Jump to content

Reposted - Malwarebytes, Spybot and other programs not working


Recommended Posts

Computer has been running slow, freezes up, mouse and keyboard become inoperable, crashes, etc.

After about 30 tries (including 29 very slow reboots) was able to get Spybot to run and found and fixed 81 items. Was not able to do it with updated definitions since the computer froze every time (gave up after way too many reboots). Cannot get Spybot running again to stop Teatimer.

Tried to install Avira - would not do it.

Got to the finish portion of the Malwarebytes installation when I got

Run-time error '372'.

Failed to load control 'vbalGrid' from vbalsgrid6.ocx. Your version of vbalsgrid6.ocx may be outdated. Make sure you are using the version of the control that was provided with your application.

The HijackThis Log is as follows:

Logfile of Trend Micro HijackThis v2.0.0 (BETA)

Scan saved at 4:42:40 PM, on 7/28/2009

Platform: Windows 2000 SP4 (WinNT 5.00.2195)

Boot mode: Normal

Running processes:

C:\WINNT\System32\smss.exe

C:\WINNT\system32\winlogon.exe

C:\WINNT\system32\services.exe

C:\WINNT\system32\lsass.exe

C:\Program Files\Symantec\pcAnywhere\awhost32.exe

C:\PROGRA~1\NavNT\DefWatch.exe

C:\PROGRA~1\NavNT\rtvscan.exe

C:\WINNT\system32\regsvc.exe

C:\WINNT\Explorer.EXE

C:\PROGRA~1\NavNT\vptray.exe

C:\Program Files\Hewlett-Packard\Toolbox\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe

C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

C:\WINNT\system32\ctfmon.exe

C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE

C:\Documents and Settings\administrator.JA-INC\Administrator.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\NETGEAR\WPN111\wpn111.exe

C:\Program Files\Starfish\TrueSync\TSTool.exe

C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Documents and Settings\administrator.JA-INC\Desktop\hijackthis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\winnt\downloaded program files\googletoolbar1.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\winnt\downloaded program files\googletoolbar1.dll

O4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logon

O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\NavNT\vptray.exe

O4 - HKLM\..\Run: [statusClient 2.5] C:\Program Files\Hewlett-Packard\Toolbox\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto

O4 - HKLM\..\Run: [TomcatStartup 2.5] C:\Program Files\Hewlett-Packard\Toolbox\hpbpsttp.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe

O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"

O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [Administrator] C:\Documents and Settings\administrator.JA-INC\Administrator.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKUS\S-1-5-21-823518204-789336058-839522115-500\..\Run: [ctfmon.exe] ctfmon.exe (User '?')

O4 - HKUS\S-1-5-21-823518204-789336058-839522115-500\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" (User '?')

O4 - HKUS\S-1-5-21-823518204-789336058-839522115-500\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized (User '?')

O4 - HKUS\S-1-5-21-823518204-789336058-839522115-500\..\Run: [Administrator] C:\Documents and Settings\administrator.JA-INC\Administrator.exe (User '?')

O4 - HKUS\S-1-5-21-823518204-789336058-839522115-500\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (User '?')

O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')

O4 - S-1-5-21-823518204-789336058-839522115-500 Startup: PowerReg Scheduler.exe (User '?')

O4 - S-1-5-21-823518204-789336058-839522115-500 Startup: RollerCoaster Tycoon 3 Registration.lnk = C:\Documents and Settings\administrator.JA-INC\Local Settings\Temp\{144184FE-3476-4002-AB62-8C00822BB86B}\{907B4640-266B-4A21-92FB-CD1A86CD0F63}\ATR1.exe (User '?')

O4 - Startup: PowerReg Scheduler.exe

O4 - Startup: RollerCoaster Tycoon 3 Registration.lnk = C:\Documents and Settings\administrator.JA-INC\Local Settings\Temp\{144184FE-3476-4002-AB62-8C00822BB86B}\{907B4640-266B-4A21-92FB-CD1A86CD0F63}\ATR1.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: NETGEAR WPN111 Smart Wizard.lnk = C:\Program Files\NETGEAR\WPN111\wpn111.exe

O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe

O4 - Global Startup: TrueSync Launcher.lnk = C:\Program Files\Starfish\TrueSync\TSTool.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll

O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm

O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} - http://toolbar.google.com/data/en/deleon/1...n/GoogleNav.cab

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ja-inc.com

O17 - HKLM\System\CCS\Services\Tcpip\..\{483D4115-A7E6-4F73-AD00-9AE1CE339DCF}: NameServer = 10.0.1.5,205.177.10.10

O17 - HKLM\System\CCS\Services\Tcpip\..\{DEA22595-70E7-4700-944A-86274B518767}: NameServer = 216.99.225.30,205.177.10.10

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINNT\System32\browseui.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINNT\System32\browseui.dll

O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe

O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\NavNT\DefWatch.exe

O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe

O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\NavNT\rtvscan.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\system32\HPZipm12.exe

--

End of file - 7353 bytes

Any assistance would be GREATLY appreciated.

None of the fixes in the forum worked.

Also the paste function does not work - either mouse or keyboard.

Thanks!!

Link to post
Share on other sites

Hi FriscoGirl, Welcome to Malwarebytes :(

Please download ComboFix from

Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop**

  1. If you are using Firefox, make sure that your download settings are as follows:
    • Tools->Options->Main tab
    • Set to "Always ask me where to Save the files".

[*]During the download, rename Combofix to Combo-Fix as follows:

CF_download_FF.gif

CF_download_rename.gif

[*]It is important you rename Combofix during the download, but not after.

[*]Please do not rename Combofix to other names, but only to the one indicated.

[*]Close any open browsers.

[*]Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

-----------------------------------------------------------

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

    -----------------------------------------------------------


  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

-----------------------------------------------------------

[*]Double click on combo-Fix.exe & follow the prompts.

[*]When finished, it will produce a report for you.

[*]Please post the "C:\Combo-Fix.txt" for further review.

**Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall**

Link to post
Share on other sites

How do I stop Teatimer? The computer will not load Spybot S & D - so I cannot turn it off as instructed in the Bleeping Computer forum. I tried to stop the process in Task Manager - but it does not work.

I am not sure that I can even remove the program since using Add and Remove Programs is not working.

What do I do?

Thanks!!!!

Link to post
Share on other sites

Here are the results:

ComboFix 09-08-10.04 - Administrator 08/12/2009 18:58.1.1 - NTFSx86

Microsoft Windows 2000 Professional 5.0.2195.4.1252.1.1033.18.256.132 [GMT -4:00]

Running from: c:\documents and settings\administrator.JA-INC\Desktop\Combo-Fix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

/wow section - STAGE 32A

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\administrator.JA-INC\Administrator.exe

c:\documents and settings\administrator.JA-INC\autorun.inf

c:\winnt\system32\bszip.dll

c:\winnt\system32\drivers\UACiqjmyswkdxqqkojwp.sys

c:\winnt\system32\mdm.exe

c:\winnt\system32\UACfmlmxgoicmpsbpwtg.dll

c:\winnt\Web\default.htt

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Service_UACd.sys

-------\Legacy_UACd.sys

((((((((((((((((((((((((( Files Created from 2009-07-12 to 2009-08-12 )))))))))))))))))))))))))))))))

.

2009-08-12 22:58 . 2009-08-12 22:58 16384 ----atw- c:\winnt\system32\Perflib_Perfdata_304.dat

2009-07-28 21:06 . 2009-07-13 17:36 38160 ----a-w- c:\winnt\system32\drivers\mbamswissarmy.sys

2009-07-28 21:06 . 2009-07-28 21:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2009-07-28 21:06 . 2009-07-13 17:36 18456 ----a-w- c:\winnt\system32\drivers\mbam.sys

2009-07-28 20:32 . 2009-07-28 20:32 -------- d-----w- c:\program files\Panda Security

2009-07-28 19:59 . 2009-07-28 19:57 102664 ----a-w- c:\winnt\system32\drivers\tmcomm.sys

2009-07-28 19:57 . 2009-07-28 20:00 -------- d-----w- c:\documents and settings\administrator.JA-INC\.housecall6.6

2009-07-28 17:06 . 2009-07-28 21:06 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2009-07-17 15:15 . 2009-07-17 15:15 -------- d-----w- c:\program files\SDHelper (Spybot - Search & Destroy)

2009-07-17 15:15 . 2009-07-17 15:15 -------- d-----w- c:\program files\TeaTimer (Spybot - Search & Destroy)

2009-07-17 15:15 . 2009-07-17 15:15 -------- d-----w- c:\program files\Misc. Support Library (Spybot - Search & Destroy)

2009-07-17 15:15 . 2009-07-17 15:15 -------- d-----w- c:\program files\File Scanner Library (Spybot - Search & Destroy)

2009-07-15 18:02 . 2009-05-06 18:23 372736 ----a-w- c:\documents and settings\administrator.JA-INC\Application Data\Mozilla\Firefox\Profiles\j29zkb4h.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}\platform\WINNT\components\FoxyTunes.dll

2009-07-14 12:59 . 2009-07-14 12:59 485 ----a-w- c:\documents and settings\administrator.JA-INC\HJUXCQ.bat

2009-07-14 12:59 . 2009-07-14 12:59 59392 ----a-w- c:\documents and settings\administrator.JA-INC\xvisfi.exe

2009-07-14 12:26 . 2009-07-14 12:26 16384 ----atw- c:\winnt\system32\Perflib_Perfdata_2fc.dat

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-08-12 17:57 . 2008-07-24 20:21 -------- d-----w- c:\program files\Songbird

2009-07-17 16:46 . 2004-08-27 16:37 -------- d---a-w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2009-07-17 15:26 . 2004-08-27 16:37 -------- d-----w- c:\program files\Spybot - Search & Destroy

2009-07-14 12:50 . 2009-07-13 22:02 -------- d-----w- c:\documents and settings\administrator.JA-INC\Application Data\LimeWire

2009-07-14 12:48 . 2009-06-15 19:19 -------- d-----w- c:\documents and settings\administrator.JA-INC\Application Data\Skype

2009-07-14 12:26 . 2009-06-15 19:36 -------- d-----w- c:\documents and settings\administrator.JA-INC\Application Data\skypePM

2009-07-13 22:24 . 2002-10-09 17:34 -------- d--h--w- c:\program files\InstallShield Installation Information

2009-07-13 17:53 . 2009-07-13 17:53 29392 ----a-w- c:\winnt\system32\drivers\SECDRV.SYS

2009-07-13 13:56 . 2008-07-24 19:57 34 ----a-w- c:\documents and settings\administrator.JA-INC\jagex_runescape_preferences.dat

2009-07-06 10:43 . 2009-07-06 10:43 16384 ----atw- c:\winnt\system32\Perflib_Perfdata_15c.dat

2009-06-20 14:24 . 2008-01-27 00:27 -------- d-----w- c:\documents and settings\administrator.JA-INC\Application Data\AdobeUM

2009-06-15 19:36 . 2009-06-15 19:36 56 ---ha-w- c:\winnt\system32\ezsidmv.dat

2009-06-15 19:17 . 2009-06-15 19:16 -------- d-----r- c:\program files\Skype

2009-06-15 19:17 . 2009-06-15 19:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype

2009-06-15 19:17 . 2009-06-15 19:17 -------- d-----w- c:\program files\Common Files\Skype

2002-06-20 19:42 . 2002-06-20 19:42 21952 ---h--w- c:\program files\folder.htt

.

------- Sigcheck -------

[-] 2001-02-20 18:09 8192 D36A33C21EEED5A6C1DAECB7C80A1909 c:\winnt\system32\CTFMON.EXE

c:\winnt\system32\drivers\ip6fw.sys ... is missing !!

c:\winnt\system32\termsrv.dll ... is missing !!

c:\winnt\system32\comres.dll ... is missing !!

c:\winnt\system32\drivers\aec.sys ... is missing !!

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\WCESCOMM.EXE" [2003-04-22 413775]

"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-05-26 24264488]

"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"vptray"="c:\progra~1\NavNT\vptray.exe" [2003-05-21 90112]

"StatusClient 2.5"="c:\program files\Hewlett-Packard\Toolbox\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe" [2003-03-08 36864]

"TomcatStartup 2.5"="c:\program files\Hewlett-Packard\Toolbox\hpbpsttp.exe" [2003-06-10 155648]

"NeroFilterCheck"="c:\winnt\system32\NeroCheck.exe" [2001-07-09 155648]

"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]

"Synchronization Manager"="mobsync.exe" - c:\winnt\system32\mobsync.exe [2003-06-19 111376]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"^SetupICWDesktop"="c:\program files\Internet Explorer\Connection Wizard\icwconn1.exe" [2003-06-19 186640]

c:\documents and settings\administrator.JA-INC\Start Menu\Programs\Startup\

PowerReg Scheduler.exe [2008-8-20 256000]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]

NETGEAR WPN111 Smart Wizard.lnk - c:\program files\NETGEAR\WPN111\wpn111.exe [2008-6-22 884838]

QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2005-5-17 806912]

TrueSync Launcher.lnk - c:\program files\Starfish\TrueSync\TSTool.exe [2002-10-8 49152]

R3 EL90BC;3Com EtherLink XL B/C Adapter Driver;c:\winnt\system32\drivers\el90xbc5.sys [6/20/2002 11:30 AM 61712]

S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\winnt\system32\DNINDIS5.sys [6/22/2008 7:14 AM 17149]

S3 WPN111;Wireless USB 2.0 Adapter with RangeMax Service;c:\winnt\system32\drivers\WPN111.sys [6/22/2008 7:21 AM 362944]

.

- - - - ORPHANS REMOVED - - - -

HKLM-Run-NWEReboot - (no file)

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

IE: {{c95fe080-8f5d-11d2-a20b-00aa003c157a} - %SystemRoot%\web\related.htm

LSP: %SystemRoot%\system32\msafd.dll

TCP: {483D4115-A7E6-4F73-AD00-9AE1CE339DCF} = 10.0.1.5,205.177.10.10

TCP: {DEA22595-70E7-4700-944A-86274B518767} = 216.99.225.30,205.177.10.10

DPF: DirectAnimation Java Classes - file://c:\winnt\Java\classes\dajava.cab

DPF: Microsoft XML Parser for Java - file://c:\winnt\Java\classes\xmldso.cab

FF - ProfilePath - c:\documents and settings\administrator.JA-INC\Application Data\Mozilla\Firefox\Profiles\j29zkb4h.default\

FF - prefs.js: browser.search.selectedEngine - Ixquick

FF - prefs.js: browser.startup.homepage - hxxp://ixquick.com/

FF - component: c:\documents and settings\administrator.JA-INC\Application Data\Mozilla\Firefox\Profiles\j29zkb4h.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}\platform\WINNT\components\FoxyTunes.dll

---- FIREFOX POLICIES ----

c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");

c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");

c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-08-12 19:16

Windows 5.0.2195 Service Pack 4 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(164)

c:\winnt\System32\awgina.dll

c:\winnt\system32\wzcdlg.dll

c:\winnt\system32\WZCSAPI.DLL

.

Completion time: 2009-08-12 19:21

ComboFix-quarantined-files.txt 2009-08-12 23:21

Pre-Run: 14,255,525,888 bytes free

Post-Run: 15,873,728,512 bytes free

179

Link to post
Share on other sites

Hi FriscoGirl,

Launch Malwarebytes' Anti-Malware

  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

Boot from the Windows XP installation CD.

At the "Welcome to Setup" screen, press R to start Recovery Console. Choose the installation to be repaired by number (usually 1) and press "Enter".

When you are asked for the Administrator password, leave it blank and press "Enter".

At the command prompt, type chkdsk /r and press "Enter". (Note the space before /r) The disk check operation will start.

This will be a very thorough check of the hard drive and the file system...be patient and let it complete. It may appear to hang or even back up a few times...this is normal. 60 to 90 minutes is not unusual for this check...it may take longer in some cases.

Once the check completes and you are back at the command prompt, type exit and press "Enter". Let your computer boot normally to Windows.

Link to post
Share on other sites

One file infected. Log as follows:

Malwarebytes' Anti-Malware 1.40

Database version: 2618

Windows 5.0.2195 Service Pack 4

8/13/2009 9:06:50 PM

mbam-log-2009-08-13 (21-06-50).txt

Scan type: Quick Scan

Objects scanned: 163549

Time elapsed: 16 minute(s), 17 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\Documents and Settings\administrator.JA-INC\xvisfi.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Computer was cast off from office - do not have the installation CD - will take until next week sometime to get - anything else I can do in the meantime?? BTW - is supposedly Office 2000 Professional not XP. Which should I get the CD for??

When I rebooted, it came up for Active Desktop Recovery. Did not know what option to pick. But it froze. Had to Alt/Cnt/Del reboot. Now just blank background.

Was able to update Spybot - but cannot open or stop Teatimer.

Once the computer is cleaned I will install Avira.

I will have full access to the computer as of now.

Thanks.

Link to post
Share on other sites

  • 2 weeks later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.