Jump to content

Anti-Malware and HJT won't run


johnhy
 Share

Recommended Posts

I have a virus that is causing my computer to shutdown. After logging on a System Shutdown box appears stating among other things - "This system shutdown was initiated by NT AUTHORITY\SYSTEM" and "C:\windows32\services.exe". I am able to reboot and keep computer running but only in Safe Mode thus preventing any internet connection. I was able to download the AntiMalware (mbam-setup.exe) and HijackThis onto a removable disk drive from another computer and load onto desktop but neither will run on the infected computer. I was finally able to get Combo-Fix loaded onto the computer and was able to run and generate a log file. Hopefully, you can help me find a solution to this virus.

Here is the log:

ComboFix 09-09-14.02 - JHemmenw 09/15/2009 19:51.1.2 - NTFSx86 MINIMAL

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3582.3334 [GMT -7:00]

Running from: E:\Combo-Fix.exe

AV: VirusScan Enterprise + AntiSpyware Enterprise *On-access scanning disabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\All Users\Application Data\dawot.inf

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat

c:\documents and settings\All Users\Documents\hahed._dl

c:\documents and settings\All Users\Documents\qanawo.reg

c:\documents and settings\JHemmenw\Application Data\vudu.vbs

c:\documents and settings\JHemmenw\Application Data\zykefiry.bat

c:\documents and settings\JHemmenw\Cookies\dyxu.lib

c:\documents and settings\JHemmenw\Cookies\otufu.inf

c:\documents and settings\JHemmenw\Cookies\unazoty.pif

c:\documents and settings\JHemmenw\Cookies\ypadof._dl

c:\documents and settings\JHemmenw\Local Settings\Application Data\ehorutyzyw.dll

c:\documents and settings\JHemmenw\Local Settings\Application Data\kewela._sy

c:\documents and settings\JHemmenw\Local Settings\Temporary Internet Files\sihu.dl

c:\program files\Common Files\jysyzadud.exe

c:\program files\Common Files\mosogiva.sys

c:\program files\Common

c:\program files\Windows Police Pro

c:\program files\Windows Police Pro\msvcm80.dll

c:\program files\Windows Police Pro\msvcp80.dll

c:\program files\Windows Police Pro\msvcr80.dll

c:\program files\Windows Police Pro\tmp\dbsinit.exe

c:\program files\Windows Police Pro\tmp\images\i1.gif

c:\program files\Windows Police Pro\tmp\images\i2.gif

c:\program files\Windows Police Pro\tmp\images\i3.gif

c:\program files\Windows Police Pro\tmp\images\j1.gif

c:\program files\Windows Police Pro\tmp\images\j2.gif

c:\program files\Windows Police Pro\tmp\images\j3.gif

c:\program files\Windows Police Pro\tmp\images\jj1.gif

c:\program files\Windows Police Pro\tmp\images\jj2.gif

c:\program files\Windows Police Pro\tmp\images\jj3.gif

c:\program files\Windows Police Pro\tmp\images\l1.gif

c:\program files\Windows Police Pro\tmp\images\l2.gif

c:\program files\Windows Police Pro\tmp\images\l3.gif

c:\program files\Windows Police Pro\tmp\images\pix.gif

c:\program files\Windows Police Pro\tmp\images\t1.gif

c:\program files\Windows Police Pro\tmp\images\t2.gif

c:\program files\Windows Police Pro\tmp\images\up1.gif

c:\program files\Windows Police Pro\tmp\images\up2.gif

c:\program files\Windows Police Pro\tmp\images\w1.gif

c:\program files\Windows Police Pro\tmp\images\w11.gif

c:\program files\Windows Police Pro\tmp\images\w2.gif

c:\program files\Windows Police Pro\tmp\images\w3.gif

c:\program files\Windows Police Pro\tmp\images\w3.jpg

c:\program files\Windows Police Pro\tmp\images\wt1.gif

c:\program files\Windows Police Pro\tmp\images\wt2.gif

c:\program files\Windows Police Pro\tmp\images\wt3.gif

c:\program files\Windows Police Pro\tmp\wispex.html

c:\program files\Windows Police Pro\windows Police Pro.exe

C:\setup.exe

c:\windows\braviax.exe

c:\windows\cru629.dat

c:\windows\Installer\3a291.msi

c:\windows\nogafevycy.sys

c:\windows\ppp3.dat

c:\windows\ppp4.dat

c:\windows\system32\_scui.cpl

c:\windows\system32\~.exe

c:\windows\system32\bennuar.old

c:\windows\system32\braviax.exe

c:\windows\system32\config\systemprofile\Start Menu\Programs\Windows Antivirus Pro

c:\windows\system32\config\systemprofile\Start Menu\Programs\Windows Antivirus Pro\Windows Antivirus Pro.lnk

c:\windows\system32\cru629.dat

c:\windows\system32\ddDEsot.dll

c:\windows\system32\desote.exe

c:\windows\system32\drivers\SKYNETdepxnlcv.sys

c:\windows\system32\icezepu.inf

c:\windows\system32\licemuxet.inf

c:\windows\system32\onhelp.htm

c:\windows\system32\qobuly.bin

c:\windows\system32\SKYNETckorrmid.dat

c:\windows\system32\SKYNETeogwboed.dll

c:\windows\system32\SKYNETiiysaajl.dll

c:\windows\system32\SKYNETsbpjwsou.dll

c:\windows\system32\SKYNETsiootsvy.dat

c:\windows\system32\sonhelp.htm

c:\windows\system32\sysnet.dat

c:\windows\system32\wisdstr.exe

----- BITS: Possible infected sites -----

hxxp://usewsus01.wlgore.com

c:\windows\system32\drivers\beep.sys . . . is infected!!

Infected copy of c:\windows\system32\eventlog.dll was found and disinfected

Restored copy from - c:\windows\system32\dllcache\eventlog.dll

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Service_SKYNETmtpppcvc

-------\Legacy_SKYNETmtpppcvc

-------\Legacy_ANTIPPRO2009_100

-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED}

((((((((((((((((((((((((( Files Created from 2009-08-16 to 2009-09-16 )))))))))))))))))))))))))))))))

.

2009-09-16 02:13 . 2009-09-16 02:13 -------- d-----w- c:\program files\Trend Micro

2009-09-10 18:28 . 2009-09-10 18:28 -------- d-----w- c:\windows\system32\GroupPolicy\User\Scripts\Logoff\Logoff

2009-09-10 18:28 . 2009-09-10 18:28 -------- d-----w- c:\windows\system32\GroupPolicy\Machine\Scripts\Shutdown\Shutdown

2009-09-09 14:05 . 2009-09-09 14:05 163840 ----a-w- c:\windows\svchasts.exe

2009-09-09 13:56 . 2009-09-09 13:56 11166 ----a-w- c:\windows\system32\yhupyhohi.dat

2009-09-09 13:56 . 2009-09-09 13:56 17900 ----a-w- c:\program files\Common Files\witypule.dat

2009-09-08 20:04 . 2009-09-08 20:04 -------- d-----w- c:\windows\system32\wbem\Repository

2009-08-25 22:12 . 2009-08-25 22:12 57344 ----a-w- C:\clipstreamsa.dll

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-09-16 02:02 . 2009-08-05 03:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2009-09-10 21:54 . 2009-08-05 03:59 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-09-10 21:53 . 2009-08-05 03:59 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-09-10 18:28 . 2009-08-06 14:42 20008 ----a-w- c:\windows\system32\drivers\CDProbe.SYS

2009-09-09 22:57 . 2009-02-17 23:12 664 ----a-w- c:\windows\system32\d3d9caps.dat

2009-09-09 13:56 . 2009-09-09 13:56 14430 ----a-w- c:\program files\Common Files\usijejityp.lib

2009-09-09 13:56 . 2008-11-14 17:19 -------- d-----w- c:\documents and settings\All Users\Application Data\ATTToolbar

2009-09-04 18:11 . 2008-08-27 19:24 -------- d-----w- c:\program files\AT&T Global Network Client

2009-08-05 09:11 . 2004-08-05 00:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll

2009-08-05 03:59 . 2009-08-05 03:59 -------- d-----w- c:\documents and settings\JHemmenw\Application Data\Malwarebytes

2009-08-05 03:59 . 2009-08-05 03:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2009-07-29 04:53 . 2004-08-05 00:00 82432 ----a-w- c:\windows\system32\fontsub.dll

2009-07-29 04:53 . 2004-08-05 00:00 119808 ----a-w- c:\windows\system32\t2embed.dll

2009-07-17 18:55 . 2004-08-05 00:00 58880 ----a-w- c:\windows\system32\atl.dll

2009-07-13 09:18 . 2004-08-05 00:00 233472 ----a-w- c:\windows\system32\wmpdxm.dll

2009-06-26 15:59 . 2004-08-05 00:00 668160 ----a-w- c:\windows\system32\wininet.dll

2009-06-26 15:59 . 2004-08-05 00:00 81920 ----a-w- c:\windows\system32\ieencode.dll

2009-06-25 18:36 . 2004-08-05 00:00 95744 ----a-w- c:\windows\system32\mqsec.dll

2009-06-25 18:36 . 2004-08-05 00:00 661504 ----a-w- c:\windows\system32\mqqm.dll

2009-06-25 18:36 . 2004-08-05 00:00 517120 ----a-w- c:\windows\system32\mqsnap.dll

2009-06-25 18:36 . 2004-08-05 00:00 48640 ----a-w- c:\windows\system32\mqupgrd.dll

2009-06-25 18:36 . 2004-08-05 00:00 471552 ----a-w- c:\windows\system32\mqutil.dll

2009-06-25 18:36 . 2004-08-05 00:00 47104 ----a-w- c:\windows\system32\mqdscli.dll

2009-06-25 18:36 . 2004-08-05 00:00 225280 ----a-w- c:\windows\system32\mqoa.dll

2009-06-25 18:36 . 2004-08-05 00:00 186880 ----a-w- c:\windows\system32\mqtrig.dll

2009-06-25 18:36 . 2004-08-05 00:00 177152 ----a-w- c:\windows\system32\mqrt.dll

2009-06-25 18:36 . 2004-08-05 00:00 16896 ----a-w- c:\windows\system32\mqise.dll

2009-06-25 18:36 . 2004-08-05 00:00 138240 ----a-w- c:\windows\system32\mqad.dll

2009-06-25 18:36 . 2004-08-05 00:00 123392 ----a-w- c:\windows\system32\mqrtdep.dll

2009-06-25 08:44 . 2004-08-05 00:00 724480 ----a-w- c:\windows\system32\lsasrv.dll

2009-06-25 08:44 . 2004-08-05 00:00 59392 ----a-w- c:\windows\system32\wdigest.dll

2009-06-25 08:44 . 2004-08-05 00:00 56320 ----a-w- c:\windows\system32\secur32.dll

2009-06-25 08:44 . 2004-08-05 00:00 298496 ----a-w- c:\windows\system32\kerberos.dll

2009-06-25 08:44 . 2004-08-05 00:00 168448 ----a-w- c:\windows\system32\schannel.dll

2009-06-25 08:44 . 2004-08-05 00:00 133632 ----a-w- c:\windows\system32\msv1_0.dll

2009-06-24 16:36 . 2008-08-27 19:18 85852 ----a-w- c:\windows\system32\nvModes.dat

2009-06-22 11:49 . 2004-08-05 00:00 19968 ----a-w- c:\windows\system32\mqbkup.exe

2009-06-22 11:49 . 2004-08-05 00:00 117248 ----a-w- c:\windows\system32\mqtgsvc.exe

2009-06-22 11:49 . 2004-08-05 00:00 4608 ----a-w- c:\windows\system32\mqsvc.exe

2009-06-22 11:48 . 2004-08-05 00:00 91776 ----a-w- c:\windows\system32\drivers\mqac.sys

2009-06-22 11:34 . 2004-08-05 00:00 92544 ----a-w- c:\windows\system32\drivers\ksecdd.sys

2009-06-22 10:39 . 2009-06-22 10:39 93 ----a-w- c:\windows\system32\SKYNET.dat

.

------- Sigcheck -------

[-] 2009-09-06 15:02 . AE15763F0C1122B40762AB538199C519 . 28672 . . [------] . . c:\windows\system32\dllcache\beep.sys

c:\windows\system32\drivers\beep.sys ... is missing !!

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NetSP - restore settings on power failure"="c:\program files\AT&T Global Network Client\NetSP.exe" [2007-01-13 24576]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"AGNS_Config"="nircmd execmd" [X]

"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]

"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]

"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]

"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]

"iPrint Tray"="c:\windows\system32\iprntctl.exe" [2007-05-07 40960]

"NDPS"="c:\windows\system32\dpmw32.exe" [2004-05-17 32859]

"Apoint"="c:\program files\DellTPad\Apoint.exe" [2007-07-02 159744]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-11-17 8495104]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-11-17 81920]

"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 405504]

"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2008-10-07 111952]

"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\UdaterUI.exe" [2008-07-17 136512]

"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-06-02 2220032]

"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2006-10-20 118784]

"RoxioDragToDisc"="c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe" [2006-08-17 1116920]

"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]

"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]

"Discovery User Input"="c:\discovery\User Input\userin32.exe" [2009-02-14 233472]

"iPrint Event Monitor"="c:\windows\system32\iprntlgn.exe" [2007-05-07 45056]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]

"ISW.exe"="c:\program files\AT&T\Internet Security Wizard\ISW.exe" [2007-05-03 2061816]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-03-03 155648]

"NWTRAY"="NWTRAY.EXE" - c:\windows\system32\nwtray.exe [2002-03-12 28672]

"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2007-11-17 1626112]

"NVHotkey"="nvHotkey.dll" - c:\windows\system32\nvhotkey.dll [2007-11-17 86016]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]

"2"="nircmd execmd" [X]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-24 29696]

HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]

Novell iFolder.lnk - c:\program files\Novell\iFolder\trayapp.exe [2006-11-7 266317]

Printer Status Monitor.lnk - c:\program files\SHARP\Printer Status Monitor\Smon.exe [2008-12-19 180313]

Printkey2000.lnk - c:\program files\PrintKey2000\Printkey2000.exe [2005-3-4 869376]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"DisableCAD"= 1 (0x1)

"CompatibleRUPSecurity"= 1 (0x1)

"LogonType"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"NoWelcomeScreen"= 1 (0x1)

"NoPublishingWizard"= 1 (0x1)

"NoWebServices"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"ForceStartMenuLogOff"= 1 (0x1)

"NoSMBalloonTip"= 1 (0x1)

"NoSMConfigurePrograms"= 1 (0x1)

"DisablePersonalDirChange"= 1 (0x1)

"ForceClassicControlPanel"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{763370C4-268E-4308-A60C-D8DA0342BE32}"= "c:\program files\Novell\ZENworks\NalShell.dll" [2007-07-20 458752]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\NetIdentity Notification]

2007-01-10 17:52 24576 ----a-w- c:\windows\system32\Novell\xtnotify.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Authentication Packages REG_MULTI_SZ msv1_0 nwv1_0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"c:\\WINDOWS\\System32\\DPMW32.EXE"=

"c:\\Program Files\\Novell\\ZENworks\\RemoteManagement\\RMAgent\\ZenRem32.exe"=

"c:\\WINDOWS\\system32\\sessmgr.exe"=

"c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]

"AllowInboundEchoRequest"= 1 (0x1)

R0 NifFltr;NifFltr;c:\windows\system32\drivers\niffltr.sys [11/7/2006 11:19 AM 25300]

R0 vmscsi;vmscsi;c:\windows\system32\drivers\vmscsi.sys [1/1/1980 5:00 AM 17584]

S1 enstart_;enstart_;c:\windows\system32\enstart_.sys [8/27/2008 12:31 PM 25472]

S1 nipplpt2;Novell iCapture Lpt Redirector 2;c:\windows\system32\drivers\nipplpt.sys [3/4/2005 9:31 PM 34671]

S2 agnwifi;AT&T Wi-Fi Support Driver;c:\windows\system32\drivers\agnwifi.sys [4/29/2004 2:19 PM 19328]

S2 BCMWLNPF;Broadcom Netgroup Packet Filter;c:\windows\system32\drivers\BCMWLNPF.SYS [8/27/2008 12:31 PM 33664]

S2 BlankScr;HBDevice;c:\windows\system32\drivers\blankscr.sys [5/23/2005 12:47 PM 6899]

S2 enstart;enstart;c:\windows\system32\enstart.exe -s --> c:\windows\system32\enstart.exe -s [?]

S2 Remote Management Agent;Novell ZENworks Remote Management Agent;c:\program files\Novell\ZENworks\RemoteManagement\RMAgent\ZenRem32.exe [5/9/2006 8:59 AM 167936]

S2 WNTHW;WNTHW;c:\windows\system32\drivers\WNTHW.SYS [1/6/2006 2:37 AM 9176]

S2 XTAgent;Novell XTier Agent Services;c:\windows\system32\Novell\xtagent.exe [1/10/2007 10:52 AM 61440]

S3 agnfilt;AGN Filter Interface;c:\windows\system32\drivers\agnfilt.sys [5/19/2006 6:46 AM 180864]

S3 avpnnic;AGN Virtual Network Adapter;c:\windows\system32\drivers\avpnnic.sys [4/4/2003 9:48 AM 13952]

S3 CdProbe;CdProbe;c:\windows\system32\drivers\CDProbe.SYS [8/6/2009 7:42 AM 20008]

S3 Darpan;Darpan;c:\windows\system32\drivers\Darpan.sys [5/23/2005 12:11 PM 2773]

S3 vmmouse;VMware Pointing Device;c:\windows\system32\drivers\vmmouse.sys [3/23/2005 2:40 AM 11312]

S3 vmx_svga;vmx_svga;c:\windows\system32\drivers\vmx_svga.sys [1/1/1980 5:00 AM 22448]

S3 vmxnet;VMware Ethernet Adapter Driver;c:\windows\system32\drivers\vmxnet.sys [1/1/1980 5:00 AM 29232]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

.

Contents of the 'Scheduled Tasks' folder

2009-08-05 c:\windows\Tasks\System Restore.job

- c:\windows\system32\Restore\rstrui.exe [2005-03-04 19:00]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com

mStart Page = hxxp://www.google.com

uInternet Settings,ProxyServer = 157.204.22.4:8080

uInternet Settings,ProxyOverride = *.wlgore.com;127.0.0.1;localhost;157.204.*;chipsndip;32.85.*;192.168.*;<local>

uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab

.

- - - - ORPHANS REMOVED - - - -

AddRemove-PS Printer Driver - c:\windows\ISUNINST.EXE -fc:\windows\usn0.isu

AddRemove-SHARP PS Display Font - c:\windows\ISUNINST.EXE -fc:\windows\ushsf.isu

AddRemove-Win Police Pro - c:\program files\Windows Police Pro\AntiSpyware_Uninstall.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-09-15 19:58

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

Completion time: 2009-09-16 20:00 - machine was rebooted

ComboFix-quarantined-files.txt 2009-09-16 03:00

Pre-Run: 106,350,219,264 bytes free

Post-Run: 107,999,838,208 bytes free

Current=4 Default=4 Failed=3 LastKnownGood=5 Sets=1,2,3,4,5

297 --- E O F --- 2009-08-29 02:02

Link to post
Share on other sites

  • Staff

Hi and welcome to Malwarebytes.

It is not safe to run ComboFix unless under the supervision of a trained analyst; failure to adhere to that may render your computer unbootable.

Please go to VirusTotal, and upload the following file for analysis:

c:\windows\system32\drivers\vmscsi.sys

c:\windows\system32\enstart_.sys

Post the results in your reply.

After that, delete your copy of ComboFix, grab a fresh copy from here, and save it to your Desktop. Run it and post its log.

After that, see if MBAM will install and run. If so, update it, run a Quick Scan, and post its log.

-screen317

Link to post
Share on other sites

  • 3 weeks later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.