Jump to content

MBAM will not start! NEED serious help plzzz!


ipod01
 Share

Recommended Posts

Hi guys, i am new here so i would really appreciate your help. My computer got infected a few days back by the windows police spyware or something and i have tried running avg, mbam, spybot and everyother spyware i could think of but they would not start at all. I tried reinstalling mbam and it would give me an error message saying:

"windows cannot access the specified path..."

I installed hijack this but it would not start as well!!! I do not know what to do next. I would reaalllly appreciate your help in this matter. THanks!

Also, I am currently working from the safe mode and it still does not work! Kaspersky online scanner is also not working out. help!!!!

Link to post
Share on other sites

Hello ipod01

Welcome to Malwarebytes.

Let me know if you maybe see a black Command prompt window when you run the second program.

=====================

Please download DDS and save it to your desktop.

  • Disable any script blocking protection
  • Double click dds.scr to run the tool.
  • When done, DDS.txt will open.
  • Click Yes at the next prompt for Optional Scan.
  • Save both reports to your desktop.

---------------------------------------------------

Please include the contents of the following in your next reply:

DDS.txt

Attach.txt.

================

Download This file. Note its name and save it to your root folder, such as C:\.

  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security program drivers will not conflict with this file.
  • Click on this link to see a list of programs that should be disabled.
  • Double-click on the downloaded file to start the program. (If running Vista, right click on it and select "Run as an Administrator")
  • Allow the driver to load if asked.
  • You may be prompted to scan immediately if it detects rootkit activity.
  • If you are prompted to scan your system click "Yes" to begin the scan.
  • If not prompted, click the "Rootkit/Malware" tab.
  • On the right-side, all items to be scanned should be checked by default except for "Show All". Leave that box unchecked.
  • Select all drives that are connected to your system to be scanned.
  • Click the Scan button to begin. (Please be patient as it can take some time to complete)
  • When the scan is finished, click Save to save the scan results to your Desktop.
  • Save the file as Results.log and copy/paste the contents in your next reply.
  • Exit the program and re-enable all active protection when done.

Link to post
Share on other sites

Ok I was able to run Combofix and the log result is as follows:

ComboFix 09-09-14.02 - HP_Administrator 09/15/2009 20:13.1.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.958.565 [GMT -4:00]

Running from: c:\documents and settings\HP_Administrator\Desktop\Combo-Fix.exe

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}

* Created a new restore point

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\All Users\Application Data\99328116.ini

c:\documents and settings\HP_Administrator\Application Data\inst.exe

c:\program files\SafetyCenter

c:\program files\SafetyCenter\main.ico

c:\program files\SafetyCenter\new.exe

c:\program files\SafetyCenter\protector.exe

c:\program files\SafetyCenter\sound.wav

c:\program files\SafetyCenter\start.exe

c:\program files\SafetyCenter\uninstall.exe

c:\windows\braviax.exe

c:\windows\cru629.dat

c:\windows\Installer\17edc83.msp

c:\windows\Installer\1e43a38.msi

c:\windows\Installer\1f54783.msp

c:\windows\Installer\35e2ec.msp

c:\windows\Installer\8b6359.msi

c:\windows\Installer\b0351.msi

c:\windows\kb913800.exe

c:\windows\ppp3.dat

c:\windows\ppp4.dat

c:\windows\system32\~.exe

c:\windows\system32\bennuar.old

c:\windows\system32\braviax.exe

c:\windows\system32\cru629.dat

c:\windows\system32\ddDEsot.dll

c:\windows\system32\desote.exe

c:\windows\system32\drivers\SKYNEToiyxwtky.sys

c:\windows\system32\drivers\Sonyhcp.dll

c:\windows\system32\images

c:\windows\system32\images\i1.gif

c:\windows\system32\images\i2.gif

c:\windows\system32\images\i3.gif

c:\windows\system32\images\j1.gif

c:\windows\system32\images\j2.gif

c:\windows\system32\images\j3.gif

c:\windows\system32\images\jj1.gif

c:\windows\system32\images\jj2.gif

c:\windows\system32\images\jj3.gif

c:\windows\system32\images\l1.gif

c:\windows\system32\images\l2.gif

c:\windows\system32\images\l3.gif

c:\windows\system32\images\pix.gif

c:\windows\system32\images\t1.gif

c:\windows\system32\images\t2.gif

c:\windows\system32\images\up1.gif

c:\windows\system32\images\up2.gif

c:\windows\system32\images\w1.gif

c:\windows\system32\images\w11.gif

c:\windows\system32\images\w2.gif

c:\windows\system32\images\w3.gif

c:\windows\system32\images\w3.jpg

c:\windows\system32\images\wt1.gif

c:\windows\system32\images\wt2.gif

c:\windows\system32\images\wt3.gif

c:\windows\system32\onhelp.htm

c:\windows\system32\SKYNETiqaaqbdw.dat

c:\windows\system32\SKYNETtyqxhkdk.dll

c:\windows\system32\SKYNETubqpvllt.dll

c:\windows\system32\SKYNETupxejjix.dll

c:\windows\system32\SKYNETutrkrgkq.dat

c:\windows\system32\sonhelp.htm

c:\windows\system32\sysnet.dat

c:\windows\system32\wisdstr.exe

c:\windows\system32\wispex.html

c:\windows\Tasks\At1.job

c:\windows\Tasks\At10.job

c:\windows\Tasks\At11.job

c:\windows\Tasks\At12.job

c:\windows\Tasks\At13.job

c:\windows\Tasks\At14.job

c:\windows\Tasks\At15.job

c:\windows\Tasks\At16.job

c:\windows\Tasks\At17.job

c:\windows\Tasks\At18.job

c:\windows\Tasks\At19.job

c:\windows\Tasks\At2.job

c:\windows\Tasks\At20.job

c:\windows\Tasks\At21.job

c:\windows\Tasks\At22.job

c:\windows\Tasks\At23.job

c:\windows\Tasks\At3.job

c:\windows\Tasks\At4.job

c:\windows\Tasks\At5.job

c:\windows\Tasks\At6.job

c:\windows\Tasks\At7.job

c:\windows\Tasks\At8.job

c:\windows\Tasks\At9.job

c:\windows\Temp\~3A.dll

c:\windows\wpd99.drv

D:\Autorun.inf

c:\windows\system32\drivers\beep.sys . . . is infected!!

Infected copy of c:\windows\system32\eventlog.dll was found and disinfected

Restored copy from - c:\windows\ServicePackFiles\i386\eventlog.dll

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Service_SKYNEThorvdbqq

-------\Legacy_SKYNEThorvdbqq

-------\Legacy_ANTIPPRO2009_100

-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED}

-------\Service_AntipPro2009_100

((((((((((((((((((((((((( Files Created from 2009-08-16 to 2009-09-16 )))))))))))))))))))))))))))))))

.

2009-09-14 23:29 . 2009-09-14 23:29 -------- d-----w- c:\program files\Trend Micro

2009-09-11 16:07 . 2009-09-11 16:07 2198 ----a-w- C:\wus.bat

2009-09-11 04:15 . 2009-09-11 04:14 411368 ----a-w- c:\windows\system32\deploytk.dll

2009-09-09 22:40 . 2009-09-09 22:42 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe

2009-09-09 02:05 . 2009-08-03 17:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-09-09 02:05 . 2009-08-03 17:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-09-09 01:43 . 2008-12-11 12:38 159600 ----a-w- c:\windows\system32\drivers\pctgntdi.sys

2009-09-09 01:43 . 2009-08-24 18:05 206256 ----a-w- c:\windows\system32\drivers\PCTCore.sys

2009-09-09 01:43 . 2009-08-19 15:01 86888 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys

2009-09-09 01:42 . 2009-09-09 01:45 -------- d-----w- c:\program files\Common Files\PC Tools

2009-09-09 01:42 . 2008-12-10 15:36 64392 ----a-w- c:\windows\system32\drivers\pctplsg.sys

2009-09-09 01:42 . 2009-09-09 01:45 -------- d-----w- c:\program files\Spyware Doctor

2009-09-09 01:42 . 2009-09-09 01:42 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\PC Tools

2009-09-09 01:42 . 2009-09-09 01:42 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools

2009-09-09 00:02 . 2009-09-14 23:43 664 ----a-w- c:\windows\system32\d3d9caps.dat

2009-09-08 23:47 . 2009-09-08 23:47 -------- d-----w- c:\program files\Windows Defender

2009-09-08 22:09 . 2009-09-08 22:09 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Apple Computer

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-09-16 00:27 . 2007-06-23 19:12 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP

2009-09-16 00:10 . 2008-04-18 02:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater

2009-09-15 23:18 . 2007-11-30 23:23 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\U3

2009-09-15 02:39 . 2009-07-20 03:51 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\vlc

2009-09-14 22:43 . 2006-09-21 23:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2009-09-11 04:14 . 2006-05-07 03:02 -------- d-----w- c:\program files\Java

2009-09-10 22:30 . 2008-08-24 15:33 -------- d-----w- c:\program files\Microsoft Silverlight

2009-09-09 23:00 . 2009-04-20 00:22 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2009-09-09 02:00 . 2007-06-19 01:19 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Skype

2009-09-09 01:59 . 2009-07-27 02:01 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Spotify

2009-08-27 03:27 . 2007-09-24 02:59 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\LimeWire

2009-08-23 04:19 . 2006-05-07 03:33 71664 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2009-08-16 17:02 . 2008-07-17 23:36 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\FrostWire

2009-08-16 16:19 . 2007-12-28 17:38 -------- d-----w- c:\program files\Last.fm

2009-08-16 03:32 . 2007-09-24 02:59 -------- d-----w- c:\program files\LimeWire

2009-08-15 19:53 . 2009-07-21 02:59 11952 ----a-w- c:\windows\system32\avgrsstx.dll

2009-08-15 19:53 . 2009-07-21 02:59 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys

2009-08-15 19:53 . 2009-07-21 02:59 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys

2009-08-14 10:58 . 2009-09-09 01:43 7396 ----a-w- c:\windows\system32\drivers\pctcore.cat

2009-08-14 01:55 . 2008-02-08 04:14 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Digsby

2009-08-14 01:55 . 2008-02-08 04:07 -------- d-----w- c:\program files\Digsby

2009-08-10 02:02 . 2007-08-29 18:23 -------- d-----w- c:\program files\IZArc

2009-08-09 23:03 . 2009-08-09 23:02 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\tor

2009-08-05 09:01 . 2004-08-10 04:00 204800 ------w- c:\windows\system32\mswebdvd.dll

2009-07-27 02:01 . 2009-07-27 02:01 -------- d-----w- c:\program files\Spotify

2009-07-26 18:54 . 2006-05-07 03:49 -------- d-----w- c:\program files\Quicken

2009-07-21 03:02 . 2008-11-27 02:00 -------- d-----w- c:\program files\Common Files\McAfee

2009-07-21 03:02 . 2007-01-29 04:26 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee

2009-07-21 03:02 . 2007-01-29 04:25 -------- d-----w- c:\program files\McAfee

2009-07-21 02:59 . 2009-07-21 02:59 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys

2009-07-21 02:58 . 2009-07-21 02:58 -------- d-----w- c:\program files\AVG

2009-07-21 02:58 . 2009-07-21 02:58 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8

2009-07-21 02:44 . 2009-07-21 02:44 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\AVG8

2009-07-17 19:01 . 2004-08-10 04:00 58880 ----a-w- c:\windows\system32\atl.dll

2009-07-13 14:08 . 2004-08-10 04:00 286720 ----a-w- c:\windows\system32\wmpdxm.dll

2009-06-29 16:12 . 2004-08-10 04:00 827392 ----a-w- c:\windows\system32\wininet.dll

2009-06-29 16:12 . 2004-08-10 04:00 78336 ----a-w- c:\windows\system32\ieencode.dll

2009-06-29 16:12 . 2004-08-10 04:00 17408 ----a-w- c:\windows\system32\corpol.dll

2009-06-22 10:45 . 2009-06-22 10:45 93 ----a-w- c:\windows\system32\SKYNET.dat

2008-05-07 22:20 . 2007-07-25 13:31 122880 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll

2009-04-19 23:14 . 2009-04-19 23:14 2 --shatr- c:\windows\winstart.bat

2007-08-29 04:01 . 2007-08-23 20:18 304672 --sha-w- c:\windows\system32\drivers\fidbox.dat

2007-08-29 03:51 . 2007-08-23 20:18 16416 --sha-w- c:\windows\system32\drivers\fidbox2.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2008-06-20 00:51 143360 ----a-w- c:\program files\Dropbox\DropboxExt.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2008-06-20 00:51 143360 ----a-w- c:\program files\Dropbox\DropboxExt.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2008-06-20 00:51 143360 ----a-w- c:\program files\Dropbox\DropboxExt.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"DW6"="c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe" [2009-02-11 801904]

"Google Update"="c:\documents and settings\HP_Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-02 133104]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-15 68856]

"RegistryMechanic"="c:\program files\Registry Mechanic\RegMech.exe" [2009-06-30 2836376]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-01-25 7311360]

"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-05-07 29744]

"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-08-15 2007832]

"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-03 866584]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-09-11 149280]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Google Desktop.lnk - c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2007-7-25 29744]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]

2009-08-15 19:53 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\McAfeeEngineService]

@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]

@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]

@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^HP_Administrator^Start Menu^Programs^Startup^Adobe Gamma.lnk]

path=c:\documents and settings\HP_Administrator\Start Menu\Programs\Startup\Adobe Gamma.lnk

backup=c:\windows\pss\Adobe Gamma.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^HP_Administrator^Start Menu^Programs^Startup^Dropbox.lnk]

path=c:\documents and settings\HP_Administrator\Start Menu\Programs\Startup\Dropbox.lnk

backup=c:\windows\pss\Dropbox.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=

"c:\\Program Files\\DISC\\DISCover.exe"=

"c:\\Program Files\\DISC\\DiscStreamHub.exe"=

"c:\\Program Files\\DISC\\myFTP.exe"=

"c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\Last.fm\\LastFM.exe"=

"c:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=

"c:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=

"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

"c:\\Program Files\\Microsoft Games\\Halo\\halo.exe"=

"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=

"c:\\Program Files\\LimeWire\\LimeWire.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\CambridgeSoft\\ChemOffice2008\\ChemDraw\\ChemDraw.exe"=

"c:\\Documents and Settings\\HP_Administrator\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe"=

"c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"=

"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=

"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=

"c:\\Program Files\\Spotify\\spotify.exe"=

"c:\\Program Files\\uTorrent\\uTorrent.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"9420:TCP"= 9420:TCP:Red Swoosh

"5000:UDP"= 5000:UDP:Red Swoosh

"18282:TCP"= 18282:TCP:BitComet 18282 TCP

"18282:UDP"= 18282:UDP:BitComet 18282 UDP

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [9/8/2009 9:43 PM 206256]

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [7/20/2009 10:59 PM 335240]

R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [7/20/2009 10:59 PM 108552]

R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [7/20/2009 10:58 PM 297752]

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [12/23/2008 12:11 PM 210216]

S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]

S3 GoogleDesktopManager-022208-143751;Google Desktop Manager 5.7.802.22438;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [7/25/2007 9:25 AM 29744]

S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [9/8/2009 9:42 PM 348752]

.

Contents of the 'Scheduled Tasks' folder

2009-09-16 c:\windows\Tasks\Google Software Updater.job

- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-02-01 15:27]

2009-09-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2797609097-3116072469-3799256-1008Core.job

- c:\documents and settings\HP_Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-02 22:42]

2009-09-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2797609097-3116072469-3799256-1008UA.job

- c:\documents and settings\HP_Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-02 22:42]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com

uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PAVILION&pf=desktop

mStart Page = hxxp://www.google.com

mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PAVILION&pf=desktop

IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm

IE: Add to Evernote - c:\program files\Evernote\Evernote3\enbar.dll/2000

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000

IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm

IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm

IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm

Trusted Zone: trymedia.com

FF - ProfilePath - c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\j5metiej.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://msn.com/

FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p=

FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll

FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll

FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll

FF - plugin: c:\documents and settings\HP_Administrator\Application Data\Move Networks\plugins\npqmp071503000010.dll

FF - plugin: c:\documents and settings\HP_Administrator\Local Settings\Application Data\Google\Update\1.2.183.7\npGoogleOneClick8.dll

FF - plugin: c:\program files\CambridgeSoft\ChemOffice2008\Chem3D\npChem3DPlugin.dll

FF - plugin: c:\program files\CambridgeSoft\ChemOffice2008\ChemDraw\NPCDP32.DLL

FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll

FF - HiddenExtension: XUL Cache: {563A0E1E-CAC5-4A69-AE67-85CBE4171CB9} - c:\documents and settings\HP_Administrator\Local Settings\Application Data\{563A0E1E-CAC5-4A69-AE67-85CBE4171CB9}

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----

FF - user.js: network.http.max-persistent-connections-per-server - 4

FF - user.js: content.max.tokenizing.time - 1800000

FF - user.js: content.notify.interval - 600000

FF - user.js: content.switch.threshold - 1000000

FF - user.js: nglayout.initialpaint.delay - 600

.

- - - - ORPHANS REMOVED - - - -

AddRemove-Mozilla Firefox (2.0.0.11) - n:\portableapps\FirefoxPortable\App\firefox\uninstall\helper.exe

AddRemove-Win Police Pro - c:\program files\Windows Police Pro\AntiSpyware_Uninstall.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-09-15 20:26

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2797609097-3116072469-3799256-1008\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]

"??"=hex:25,b6,bd,0c,cc,8c,9c,b5,8d,08,01,51,39,dc,c3,85,7d,45,a3,91,75,25,04,

c1,62,bb,a1,24,af,c3,03,29,a5,f1,f4,40,c7,08,60,8f,df,30,a4,0b,a8,da,d1,7f,\

"??"=hex:9a,79,d7,be,31,d1,b7,a8,1d,55,98,fc,76,89,7c,09

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(432)

c:\windows\system32\WININET.dll

c:\program files\McAfee\SiteAdvisor\saHook.dll

c:\program files\Dropbox\DropboxExt.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\mshtml.dll

c:\windows\IME\SPGRMR.DLL

c:\program files\Common Files\Microsoft Shared\INK\SKCHUI.DLL

c:\program files\Microsoft Office\OFFICE11\msohev.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

c:\windows\arservice.exe

c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\windows\ehome\ehrecvr.exe

c:\windows\ehome\ehSched.exe

c:\program files\AVG\AVG8\avgrsx.exe

c:\progra~1\AVG\AVG8\avgnsx.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\McAfee\Common Framework\FrameworkService.exe

c:\program files\McAfee\Common Framework\naPrdMgr.exe

c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

c:\windows\system32\wdfmgr.exe

c:\windows\system32\dllhost.exe

c:\windows\system32\wscntfy.exe

.

**************************************************************************

.

Completion time: 2009-09-16 20:41 - machine was rebooted

ComboFix-quarantined-files.txt 2009-09-16 00:41

Pre-Run: 83,855,425,536 bytes free

Post-Run: 84,788,658,176 bytes free

Current=2 Default=2 Failed=1 LastKnownGood=4 Sets=,1,2,3,4

385 --- E O F --- 2009-09-16 00:36

Do I still need to run DDS?? Thanks for your help.

Link to post
Share on other sites

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.