Jump to content

Malwarebytes + others will not work correctly.


I4NI
 Share

Recommended Posts

Hey guys, looks like I'm in need of some help here. :)

I woke up this morning to find out that my computer now has PC_Antispyware2010 on it. Right away I figured it to be a form of Malware. So I decided to try Malwarebytes, it starts up, begins the scan, then boots me; I try to log back in and it says

"Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access the item."

So I came onto the forums looked over some threads and try'd some of the suggestions only to find that HijackThis, Combo-Fix, and RootRepeal do not work either (RootRepeal stops scaning at "windows/$hf_mig$/" everytime). They do not give the same message as Malwarebytes, but they wont even initiate.

Also it keeps changing my IE homepage to Google, and whenever I search on it and click a link, it send we to random sites.

Someone said to dl DDS on another thread, so I used it and got this as a result.

DDS (Ver_09-07-30.01) - NTFSx86

Run by I'm me at 17:36:35.96 on Sat 08/08/2009

Internet Explorer: 7.0.5730.13

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com

uSearch Page = hxxp://www.google.com

uSearch Bar = hxxp://www.google.com/ie

mDefault_Search_URL = hxxp://www.google.com/ie

mSearch Page = hxxp://www.google.com

mStart Page = hxxp://www.google.com

mSearchAssistant = hxxp://www.google.com

uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll

uURLSearchHooks: H - No File

mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll

mWinlogon: Shell=Explorer.exe rundll32.exe tapi.nfo beforeglav

BHO: XML Class: {500bca15-57a7-4eaf-8143-8c619470b13d} - c:\windows\system32\msxml71.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll

TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg8\toolbar\IEToolbar.dll

TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe

uRun: [igndlm.exe] c:\program files\download manager\DLM.exe /windowsstart /startifwork

uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background

uRun: [braviax] c:\windows\system32\braviax.exe

uRun: [Monopod] c:\docume~1\i'mme~1\locals~1\temp\e.exe

mRun: [ehTray] c:\windows\ehome\ehtray.exe

mRun: [LaunchApp] Alaunch

mRun: [soundMan] SOUNDMAN.EXE

mRun: [ntiMUI] c:\program files\newtech infosystems\nti cd & dvd-maker 7\ntiMUI.exe

mRun: [<NO NAME>]

mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"

mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"

mRun: [iMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC

mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC

mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName

mRun: [eRecoveryService] c:\acer\empowering technology\erecovery\Monitor.exe

mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe

mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [DAEMON Tools-1033] "c:\program files\d-tools\daemon.exe" -lang 1033

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [nwiz] nwiz.exe /install

mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"

mRun: [PC Antispyware 2010] "c:\program files\pc_antispyware2010\PC_Antispyware2010.exe" /hide

mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

mRun: [braviax] braviax.exe

uPolicies-explorer: ForceClassicControlPanel = 1 (0x1)

IE: &ieSpell Options - c:\program files\iespell\iespell.dll/SPELLOPTION.HTM

IE: Check &Spelling - c:\program files\iespell\iespell.dll/SPELLCHECK.HTM

IE: Lookup on Merriam Webster - file://c:\program files\iespell\Merriam Webster.HTM

IE: Lookup on Wikipedia - file://c:\program files\iespell\wikipedia.HTM

IE: {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - res://c:\program files\iespell\iespell.dll/SPELLCHECK.HTM

IE: {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - res://c:\program files\iespell\iespell.dll/SPELLOPTION.HTM

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab

DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.srtest.com/srl_bin/sysreqlab_srl.cab

DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.9.113.cab

DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://groups.msn.com/controls/PhotoUC/MsnPUpld.cab

DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/uno1/GAME_UNO1.cab

DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} - hxxp://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab

DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab

DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} - hxxps://www.battlefieldheroes.com/static/updater/BFHUpdater_4.0.21.0.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab

DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab

DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - hxxp://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll

Notify: avgrsstarter - avgrsstx.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

=============== Created Last 30 ================

2009-08-08 17:12 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys

2009-08-08 17:12 19,096 a------- c:\windows\system32\drivers\mbam.sys

2009-08-08 16:27 <DIR> --d----- c:\program files\Trend Micro

2009-08-08 16:07 141,824 a------- c:\windows\msb.exe

2009-08-08 16:07 132,608 a------- c:\windows\sv2.exe

2009-08-08 16:06 557,056 a------- c:\windows\svchost.exe

2009-08-08 14:35 91 a------- c:\windows\system32\SKYNETfmyuwksr.dat

2009-08-08 12:27 19,971 a------- c:\windows\ipacahi.dat

2009-08-08 12:27 19,481 a------- c:\docume~1\i'mme~1\applic~1\fasuve.dat

2009-08-08 12:27 18,545 a------- c:\program files\common files\fiziqebep.bin

2009-08-08 12:27 17,187 a------- c:\windows\system32\edyjody.sys

2009-08-08 12:27 16,726 a------- c:\docume~1\alluse~1\applic~1\defafa.scr

2009-08-08 12:27 16,035 a------- c:\windows\system32\odejap.dl

2009-08-08 12:27 15,953 a------- c:\windows\system32\ibez.vbs

2009-08-08 12:27 15,620 a------- c:\windows\ybepowyly.sys

2009-08-08 12:27 14,262 a------- c:\program files\common files\waqyj.com

2009-08-08 12:27 14,239 a------- c:\windows\ifocy.ban

2009-08-08 12:27 13,212 a------- c:\docume~1\alluse~1\applic~1\byjivumo.bat

2009-08-08 12:27 13,201 a------- c:\windows\jicozohanu.scr

2009-08-08 12:27 13,053 a------- c:\docume~1\alluse~1\applic~1\datomuj.vbs

2009-08-08 12:27 12,214 a------- c:\docume~1\alluse~1\applic~1\hege.exe

2009-08-08 12:27 12,186 a------- c:\windows\system32\yqemim.vbs

2009-08-08 12:27 11,151 a------- c:\docume~1\i'mme~1\applic~1\uvynalined.pif

2009-08-08 12:27 10,530 a------- c:\docume~1\i'mme~1\applic~1\niqabawaf.vbs

2009-08-08 12:22 19,763 a------- c:\windows\system32\ugafo.pif

2009-08-08 12:22 17,954 a------- c:\windows\lygilahig.dat

2009-08-08 12:22 17,326 a------- c:\windows\system32\omiw.dat

2009-08-08 12:22 17,104 a------- c:\windows\wano.pif

2009-08-08 12:22 16,217 a------- c:\windows\system32\jurub.sys

2009-08-08 12:22 10,897 a------- c:\windows\system32\upulisi.dl

2009-08-08 12:22 18,377 a------- c:\windows\system32\ubacutiri.sys

2009-08-08 12:22 17,483 a------- c:\windows\axomaqo.com

2009-08-08 12:22 10,704 a------- c:\docume~1\i'mme~1\applic~1\hebyfufosu.vbs

2009-08-08 12:22 10,143 a------- c:\windows\ewinydoh._sy

2009-08-08 12:22 <DIR> --d----- c:\program files\PC_Antispyware2010

2009-08-08 12:19 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware

2009-08-08 11:42 6 a------- C:\ISACER.ID

2009-08-08 11:42 712 a------- c:\windows\system32\Autorun.ini

2009-08-08 11:41 <DIR> --d----- c:\windows\system32\autorun

2009-08-08 00:37 151,040 a------- c:\windows\msa.exe

2009-08-08 00:37 208,900 a------- c:\windows\system32\msxml71.dll

2009-08-08 00:23 <DIR> --d-h--- c:\windows\PIF

2009-08-08 00:09 <DIR> --d----- c:\windows\system32\CatRoot

2009-08-08 00:08 12,288 a------- c:\windows\braviax.exe

2009-08-08 00:08 6,144 a------- c:\windows\system32\cru629.dat

2009-08-08 00:08 6,144 a------- c:\windows\cru629.dat

2009-08-06 07:45 1,089,593 -------- c:\windows\system32\dllcache\ntprint.cat

2009-08-06 03:04 <DIR> --d----- c:\windows\system32\XPSViewer

2009-08-06 03:03 1,676,288 -------- c:\windows\system32\xpssvcs.dll

2009-08-06 03:03 1,676,288 -------- c:\windows\system32\dllcache\xpssvcs.dll

2009-08-06 03:03 597,504 -------- c:\windows\system32\dllcache\printfilterpipelinesvc.exe

2009-08-06 03:03 575,488 -------- c:\windows\system32\xpsshhdr.dll

2009-08-06 03:03 575,488 -------- c:\windows\system32\dllcache\xpsshhdr.dll

2009-08-06 03:03 117,760 -------- c:\windows\system32\prntvpt.dll

2009-08-06 03:03 89,088 -------- c:\windows\system32\dllcache\filterpipelineprintproc.dll

2009-08-06 03:03 <DIR> --d----- c:\windows\SxsCaPendDel

2009-08-05 19:03 <DIR> --d----- c:\program files\Stanza

2009-08-02 14:42 <DIR> --d----- c:\docume~1\i'mme~1\applic~1\Malwarebytes

2009-08-02 14:41 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes

2009-08-02 10:26 <DIR> --d----- c:\docume~1\alluse~1\applic~1\18403434

2009-07-30 01:50 <DIR> --d----- c:\docume~1\i'mme~1\applic~1\OpenOffice.org

2009-07-30 01:47 <DIR> --d----- c:\program files\JRE

2009-07-30 01:47 <DIR> --d----- c:\program files\OpenOffice.org 3

2009-07-30 01:47 73,728 a------- c:\windows\system32\javacpl.cpl

2009-07-18 15:55 <DIR> --d----- c:\program files\Sirtech

2009-07-18 15:55 306,688 a------- c:\windows\IsUninst.exe

2009-07-12 10:03 794,408 a------- c:\windows\system32\pbsvc.exe

2009-07-12 09:46 <DIR> --d----- c:\program files\EA Games

==================== Find3M ====================

2009-08-08 14:35 1,415,540 a------- c:\windows\system32\SKYNETsqhosvvt.dat

2009-08-08 12:27 16,031 a------- c:\program files\common files\wuwo.dl

2009-08-08 12:22 17,240 a------- c:\program files\common files\sitonu.ban

2009-07-30 01:47 410,984 a------- c:\windows\system32\deploytk.dll

2009-07-19 07:33 3,597,824 -------- c:\windows\system32\dllcache\mshtml.dll

2009-07-19 07:32 6,067,200 -------- c:\windows\system32\dllcache\ieframe.dll

2009-07-12 10:03 139,152 ac------ c:\docume~1\i'mme~1\applic~1\PnkBstrK.sys

2009-07-12 10:03 139,152 a------- c:\windows\system32\drivers\PnkBstrK.sys

2009-07-12 10:03 111,928 a------- c:\windows\system32\PnkBstrB.exe

2009-07-05 08:37 335,752 a------- c:\windows\system32\drivers\avgldx86.sys

2009-07-02 08:40 11,952 a------- c:\windows\system32\avgrsstx.dll

2009-06-29 05:07 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe

2009-06-29 05:07 70,656 -------- c:\windows\system32\dllcache\ie4uinit.exe

2009-06-29 02:35 634,632 -------- c:\windows\system32\dllcache\iexplore.exe

2009-06-29 02:33 2,452,872 -------- c:\windows\system32\dllcache\ieapfltr.dat

2009-06-29 02:33 161,792 -------- c:\windows\system32\dllcache\ieakui.dll

2009-06-20 17:25 68,096 a------- c:\windows\system32\drivers\SKYNETltehrmlx.sys

2009-06-20 17:25 43,520 a------- c:\windows\system32\SKYNETymttpuvs.dll

2009-06-16 08:36 119,808 a------- c:\windows\system32\t2embed.dll

2009-06-16 08:36 81,920 a------- c:\windows\system32\fontsub.dll

2009-06-16 08:36 119,808 -------- c:\windows\system32\dllcache\t2embed.dll

2009-06-16 08:36 81,920 -------- c:\windows\system32\dllcache\fontsub.dll

2009-06-03 13:09 1,291,264 a------- c:\windows\system32\quartz.dll

2009-06-03 13:09 1,291,264 -------- c:\windows\system32\dllcache\quartz.dll

2009-06-02 01:55 114,688 a------- c:\windows\Lavish.dll

============= FINISH: 17:44:04.89 ===============

Thanks for the help guys.

Link to post
Share on other sites

I'll leave it to the experts but I was able to clean things up using combofix - but I renamed the file when I downloaded it via firefox to combo-fix.exe... that seemed to let me run it when I had the same problem. Combofix cleaned the virus and I as then able to run hijackthis and MBM to clean up the rest of the mess... hope that helps!

Combo-fix will begin to load, when the green bar is full the screen will flash then turn off Combo-fix.

I have more bad news now, looks like I'm also infected with Windows anti-virus pro (also System Security is trying to install). Sometimes I get lucky and manage to log onto process explorer quick enough to stop them from fully loading.

(Windows anti virus pro, plus System Security block the task managers. While PC_Antispyware2010 blocks all of my "helper" programs; pretty mean 1 2 punch :) )

Link to post
Share on other sites

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.