Jump to content

MBAM_ERROR_FILE_SCAN (0, 28)


Recommended Posts

I have removed Malewarebytes, and all of it's bits with the remove file. Reinstalled with the virus protection turned off and I still get this error. Here are the DDS Files and Ark file. Any help would be appreciated. Thanks.

DDS (Ver_10-03-17.01) - NTFSx86

Run by Valhalla at 9:06:05.10 on Sun 08/22/2010

Internet Explorer: 8.0.7600.16385

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3318.2507 [GMT -7:00]

AV: avast! antivirus 4.8.1296 [VPS 081229-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

SP: avast! antivirus 4.8.1296 [VPS 081229-0] *enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\taskhost.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

c:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe

C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe

C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe

C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe

C:\Program Files\Secunia\PSI\psi.exe

C:\Program Files\Alwil Software\Avast5\AvastUI.exe

C:\Program Files\Intuit\QuickBooks 2007\QBDBMgrN.exe

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe

C:\Program Files\Dell\QuickSet\quickset.exe

C:\Program Files\Dell Support Center\bin\sprtsvc.exe

c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe

C:\Windows\system32\STacSV.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\system32\DRIVERS\xaudio.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\Dell Support Center\gs_agent\dsc.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Users\Valhalla\Downloads\dds.scr

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

ark.zip

attach.txt.zip

Link to post
Share on other sites

Hello Captnzin! Welcome to Malwarebytes' Anti-Malware Forums!

My name is Borislav and I will be glad to help you solve your problems with malware. Before we begin, please note the following:

  • The process of cleaning your system may take some time, so please be patient.
  • Follow my instructions step by step if there is a problem somewhere, stop and tell me.
  • Stay with the thread until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
  • Instructions that I give are for your system only!
  • If you don't know or can't understand something please ask.
  • Do not install or uninstall any software or hardware, while work on.
  • Keep me informed about any changes.

Step 1

Please check for updates and then go to the Settings tab then on the Scanner Settings and disable the Heuristics.Shuriken feature.

Step 2

Run a Disk Check on your C: drive in Windows Vista or Windws 7:

  • Click the Start vista-7-start.png button and select Computer
  • Right-click on C: and select Properties
  • Click on the Tools tab
  • Under Error-checking click the Check Now... button and click Continue at the User Account Control prompt
  • Mark the box next to Automatically fix file system errors and Scan for and attempt recovery of bad sectors
  • When the message box pops up, click the Schedule disk check button and restart your computer
  • Once your computer restarts it will check the drive, don't press any keys so that it is allowed to do so

Please let me know how it goes.

Link to post
Share on other sites

Hello Captnzin! Welcome to Malwarebytes' Anti-Malware Forums!

My name is Borislav and I will be glad to help you solve your problems with malware. Before we begin, please note the following:

  • The process of cleaning your system may take some time, so please be patient.
  • Follow my instructions step by step if there is a problem somewhere, stop and tell me.
  • Stay with the thread until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
  • Instructions that I give are for your system only!
  • If you don't know or can't understand something please ask.
  • Do not install or uninstall any software or hardware, while work on.
  • Keep me informed about any changes.

Step 1

Please check for updates and then go to the Settings tab then on the Scanner Settings and disable the Heuristics.Shuriken feature.

Step 2

Run a Disk Check on your C: drive in Windows Vista or Windws 7:

  • Click the Start vista-7-start.png button and select Computer
  • Right-click on C: and select Properties
  • Click on the Tools tab
  • Under Error-checking click the Check Now... button and click Continue at the User Account Control prompt
  • Mark the box next to Automatically fix file system errors and Scan for and attempt recovery of bad sectors
  • When the message box pops up, click the Schedule disk check button and restart your computer
  • Once your computer restarts it will check the drive, don't press any keys so that it is allowed to do so

Please let me know how it goes.

Thanks for the assist. I did as you instructed. Tried full scan again and received the same errors. Now where do we go?

Link to post
Share on other sites

No wayyyy.......

**Note: If you need more detailed information, please visit the web page of ComboFix in BleepingComputer. **

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Stay with me until given the 'all clear' even if symptoms diminish. Lack of symptoms does not always mean the job is complete.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by me or another helper.

Please download ComboFix from

Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop**

  1. If you are using Firefox, make sure that your download settings are as follows:
    • Open Tools -> Options -> Main tab
    • Set to Always ask me where to Save the files.

[*]During the download, rename Combofix to Combo-Fix as follows:

CF_download_FF.gif

CF_download_rename.gif

[*]It is important you rename Combofix during the download, but not after.

[*]Please do not rename Combofix to other names, but only to the one indicated.

[*]Close any open browsers.

[*]Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

-----------------------------------------------------------

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause unpredictable results.
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

    -----------------------------------------------------------


  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

-----------------------------------------------------------

[*]Double click on combo-Fix.exe & follow the prompts.

[*]When finished, it will produce a report for you.

[*]Please post the C:\Combo-Fix.txt for further review.

**Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall**

Link to post
Share on other sites

I did exactly as you requested.

Here is the report;

ComboFix 10-08-31.02 - Valhalla 09/01/2010 7:54.1.2 - x86

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3318.2414 [GMT -7:00]

Running from: c:\users\Valhalla\Desktop\Combo-Fix.exe

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\Install.exe

c:\users\Valhalla\GoToAssistDownloadHelper.exe

.

((((((((((((((((((((((((( Files Created from 2010-08-01 to 2010-09-01 )))))))))))))))))))))))))))))))

.

2010-09-01 15:02 . 2010-09-01 15:02 -------- dc----w- c:\users\Valhalla\AppData\Local\temp

2010-09-01 15:02 . 2010-09-01 15:02 -------- d-----w- c:\users\QBDataServiceUser17\AppData\Local\temp

2010-08-24 18:45 . 2010-08-25 12:53 571904 ----a-w- c:\windows\system32\oleaut32.dll

2010-08-22 15:17 . 2010-04-29 22:39 38224 -c--a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-08-22 15:17 . 2010-08-22 15:17 -------- dc----w- c:\program files\Malwarebytes' Anti-Malware

2010-08-22 15:17 . 2010-04-29 22:39 20952 -c--a-w- c:\windows\system32\drivers\mbam.sys

2010-08-18 20:12 . 2010-08-18 20:13 -------- dc----w- c:\program files\QuickTime

2010-08-11 21:48 . 2010-03-26 16:21 12255080 -c--a-w- c:\users\Valhalla\AppData\Roaming\Mozilla\Firefox\Profiles\xyx40x98.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}\plugins\npGarmin.dll

2010-08-10 22:02 . 2010-08-11 00:05 1286016 ----a-w- c:\windows\system32\drivers\tcpip.sys

2010-08-10 22:00 . 2010-08-11 00:05 82944 ----a-w- c:\windows\system32\iccvid.dll

2010-08-10 22:00 . 2010-08-11 00:05 197632 ----a-w- c:\windows\system32\ir32_32.dll

2010-08-10 22:00 . 2010-08-11 00:04 37376 ----a-w- c:\windows\system32\rtutils.dll

2010-08-10 21:59 . 2010-08-11 00:04 1233920 ----a-w- c:\windows\system32\msxml3.dll

2010-08-10 21:59 . 2010-08-11 00:04 310784 ----a-w- c:\windows\system32\drivers\srv.sys

2010-08-10 21:59 . 2010-08-11 00:04 307200 ----a-w- c:\windows\system32\drivers\srv2.sys

2010-08-10 21:59 . 2010-08-11 00:04 113664 ----a-w- c:\windows\system32\drivers\srvnet.sys

2010-08-10 21:57 . 2010-08-10 23:56 224256 ----a-w- c:\windows\system32\schannel.dll

2010-08-10 21:57 . 2010-08-10 23:56 2326016 ----a-w- c:\windows\system32\win32k.sys

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-09-01 14:51 . 2010-02-05 14:46 -------- dc----w- c:\programdata\Alwil Software

2010-08-22 15:17 . 2009-06-18 15:49 -------- dc----w- c:\users\Valhalla\AppData\Roaming\Malwarebytes

2010-08-22 15:17 . 2009-06-18 15:49 -------- dc----w- c:\programdata\Malwarebytes

2010-08-19 03:13 . 2010-07-14 21:57 -------- dc----w- c:\program files\Glary Utilities

2010-08-19 03:08 . 2008-10-03 23:48 -------- dc----w- c:\program files\CCleaner

2010-08-18 05:52 . 2009-12-11 22:24 -------- dc----w- c:\program files\Common Files\Adobe AIR

2010-08-18 05:51 . 2009-12-11 22:24 53632 -c--a-w- c:\users\Default\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe

2010-08-11 19:37 . 2009-10-24 18:06 -------- dc----w- c:\users\Valhalla\AppData\Roaming\Research In Motion

2010-08-11 19:21 . 2009-10-24 17:08 -------- dc----w- c:\program files\Research In Motion

2010-08-11 19:21 . 2008-09-12 17:14 -------- dc----w- c:\program files\Common Files\Research In Motion

2010-08-11 00:04 . 2007-07-15 15:06 -------- dc----w- c:\programdata\Microsoft Help

2010-08-10 23:56 . 2010-08-10 21:58 3955080 ----a-w- c:\windows\system32\ntkrnlpa.exe

2010-08-10 23:56 . 2010-08-10 21:58 3899784 ----a-w- c:\windows\system32\ntoskrnl.exe

2010-08-10 23:56 . 2010-08-10 21:58 978432 ----a-w- c:\windows\system32\wininet.dll

2010-08-09 20:52 . 2008-12-15 23:00 256 -c--a-w- c:\windows\system32\pool.bin

2010-07-31 23:42 . 2010-07-20 17:50 -------- dc----w- c:\program files\SD_alt

2010-07-22 18:00 . 2010-07-22 17:59 -------- dc----w- c:\program files\iTunes

2010-07-22 17:59 . 2010-07-22 17:59 -------- dc----w- c:\program files\iPod

2010-07-22 17:59 . 2007-09-18 01:54 -------- dc----w- c:\program files\Common Files\Apple

2010-07-22 17:57 . 2010-07-22 17:57 73000 -c--a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.2.1.4\SetupAdmin.exe

2010-07-20 17:43 . 2008-07-20 17:51 -------- dc----w- c:\program files\SD

2010-07-20 17:10 . 2010-03-21 18:25 -------- dc----w- c:\program files\Sexy Party

2010-07-15 12:40 . 2007-07-01 18:06 -------- dc----w- c:\programdata\Roxio

2010-07-14 22:32 . 2009-07-14 04:52 -------- dc----w- c:\program files\Windows Sidebar

2010-07-14 22:32 . 2009-07-14 04:52 -------- dc----w- c:\program files\Microsoft Games

2010-07-14 22:32 . 2008-07-13 19:49 -------- dc----w- c:\program files\Quicken

2010-07-14 22:32 . 2007-07-15 17:06 -------- dc----w- c:\program files\ProMash

2010-07-14 22:32 . 2007-07-15 17:05 -------- dc----w- c:\program files\Palm

2010-07-14 22:32 . 2007-07-01 18:16 -------- dc----w- c:\programdata\Dell

2010-07-14 22:32 . 2009-07-14 04:52 -------- dc----w- c:\program files\DVD Maker

2010-07-14 22:32 . 2008-07-13 22:25 -------- dc----w- c:\program files\092606

2010-07-14 22:02 . 2007-11-15 22:13 -------- dc----w- c:\users\Valhalla\AppData\Roaming\GlarySoft

2010-07-14 19:53 . 2010-07-14 19:53 -------- dc----w- c:\program files\SystemRequirementsLab

2010-07-14 03:50 . 2010-07-13 12:45 292864 ----a-w- c:\windows\system32\apphelp.dll

2010-06-24 22:42 . 2010-06-24 22:42 53248 -c--a-r- c:\users\Valhalla\AppData\Roaming\Microsoft\Installer\{B2F3FB19-D848-479C-818E-130ABC9366DB}\ARPPRODUCTICON.exe

2010-06-24 00:38 . 2010-06-24 00:38 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll

2010-06-24 00:38 . 2010-06-24 00:38 49472 ----a-w- c:\windows\system32\netfxperf.dll

2010-06-24 00:38 . 2010-06-24 00:38 297808 ----a-w- c:\windows\system32\mscoree.dll

2010-06-24 00:38 . 2010-06-24 00:38 295264 ----a-w- c:\windows\system32\PresentationHost.exe

2010-06-24 00:38 . 2010-06-24 00:38 1130824 ----a-w- c:\windows\system32\dfshim.dll

2010-06-24 00:38 . 2010-06-23 15:12 1286456 ----a-w- c:\windows\system32\ntdll.dll

2010-06-24 00:38 . 2010-06-23 15:12 641536 ----a-w- c:\windows\system32\CPFilters.dll

2010-06-24 00:38 . 2010-06-23 15:12 417792 ----a-w- c:\windows\system32\msdri.dll

2010-06-14 14:15 . 2010-06-08 22:45 67584 ----a-w- c:\windows\system32\asycfilt.dll

2010-06-14 14:14 . 2010-06-08 22:38 34304 ----a-w- c:\windows\system32\atmlib.dll

2010-06-14 14:14 . 2010-06-08 22:38 293888 ----a-w- c:\windows\system32\atmfd.dll

2010-06-14 14:12 . 2010-06-14 14:12 53632 -c--a-w- c:\users\Valhalla\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe

2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat

2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]

2008-11-18 19:58 333192 -c--a-w- c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-11-18 333192]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]

[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-11-18 333192]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]

[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2009-07-14 144384]

"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2007-08-30 205480]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2009-07-14 65024]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-17 815104]

"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-09-13 405504]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]

"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-07-13 47904]

"BlackBerryAutoUpdate"="c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2010-03-11 648536]

"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-14 206064]

"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-09-11 86960]

"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2007-03-12 232184]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-24 141848]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-24 173592]

"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-24 150552]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-16 141608]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-08-10 421888]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

QuickSet.lnk - c:\windows\Installer\{7F0C4457-8E64-491B-8D7B-991504365D1E}\NewShortcut2_53A01CC614B04512A2E710D39BF83DC4.exe [2007-7-1 45056]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Desktop Manager.lnk]

backup=c:\windows\pss\Desktop Manager.lnk.CommonStartup

backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Digital Line Detect.lnk]

backup=c:\windows\pss\Digital Line Detect.lnk.CommonStartup

backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]

backup=c:\windows\pss\QuickBooks Update Agent.lnk.CommonStartup

backupExtension=.CommonStartup

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickSet.lnk]

backup=c:\windows\pss\QuickSet.lnk.CommonStartup

backupExtension=.CommonStartup

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\QuickSet.lnk

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2010-06-20 02:04 35760 -c--a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AT&T Communication Manager]

2008-05-02 06:06 33280 -c--a-w- c:\program files\AT&T\Communication Manager\ATTCM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BlackBerryAutoUpdate]

2010-03-11 05:32 648536 -c--a-w- c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]

2007-03-15 17:09 460784 -c--a-w- c:\program files\DellSupport\DSAgnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter]

2008-08-14 01:32 206064 -c--a-w- c:\program files\Dell Support Center\bin\sprtcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]

2007-11-15 17:24 16384 -c--a-w- c:\program files\Dell Support Center\gs_agent\custom\dsca.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ECenter]

2007-03-16 10:20 17920 -c--a-w- c:\dell\E-Center\EULALauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2010-07-16 14:41 141608 -c--a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]

2007-05-03 02:16 184320 -c--a-w- c:\program files\Dell\MediaDirect\PCMService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2010-08-10 12:15 421888 -c--a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]

2007-03-12 14:11 232184 -c--a-w- c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]

2007-09-13 22:44 405504 ----a-w- c:\program files\Sigmatel\C-Major Audio\WDM\sttray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]

2009-07-14 01:14 65024 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe

.

Contents of the 'Scheduled Tasks' folder

2010-09-01 c:\windows\Tasks\GlaryInitialize.job

- c:\program files\Glary Utilities\initialize.exe [2010-07-14 18:21]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://today.ask.com/foxit?o=101706&l=dis

uInternet Settings,ProxyOverride = *.local

Trusted Zone: distinguished-brands.com\mail

Trusted Zone: turbotax.com

FF - ProfilePath - c:\users\Valhalla\AppData\Roaming\Mozilla\Firefox\Profiles\xyx40x98.default\

FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/

FF - plugin: c:\program files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll

FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: c:\users\Valhalla\AppData\Roaming\Mozilla\Firefox\Profiles\xyx40x98.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}\plugins\npGarmin.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);

.

- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-AppleSyncNotifier - c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

MSConfigStartUp-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2010-09-01 08:06:20

ComboFix-quarantined-files.txt 2010-09-01 15:06

Pre-Run: 53,120,520,192 bytes free

Post-Run: 52,960,653,312 bytes free

- - End Of File - - 218CF150BC3D8A65BF44960E15148C88

Link to post
Share on other sites

Please do the following to see if it resolves the issue.

Temporarily disable your Anti-Virus and other security software while installing and running.

  • Click on Start and select Control Panel
  • Open Add/Remove Programs
  • Uninstall Malwarebytes' Anti-Malware
  • Restart your computer very important
  • Download and run mbam-clean.exe from here
  • It will ask to restart your computer, please allow it to do so very important
  • After the computer restarts, temporarily disable your Anti-Virus and install the latest version of Malwarebytes' Anti-Malware from here
    • Note: You will need to reactivate the program using the license you were sent via email if using the Pro version
    • Launch the program and set the Protection and Registration. Then go to the UPDATE tab if not done during installation and check for updates.
      Restart the computer again and verify that MBAM is in the task tray if using the Pro version. Now setup any file exclusions as may be required in your Anti-Virus/Internet-Security/Firewall applications and restart your Anti-Virus/Internet-Security applications. You may use the guides posted in the FAQ's here or post to ask and we'll explain how to do it.

Link to post
Share on other sites

Step 1

Please download ATF Cleaner by Atribune.

This program is for XP and Windows 2000 only

  • Double-click ATF-Cleaner.exe to run the program.
    Under Main choose: Select All
    Click the Empty Selected button.

If you use Firefox browser

  • Click Firefox at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

  • Click Opera at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.

Step 2

Windows Vista and Windows 7:

  • Click on the Start vista-7-start.png button and select Control Panel
  • Click on Programs and Features
  • Uninstall Malwarebytes' Anti-Malware
  • Restart your computer very important
  • Download and run mbam-clean.exe from here
  • NOTE: If you get SHGetValue failed with error code 0, that only means that the tool has nothing to perform, continue on with the next step....
  • It will ask to restart your computer, please allow it to do so very important
  • After the computer restarts, temporarily disable your Anti-Virus and install the latest version of Malwarebytes' Anti-Malware from here
    • Note: You will need to reactivate the program using the license you were sent via email if using the Pro version
    • Launch the program and set the Protection and Registration. Then go to the UPDATE tab if not done during installation and check for updates.
      Restart the computer again and verify that MBAM is in the task tray if using the Pro version. Now setup any file exclusions as may be required in your Anti-Virus/Internet-Security/Firewall applications and restart your Anti-Virus/Internet-Security applications. You may use the guides posted in the FAQ's here or ask me and I'll explain how to do it.

Link to post
Share on other sites

I really don't know.

ESET Online Scanner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however may need to disable your current installed Anti-Virus, how to do so can be read here.

  • Please go here then click on: EOLS1.gif
  • Select the option YES, I accept the Terms of Use then click on: EOLS2.gif
  • When prompted allow the Add-On/Active X to install.
  • Now click on Advanced Settings and select the following:

    • Remove found threats
    • Scan archives
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology

[*]Now click on: EOLS3.gif

[*]The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.

[*]When completed the Online Scan will begin automatically.

[*]Do not touch either the Mouse or keyboard during the scan otherwise it may stall.

[*]When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!

[*]Now click on: EOLS4.gif

[*]Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.

[*]Copy and paste that log as a reply to this topic.

Note: Do not forget to re-enable your Anti-Virus application after running the above scan!

Link to post
Share on other sites

<Moderator kibbitz>

It is a good sign that the ESET online scan was clear. And yes, those types of scans can take several hours, depending on how much is on your HDD, how fast your processor is, and how many files are on your system.

Do a CHKDSK as per this Microsoft article http://windows.microsoft.com/en-US/windows...disk-for-errors

Let's have you turn off heuristics check in MBAM and then you can retry MBAM scan.

Start MBAM. Click the Settings tab (at top).

Then click the Scanner settings tab (middle tab).

Look at this entry and un-check it if it is checked (tickmarked):

Enable advanced heuristics engine

Apply changes.

Now retry MBAM scan again.

Link to post
Share on other sites

Let's have you empty out the Avast Virus Chest.

Start Avast - open the Virus Chest {chest icon} - go to the Infected items section - select all items in there for permanent deletion.

Right- click on the avast! icon in system tray. Select avast! shields control and there will be options to disable avast for 10 minutes, 1 hour, until the computer is restarted or permanently.

Select the one for 1 hour.

Show all files:

  • Click the Start button 4f6cbd09-148c-4dd8-b1f2-48f232a2fd33.jpg , and then click Control Panel >> Appearance and Personalization >> Folder Options.
  • Click the View tab.
    Under Advanced settings, click Show hidden files, folders, and drives, and then click OK.
  • Click Apply > OK.

Please download Rooter.exe and save to your desktop.

alternate download link

  • Double-click on Rooter.exe to start the tool. If using Vista, right-click and Run as Administrator...
  • Click the Scan button to begin.
  • Once the scan is complete, Notepad will open with a report named Rooter_#.txt (where # is the number assigned to the report).
  • A folder will be created at the %systemdrive% (usually, C:\Rooter$) where the log will be saved.
  • Rooter will automatically close. If it doesn't, just press the Close button.
  • Copy and paste the contents of Rooter_#.txt in your next reply.

Important: Before performing a scan it is recommended to do the following to ensure more accurate results and avoid common issues that may cause false detections.

  • Disconnect from the Internet or physically unplug you Internet cable connection.
  • Close all open programs, scheduling/updating tasks and background processes that might activate during the scan including the screensaver.
  • Temporarily disable your anti-virus and real-time anti-spyware protection.
  • After starting the scan, do not use the computer until the scan has completed.

Download Random's System Information Tool (RSIT) by random/random from here and save it to your desktop.

  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

Reply with copy of contents of the Rooter log

Log.txt

Info.txt

Do not make attachments. Always copy & Paste into body of reply-text box.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.