Jump to content

Can't run Malwarebytes or any other antivirus program


Recommended Posts

here is the Malwarebytes logged.

Malwarebytes' Anti-Malware 1.40

Database version: 2651

Windows 5.1.2600 Service Pack 3

8/19/2009 7:31:47 PM

mbam-log-2009-08-19 (19-31-47).txt

Scan type: Full Scan (C:\|)

Objects scanned: 127200

Time elapsed: 19 minute(s), 20 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 4

Folders Infected: 0

Files Infected: 18

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:

(No malicious items detected)

Files Infected:

C:\Qoobox\Quarantine\C\umoikchf.exe.vir (Trojan.Dropper) -> Quarantined and deleted successfully.

C:\Qoobox\Quarantine\C\WINDOWS\braviax.exe.vir (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\Qoobox\Quarantine\C\WINDOWS\cru629.dat.vir (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\Qoobox\Quarantine\C\WINDOWS\ld12.exe.vir (Trojan.Dropper) -> Quarantined and deleted successfully.

C:\Qoobox\Quarantine\C\WINDOWS\Installer\2e17c.msi.vir (Rootkit.Agent) -> Quarantined and deleted successfully.

C:\Qoobox\Quarantine\C\WINDOWS\system32\braviax.exe.vir (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\Qoobox\Quarantine\C\WINDOWS\system32\cru629.dat.vir (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\Qoobox\Quarantine\C\WINDOWS\system32\hs7f3uhduhfukde.dll.vir (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Qoobox\Quarantine\C\WINDOWS\system32\netlogon.dll.vir (Rootkit.Agent) -> Quarantined and deleted successfully.

C:\Qoobox\Quarantine\C\WINDOWS\system32\UACdqbnmyxvre.dll.vir (Trojan.TDSS) -> Quarantined and deleted successfully.

C:\Qoobox\Quarantine\C\WINDOWS\system32\UACkcpethopxw.dll.vir (Rogue.Agent) -> Quarantined and deleted successfully.

C:\Qoobox\Quarantine\C\WINDOWS\system32\UACmuxdqqqvob.dll.vir (Trojan.TDSS) -> Quarantined and deleted successfully.

C:\Qoobox\Quarantine\C\WINDOWS\system32\UACvxvalkieml.dll.vir (Trojan.TDSS) -> Quarantined and deleted successfully.

C:\Qoobox\Quarantine\C\WINDOWS\system32\wisdstr.exe.vir (Rogue.Installer) -> Quarantined and deleted successfully.

C:\Qoobox\Quarantine\C\WINDOWS\system32\wbem\proquota.exe.vir (Trojan.PWS) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\minix32.exe (Rogue.WindowsAntiVirusPro) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\tapi.nfo (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\prxid93ps.dat (Malware.Trace) -> Quarantined and deleted successfully.

Link to post
Share on other sites

  • Staff

Hi,

* Open notepad - don't use any other texteditor than notepad or the script will fail.

Copy/paste the text in the quotebox below into notepad:

File::

c:\windows\system32\minix32.exe

c:\windows\34rdft.bat

c:\windows\prxid93ps.dat

c:\windows\3456665.bat

FCopy::

c:\windows\system32\dllcache\beep.sys|c:\windows\system32\drivers\beep.sys

Save this as txtfile CFScript

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

CFScript.gif

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply.

Also, Open notepad and copy and paste next present in the quotebox in it:

DIR /a/s C:\proquota.exe C:\appmgmts.dll >Look2.txt

Start notepad Look2.txt

Save this as look2.bat , choose to save as *all files and place it on your desktop.

It should look like this: bat.gif

Doubleclick on it and notepad should open.

Copy and paste the contents of it in your next reply.

Link to post
Share on other sites

Combo Logged

ComboFix 09-08-18.04 - Mike Nguyen 08/20/2009 17:50.3.2 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2039.1658 [GMT -5:00]

Running from: c:\documents and settings\Mike Nguyen\Desktop\Repair\Disneytoon.exe

Command switches used :: c:\documents and settings\Mike Nguyen\Desktop\CFScript.txt

AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

FILE ::

"c:\windows\3456665.bat"

"c:\windows\34rdft.bat"

"c:\windows\prxid93ps.dat"

"c:\windows\system32\minix32.exe"

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\windows\3456665.bat

c:\windows\34rdft.bat

c:\windows\system32\proquota.exe . . . is missing!!

.

--------------- FCopy ---------------

c:\windows\system32\dllcache\beep.sys --> c:\windows\system32\drivers\beep.sys

.

((((((((((((((((((((((((( Files Created from 2009-07-20 to 2009-08-20 )))))))))))))))))))))))))))))))

.

2009-08-20 00:10 . 2009-08-03 18:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-08-20 00:10 . 2009-08-03 18:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-08-09 20:07 . 2009-08-09 20:07 -------- d--h--w- c:\windows\PIF

2009-08-09 20:04 . 2009-08-20 00:11 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2009-08-07 02:14 . 2009-08-07 02:14 152576 ----a-w- c:\documents and settings\Mike Nguyen\Application Data\Sun\Java\jre1.6.0_15\lzma.dll

2009-08-07 00:35 . 2009-07-28 21:33 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2009-08-07 00:35 . 2009-03-30 15:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys

2009-08-07 00:35 . 2009-02-13 17:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys

2009-08-07 00:35 . 2009-02-13 17:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys

2009-08-07 00:35 . 2009-08-07 00:35 -------- d-----w- c:\program files\Avira

2009-08-07 00:35 . 2009-08-07 00:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira

2009-08-06 23:39 . 2009-08-07 00:36 -------- d-----w- c:\windows\system32\CatRoot

2009-08-05 09:01 . 2009-08-05 09:01 204800 ------w- c:\windows\system32\dllcache\mswebdvd.dll

2009-08-05 02:27 . 2009-08-20 00:14 -------- d-s---w- C:\BryantLake

2009-08-04 23:47 . 2009-08-06 01:17 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP

2009-08-04 23:25 . 2008-10-06 04:53 49152 ----a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{082702D5-5DD8-4600-BCE5-48B15174687F}\ARPPRODUCTICON.exe

2009-08-04 22:39 . 2008-04-14 20:00 4224 ----a-w- c:\windows\system32\drivers\beep.sys

2009-08-04 22:39 . 2008-04-14 20:00 4224 ------w- c:\windows\system32\dllcache\beep.sys

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-08-07 02:16 . 2008-10-06 04:50 -------- d-----w- c:\program files\Java

2009-08-07 01:15 . 2009-06-26 02:24 -------- d-----w- c:\program files\Common Files\Apple

2009-08-05 09:01 . 2008-04-15 04:00 204800 ------w- c:\windows\system32\mswebdvd.dll

2009-07-25 10:23 . 2009-03-17 01:21 411368 ----a-w- c:\windows\system32\deploytk.dll

2009-07-17 19:01 . 2008-04-15 04:00 58880 ----a-w- c:\windows\system32\atl.dll

2009-07-14 04:43 . 2006-10-19 12:47 286208 ------w- c:\windows\system32\wmpdxm.dll

2009-07-13 15:04 . 2009-07-13 15:03 -------- d-----w- c:\documents and settings\Mike Nguyen\Application Data\Move Networks

2009-06-29 16:12 . 2007-08-14 09:54 827392 ----a-w- c:\windows\system32\wininet.dll

2009-06-29 16:12 . 2008-04-15 04:00 78336 ------w- c:\windows\system32\ieencode.dll

2009-06-29 16:12 . 2008-04-15 04:00 17408 ------w- c:\windows\system32\corpol.dll

2009-06-26 02:39 . 2009-06-26 02:39 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_netaapl_01005.Wdf

2009-06-26 02:39 . 2009-06-26 02:39 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf

2009-06-26 02:39 . 2009-03-19 01:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple

2009-06-26 02:33 . 2009-06-26 02:31 -------- d-----w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}

2009-06-26 02:30 . 2009-06-26 02:30 -------- d-----w- c:\program files\Bonjour

2009-06-26 02:29 . 2009-06-26 02:28 -------- d-----w- c:\program files\QuickTime

2009-06-26 02:28 . 2009-06-26 02:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer

2009-06-16 14:36 . 2008-04-15 04:00 81920 ------w- c:\windows\system32\fontsub.dll

2009-06-16 14:36 . 2008-04-15 04:00 119808 ------w- c:\windows\system32\t2embed.dll

2009-06-12 12:31 . 2008-04-15 04:00 76288 ------w- c:\windows\system32\telnet.exe

2009-06-10 14:13 . 2008-04-15 04:00 84992 ------w- c:\windows\system32\avifil32.dll

2009-06-10 06:14 . 2008-04-15 04:00 132096 ------w- c:\windows\system32\wkssvc.dll

2009-06-05 16:42 . 2009-06-26 02:26 39424 ----a-w- c:\windows\system32\drivers\usbaapl.sys

2009-06-05 16:42 . 2009-06-26 02:26 2060288 ----a-w- c:\windows\system32\usbaaplrc.dll

2009-06-05 16:42 . 2009-06-26 02:26 1419232 ----a-w- c:\windows\system32\wdfcoinstaller01005.dll

2009-06-05 16:42 . 2009-06-26 02:26 17408 ----a-w- c:\windows\system32\drivers\netaapl.sys

2009-06-03 19:09 . 2008-04-15 04:00 1291264 ------w- c:\windows\system32\quartz.dll

.

------- Sigcheck -------

[-] 2008-04-15 04:00 14336 27C6D03BCDB8CFEB96B716F3D8BE3E18 c:\windows\system32\svchost.exe

[-] 2008-04-15 04:00 578560 B26B135FF1B9F60C9388B4A7D16F600B c:\windows\system32\user32.dll

[-] 2008-04-15 04:00 82432 2CCC474EB85CEAA3E1FA1726580A3E5A c:\windows\system32\ws2_32.dll

[-] 2008-03-01 21:03 827392 6316C2F0C61271C8ABDFF7429174879E c:\windows\$hf_mig$\KB947864-IE7\SP2QFE\wininet.dll

[-] 2008-10-16 20:24 827904 0D5B75171FF51775B630A431B6C667E8 c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\wininet.dll

[-] 2008-12-20 23:56 827904 044E0A4E9FE97C0FB9AFE9C89E2A82E6 c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\wininet.dll

[-] 2009-03-03 00:17 828416 C8667854873938CA13C986F16B0CD183 c:\windows\$hf_mig$\KB963027-IE7\SP3QFE\wininet.dll

[-] 2009-04-29 04:49 828928 62CCA075F44015147B8971DAFFBCFF76 c:\windows\$hf_mig$\KB969897-IE7\SP3QFE\wininet.dll

[-] 2009-06-29 16:23 828928 4C6B4138165A4C53FE8A5B1D809526C3 c:\windows\$hf_mig$\KB972260-IE7\SP3QFE\wininet.dll

[-] 2008-03-01 21:06 826368 AD21461AEF8244EDEC2EF18E55E1DCF3 c:\windows\ie7updates\KB958215-IE7\wininet.dll

[-] 2008-10-16 20:38 826368 6741EAF7B7F110E803A6E38F6E5FA6B0 c:\windows\ie7updates\KB961260-IE7\wininet.dll

[-] 2008-12-20 23:15 826368 A82935D32D0672E8FF4E91AE398E901C c:\windows\ie7updates\KB963027-IE7\wininet.dll

[-] 2009-03-03 00:18 826368 28775945CCD53DEE280EF58DEA1A94C4 c:\windows\ie7updates\KB969897-IE7\wininet.dll

[-] 2009-04-29 04:56 827392 8E2D471157B0DF329D8D0EA5D83B0DDB c:\windows\ie7updates\KB972260-IE7\wininet.dll

[-] 2009-06-29 16:12 827392 A39B7BA7AB9B1CC2A0009F59772DB83C c:\windows\system32\wininet.dll

[-] 2009-06-29 16:12 827392 A39B7BA7AB9B1CC2A0009F59772DB83C c:\windows\system32\dllcache\wininet.dll

[-] 2008-06-20 11:59 361600 AD978A1B783B5719720CFF204B666C8E c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys

[-] 2008-04-15 04:00 361344 93EA8D04EC73A85DB02EB8805988F733 c:\windows\$NtUninstallKB951748$\tcpip.sys

[-] 2008-06-20 11:51 361600 9AEFA14BD6B182D61E3119FA5F436D3D c:\windows\system32\dllcache\tcpip.sys

[-] 2008-06-20 11:51 361600 9AEFA14BD6B182D61E3119FA5F436D3D c:\windows\system32\drivers\tcpip.sys

[-] 2008-04-15 04:00 507904 ED0EF0A136DEC83DF69F04118870003E c:\windows\system32\winlogon.exe

[-] 2008-04-15 04:00 182656 1DF7F42665C94B825322FAE71721130D c:\windows\system32\drivers\ndis.sys

[-] 2008-04-15 04:00 36608 3BB22519A194418D5FEC05D800A19AD0 c:\windows\system32\drivers\ip6fw.sys

[-] 2009-02-06 10:30 2066176 607352B9CB3D708C67F6039097801B5A c:\windows\$hf_mig$\KB956572\SP3QFE\ntkrnlpa.exe

[-] 2008-08-14 21:39 2066048 A25E9B86EFFB2AF33BF51E676B68BFB0 c:\windows\$hf_mig$\KB956841\SP3QFE\ntkrnlpa.exe

[-] 2008-08-14 09:33 2023936 8206B5F94A6A9450E934029420C1693F c:\windows\$NtUninstallKB956572$\ntkrnlpa.exe

[-] 2008-04-15 04:00 2023936 7F653A89F6E89E3AE0D49830EECE35D4 c:\windows\$NtUninstallKB956841$\ntkrnlpa.exe

[-] 2009-02-08 00:02 2066048 5BA7F2141BC6DB06100D0E5A732C617A c:\windows\Driver Cache\i386\ntkrnlpa.exe

[-] 2009-02-06 10:32 2023936 65D4220799E6FC2CB079070A6393CC0E c:\windows\system32\ntkrnlpa.exe

[-] 2009-02-08 00:02 2066048 5BA7F2141BC6DB06100D0E5A732C617A c:\windows\system32\dllcache\ntkrnlpa.exe

[-] 2009-02-08 00:35 2189184 EFE8EACE83EAAD5849A7A548FB75B584 c:\windows\$hf_mig$\KB956572\SP3QFE\ntoskrnl.exe

[-] 2008-08-14 22:11 2189184 31914172342BFF330063F343AC6958FE c:\windows\$hf_mig$\KB956841\SP3QFE\ntoskrnl.exe

[-] 2008-08-14 10:09 2145280 F6F8245B3A2E9CA834DD318E7AE0C6D0 c:\windows\$NtUninstallKB956572$\ntoskrnl.exe

[-] 2008-04-15 04:00 2145280 40F8880122A030A7E9E1FEDEA833B33D c:\windows\$NtUninstallKB956841$\ntoskrnl.exe

[-] 2009-02-06 11:08 2189056 7A95B10A73737EBF24139AAA63F5212B c:\windows\Driver Cache\i386\ntoskrnl.exe

[-] 2009-02-06 11:06 2145280 0CBA44D0938D57F334C0862424148B70 c:\windows\system32\ntoskrnl.exe

[-] 2009-02-06 11:08 2189056 7A95B10A73737EBF24139AAA63F5212B c:\windows\system32\dllcache\ntoskrnl.exe

[-] 2008-04-15 04:00 1033728 12896823FB95BFB3DC9B46BCAEDC9923 c:\windows\explorer.exe

[-] 2009-02-06 11:06 110592 020CEAAEDC8EB655B6506B8C70D53BB6 c:\windows\$hf_mig$\KB956572\SP3QFE\services.exe

[-] 2008-04-15 04:00 108544 0E776ED5F7CC9F94299E70461B7B8185 c:\windows\$NtUninstallKB956572$\services.exe

[-] 2009-02-06 11:11 110592 65DF52F5B8B6E9BBD183505225C37315 c:\windows\system32\services.exe

[-] 2009-02-06 11:11 110592 65DF52F5B8B6E9BBD183505225C37315 c:\windows\system32\dllcache\services.exe

[-] 2008-04-15 04:00 13312 BF2466B3E18E970D8A976FB95FC1CA85 c:\windows\system32\lsass.exe

[-] 2008-04-15 04:00 15360 5F1D5F88303D4A4DBC8E5F97BA967CC3 c:\windows\system32\ctfmon.exe

[-] 2008-04-15 04:00 57856 D8E14A61ACC1D4A6CD0D38AEBAC7FA3B c:\windows\system32\spoolsv.exe

[-] 2008-04-15 04:00 26112 A93AEE1928A9D7CE3E16D24EC7380F89 c:\windows\system32\userinit.exe

[-] 2008-04-15 04:00 295424 FF3477C03BE7201C294C35F684B3479F c:\windows\system32\termsrv.dll

[-] 2009-03-21 13:59 991744 DA11D9D6ECBDF0F93436A4B7C13F7BEC c:\windows\$hf_mig$\KB959426\SP3QFE\kernel32.dll

[-] 2008-04-15 04:00 989696 C24B983D211C34DA8FCC1AC38477971D c:\windows\$NtUninstallKB959426$\kernel32.dll

[-] 2009-03-21 14:06 989696 B921FB870C9AC0D509B2CCABBBBE95F3 c:\windows\system32\kernel32.dll

[-] 2009-03-21 14:06 989696 B921FB870C9AC0D509B2CCABBBBE95F3 c:\windows\system32\dllcache\kernel32.dll

[-] 2008-04-15 04:00 17408 50A166237A0FA771261275A405646CC0 c:\windows\system32\powrprof.dll

[-] 2008-04-15 04:00 110080 0DA85218E92526972A821587E6A8BF8F c:\windows\system32\imm32.dll

[-] 2008-03-01 21:03 3593216 4EE273E2B09317C1217EF0DB91F93534 c:\windows\$hf_mig$\KB947864-IE7\SP2QFE\mshtml.dll

[-] 2008-10-16 20:24 3595264 B74F31A4BD83797D7A083F922169287D c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\mshtml.dll

[-] 2008-12-13 06:26 3594752 C79FAD61CD4A26ED5AA8C16D991C6FBD c:\windows\$hf_mig$\KB960714-IE7\SP2QFE\mshtml.dll

[-] 2009-01-16 16:24 3596288 CC9D001B7370B292C35B366CA05B12B4 c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\mshtml.dll

[-] 2009-02-21 07:39 3596800 1BB754AB47B327DE8DBF2FA18C36357C c:\windows\$hf_mig$\KB963027-IE7\SP3QFE\mshtml.dll

[-] 2009-04-29 04:49 3598336 C6FD770D518FB024245A0EE217D72BC1 c:\windows\$hf_mig$\KB969897-IE7\SP3QFE\mshtml.dll

[-] 2009-07-19 13:31 3600384 F6098CC1B1C3858D53F20F3CB5774F3B c:\windows\$hf_mig$\KB972260-IE7\SP3QFE\mshtml.dll

[-] 2008-03-02 09:36 3591680 AB2C88167D78D71D93558ACECB24CC7A c:\windows\ie7updates\KB958215-IE7\mshtml.dll

[-] 2008-10-17 08:08 3593216 EACAEDEF6FA2A969DE5B36190D45396F c:\windows\ie7updates\KB960714-IE7\mshtml.dll

[-] 2008-12-13 06:40 3593216 121EC39A64D64205A88C2C45B034B455 c:\windows\ie7updates\KB961260-IE7\mshtml.dll

[-] 2009-01-17 03:35 3594752 3B413267DA8AE71C20E5EF3E54F74728 c:\windows\ie7updates\KB963027-IE7\mshtml.dll

[-] 2009-02-20 18:09 3595264 C7C3E41CC2F6EB4A629FE2184136C098 c:\windows\ie7updates\KB969897-IE7\mshtml.dll

[-] 2009-04-29 04:56 3596288 2B4315EC9E3124408A2A5074C4B97700 c:\windows\ie7updates\KB972260-IE7\mshtml.dll

[-] 2009-07-19 13:33 3597824 758C8BEDAB7CE5F9070C85E2E57CBD80 c:\windows\system32\mshtml.dll

[-] 2009-07-19 13:33 3597824 758C8BEDAB7CE5F9070C85E2E57CBD80 c:\windows\system32\dllcache\mshtml.dll

[-] 2008-04-14 15:09 24576 463C1EC80CD17420A542B7F36A36F128 c:\windows\system32\drivers\kbdclass.sys

[-] 2008-04-15 04:00 792064 1280A158C722FA95A80FB7AEBE78FA7D c:\windows\system32\comres.dll

[-] 2008-04-15 04:00 22016 012DF358CEBAA23ACB26D82077820817 c:\windows\system32\lpk.dll

[-] 2008-04-14 20:00 4224 DA1F27D85E0D1525F6621372E7B685E9 c:\windows\system32\dllcache\beep.sys

[-] 2008-04-14 20:00 4224 DA1F27D85E0D1525F6621372E7B685E9 c:\windows\system32\drivers\beep.sys

[-] 2008-04-15 04:00 2944 73C1E1F395918BC2C6DD67AF7591A3AD c:\windows\system32\drivers\null.sys

[-] 2008-04-14 05:09 142592 8BED39E3C35D6A489438B8141717A557 c:\windows\system32\drivers\aec.sys

[-] 2008-04-15 04:00 927504 CDDD4416B2B4C7295FE3FDB6DDE57E4E c:\windows\system32\mfc40u.dll

[-] 2009-02-09 10:56 401408 9222562D44021B988B9F9F62207FB6F2 c:\windows\$hf_mig$\KB956572\SP3QFE\rpcss.dll

[-] 2008-04-15 04:00 399360 2589FE6015A316C0F5D5112B4DA7B509 c:\windows\$NtUninstallKB956572$\rpcss.dll

[-] 2009-02-09 12:10 401408 6B27A5C03DFB94B4245739065431322C c:\windows\system32\rpcss.dll

[-] 2009-02-09 12:10 401408 6B27A5C03DFB94B4245739065431322C c:\windows\system32\dllcache\rpcss.dll

[-] 2008-04-15 04:00 33792 986B1FF5814366D71E0AC5755C88F2D3 c:\windows\system32\msgsvc.dll

[-] 2008-04-15 04:00 617472 06F247492BC786CE5C24A23E178C711A c:\windows\system32\comctl32.dll

[-] 2008-04-15 04:00 921088 AEF3D788DBF40C7C4D204EA45EB0C505 c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll

[-] 2008-04-15 04:00 1054208 BD38D1EBE24A46BD3EDA059560AFBA12 c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll

[-] 2008-04-15 04:00 11648 9859C0F6936E723E4892D7141B1327D5 c:\windows\system32\drivers\acpiec.sys

[-] 2008-04-15 04:00 5120 96E1C926F22EE1BFBAE82901A35F6BF3 c:\windows\system32\sfc.dll

[-] 2008-04-15 04:00 407040 1B7F071C51B77C272875C3A23E1E4550 c:\windows\system32\netlogon.dll

[-] 2008-04-15 04:00 409088 574738F61FCA2935F5265DC4E5691314 c:\windows\system32\qmgr.dll

[-] 2008-04-15 04:00 181248 A86BB5E61BF3E39B62AB4C7E7085A084 c:\windows\system32\scecli.dll

[-] 2008-04-15 04:00 56320 6D4FEB43EE538FC5428CC7F0565AA656 c:\windows\system32\eventlog.dll

[-] 2008-04-15 04:00 14336 B153AFFAC761E7F5FCFA822B9C4E97BC c:\windows\system32\drivers\asyncmac.sys

[-] 2008-04-15 04:00 574976 78A08DD6A8D65E697C18E1DB01C5CDCA c:\windows\system32\drivers\ntfs.sys

[-] 2006-10-19 12:47 27136 C51B4A5C05A5475708E3C81C7765B71D c:\windows\system32\mspmsnsv.dll

[-] 2008-04-15 04:00 129024 295D21F14C335B53CB8154E5B1F892B9 c:\windows\system32\xmlprov.dll

[-] 2008-04-15 04:00 62464 3D4E199942E29207970E04315D02AD3B c:\windows\system32\cryptsvc.dll

[-] 2008-04-15 04:00 77824 A06CE3399D16DB864F55FAEB1F1927A9 c:\windows\system32\browser.dll

[-] 2008-04-15 04:00 249856 3CB78C17BB664637787C9A1C98F79C38 c:\windows\system32\tapisrv.dll

[-] 2008-06-20 17:43 245248 FCEE5FCB99F7C724593365C706D28388 c:\windows\$hf_mig$\KB951748\SP3QFE\mswsock.dll

[-] 2008-04-15 04:00 245248 B4138E99236F0F57D4CF49BAE98A0746 c:\windows\$NtUninstallKB951748$\mswsock.dll

[-] 2008-06-20 17:46 245248 832E4DD8964AB7ACC880B2837CB1ED20 c:\windows\system32\mswsock.dll

[-] 2008-06-20 17:46 245248 832E4DD8964AB7ACC880B2837CB1ED20 c:\windows\system32\dllcache\mswsock.dll

[-] 2008-04-15 04:00 198144 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE c:\windows\system32\netman.dll

[-] 2008-07-07 20:23 253952 F17F6226BDC0CD5F0BEF0DAF84D29BEC c:\windows\$hf_mig$\KB950974\SP3QFE\es.dll

[-] 2008-04-15 04:00 246272 19A799805B24990867B00C120D300C3A c:\windows\$NtUninstallKB950974$\es.dll

[-] 2008-07-07 20:26 253952 D4991D98F2DB73C60D042F1AEF79EFAE c:\windows\system32\es.dll

[-] 2008-07-07 20:26 253952 D4991D98F2DB73C60D042F1AEF79EFAE c:\windows\system32\dllcache\es.dll

[-] 2008-04-15 04:00 171008 3805DF0AC4296A34BA4BF93B346CC378 c:\windows\system32\srsvc.dll

[-] 2008-04-15 04:00 13824 F92E1076C42FCD6DB3D72D8CFE9816D5 c:\windows\system32\wscntfy.exe

[-] 2008-04-15 04:00 435200 156F64A3345BD23C600655FB4D10BC08 c:\windows\system32\ntmssvc.dll

[-] 2008-04-15 04:00 88576 AD188BE7BDF94E8DF4CA0A55C00A5073 c:\windows\system32\rasauto.dll

[-] 2008-04-15 04:00 1614848 9DD07AF82244867CA36681EA2D29CE79 c:\windows\system32\sfcfiles.dll

[-] 2008-04-15 04:00 192512 0A9A7365A1CA4319AA7C1D6CD8E4EAFA c:\windows\system32\schedsvc.dll

[-] 2008-04-15 04:00 59904 5B19B557B0C188210A56A6B699D90B8F c:\windows\system32\regsvc.dll

[-] 2008-04-15 04:00 71680 0A5679B3714EDAB99E357057EE88FCA6 c:\windows\system32\ssdpsrv.dll

[-] 2008-04-15 04:00 185856 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 c:\windows\system32\upnphost.dll

[-] 2008-04-15 04:00 135168 1926899BF9FFE2602B63074971700412 c:\windows\system32\shsvcs.dll

.

((((((((((((((((((((((((((((( SnapShot@2009-08-19_23.57.43 )))))))))))))))))))))))))))))))))))))))))

.

+ 2009-08-20 22:29 . 2009-08-20 22:29 16384 c:\windows\Temp\Perflib_Perfdata_120.dat

+ 2008-06-24 17:26 . 2009-08-20 22:34 62746 c:\windows\system32\perfc009.dat

- 2008-06-24 17:26 . 2009-08-19 23:41 62746 c:\windows\system32\perfc009.dat

+ 2008-06-24 17:26 . 2009-08-20 22:34 401632 c:\windows\system32\perfh009.dat

- 2008-06-24 17:26 . 2009-08-19 23:41 401632 c:\windows\system32\perfh009.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-15 135168]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-15 159744]

"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-15 131072]

"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2008-08-30 442477]

"AESTFltr"="c:\windows\system32\AESTFltr.exe" [2008-08-28 471040]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-07-31 1343488]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]

"HP Mobile Broadband"="c:\swsetup\HPQWWAN\HPMobileBroadband.exe" [2008-07-08 439600]

"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]

"IDTSysTrayApp"="sttray.exe" - c:\windows\sttray.exe [2008-08-30 442477]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-7-30 604776]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\QuickTime\\QuickTimePlayer.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [8/6/2009 7:35 PM 108289]

R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [10/5/2008 11:41 PM 112128]

S2 WinDefend;Windows Defender;"c:\program files\Windows Defender\MsMpEng.exe" --> c:\program files\Windows Defender\MsMpEng.exe [?]

S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [6/25/2009 9:26 PM 17408]

.

Contents of the 'Scheduled Tasks' folder

2009-03-19 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com

mStart Page = hxxp://www.google.com

uInternet Settings,ProxyOverride = *.local

IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-08-20 17:55

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(636)

c:\windows\system32\igfxdev.dll

.

Completion time: 2009-08-20 17:59

ComboFix-quarantined-files.txt 2009-08-20 22:59

ComboFix2.txt 2009-08-20 00:02

Pre-Run: 7,590,383,616 bytes free

Post-Run: 7,576,920,064 bytes free

263 --- E O F --- 2009-08-20 03:07

Link to post
Share on other sites

  • Staff

Hi,

You need to replace some missing files here. To make it easier for you (so you don't have to use your cd to extract - that version will be older than the current one anyway), please check your Private messages on top. I've sent you a message with a copy of the files you need.

Please place it in your C:\Windows\system32 - folder

then, * Go to start > run and copy and paste next command in the field:

"c:\documents and settings\Mike Nguyen\Desktop\Repair\Disneytoon.exe" /u

Make sure there's a space between Disneytoon.exe" and /

Then hit enter.

This will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.

Let me know in your next reply how things are now.

Link to post
Share on other sites

I install the missing file you requested and the uninstalling of ComboFix went smooth.

Thank you so much for all your help and dedication. You have been a wonderful helper durring this whole process and you are quite beautiful I must say.

What else do I need to do?

Link to post
Share on other sites

  • Staff

Glad I could help. <_<

Please read my Prevention page with lots of info and tips how to prevent this in the future.

And if you want to improve speed/system performance after malware removal, take a look here.

Extra note: Make sure your programs are up to date - because older versions may contain Security Leaks. To find out what programs need to be updated, please run the Secunia Software Inspector Scan.

Happy Surfing again!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.