Jump to content

PC wont run Malwarebytes or ANY other AV software


Recommended Posts

Hi there,

Similiar problem as others at the moment,IE seems tio be hijacked and is being redirected all over the place when searching in google, firfox seems fine however.

I cant run any scans from any AV software and malware bytes, The scan lasts about 5 seconds then dies, I can insall and update it fine along with other products but no joy with scanning.

I haev renamed the .exe files before install and renamed then again after install but nothing, I have alos tried doing this with a new user profile on the PC as well.

Can anyone help me out?

I can provide what ever log is required.

Many thanks

Colin

Link to post
Share on other sites

  • Staff

Hi and welcome to Malwarebytes.

When you bump your topic, it makes it appear as though you are already receiving help; as such, you were overlooked because of it.

Please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a new HijackThis log so we may continue cleaning the system.

-screen317

Link to post
Share on other sites

Hi there,

Thanks for your reply,here is the Combo fix log:

I cant run Hijack this as it wont install and run, Im not sure if its related or not but I have had to reinstall Java as it keeps uninstalling.....I think thats how the virus got installled on the 1st place, through Java

Here is the log, let me know if you need me to do anything else.

Thanks for your help, appreciate it

Cheers

ComboFix 09-09-08.07 - Colin 09/09/2009 13:25.1.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.3055.2419 [GMT 1:00]

Running from: c:\documents and settings\Colin\Desktop\ComboFix.exe

AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}

FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\Colin\Application Data\inst.exe

c:\windows\a3kebook.ini

c:\windows\akebook.ini

c:\windows\ANS2000.INI

c:\windows\Installer\2ef38.msp

c:\windows\Installer\358480.msi

c:\windows\Installer\358481.msp

c:\windows\Installer\358482.msp

c:\windows\Installer\358483.msp

c:\windows\Installer\358484.msp

c:\windows\Installer\358485.msp

c:\windows\Installer\358486.msp

c:\windows\Installer\358487.msp

c:\windows\Installer\358488.msp

c:\windows\Installer\358489.msp

c:\windows\Installer\35848a.msp

Infected copy of c:\windows\system32\eventlog.dll was found and disinfected

Restored copy from - c:\windows\ServicePackFiles\i386\eventlog.dll

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED}

((((((((((((((((((((((((( Files Created from 2009-08-09 to 2009-09-09 )))))))))))))))))))))))))))))))

.

2009-09-09 07:58 . 2009-09-09 07:58 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache

2009-09-09 07:47 . 2009-07-28 15:33 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2009-09-09 07:47 . 2009-03-30 09:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys

2009-09-09 07:47 . 2009-02-13 11:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys

2009-09-09 07:47 . 2009-02-13 11:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys

2009-09-09 07:47 . 2009-09-09 07:47 -------- d-----w- c:\program files\Avira

2009-09-09 07:47 . 2009-09-09 07:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira

2009-09-08 16:53 . 2009-09-08 16:53 -------- dc----w- c:\documents and settings\All Users\Application Data\{EF63305C-BAD7-4144-9208-D65528260864}

2009-09-06 08:39 . 2009-09-06 08:39 -------- d-----w- c:\documents and settings\All Users\Application Data\IObit

2009-09-06 08:39 . 2009-09-06 08:39 -------- d-----w- c:\program files\IObit

2009-09-06 08:36 . 2009-09-06 08:36 -------- d-----w- c:\documents and settings\Colin\Application Data\Uniblue

2009-09-06 08:36 . 2009-09-06 08:36 -------- d-----w- c:\program files\Uniblue

2009-09-05 23:35 . 2009-09-05 23:35 -------- d-----w- c:\program files\ESET

2009-09-05 17:08 . 2009-09-09 12:38 8320288 --sha-w- c:\windows\system32\drivers\fidbox.dat

2009-09-05 17:08 . 2009-09-09 12:38 79648 --sha-w- c:\windows\system32\drivers\fidbox2.dat

2009-09-05 16:21 . 2009-09-06 08:11 -------- d-----w- c:\program files\Common Files\ParetoLogic

2009-09-05 16:21 . 2009-09-06 08:11 -------- d-----w- c:\documents and settings\All Users\Application Data\ParetoLogic

2009-09-05 16:21 . 2009-09-05 16:21 -------- d-----w- c:\documents and settings\All Users\Application Data\ParetoLogic Anti-Virus PLUS

2009-09-05 16:05 . 2009-09-05 16:05 -------- d-----w- c:\program files\Enigma Software Group

2009-09-05 13:30 . 2009-09-05 13:30 -------- d-----w- c:\program files\Trend Micro

2009-09-05 12:47 . 2009-09-05 12:53 -------- d-----w- c:\program files\Windows Live Safety Center

2009-09-05 12:40 . 2009-09-06 08:27 -------- d-----w- c:\program files\Windows Defender

2009-09-05 12:39 . 2009-09-05 12:39 -------- d-----w- c:\documents and settings\Colin\Application Data\vlc

2009-09-05 08:09 . 2009-09-05 08:53 -------- d-----w- c:\documents and settings\Colin\.housecall6.6

2009-09-05 07:19 . 2009-09-05 07:19 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes

2009-09-05 07:17 . 2009-09-05 07:17 -------- d-----w- c:\documents and settings\Administrator\Application Data\Talkback

2009-09-05 07:17 . 2009-09-05 07:17 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla

2009-09-05 07:15 . 2009-09-05 07:15 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE

2009-09-04 06:00 . 2009-09-05 07:15 -------- d-s---w- c:\documents and settings\Administrator

2009-09-03 21:32 . 2009-09-09 08:07 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2009-09-02 18:02 . 2009-09-02 18:03 -------- d-----w- c:\documents and settings\Colin\.gimp-2.6

2009-08-29 19:27 . 2009-08-29 19:27 -------- d-----w- c:\documents and settings\Colin\Local Settings\Application Data\Nero

2009-08-29 14:02 . 2009-08-29 14:02 -------- d-----w- c:\documents and settings\Colin\Local Settings\Application Data\Ahead

2009-08-29 13:47 . 2009-08-29 13:47 -------- d-----w- c:\documents and settings\Colin\Application Data\Nero

2009-08-29 13:41 . 2009-08-29 13:45 -------- d-----w- c:\program files\Common Files\Nero

2009-08-29 13:41 . 2009-08-29 13:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Nero

2009-08-29 13:41 . 2009-08-29 13:41 -------- d-----w- c:\program files\Nero

2009-08-22 13:54 . 2009-08-22 13:54 -------- d-----w- c:\documents and settings\Colin\Application Data\Malwarebytes

2009-08-22 13:53 . 2009-08-22 13:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2009-08-22 09:33 . 2009-08-22 09:33 -------- d-----w- C:\3b342b36384b835a1a2b12a6

2009-08-22 09:32 . 2009-09-09 12:25 -------- d-----w- c:\windows\SxsCaPendDel

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-09-09 12:35 . 2009-09-05 17:08 8468 --sha-w- c:\windows\system32\drivers\fidbox2.idx

2009-09-09 12:35 . 2009-09-05 17:08 112412 --sha-w- c:\windows\system32\drivers\fidbox.idx

2009-09-09 12:16 . 2007-09-17 21:38 -------- d-----w- c:\program files\McAfee

2009-09-09 08:10 . 2007-12-11 16:41 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP

2009-09-09 08:04 . 2008-11-28 09:34 411368 ----a-w- c:\windows\system32\deploytk.dll

2009-09-05 14:21 . 2008-09-11 16:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft

2009-09-05 14:16 . 2008-05-30 23:31 -------- d-----w- c:\program files\Java

2009-09-05 13:41 . 2009-09-04 07:13 -------- d-----w- c:\program files\ClamWin

2009-09-05 07:17 . 2009-09-04 07:27 -------- d-----w- c:\program files\Spybot - Search & Destroy

2009-09-05 07:16 . 2008-09-11 16:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2009-09-04 23:01 . 2008-03-09 23:02 -------- d-----w- c:\documents and settings\Colin\Application Data\U3

2009-09-04 07:33 . 2009-01-25 20:23 -------- d-----w- c:\program files\AviSynth 2.5

2009-09-04 06:07 . 2009-09-04 06:07 -------- d-----w- c:\program files\Mattgo27 Apps

2009-09-04 06:06 . 2007-09-18 07:32 -------- d-----w- c:\program files\Betfair

2009-09-02 18:42 . 2008-04-08 06:55 848 --sha-w- c:\windows\system32\KGyGaAvL.sys

2009-09-02 18:03 . 2007-10-07 19:36 -------- d-----w- c:\documents and settings\Colin\Application Data\gtk-2.0

2009-08-30 10:24 . 2008-02-29 20:05 -------- d-----w- c:\documents and settings\Colin\Application Data\CoreFTP

2009-08-29 14:17 . 2007-09-17 21:11 -------- d-----w- c:\program files\Common Files\LightScribe

2009-08-24 21:22 . 2007-10-14 10:31 -------- d-----w- c:\documents and settings\Colin\Application Data\dvdcss

2009-08-22 10:33 . 2007-10-04 19:18 95416 -c--a-w- c:\documents and settings\Colin\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2009-08-20 07:58 . 2008-11-30 10:46 -------- d-----w- c:\program files\Crimson Editor

2009-08-14 05:58 . 2009-09-06 08:08 7396 ----a-w- c:\windows\system32\drivers\pctcore.cat

2009-08-12 22:22 . 2008-05-06 19:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help

2009-08-05 09:01 . 2004-08-04 12:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll

2009-08-01 10:22 . 2009-08-01 10:22 -------- d-----w- c:\program files\AndreaMosaic

2009-08-01 10:21 . 2009-08-01 10:22 737280 ----a-w- c:\windows\iun6002.exe

2009-07-30 20:23 . 2009-07-30 20:23 -------- d-----w- c:\documents and settings\Colin\Application Data\Mazaika

2009-07-17 19:01 . 2004-08-04 12:00 58880 ----a-w- c:\windows\system32\atl.dll

2009-07-14 18:45 . 2008-09-10 16:40 -------- d-----w- c:\program files\Web Page Maker

2009-07-13 22:43 . 2004-08-04 12:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll

2009-07-03 17:09 . 2004-08-04 12:00 915456 ----a-w- c:\windows\system32\wininet.dll

2009-06-26 08:12 . 2009-06-26 06:15 47360 ----a-w- c:\documents and settings\Colin\Application Data\pcouffin.sys

2009-06-26 06:15 . 2009-06-26 06:15 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys

2009-06-16 14:36 . 2004-08-04 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll

2009-06-16 14:36 . 2004-08-04 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll

2009-06-12 12:31 . 2004-08-04 12:00 80896 ----a-w- c:\windows\system32\tlntsess.exe

2009-06-12 12:31 . 2004-08-04 12:00 76288 ----a-w- c:\windows\system32\telnet.exe

2008-10-11 12:50 . 2008-03-22 15:00 60526 ----a-w- c:\program files\mozilla firefox\components\jar50.dll

2008-10-11 12:50 . 2008-03-22 15:00 49256 -c--a-w- c:\program files\mozilla firefox\components\jsd3250.dll

2008-02-02 10:27 . 2008-03-22 15:00 34952 ----a-w- c:\program files\mozilla firefox\components\myspell.dll

2008-02-02 10:27 . 2008-03-22 15:00 46720 -c--a-w- c:\program files\mozilla firefox\components\spellchk.dll

2008-10-11 12:50 . 2008-03-22 15:00 166000 -c--a-w- c:\program files\mozilla firefox\components\xpinstal.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-08-21 202024]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-01-13 131072]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-01-13 163840]

"Persistence"="c:\windows\system32\igfxpers.exe" [2007-01-13 135168]

"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-01-08 645328]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]

"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-05-13 177472]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136]

"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]

"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-08-08 1828136]

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-09-09 149280]

"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2005-09-22 14854144]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-08-24 437160]

c:\documents and settings\Colin\Start Menu\Programs\Startup\

Microsoft Office Outlook.lnk - c:\program files\Microsoft Office\Office12\OUTLOOK.EXE [2009-4-17 12438896]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Documents and Settings\\Colin\\My Documents\\Ebay\\Control Panel Shop\\Autoplay Templates\\Games\\CD_Root\\AutoPlay\\Docs\\Open Arena\\openarena-0.8.1\\openarena.exe"=

"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=

"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"26260:TCP"= 26260:TCP:BitComet 26260 TCP

"26260:UDP"= 26260:UDP:BitComet 26260 UDP

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [09/09/2009 08:47 108289]

S2 0316221252498581mcinstcleanup;McAfee Application Installer Cleanup (0316221252498581);c:\windows\TEMP\031622~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service --> c:\windows\TEMP\031622~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service [?]

S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;"c:\program files\Lavasoft\Ad-Aware\AAWService.exe" --> c:\program files\Lavasoft\Ad-Aware\AAWService.exe [?]

S2 LocalCpa;Force Repository;"c:\program files\Core Security Technologies\CORE FORCE\Repository\LocalCpa.exe" --> c:\program files\Core Security Technologies\CORE FORCE\Repository\LocalCpa.exe [?]

S2 msav;Moon Secure Antivirus Core;c:\program files\Moon Secure Antivirus\msavcore.exe [24/01/2007 20:49 912384]

S3 HPKBCCID;HP Keyboard Smart Card Driver;c:\windows\system32\drivers\HPKBCCID.sys [17/09/2007 22:10 46976]

S3 STC2DFU;STCII DFU Adapter;c:\windows\system32\drivers\Stc2Dfu.sys [25/10/2004 00:04 7796]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - 0316221252498581MCINSTCLEANUP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]

"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

.

Contents of the 'Scheduled Tasks' folder

2009-08-12 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:57]

2009-03-15 c:\windows\Tasks\McDefragTask.job

- c:\progra~1\mcafee\mqc\QcConsol.exe [2007-09-17 10:53]

2008-03-01 c:\windows\Tasks\McQcTask.job

- c:\progra~1\mcafee\mqc\QcConsol.exe [2007-09-17 10:53]

.

.

------- Supplementary Scan -------

.

uStart Page = about:blank

IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html

IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html

IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html

IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html

DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} - hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-27-0.cab

FF - ProfilePath - c:\documents and settings\Colin\Application Data\Mozilla\Firefox\Profiles\xagbmjdm.default\

FF - prefs.js: browser.search.selectedEngine - Google.co.uk

FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll

FF - component: c:\program files\Mozilla Firefox\extensions\talkback@mozilla.org\components\qfaservices.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----

FF - user.js: dom.disable_open_during_load - false // Popupblocker control handled by McAfee Privacy Service

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.cookie.p3plevel", 1); // 0=low, 1=medium, 2=high, 3=custom

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.enablePad", false); // Allow client to do proxy autodiscovery

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.default", "chrome://branding/content/searchconfig.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.custom", "chrome://branding/content/searchconfig.properties");

.

- - - - ORPHANS REMOVED - - - -

AddRemove-CANONBJ_Deinstall_CNMCP78.DLL - c:\windows\system32\CNMCP78.exe -PRINTERNAMECanon iP4200 -HELPERDLLc:\documents and settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Inst2\cnmis.dll

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-09-09 13:38

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1614895754-861567501-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{D400A2A0-11BD-5867-1AED-8B2EA237B084}*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-1614895754-861567501-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{E1EB952F-A8DA-1909-8BAF-14273F959FF2}*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]

"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]

@Denied: (A 2) (Everyone)

@="IFlashBroker3"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(1184)

c:\windows\system32\WININET.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\scardsvr.exe

c:\program files\Avira\AntiVir Desktop\avguard.exe

c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\Common Files\InterVideo\DeviceService\DevSvc.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\Common Files\LightScribe\LSSrvc.exe

c:\progra~1\McAfee\MSC\mcmscsvc.exe

c:\progra~1\COMMON~1\McAfee\MNA\McNASvc.exe

c:\progra~1\COMMON~1\McAfee\McProxy\McProxy.exe

c:\progra~1\McAfee\VIRUSS~1\Mcshield.exe

c:\program files\McAfee\MPF\MpfSrv.exe

c:\program files\McAfee\MSK\msksrver.exe

c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe

c:\windows\system32\PSIService.exe

c:\program files\Photodex\ProShowGold\scsiaccess.exe

c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

c:\program files\Common Files\Nero\Lib\NMIndexingService.exe

c:\program files\iPod\bin\iPodService.exe

c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe

c:\progra~1\McAfee\VIRUSS~1\mcsysmon.exe

.

**************************************************************************

.

Completion time: 2009-09-09 13:45 - machine was rebooted

ComboFix-quarantined-files.txt 2009-09-09 12:45

Pre-Run: 12,028,313,600 bytes free

Post-Run: 20,055,236,608 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

300 --- E O F --- 2009-09-08 18:25

Link to post
Share on other sites

  • Staff

Hi,

Please save this file to your Desktop. Click on Start->Run, and copy-paste the following command (the bolded text) into the "Open" box, and click OK. When it's finished, there will be a log called Win32kDiag.txt on your desktop. Please open it with Notepad and post the contents here.

"%userprofile%\desktop\win32kdiag.exe" -f -r

Next, please use the Internet Explorer browser and click here to use the F-Secure Online Scanner.

  • Click Start Scanning.
  • You should get a notification bar (on top) to install the ActiveX control.
  • Click on it and select to install the ActiveX.
  • Once the ActiveX is installed, you should accept the License terms by clicking OK below to start the scan.
  • In case you are having problems with installing the ActiveX/starting the scan, please read here.
  • Click the Full System Scan button.
  • It will start to download scanner components and databases. This can take a while.
  • The main scan will start.
  • Once the scan has finished scanning, click the Automatic cleaning (recommended) button
  • It could be possible that your firewall gives an alert - allow it, because that's a connection you establish to submit infected files to F-Secure.
  • The cleaning can take a while, so please be patient.
  • Then click the Show report button and Copy/Paste what is present under results in your next reply.

Next, download my Security Check from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Let me know how things are running now and what issues remain.

-screen317

Link to post
Share on other sites

  • 4 weeks later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.