

Post the log in next reply please...

Kevin

OK, I`d like to have another try at running Combofix, as follows please :-

Delete any version of ComboFix you have on your Desktop. Download a fresh copy from either of the following links:

Link 1

Link 2

Before you save it to the Desktop Make sure to rename it to sega.com

Please reboot to Safe Mode (tap the F8 key just before Windows starts to load and select the Safe Mode option from the menu).

Click Start --> Run, and type this command exactly as shown or use copy/paste:

"%userprofile%\desktop\sega.com" /killall /nombr Tap enter or select OK.

See if it will run successfully now. Stop it after half an hour of no activity.

Post the log in next reply,

Kevin

Link to post
Share on other sites

ComboFix 13-01-23.01 - Jr 01/23/2013 17:16:34.1.6 - x64

Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3839.2518 [GMT -8:00]

Running from: c:\users\Jr\Desktop\ComboFix.exe

AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}

SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\windows\SysWow64\d3d8.dll . . . is infected!!

.

.

((((((((((((((((((((((((( Files Created from 2012-12-24 to 2013-01-24 )))))))))))))))))))))))))))))))

.

.

2013-01-22 08:29 . 2013-01-08 05:32 9161176 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B582CE33-E9AF-46E8-BF1C-D83BEABE5676}\mpengine.dll

2013-01-22 04:56 . 2013-01-22 04:56 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2013-01-22 04:56 . 2012-12-15 00:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys

2013-01-22 04:44 . 2013-01-22 04:54 -------- d-----w- c:\program files (x86)\Google

2013-01-22 04:44 . 2012-10-30 23:50 285328 ----a-w- c:\windows\system32\aswBoot.exe

2013-01-22 04:43 . 2013-01-23 01:36 -------- d-----w- c:\programdata\AVAST Software

2013-01-22 04:43 . 2013-01-22 04:43 -------- d-----w- c:\program files\AVAST Software

2013-01-22 04:15 . 2013-01-22 04:15 -------- d-----w- c:\program files (x86)\MALWAREBYTES ANTI-MALWARE

2013-01-22 03:15 . 2013-01-22 04:18 -------- d-----w- c:\windows\system32\drivers\AVG

2013-01-22 03:15 . 2013-01-22 03:15 -------- d-----w- c:\program files (x86)\AVG

2013-01-22 03:07 . 2013-01-22 03:07 -------- d--h--w- c:\programdata\Common Files

2013-01-22 03:07 . 2013-01-22 04:23 -------- d-----w- c:\programdata\MFAData

2013-01-21 23:26 . 2013-01-08 05:32 9161176 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2013-01-18 03:34 . 2013-01-18 03:34 -------- d-----w- c:\program files\Microsoft Silverlight

2013-01-18 03:34 . 2013-01-18 03:34 -------- d-----w- c:\program files (x86)\Microsoft Silverlight

2013-01-18 01:27 . 2013-01-18 20:44 -------- d-----w- c:\program files (x86)\Common Files\Steam

2013-01-18 01:27 . 2013-01-22 01:35 -------- d-----w- c:\program files (x86)\Steam

2013-01-17 05:03 . 2013-01-18 01:27 -------- d-----w- c:\users\Jr

2013-01-15 07:05 . 2013-01-15 07:05 -------- d-----w- c:\windows\system32\appmgmt

2013-01-15 07:01 . 2013-01-15 07:05 -------- d-----w- c:\programdata\Skype

2013-01-14 05:30 . 2013-01-12 11:30 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll

2013-01-13 06:51 . 2013-01-13 06:51 -------- d-----w- c:\program files (x86)\VideoLAN

2013-01-13 05:59 . 2013-01-13 05:59 -------- d-----w- c:\program files (x86)\uTorrent

2013-01-12 11:31 . 2013-01-12 11:31 -------- d-----w- c:\programdata\Malwarebytes

2013-01-12 01:32 . 2013-01-12 01:32 -------- d-----w- c:\program files (x86)\Microsoft.NET

2013-01-11 07:18 . 2013-01-11 07:18 -------- d-----w- c:\windows\SysWow64\Wat

2013-01-11 07:18 . 2013-01-11 07:18 -------- d-----w- c:\windows\system32\Wat

2013-01-11 07:10 . 2013-01-11 07:03 972264 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1080157F-A0EF-4BC7-8FF1-8423609C4EDF}\gapaengine.dll

2013-01-11 07:10 . 2008-07-31 18:41 68616 ----a-w- c:\windows\SysWow64\XAPOFX1_1.dll

2013-01-11 07:10 . 2008-07-31 18:40 509448 ----a-w- c:\windows\SysWow64\XAudio2_2.dll

2013-01-11 07:10 . 2008-07-12 16:18 467984 ----a-w- c:\windows\SysWow64\d3dx10_39.dll

2013-01-11 07:10 . 2008-07-12 16:18 3851784 ----a-w- c:\windows\SysWow64\D3DX9_39.dll

2013-01-11 07:10 . 2008-07-12 16:18 1493528 ----a-w- c:\windows\SysWow64\D3DCompiler_39.dll

2013-01-11 07:04 . 2013-01-11 07:04 -------- d-----w- C:\Riot Games

2013-01-11 07:03 . 2011-02-19 12:05 1139200 ----a-w- c:\windows\system32\FntCache.dll

2013-01-11 07:03 . 2011-02-19 12:04 902656 ----a-w- c:\windows\system32\d2d1.dll

2013-01-11 07:03 . 2011-02-19 06:30 739840 ----a-w- c:\windows\SysWow64\d2d1.dll

2013-01-11 06:34 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys

2013-01-11 06:34 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui

2013-01-11 06:34 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys

2013-01-11 06:34 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll

2013-01-11 06:33 . 2012-12-17 01:31 67599240 ----a-w- c:\windows\system32\MRT.exe

2013-01-11 06:22 . 2013-01-11 06:22 757296 ----a-w- c:\program files (x86)\Internet Explorer\iexplore.exe

2013-01-11 06:21 . 2013-01-11 06:21 766976 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll

2013-01-11 06:17 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll

2013-01-11 06:17 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll

2013-01-11 06:17 . 2010-09-30 10:41 100864 ----a-w- c:\windows\system32\fontsub.dll

2013-01-11 06:17 . 2010-09-30 06:47 70656 ----a-w- c:\windows\SysWow64\fontsub.dll

2013-01-11 06:17 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll

2013-01-11 06:17 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll

2013-01-11 06:16 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll

2013-01-11 06:16 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys

2013-01-11 06:16 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys

2013-01-11 06:16 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe

2013-01-11 06:16 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll

2013-01-11 06:16 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll

2013-01-11 06:16 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll

2013-01-11 06:14 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys

2013-01-11 06:14 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll

2013-01-11 06:14 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll

2013-01-11 06:14 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll

2013-01-11 06:14 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll

2013-01-11 06:06 . 2012-10-03 17:56 1914248 ----a-w- c:\windows\system32\drivers\tcpip.sys

2013-01-11 06:05 . 2012-06-02 05:48 95600 ----a-w- c:\windows\system32\drivers\ksecdd.sys

2013-01-11 06:04 . 2012-11-09 05:45 750592 ----a-w- c:\windows\system32\win32spl.dll

2013-01-11 06:02 . 2011-04-22 22:15 27520 ----a-w- c:\windows\system32\drivers\Diskdump.sys

2013-01-11 05:55 . 2012-11-30 05:45 362496 ----a-w- c:\windows\system32\wow64win.dll

2013-01-11 05:54 . 2011-04-29 03:06 467456 ----a-w- c:\windows\system32\drivers\srv.sys

2013-01-11 05:53 . 2011-03-03 06:24 183296 ----a-w- c:\windows\system32\dnsrslvr.dll

2013-01-11 05:52 . 2012-03-31 05:42 1732096 ----a-w- c:\program files\Windows Journal\NBDoc.DLL

2013-01-11 05:47 . 2013-01-11 05:47 74248 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2013-01-11 05:47 . 2013-01-11 05:47 697864 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2013-01-11 05:47 . 2013-01-11 05:47 -------- d-----w- c:\programdata\Ask

2013-01-11 05:47 . 2013-01-11 05:47 -------- d-----w- c:\windows\SysWow64\Macromed

2013-01-11 05:47 . 2013-01-11 05:47 -------- d-----w- c:\windows\system32\Macromed

2013-01-11 05:47 . 2013-01-11 05:47 -------- d-----w- c:\program files (x86)\Common Files\Java

2013-01-11 05:46 . 2013-01-11 05:46 779704 ----a-w- c:\windows\SysWow64\deployJava1.dll

2013-01-11 05:46 . 2013-01-11 05:46 859072 ----a-w- c:\windows\SysWow64\npDeployJava1.dll

2013-01-11 05:46 . 2012-11-19 09:01 9125352 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2FFF6F85-2D9A-44C8-BCAF-C75355704D9B}\mpengine.dll

2013-01-11 05:46 . 2012-02-14 20:49 114176 ----a-w- c:\windows\SysWow64\PCWizard.cpl

2013-01-11 05:46 . 2013-01-11 05:46 -------- d-----w- c:\program files (x86)\CPUID

2013-01-11 05:46 . 2013-01-14 05:30 -------- d-----w- c:\program files (x86)\Java

2013-01-11 05:45 . 2013-01-11 05:45 -------- d-----w- c:\programdata\McAfee

2013-01-11 05:45 . 2013-01-11 05:45 -------- d-----w- c:\program files (x86)\Microsoft Security Client

2013-01-11 05:45 . 2013-01-23 01:35 -------- d-sh--w- c:\windows\Installer

2013-01-11 05:45 . 2013-01-11 05:45 -------- d-----w- c:\program files\Microsoft Security Client

2013-01-11 05:42 . 2013-01-11 07:00 -------- d-----w- c:\program files\Defraggler

2013-01-11 05:42 . 2013-01-11 05:42 -------- d-----w- c:\program files\CCleaner

2013-01-11 05:41 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll

2013-01-11 05:41 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll

2013-01-11 05:41 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys

2013-01-11 05:37 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll

2013-01-11 05:37 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe

2013-01-11 05:37 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll

2013-01-11 05:37 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll

2013-01-11 05:37 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll

2013-01-11 05:37 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll

2013-01-11 05:37 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll

2013-01-11 05:37 . 2012-06-02 23:19 186752 ----a-w- c:\windows\system32\wuwebv.dll

2013-01-11 05:37 . 2012-06-02 23:15 36864 ----a-w- c:\windows\system32\wuapp.exe

2013-01-11 05:29 . 2008-06-17 02:02 15408 ----a-w- c:\windows\system32\drivers\BS_I2cIo.sys

2013-01-11 05:29 . 2008-06-16 17:02 17024 ----a-w- c:\windows\SysWow64\drivers\BS_I2cIo.sys

2013-01-11 05:29 . 2013-01-11 05:29 -------- d-----w- c:\program files (x86)\BIOS Update

2013-01-11 05:28 . 2013-01-11 05:28 -------- d-----w- C:\ATI

2013-01-11 05:24 . 2013-01-19 05:40 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service

2013-01-11 02:57 . 2013-01-11 05:29 -------- d-----w- c:\program files (x86)\Common Files\InstallShield

2013-01-11 01:55 . 2011-09-30 01:30 74272 ----a-w- c:\windows\system32\RtNicProp64.dll

2013-01-11 01:55 . 2011-09-30 01:30 646248 ----a-w- c:\windows\system32\drivers\Rt64win7.sys

2013-01-11 01:55 . 2011-09-30 01:30 107552 ----a-w- c:\windows\system32\RTNUninst64.dll

2013-01-11 01:55 . 2013-01-11 01:55 -------- d-----w- c:\program files (x86)\Realtek

2013-01-11 01:55 . 2013-01-11 07:04 -------- d--h--w- c:\program files (x86)\InstallShield Installation Information

2013-01-10 23:54 . 2013-01-10 23:54 -------- d-----w- C:\Recovery

2013-01-10 23:48 . 2013-01-10 23:48 0 ----a-w- c:\windows\ativpsrm.bin

2013-01-10 23:45 . 2013-01-11 08:35 -------- d-----w- c:\windows\Panther

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-11-30 04:45 . 2013-01-11 05:55 44032 ----a-w- c:\windows\apppatch\acwow64.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R3 cpuz135;cpuz135;c:\program files (x86)\CPUID\PC Wizard 2012\pcwiz_x64.sys [2012-08-11 24368]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-31 128456]

R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-13 368896]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2013-01-11 1255736]

S1 BS_I2cIo;BS_I2cIo;c:\windows\system32\drivers\BS_I2cIo.sys [2008-06-17 15408]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-04-20 203776]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-09-30 646248]

.

.

Contents of the 'Scheduled Tasks' folder

.

2013-01-24 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-01-11 05:47]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-13 1289704]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

TCP: DhcpNameServer = 192.168.1.1

FF - ProfilePath - c:\users\Jr\AppData\Roaming\Mozilla\Firefox\Profiles\0414h0b2.default\

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]

@="?????????????????? v1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]

@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]

@="?????????????????? v2"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]

@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2013-01-23 17:37:12

ComboFix-quarantined-files.txt 2013-01-24 01:37

.

Pre-Run: 33,673,187,328 bytes free

Post-Run: 33,304,338,432 bytes free

.

- - End Of File - - EBB1C27C0DE75F15F499CB0C7B2F8DE0

Link to post
Share on other sites

Oooops apologies, the second instruction for Combofix was only to be used when the first instruction did not work. I should have made that point clearer, it would not have made any difference or affected your system in anyway.....

Ok we continue:

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the Codebox below into it:


ClearJavaCache::
c:\windows\system32\aswBoot.exe
c:\programdata\AVAST Software
c:\program files\AVAST Software
c:\windows\system32\drivers\AVG
c:\program files (x86)\AVG
c:\programdata\McAfee

Save this as CFScript.txt, and as Type: All Files (*.*) in the same location as ComboFix.exe

CF3.jpg

CFScriptB-4.gif

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Next,

Download http://general-changelog-team.fr/fr/downloads/finish/20-outils-de-xplode/2-adwcleaner by Xplode onto your Desktop.

  • Please close all open programs and internet browsers.
  • Double click on Adwcleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with OK.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile in your reply.
  • You can find the logfile at C:\AdwCleaner[sn].txt as well - n is the order number.

Next,

Run Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page http://www.eset.com/home/products/online-scanner/ to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the Run ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    Click Start
  • When asked, allow the add/on to be installed
    Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings, ensure the options
  • Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
    Click Scan
  • wait for the virus definitions to be downloaded
  • Wait for the scan to finish

When the scan is complete

  • If no threats were found
  • put a checkmark in "Uninstall application on close"
  • close program
  • report to me that nothing was found

If threats were found

  • click on "list of threats found"
  • click on "export to text file" and save it as ESET SCAN and save to the desktop
  • Click on back
  • put a checkmark in "Uninstall application on close"
  • click on finish

close program

copy and paste the report here

Let me see those logs please, also give update on current issues/concerns...

Kevin...

Link to post
Share on other sites

ComboFix 13-01-24.02 - Jr 01/24/2013 10:17:33.3.6 - x64

Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3839.2489 [GMT -8:00]

Running from: c:\users\Jr\Desktop\sega.com.exe

Command switches used :: c:\users\Jr\Desktop\CFScript.txt

AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}

SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\windows\SysWow64\d3d8.dll . . . is infected!!

.

.

((((((((((((((((((((((((( Files Created from 2012-12-24 to 2013-01-24 )))))))))))))))))))))))))))))))

.

.

2013-01-24 18:46 . 2013-01-24 18:46 -------- d-----w- c:\users\Default\AppData\Local\temp

2013-01-24 07:20 . 2010-06-02 12:55 77656 ----a-w- c:\windows\system32\XAPOFX1_5.dll

2013-01-24 07:20 . 2010-06-02 12:55 74072 ----a-w- c:\windows\SysWow64\XAPOFX1_5.dll

2013-01-24 07:20 . 2010-06-02 12:55 527192 ----a-w- c:\windows\SysWow64\XAudio2_7.dll

2013-01-24 07:20 . 2010-06-02 12:55 518488 ----a-w- c:\windows\system32\XAudio2_7.dll

2013-01-24 07:20 . 2010-05-26 19:41 276832 ----a-w- c:\windows\system32\d3dx11_43.dll

2013-01-24 07:20 . 2010-05-26 19:41 2526056 ----a-w- c:\windows\system32\D3DCompiler_43.dll

2013-01-24 07:20 . 2010-05-26 19:41 248672 ----a-w- c:\windows\SysWow64\d3dx11_43.dll

2013-01-24 07:20 . 2010-05-26 19:41 2106216 ----a-w- c:\windows\SysWow64\D3DCompiler_43.dll

2013-01-24 07:20 . 2009-09-05 01:29 453456 ----a-w- c:\windows\SysWow64\d3dx10_42.dll

2013-01-24 07:20 . 2009-09-05 01:29 523088 ----a-w- c:\windows\system32\d3dx10_42.dll

2013-01-24 07:19 . 2006-11-29 21:06 4398360 ----a-w- c:\windows\system32\d3dx9_32.dll

2013-01-24 07:19 . 2006-11-29 21:06 3426072 ----a-w- c:\windows\SysWow64\d3dx9_32.dll

2013-01-24 07:18 . 2013-01-24 07:18 -------- d-----w- c:\program files (x86)\Common Files\Windows Live

2013-01-24 02:21 . 2013-01-08 05:32 9161176 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6E1FD0BA-0156-413A-A035-E3B3C27C5AE1}\mpengine.dll

2013-01-24 02:20 . 2013-01-08 05:32 9161176 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2013-01-22 04:56 . 2013-01-22 04:56 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2013-01-22 04:56 . 2012-12-15 00:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys

2013-01-22 04:44 . 2013-01-22 04:54 -------- d-----w- c:\program files (x86)\Google

2013-01-22 04:44 . 2012-10-30 23:50 285328 ----a-w- c:\windows\system32\aswBoot.exe

2013-01-22 04:43 . 2013-01-23 01:36 -------- d-----w- c:\programdata\AVAST Software

2013-01-22 04:43 . 2013-01-22 04:43 -------- d-----w- c:\program files\AVAST Software

2013-01-22 04:15 . 2013-01-22 04:15 -------- d-----w- c:\program files (x86)\MALWAREBYTES ANTI-MALWARE

2013-01-22 03:15 . 2013-01-22 04:18 -------- d-----w- c:\windows\system32\drivers\AVG

2013-01-22 03:15 . 2013-01-22 03:15 -------- d-----w- c:\program files (x86)\AVG

2013-01-22 03:07 . 2013-01-22 03:07 -------- d--h--w- c:\programdata\Common Files

2013-01-22 03:07 . 2013-01-22 04:23 -------- d-----w- c:\programdata\MFAData

2013-01-18 03:34 . 2013-01-18 03:34 -------- d-----w- c:\program files\Microsoft Silverlight

2013-01-18 03:34 . 2013-01-18 03:34 -------- d-----w- c:\program files (x86)\Microsoft Silverlight

2013-01-18 01:27 . 2013-01-18 20:44 -------- d-----w- c:\program files (x86)\Common Files\Steam

2013-01-18 01:27 . 2013-01-24 02:41 -------- d-----w- c:\program files (x86)\Steam

2013-01-17 05:03 . 2013-01-18 01:27 -------- d-----w- c:\users\Jr

2013-01-15 07:05 . 2013-01-15 07:05 -------- d-----w- c:\windows\system32\appmgmt

2013-01-15 07:01 . 2013-01-15 07:05 -------- d-----w- c:\programdata\Skype

2013-01-14 05:30 . 2013-01-12 11:30 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll

2013-01-13 06:51 . 2013-01-13 06:51 -------- d-----w- c:\program files (x86)\VideoLAN

2013-01-13 05:59 . 2013-01-13 05:59 -------- d-----w- c:\program files (x86)\uTorrent

2013-01-12 11:31 . 2013-01-12 11:31 -------- d-----w- c:\programdata\Malwarebytes

2013-01-12 01:32 . 2013-01-12 01:32 -------- d-----w- c:\program files (x86)\Microsoft.NET

2013-01-11 07:18 . 2013-01-11 07:18 -------- d-----w- c:\windows\SysWow64\Wat

2013-01-11 07:18 . 2013-01-11 07:18 -------- d-----w- c:\windows\system32\Wat

2013-01-11 07:10 . 2013-01-11 07:03 972264 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1080157F-A0EF-4BC7-8FF1-8423609C4EDF}\gapaengine.dll

2013-01-11 07:10 . 2008-07-31 18:41 68616 ----a-w- c:\windows\SysWow64\XAPOFX1_1.dll

2013-01-11 07:10 . 2008-07-31 18:40 509448 ----a-w- c:\windows\SysWow64\XAudio2_2.dll

2013-01-11 07:10 . 2008-07-12 16:18 467984 ----a-w- c:\windows\SysWow64\d3dx10_39.dll

2013-01-11 07:10 . 2008-07-12 16:18 3851784 ----a-w- c:\windows\SysWow64\D3DX9_39.dll

2013-01-11 07:10 . 2008-07-12 16:18 1493528 ----a-w- c:\windows\SysWow64\D3DCompiler_39.dll

2013-01-11 07:04 . 2013-01-11 07:04 -------- d-----w- C:\Riot Games

2013-01-11 07:03 . 2011-02-19 12:05 1139200 ----a-w- c:\windows\system32\FntCache.dll

2013-01-11 07:03 . 2011-02-19 12:04 902656 ----a-w- c:\windows\system32\d2d1.dll

2013-01-11 07:03 . 2011-02-19 06:30 739840 ----a-w- c:\windows\SysWow64\d2d1.dll

2013-01-11 06:34 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys

2013-01-11 06:34 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui

2013-01-11 06:34 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys

2013-01-11 06:34 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll

2013-01-11 06:33 . 2012-12-17 01:31 67599240 ----a-w- c:\windows\system32\MRT.exe

2013-01-11 06:22 . 2013-01-11 06:22 757296 ----a-w- c:\program files (x86)\Internet Explorer\iexplore.exe

2013-01-11 06:21 . 2013-01-11 06:21 766976 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll

2013-01-11 06:17 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll

2013-01-11 06:17 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll

2013-01-11 06:17 . 2010-09-30 10:41 100864 ----a-w- c:\windows\system32\fontsub.dll

2013-01-11 06:17 . 2010-09-30 06:47 70656 ----a-w- c:\windows\SysWow64\fontsub.dll

2013-01-11 06:17 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll

2013-01-11 06:17 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll

2013-01-11 06:16 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll

2013-01-11 06:16 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys

2013-01-11 06:16 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys

2013-01-11 06:16 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe

2013-01-11 06:16 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll

2013-01-11 06:16 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll

2013-01-11 06:16 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll

2013-01-11 06:14 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys

2013-01-11 06:14 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll

2013-01-11 06:14 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll

2013-01-11 06:14 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll

2013-01-11 06:14 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll

2013-01-11 06:06 . 2012-10-03 17:56 1914248 ----a-w- c:\windows\system32\drivers\tcpip.sys

2013-01-11 06:05 . 2012-06-02 05:48 95600 ----a-w- c:\windows\system32\drivers\ksecdd.sys

2013-01-11 06:04 . 2012-11-09 05:45 750592 ----a-w- c:\windows\system32\win32spl.dll

2013-01-11 06:02 . 2011-04-22 22:15 27520 ----a-w- c:\windows\system32\drivers\Diskdump.sys

2013-01-11 05:55 . 2012-11-30 05:45 362496 ----a-w- c:\windows\system32\wow64win.dll

2013-01-11 05:54 . 2011-04-29 03:06 467456 ----a-w- c:\windows\system32\drivers\srv.sys

2013-01-11 05:53 . 2011-03-03 06:24 183296 ----a-w- c:\windows\system32\dnsrslvr.dll

2013-01-11 05:52 . 2012-03-31 05:42 1732096 ----a-w- c:\program files\Windows Journal\NBDoc.DLL

2013-01-11 05:47 . 2013-01-11 05:47 74248 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2013-01-11 05:47 . 2013-01-11 05:47 697864 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2013-01-11 05:47 . 2013-01-11 05:47 -------- d-----w- c:\programdata\Ask

2013-01-11 05:47 . 2013-01-11 05:47 -------- d-----w- c:\windows\SysWow64\Macromed

2013-01-11 05:47 . 2013-01-11 05:47 -------- d-----w- c:\windows\system32\Macromed

2013-01-11 05:47 . 2013-01-11 05:47 -------- d-----w- c:\program files (x86)\Common Files\Java

2013-01-11 05:46 . 2013-01-11 05:46 779704 ----a-w- c:\windows\SysWow64\deployJava1.dll

2013-01-11 05:46 . 2013-01-11 05:46 859072 ----a-w- c:\windows\SysWow64\npDeployJava1.dll

2013-01-11 05:46 . 2012-11-19 09:01 9125352 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2FFF6F85-2D9A-44C8-BCAF-C75355704D9B}\mpengine.dll

2013-01-11 05:46 . 2012-02-14 20:49 114176 ----a-w- c:\windows\SysWow64\PCWizard.cpl

2013-01-11 05:46 . 2013-01-11 05:46 -------- d-----w- c:\program files (x86)\CPUID

2013-01-11 05:46 . 2013-01-14 05:30 -------- d-----w- c:\program files (x86)\Java

2013-01-11 05:45 . 2013-01-11 05:45 -------- d-----w- c:\programdata\McAfee

2013-01-11 05:45 . 2013-01-11 05:45 -------- d-----w- c:\program files (x86)\Microsoft Security Client

2013-01-11 05:45 . 2013-01-24 07:26 -------- d-sh--w- c:\windows\Installer

2013-01-11 05:45 . 2013-01-11 05:45 -------- d-----w- c:\program files\Microsoft Security Client

2013-01-11 05:42 . 2013-01-11 07:00 -------- d-----w- c:\program files\Defraggler

2013-01-11 05:42 . 2013-01-11 05:42 -------- d-----w- c:\program files\CCleaner

2013-01-11 05:41 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll

2013-01-11 05:41 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll

2013-01-11 05:41 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys

2013-01-11 05:37 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll

2013-01-11 05:37 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe

2013-01-11 05:37 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll

2013-01-11 05:37 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll

2013-01-11 05:37 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll

2013-01-11 05:37 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll

2013-01-11 05:37 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll

2013-01-11 05:37 . 2012-06-02 23:19 186752 ----a-w- c:\windows\system32\wuwebv.dll

2013-01-11 05:37 . 2012-06-02 23:15 36864 ----a-w- c:\windows\system32\wuapp.exe

2013-01-11 05:29 . 2008-06-17 02:02 15408 ----a-w- c:\windows\system32\drivers\BS_I2cIo.sys

2013-01-11 05:29 . 2008-06-16 17:02 17024 ----a-w- c:\windows\SysWow64\drivers\BS_I2cIo.sys

2013-01-11 05:29 . 2013-01-11 05:29 -------- d-----w- c:\program files (x86)\BIOS Update

2013-01-11 05:28 . 2013-01-11 05:28 -------- d-----w- C:\ATI

2013-01-11 05:24 . 2013-01-19 05:40 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service

2013-01-11 02:57 . 2013-01-11 05:29 -------- d-----w- c:\program files (x86)\Common Files\InstallShield

2013-01-11 01:55 . 2011-09-30 01:30 74272 ----a-w- c:\windows\system32\RtNicProp64.dll

2013-01-11 01:55 . 2011-09-30 01:30 646248 ----a-w- c:\windows\system32\drivers\Rt64win7.sys

2013-01-11 01:55 . 2011-09-30 01:30 107552 ----a-w- c:\windows\system32\RTNUninst64.dll

2013-01-11 01:55 . 2013-01-11 01:55 -------- d-----w- c:\program files (x86)\Realtek

2013-01-11 01:55 . 2013-01-11 07:04 -------- d--h--w- c:\program files (x86)\InstallShield Installation Information

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-11-30 04:45 . 2013-01-11 05:55 44032 ----a-w- c:\windows\apppatch\acwow64.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R3 cpuz135;cpuz135;c:\program files (x86)\CPUID\PC Wizard 2012\pcwiz_x64.sys [2012-08-11 24368]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-31 128456]

R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-13 368896]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2013-01-11 1255736]

S1 BS_I2cIo;BS_I2cIo;c:\windows\system32\drivers\BS_I2cIo.sys [2008-06-17 15408]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-04-20 203776]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-09-30 646248]

.

.

Contents of the 'Scheduled Tasks' folder

.

2013-01-24 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-01-11 05:47]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-13 1289704]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

TCP: DhcpNameServer = 192.168.1.1

FF - ProfilePath - c:\users\Jr\AppData\Roaming\Mozilla\Firefox\Profiles\0414h0b2.default\

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]

@="?????????????????? v1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]

@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]

@="?????????????????? v2"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]

@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2013-01-24 10:48:10

ComboFix-quarantined-files.txt 2013-01-24 18:48

ComboFix2.txt 2013-01-24 02:01

ComboFix3.txt 2013-01-24 01:37

.

Pre-Run: 32,164,016,128 bytes free

Post-Run: 31,890,243,584 bytes free

.

- - End Of File - - 85A3AACFA13FB17D0660BD55922DBBD9

Link to post
Share on other sites

# AdwCleaner v2.107 - Logfile created 01/24/2013 at 10:49:22

# Updated 21/01/2013 by Xplode

# Operating system : Windows 7 Professional Service Pack 1 (64 bits)

# User : Jr - BLAZINGWULF

# Boot Mode : Normal

# Running from : C:\Users\Jr\Desktop\adwcleaner.exe

# Option [Delete]

***** [services] *****

***** [Files / Folders] *****

Folder Deleted : C:\ProgramData\Ask

***** [Registry] *****

***** [internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Registry is clean.

-\\ Mozilla Firefox v18.0.1 (en-US)

File : C:\Users\Jr\AppData\Roaming\Mozilla\Firefox\Profiles\0414h0b2.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[s1].txt - [700 octets] - [24/01/2013 10:49:22]

########## EOF - C:\AdwCleaner[s1].txt - [759 octets] ##########

Link to post
Share on other sites

so far my only concerns are my applications still cannot run and combofix finding c:\windows\SysWow64\d3d8.dll . . . is infected!! and being unable to resolver it. should i be converned? am i looking at formating my computer? if so will an upgrade to windows 8 be suffiecent to resolve my problems? i do not have a windows 7 recovery disk . i have windows 8 as an upgrade so i cant clean install. only upgrade install.

Link to post
Share on other sites

I would not recommend upgrading a system unless I knew for sure that the original was clean, d3d8.dll is a Direct3D DLL which supports games from DirectX controls version 8. It is also system process that is needed for your PC to work correctly.

Ok do the following:

Go to http://www.virustotal.com/

  • Click the Browse... button
  • Navigate to the file c:\windows\SysWow64\d3d8.dll or just copy/paste it in.
  • Click the Scan it tab
  • If you get a message saying File has already been analyzed: click Reanalyze file now
  • Copy and paste the results back here please.

Next,

Please download SystemLook from one of the link below and save it to your Desktop.

http://jpshortstuff.247fixes.com/SystemLook_x64.exe

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:

    :filefind
    d3d8.dll


  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

Post those two logs, what programs do not run apart from Malwarebytes?

Thanks,

Kevin

Link to post
Share on other sites

Antivirus Result Update Agnitum - 20130124 AhnLab-V3 - 20130124 AntiVir - 20130124 Antiy-AVL - 20130124 Avast - 20130124 AVG - 20130124 BitDefender - 20130124 ByteHero - 20130123 CAT-QuickHeal - 20130124 ClamAV - 20130124 Commtouch - 20130124 Comodo - 20130124 DrWeb - 20130124 Emsisoft - 20130124 eSafe - 20130120 ESET-NOD32 - 20130124 F-Prot - 20130124 F-Secure - 20130125 Fortinet - 20130124 GData - 20130124 Ikarus - 20130124 Jiangmin - 20121221 K7AntiVirus - 20130124 Kaspersky - 20130125 Kingsoft - 20130121 Malwarebytes - 20130124 McAfee - 20130124 McAfee-GW-Edition - 20130124 Microsoft - 20130124 MicroWorld-eScan - 20130124 NANO-Antivirus - 20130124 Norman - 20130124 nProtect - 20130124 Panda - 20130124 PCTools - 20130124 Rising - 20130124 Sophos - 20130124 SUPERAntiSpyware - 20130124 Symantec - 20130125 TheHacker - 20130124 TotalDefense - 20130124 TrendMicro - 20130124 TrendMicro-HouseCall - 20130124 VBA32 - 20130124 VIPRE - 20130124 ViRobot - 20130124

Link to post
Share on other sites

SystemLook 30.07.11 by jpshortstuff

Log created at 16:48 on 24/01/2013 by Jr

Administrator - Elevation successful

========== filefind ==========

Searching for "d3d8.dll"

C:\Windows\SysWOW64\d3d8.dll --a---- 1036800 bytes [23:28 13/07/2009] [01:15 14/07/2009] AD53D1BE5CB7488522F39EC64AC776D8

C:\Windows\winsxs\x86_microsoft-windows-directx-direct3d8_31bf3856ad364e35_6.1.7600.16385_none_c222c27ec21ab213\d3d8.dll --a---- 1036800 bytes [23:28 13/07/2009] [01:15 14/07/2009] AD53D1BE5CB7488522F39EC64AC776D8

-= EOF =-

Link to post
Share on other sites

VirusTotal log is not complete, but does not seem to show any issues with the file. What is happening with your system at present. If Malwarebytes is still an issue do the following:

Download and save mbam-clean.exe and save to your desktop from the following:

http://www.malwarebytes.org/mbam-clean.exe

Now do the following:


  • Click on Start and select Control Panel
  • Open Uninstall a Program
  • Uninstall Malwarebytes' Anti-Malware
  • Restart your computer, very important to do that!!
  • Run mbam-clean.exe
  • It will ask to restart your computer, please allow it to do so, very important!!
    Next, D/L and install Malwarebytes again and update as follows :-
    mbamicontw5.gif Please download Malwarebytes Anti-Malware and save it to your desktop.
    Alernative D/L mirror
    Alternative D/L mirror
    Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • Please save the log to a location you will remember.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

Post MB log, give update on current issues/concerns...

Kevin

Link to post
Share on other sites

Please download Windows Repair (all in one) from one of the following:

http://www.tweaking....all_in_one.html

http://www.majorgeek...able_d7222.html

http://www.bleepingc...n-one-portable/

Unzip the contents into a newly created folder on your desktop.

Open the folder, run the tool by right click on Repair_Windows (icon with red briefcase) select "Run as Administrator"

Tweak1_zps10f67b3e.jpg

From the main GUI do the following:

Select Tab 2 and allow it to run Disk check

Tweak2_zps947b9008.jpg

Select Tab 3 and allow it to run SFC

Tweak3_zps64a1b448.jpg

Select Tab 4 and Create Systom Restore Point.

Tweak4_zps98ef6707.jpg

Select Repairs tab => Click the Start

Tweak5_zps71b85f1c.jpg

The repairs window will open, Check the boxes as indicated, also the "Restart" options, then select Start...

Tweak6_zpsd6411a53.jpg

DON'T use the computer while each scan is in progress.

Post the log that will be saved in this folder C:\Tweaking.com_windows_Repair_Logs named _Windows_Repair_Log

Next,

See if you can run previous instruction for Malwarebytes...

Link to post
Share on other sites

Starting Repairs...

Start (1/25/2013 3:41:50 PM)

Reset Registry Permissions 01/03

HKEY_CURRENT_USER & Sub Keys

Start (1/25/2013 3:41:50 PM)

Done (1/25/2013 3:41:55 PM)

Reset Registry Permissions 02/03

HKEY_LOCAL_MACHINE & Sub Keys

Start (1/25/2013 3:41:55 PM)

Done (1/25/2013 3:42:35 PM)

Reset Registry Permissions 03/03

HKEY_CLASSES_ROOT & Sub Keys

Start (1/25/2013 3:42:35 PM)

Done (1/25/2013 3:43:00 PM)

Reset File Permissions 01/11

C:\ATI & Sub Folders

Start (1/25/2013 3:43:00 PM)

Done (1/25/2013 3:43:04 PM)

Reset File Permissions 02/11

C:\Config.Msi & Sub Folders

Start (1/25/2013 3:43:04 PM)

Done (1/25/2013 3:43:07 PM)

Reset File Permissions 03/11

C:\PerfLogs & Sub Folders

Start (1/25/2013 3:43:07 PM)

Done (1/25/2013 3:43:09 PM)

Reset File Permissions 04/11

C:\Program Files & Sub Folders

Start (1/25/2013 3:43:09 PM)

Done (1/25/2013 3:43:22 PM)

Reset File Permissions 05/11

C:\Program Files (x86) & Sub Folders

Start (1/25/2013 3:43:22 PM)

Done (1/25/2013 3:43:41 PM)

Reset File Permissions 06/11

C:\ProgramData & Sub Folders

Start (1/25/2013 3:43:41 PM)

Done (1/25/2013 3:43:50 PM)

Reset File Permissions 07/11

C:\Qoobox & Sub Folders

Start (1/25/2013 3:43:50 PM)

Done (1/25/2013 3:43:52 PM)

Reset File Permissions 08/11

C:\Recovery & Sub Folders

Start (1/25/2013 3:43:52 PM)

Done (1/25/2013 3:43:55 PM)

Reset File Permissions 09/11

C:\Riot Games & Sub Folders

Start (1/25/2013 3:43:55 PM)

Done (1/25/2013 3:44:34 PM)

Reset File Permissions 10/11

C:\Tweaking.com_Windows_Repair_Logs & Sub Folders

Start (1/25/2013 3:44:34 PM)

Done (1/25/2013 3:44:37 PM)

Reset File Permissions 11/11

C:\Windows & Sub Folders

Start (1/25/2013 3:44:37 PM)

Done (1/25/2013 3:47:26 PM)

Register System Files

Start (1/25/2013 3:47:26 PM)

Done (1/25/2013 3:47:43 PM)

Repair WMI

Start (1/25/2013 3:47:43 PM)

Step 01/03 - Deleting WMI Repository...

Step 02/03 - Rebuilding WMI Repository...

Step 03/03 - Registering WMI...

Invalid Global Switch.

Invalid Global Switch.

Invalid Global Switch.

Invalid Global Switch.

Done (1/25/2013 3:49:51 PM)

Repair Windows Firewall

Start (1/25/2013 3:49:51 PM)

The Internet Connection Sharing (ICS) service is not started.

More help is available by typing NET HELPMSG 3521.

System error 5 has occurred.

Access is denied.

The requested service has already been started.

More help is available by typing NET HELPMSG 2182.

The Internet Connection Sharing (ICS) service could not be started.

The service did not report an error.

More help is available by typing NET HELPMSG 3534.

The Internet Connection Sharing (ICS) service is not started.

More help is available by typing NET HELPMSG 3521.

System error 5 has occurred.

Access is denied.

The requested service has already been started.

More help is available by typing NET HELPMSG 2182.

The Internet Connection Sharing (ICS) service could not be started.

The service did not report an error.

More help is available by typing NET HELPMSG 3534.

Done (1/25/2013 3:50:08 PM)

Repair Internet Explorer

Start (1/25/2013 3:50:08 PM)

Done (1/25/2013 3:50:16 PM)

Repair MDAC/MS Jet

Start (1/25/2013 3:50:16 PM)

Done (1/25/2013 3:50:25 PM)

Repair Hosts File

Start (1/25/2013 3:50:25 PM)

Done (1/25/2013 3:50:28 PM)

Remove Policies Set By Infections

Start (1/25/2013 3:50:28 PM)

Done (1/25/2013 3:50:32 PM)

Repair Missing Start Menu Icons Removed By Infections

Start (1/25/2013 3:50:32 PM)

Done (1/25/2013 3:50:35 PM)

Repair Icons

Start (1/25/2013 3:50:35 PM)

Could Not Find C:\Users\Jr\AppData\Local\IconCache.db.bak

Could Not Find C:\Users\Jr\AppData\Local\IconCache.db

Done (1/25/2013 3:50:37 PM)

Repair Winsock && DNS Cache

Start (1/25/2013 3:50:37 PM)

Done (1/25/2013 3:50:50 PM)

Remove Temp Files

Start (1/25/2013 3:50:50 PM)

The process cannot access the file because it is being used by another process.

The process cannot access the file because it is being used by another process.

C:\Users\Jr\AppData\Local\Temp\FXSAPIDebugLogFile.txt - The process cannot access the file because it is being used by another process.

C:\Users\Jr\AppData\Local\Temp\~DF8AE6F1FCDA171B22.TMP - The process cannot access the file because it is being used by another process.

Done (1/25/2013 3:50:52 PM)

Repair Proxy Settings

Start (1/25/2013 3:50:52 PM)

Done (1/25/2013 3:50:57 PM)

Repair Windows Updates

Start (1/25/2013 3:50:57 PM)

The Background Intelligent Transfer Service service is not started.

More help is available by typing NET HELPMSG 3521.

The Windows Update service is not started.

More help is available by typing NET HELPMSG 3521.

The system cannot find the file specified.

'proxycfg.exe' is not recognized as an internal or external command,

operable program or batch file.

The system cannot find the file specified.

'proxycfg.exe' is not recognized as an internal or external command,

operable program or batch file.

Done (1/25/2013 3:51:35 PM)

Repair CD/DVD Missing/Not Working

Start (1/25/2013 3:51:35 PM)

Done (1/25/2013 3:51:35 PM)

Repair Volume Shadow Copy Service

Start (1/25/2013 3:51:35 PM)

The Volume Shadow Copy service is not started.

More help is available by typing NET HELPMSG 3521.

The Microsoft Software Shadow Copy Provider service is not started.

More help is available by typing NET HELPMSG 3521.

Done (1/25/2013 3:51:54 PM)

Set Windows Services To Default Startup

Start (1/25/2013 3:51:54 PM)

Done (1/25/2013 3:51:59 PM)

Repair MSI (Windows Installer)

Start (1/25/2013 3:51:59 PM)

The Windows Installer service is not started.

More help is available by typing NET HELPMSG 3521.

Done (1/25/2013 3:52:07 PM)

Repair bat Association

Start (1/25/2013 3:52:07 PM)

Done (1/25/2013 3:52:12 PM)

Repair cmd Association

Start (1/25/2013 3:52:12 PM)

Done (1/25/2013 3:52:17 PM)

Repair com Association

Start (1/25/2013 3:52:17 PM)

Done (1/25/2013 3:52:22 PM)

Repair Directory Association

Start (1/25/2013 3:52:22 PM)

Done (1/25/2013 3:52:26 PM)

Repair Drive Association

Start (1/25/2013 3:52:26 PM)

Done (1/25/2013 3:52:31 PM)

Repair exe Association

Start (1/25/2013 3:52:31 PM)

Done (1/25/2013 3:52:36 PM)

Repair Folder Association

Start (1/25/2013 3:52:36 PM)

Done (1/25/2013 3:52:40 PM)

Repair inf Association

Start (1/25/2013 3:52:40 PM)

Done (1/25/2013 3:52:45 PM)

Repair lnk (Shortcuts) Association

Start (1/25/2013 3:52:45 PM)

Done (1/25/2013 3:52:50 PM)

Repair msc Association

Start (1/25/2013 3:52:50 PM)

Done (1/25/2013 3:52:55 PM)

Repair reg Association

Start (1/25/2013 3:52:55 PM)

Done (1/25/2013 3:52:59 PM)

Repair scr Association

Start (1/25/2013 3:52:59 PM)

Done (1/25/2013 3:53:04 PM)

Repair Windows Safe Mode

Start (1/25/2013 3:53:04 PM)

Done (1/25/2013 3:53:09 PM)

Cleaning up empty logs...

All Selected Repairs Done.

Done (1/25/2013 3:53:09 PM)

Total Repair Time: 00:11:19

...YOU MUST RESTART YOUR SYSTEM...

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.