Jump to content

Malwarebytes Crashes


Recommended Posts

I posted this in another thread and the help I'm getting there is pretty much useless. So I will provide all the data I can think of right here along with a HijackThis log I just generated. First off there's the prepared file I made that includes files made by mbams own tools (bug collector and developer mode). I tried uninstalling running mbam-clean and reinstalling/updating. I'm running a dual boot setup with Windows and Ubuntu but, I don't think any Linux files are to blame. The error occurs only when I full scan and have the setting to scan filesystem objects turned on. The crash is usually preceded by an error. The crash is only the mbam program itself not the computer. My Computer (especially my Windows 7-32 partition) is kept completely up to date. Turning off the heuristics doesn't help. I'm not using a licensed copy of mbam and cannot afford one right now. Other antivirus's/firewalls: Comodo Firewall is on (and not blocking mbam), Windows Firewall was on, is now off (no difference). Windows Defender is on. After mbam started crashing I've run ClamWin a few times (it doesn't run actively). If there's anything I've missed do tell (but, please don't ask me to repeat myself.)

mbam_bug_report_info.zip

hijackthis.zip

Link to post
Share on other sites

Hi,

Download ComboFix from one of these locations:

Link 1

Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Here is a guide on how to disable them:
    Click me
    If you can't disable them then just continue on.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

RcAuto1.gif

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

whatnext.png

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt log in your next reply.

Link to post
Share on other sites

Hi,

Download ComboFix from one of these locations:

Link 1

Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Here is a guide on how to disable them:
    Click me
    If you can't disable them then just continue on.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

RcAuto1.gif

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

whatnext.png

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt log in your next reply.

I did run the tool and after probably 2 hours of it running and 20 minutes of me fixing what it broke (ComboFix always does that to me, tis why I avoided it). My computer seems to be back the way it was before running combofix (not including any fixes it made) and I'm currently trying another scan. I'll post the results when it's finished.

Link to post
Share on other sites

I did run the tool and after probably 2 hours of it running and 20 minutes of me fixing what it broke (ComboFix always does that to me, tis why I avoided it). My computer seems to be back the way it was before running combofix (not including any fixes it made) and I'm currently trying another scan. I'll post the results when it's finished.

Forgot the log:

ComboFix.txt

Link to post
Share on other sites

Hi,

Please do not attach your logs as it is harder for me to read them that way. Post them instead:

ComboFix 10-09-20.01 - Greg 09/20/2010 13:29:49.1.2 - x86

Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.3582.2571 [GMT -4:00]

Running from: c:\users\Greg\Downloads\ComboFix.exe

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\users\Greg\AppData\Roaming\inst.exe

c:\windows\system32\sda

c:\windows\system32\sda\SDRTCPRM.dll

.

((((((((((((((((((((((((( Files Created from 2010-08-20 to 2010-09-20 )))))))))))))))))))))))))))))))

.

2010-09-20 18:22 . 2010-09-20 18:23 -------- dc----w- c:\users\Greg\AppData\Local\temp

2010-09-20 18:22 . 2010-09-20 18:22 -------- dc----w- c:\users\Default\AppData\Local\temp

2010-09-20 15:52 . 2010-09-20 15:52 -------- dc----w- c:\users\Greg\AppData\Local\MetaGeek,_LLC

2010-09-18 16:20 . 2010-09-18 16:20 45126 -c--a-r- c:\users\Greg\AppData\Roaming\Microsoft\Installer\{C7DEE429-4C9B-4126-894F-50B4F54FF196}\_6FEFF9B68218417F98F549.exe

2010-09-18 16:20 . 2010-09-18 16:20 45126 -c--a-r- c:\users\Greg\AppData\Roaming\Microsoft\Installer\{C7DEE429-4C9B-4126-894F-50B4F54FF196}\_322FD67B4052E9187FCAD5.exe

2010-09-18 16:20 . 2010-09-18 16:20 -------- dc----w- c:\program files\MetaGeek

2010-09-18 13:52 . 2010-09-18 13:52 737072 -c--a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll

2010-09-18 13:52 . 2010-09-18 13:52 737072 -c--a-w- c:\programdata\Application Data\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll

2010-09-18 13:52 . 2010-09-18 13:52 737072 -c--a-w- c:\programdata\Application Data\Application Data\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll

2010-09-18 13:52 . 2010-09-18 13:52 737072 -c--a-w- c:\programdata\Application Data\Application Data\Application Data\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll

2010-09-18 13:52 . 2010-09-18 13:52 737072 -c--a-w- c:\programdata\Application Data\Application Data\Application Data\Application Data\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll

2010-09-18 13:52 . 2010-09-18 13:52 737072 -c--a-w- c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll

2010-09-18 13:52 . 2010-09-18 13:52 737072 -c--a-w- c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll

2010-09-18 13:52 . 2010-09-18 13:52 737072 -c--a-w- c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll

2010-09-18 13:52 . 2010-09-18 13:52 737072 -c--a-w- c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll

2010-09-18 13:52 . 2010-09-18 13:52 737072 -c--a-w- c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll

2010-09-17 21:31 . 2010-09-17 21:31 -------- d-----w- C:\found.000

2010-09-17 18:43 . 2010-09-17 18:43 -------- dc--a-w- c:\users\Greg\AppData\Roaming\wine_gecko

2010-09-14 19:41 . 2010-09-14 19:46 316928 ----a-w- c:\windows\system32\spoolsv.exe

2010-09-13 20:44 . 2010-09-13 20:44 -------- dc----w- c:\program files\What's my computer doing

2010-09-08 23:41 . 2010-09-08 23:41 -------- dc----w- c:\program files\iPod

2010-09-08 23:37 . 2010-09-08 23:38 -------- dc----w- c:\program files\QuickTime

2010-09-08 23:35 . 2010-09-08 23:35 -------- dc----w- c:\program files\Bonjour

2010-09-08 21:20 . 2010-09-08 21:20 -------- dc----w- c:\users\Greg\AppData\Roaming\JGsoft

2010-09-08 21:19 . 2010-09-08 21:19 -------- dc----w- c:\program files\JGsoft

2010-09-08 21:19 . 2010-04-13 07:30 66800 -c--a-w- c:\windows\UnDeployV.exe

2010-09-08 21:04 . 2010-09-08 21:04 -------- dc----w- c:\program files\Gadwin Systems

2010-09-08 21:00 . 2010-09-08 21:00 -------- dc----w- c:\users\Greg\AppData\Roaming\PDF Writer

2010-09-08 21:00 . 2010-09-08 21:00 -------- dc----w- c:\users\Greg\AppData\Local\PDF Writer

2010-09-08 21:00 . 2010-09-08 21:00 -------- dc----w- c:\programdata\PDF Writer

2010-09-08 20:55 . 2010-09-08 20:55 -------- dc----w- c:\program files\Common Files\Bullzip

2010-09-08 20:55 . 2008-10-31 03:15 227840 -c--a-w- c:\windows\system32\bzFlRdr.dll

2010-09-08 20:55 . 2008-07-10 04:19 103424 -c--a-w- c:\windows\system32\bzDCT.dll

2010-09-08 20:55 . 2010-05-30 22:36 135168 -c--a-w- c:\windows\system32\bzpdfc.dll

2010-09-08 20:55 . 2010-05-25 02:13 196096 -c--a-w- c:\windows\system32\bzpdf.dll

2010-09-08 20:55 . 2010-09-08 20:55 -------- dc----w- c:\program files\Bullzip

2010-09-08 19:23 . 2010-04-29 19:39 38224 -c--a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-09-08 19:23 . 2010-09-08 19:23 -------- dc----w- c:\program files\Malwarebytes' Anti-Malware

2010-09-08 19:23 . 2010-04-29 19:39 20952 -c--a-w- c:\windows\system32\drivers\mbam.sys

2010-09-08 02:06 . 2010-09-08 02:53 -------- dc--a-w- C:\mondo.tmp.eJkZ9a

2010-09-08 01:40 . 2010-09-08 01:40 -------- dc--a-w- C:\mondo.tmp.s8jREL

2010-09-01 23:04 . 2010-09-01 23:04 -------- dc----w- c:\users\Greg\AppData\Roaming\pschmid.net

2010-09-01 23:03 . 2010-09-01 23:03 -------- dc----w- c:\users\Greg\AppData\Local\pschmid.net

2010-09-01 21:39 . 2010-09-01 21:39 -------- dc----w- c:\windows\system32\RTCOM

2010-09-01 21:21 . 2009-10-05 13:31 1221632 -c--a-w- c:\windows\system32\drivers\athr.sys

2010-09-01 21:21 . 2009-10-05 13:31 1221632 -c--a-w- c:\windows\system32\athr.sys

2010-09-01 18:01 . 2010-09-01 18:01 -------- dc----w- c:\users\Greg\AppData\Roaming\DeviceDoctorSoftware

2010-09-01 13:12 . 2010-09-01 13:12 73000 -c--a-w- c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Apple Computer\Installer Cache\iTunes 10.0.0.68\SetupAdmin.exe

2010-09-01 13:12 . 2010-09-01 13:12 73000 -c--a-w- c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Apple Computer\Installer Cache\iTunes 10.0.0.68\SetupAdmin.exe

2010-09-01 13:12 . 2010-09-01 13:12 73000 -c--a-w- c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Apple Computer\Installer Cache\iTunes 10.0.0.68\SetupAdmin.exe

2010-09-01 13:12 . 2010-09-01 13:12 73000 -c--a-w- c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Apple Computer\Installer Cache\iTunes 10.0.0.68\SetupAdmin.exe

2010-09-01 13:12 . 2010-09-01 13:12 73000 -c--a-w- c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Apple Computer\Installer Cache\iTunes 10.0.0.68\SetupAdmin.exe

2010-09-01 13:12 . 2010-09-01 13:12 73000 -c--a-w- c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Apple Computer\Installer Cache\iTunes 10.0.0.68\SetupAdmin.exe

2010-09-01 13:12 . 2010-09-01 13:12 73000 -c--a-w- c:\programdata\Application Data\Application Data\Application Data\Application Data\Apple Computer\Installer Cache\iTunes 10.0.0.68\SetupAdmin.exe

2010-09-01 13:12 . 2010-09-01 13:12 73000 -c--a-w- c:\programdata\Application Data\Application Data\Application Data\Apple Computer\Installer Cache\iTunes 10.0.0.68\SetupAdmin.exe

2010-09-01 13:12 . 2010-09-01 13:12 73000 -c--a-w- c:\programdata\Application Data\Application Data\Apple Computer\Installer Cache\iTunes 10.0.0.68\SetupAdmin.exe

2010-09-01 13:12 . 2010-09-01 13:12 73000 -c--a-w- c:\programdata\Application Data\Apple Computer\Installer Cache\iTunes 10.0.0.68\SetupAdmin.exe

2010-09-01 13:12 . 2010-09-01 13:12 73000 -c--a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 10.0.0.68\SetupAdmin.exe

2010-08-31 18:03 . 2010-08-31 18:08 -------- dc----w- c:\program files\PcMedik

2010-08-28 19:36 . 2010-08-18 21:25 52224 -c--a-w- c:\users\Greg\AppData\Roaming\Mozilla\Firefox\Profiles\nolkkiie.default\extensions\{98ddacf9-f1d7-4baa-9d10-44840e8ada77}\components\FFExternalAlert.dll

2010-08-28 19:36 . 2010-08-18 21:25 101376 -c--a-w- c:\users\Greg\AppData\Roaming\Mozilla\Firefox\Profiles\nolkkiie.default\extensions\{98ddacf9-f1d7-4baa-9d10-44840e8ada77}\components\RadioWMPCore.dll

2010-08-25 20:37 . 2010-08-25 20:37 -------- dc----w- c:\programdata\RoboForm

2010-08-25 20:35 . 2010-08-25 20:35 -------- dc----w- c:\program files\Siber Systems

2010-08-24 21:26 . 2010-08-24 21:29 571904 ----a-w- c:\windows\system32\oleaut32.dll

2010-08-23 17:03 . 2010-08-23 17:03 -------- dc----w- c:\users\Greg\AppData\Roaming\EndNote

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-09-20 15:54 . 2009-11-23 19:07 -------- dc----w- c:\program files\Mozilla Thunderbird

2010-09-20 05:57 . 2009-09-27 17:38 -------- dc----w- c:\users\Greg\AppData\Roaming\vlc

2010-09-19 23:45 . 2009-09-27 04:42 -------- dc----w- c:\program files\eclipse

2010-09-18 05:43 . 2009-09-27 15:59 -------- dc----w- c:\users\Greg\AppData\Roaming\Software Informer

2010-09-15 04:51 . 2010-01-13 04:55 -------- dc----w- c:\users\Greg\AppData\Roaming\uTorrent

2010-09-14 19:46 . 2009-10-06 20:09 -------- dc----w- c:\programdata\Microsoft Help

2010-09-12 17:37 . 2009-10-15 15:05 -------- dc----w- c:\program files\MyDefrag

2010-09-10 17:07 . 2009-09-27 16:21 -------- dc----w- c:\program files\Opera

2010-09-08 23:42 . 2009-09-27 17:20 -------- dc----w- c:\program files\iTunes

2010-09-08 23:41 . 2009-09-27 17:19 -------- dc----w- c:\program files\Common Files\Apple

2010-09-08 23:29 . 2010-02-25 19:39 -------- dc----w- c:\users\Greg\AppData\Roaming\Skype

2010-09-08 23:28 . 2010-02-25 19:43 -------- dc----w- c:\users\Greg\AppData\Roaming\skypePM

2010-09-08 22:26 . 2009-09-27 15:43 -------- dc----w- c:\program files\CCleaner

2010-09-08 20:05 . 2009-10-21 02:08 59 -c--a-w- c:\windows\wpd99.drv

2010-09-08 20:05 . 2009-10-21 02:08 -------- dc----w- c:\programdata\pdf995

2010-09-08 19:23 . 2009-09-27 15:53 -------- dc----w- c:\users\Greg\AppData\Roaming\Malwarebytes

2010-09-08 19:23 . 2009-09-27 15:53 -------- dc----w- c:\programdata\Malwarebytes

2010-09-06 02:23 . 2009-11-20 19:29 -------- dc----w- c:\users\Greg\AppData\Roaming\RipIt4Me

2010-09-06 02:11 . 2009-11-04 01:12 -------- dc----w- c:\users\Greg\AppData\Roaming\dvdcss

2010-09-01 21:39 . 2009-09-26 21:43 -------- dc-h--w- c:\program files\Temp

2010-09-01 21:38 . 2009-09-26 21:35 -------- dc-h--w- c:\program files\InstallShield Installation Information

2010-09-01 21:31 . 2009-09-27 17:36 -------- dc----w- c:\program files\Microsoft Silverlight

2010-09-01 21:22 . 2009-09-27 02:05 -------- dc----w- c:\programdata\Atheros

2010-09-01 21:18 . 2009-09-26 21:43 -------- dc----w- c:\program files\Realtek

2010-08-31 18:32 . 2010-01-13 04:57 -------- dc----w- c:\program files\uTorrent

2010-08-27 20:21 . 2009-12-15 20:48 -------- dc----w- c:\program files\Final Fantasy VII

2010-08-17 20:31 . 2009-09-27 15:50 -------- dc----w- c:\program files\FileHippo.com

2010-08-11 18:59 . 2010-08-11 18:51 1286016 ----a-w- c:\windows\system32\drivers\tcpip.sys

2010-08-11 18:58 . 2010-08-11 18:51 82944 ----a-w- c:\windows\system32\iccvid.dll

2010-08-11 18:58 . 2010-08-11 18:51 197632 ----a-w- c:\windows\system32\ir32_32.dll

2010-08-11 18:58 . 2010-08-11 18:51 37376 ----a-w- c:\windows\system32\rtutils.dll

2010-08-11 18:58 . 2010-08-11 18:51 1233920 ----a-w- c:\windows\system32\msxml3.dll

2010-08-11 18:58 . 2010-08-11 18:51 310784 ----a-w- c:\windows\system32\drivers\srv.sys

2010-08-11 18:58 . 2010-08-11 18:51 307200 ----a-w- c:\windows\system32\drivers\srv2.sys

2010-08-11 18:58 . 2010-08-11 18:51 113664 ----a-w- c:\windows\system32\drivers\srvnet.sys

2010-08-11 18:54 . 2010-08-11 18:51 3955080 ----a-w- c:\windows\system32\ntkrnlpa.exe

2010-08-11 18:54 . 2010-08-11 18:51 3899784 ----a-w- c:\windows\system32\ntoskrnl.exe

2010-08-11 18:54 . 2010-08-11 18:51 978432 ----a-w- c:\windows\system32\wininet.dll

2010-08-11 18:53 . 2010-08-11 18:51 224256 ----a-w- c:\windows\system32\schannel.dll

2010-08-11 18:53 . 2010-08-11 18:50 2326016 ----a-w- c:\windows\system32\win32k.sys

2010-08-11 18:26 . 2010-07-18 16:48 -------- dc----w- c:\program files\Common Files\Adobe AIR

2010-08-11 18:26 . 2010-07-18 16:48 53632 -c--a-w- c:\users\Default\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe

2010-08-11 18:16 . 2010-08-11 18:15 -------- dc----w- c:\program files\ConvertAllPortable

2010-08-11 18:11 . 2010-08-11 18:10 -------- dc----w- c:\program files\ClamWinPortable

2010-08-03 19:04 . 2010-08-03 19:04 -------- dc----w- c:\users\Greg\AppData\Roaming\OverDrive

2010-08-03 19:02 . 2010-08-03 19:02 -------- dc----w- c:\program files\OverDrive Media Console

2010-08-03 18:58 . 2010-08-03 18:57 -------- dc----w- c:\users\Greg\AppData\Roaming\Mobipocket

2010-08-03 18:57 . 2010-08-03 18:57 50008 -c--a-r- c:\users\Greg\AppData\Roaming\Microsoft\Installer\{342126E1-173C-4585-BFBE-3EBDD20E3E9E}\_6FEFF9B68218417F98F549.exe

2010-08-03 18:57 . 2010-08-03 18:57 -------- dc----w- c:\program files\Mobipocket.com

2010-08-03 18:24 . 2010-08-03 18:23 -------- dc----w- c:\programdata\Thomson.ResearchSoft.Installers

2010-08-03 18:24 . 2010-08-03 18:24 -------- dc----w- c:\program files\Common Files\Risxtd

2010-08-03 18:24 . 2010-08-03 18:24 -------- dc----w- c:\program files\Common Files\ResearchSoft

2010-08-03 18:24 . 2010-08-03 18:23 -------- dc----w- c:\program files\EndNote X3

2010-07-27 22:44 . 2010-07-27 22:44 91424 -c--a-w- c:\windows\system32\dnssd.dll

2010-07-27 22:44 . 2010-07-27 22:44 107808 -c--a-w- c:\windows\system32\dns-sd.exe

2010-07-25 00:44 . 2009-09-26 21:54 130376 -c--a-w- c:\users\Greg\AppData\Local\GDIPFONTCACHEV1.DAT

2010-07-25 00:29 . 2010-07-25 00:29 626688 -c--a-r- c:\users\Greg\AppData\Roaming\Microsoft\Installer\{E874DEDA-38C2-4F70-ABC1-434BB3BF6A3A}\Tomboy.exe

2010-07-25 00:29 . 2010-05-07 16:01 -------- dc----w- c:\program files\Tomboy

2010-07-18 16:46 . 2010-07-18 16:48 53632 -c--a-w- c:\users\Greg\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe

2010-07-11 22:50 . 2010-04-16 13:22 423656 -c--a-w- c:\windows\system32\deployJava1.dll

2010-06-25 19:08 . 2010-06-25 19:07 1286456 ----a-w- c:\windows\system32\ntdll.dll

2010-06-25 19:08 . 2010-06-25 19:07 641536 ----a-w- c:\windows\system32\CPFilters.dll

2010-06-25 19:08 . 2010-06-25 19:07 417792 ----a-w- c:\windows\system32\msdri.dll

2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat

2006-05-03 09:06 . 2010-07-07 20:03 163328 -csh--r- c:\windows\System32\flvDX.dll

2007-02-21 10:47 . 2010-07-07 20:03 31232 -csh--r- c:\windows\System32\msfDX.dll

2008-03-16 12:30 . 2010-07-07 20:03 216064 -csh--r- c:\windows\System32\nbDX.dll

2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]

"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2010-08-25 160328]

"Gadwin PrintScreen"="c:\program files\Gadwin Systems\PrintScreen\PrintScreen.exe" [2008-12-09 495616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-08-14 1348904]

"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-11-25 98304]

"ATICustomerCare"="c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe" [2009-06-14 307200]

"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2009-10-26 742712]

"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2009-11-06 480608]

"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2009-03-09 55160]

"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2009-07-28 460088]

"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2010-06-08 2039240]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-09-16 7739936]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\windows\System32\guard32.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CLPSLS]

@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]

backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup

backupExtension=.CommonStartup

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Ultra Hal Assistant Startup.lnk]

backup=c:\windows\pss\Ultra Hal Assistant Startup.lnk.CommonStartup

backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WDDMStatus.lnk]

backup=c:\windows\pss\WDDMStatus.lnk.CommonStartup

backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WDSmartWare.lnk]

backup=c:\windows\pss\WDSmartWare.lnk.CommonStartup

backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^What's my computer doing.lnk]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\What's my computer doing.lnk

backup=c:\windows\pss\What's my computer doing.lnk.CommonStartup

backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2010-06-09 08:06 976832 -c--a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2010-06-20 02:04 35760 -c--a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Connectify]

2010-06-14 12:14 1121792 -c--a-w- c:\program files\Connectify\Connectify.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]

2010-04-01 09:16 357696 -c--a-w- c:\program files\DAEMON Tools Lite\DTLite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

2010-06-10 00:55 49208 -c--a-w- c:\program files\HP\HP Software Update\hpwuschd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]

2008-07-22 22:33 150528 -c--a-w- c:\program files\HP\Digital Imaging\bin\HpqSRmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2010-09-01 12:32 421160 -c--a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nitro PDF Printer Monitor]

2009-03-04 20:27 209216 -c--a-w- c:\program files\Nitro PDF\Professional\NitroPDFPrinterMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2010-08-10 09:15 421888 -c--a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]

2009-07-14 01:14 1173504 ----a-w- c:\program files\Windows Sidebar\sidebar.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2010-05-14 15:44 248552 -c--a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]

2010-08-31 18:32 328568 -c--a-w- c:\program files\uTorrent\uTorrent.exe

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R3 ActionReplayDS;ActionReplayDS;c:\windows\system32\Drivers\ActionReplayDS.sys [2007-02-08 29184]

R3 BrlAPI;BrlAPI;c:\cygwin\bin\cygrunsrv.exe [2008-03-18 68096]

R3 connctfy;Connectify Service;c:\windows\system32\DRIVERS\connctfy.sys [2010-06-14 29248]

R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys [2009-07-24 25112]

R3 MAC607;MAC607 Filter;c:\windows\system32\DRIVERS\MAC607.sys [2007-03-05 22144]

R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-04-29 38224]

R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2009-02-18 2769658]

R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]

R3 VSPerfDrv100;Performance Tools Driver 10.0;c:\program files\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\VSPerfDrv100.sys [2009-12-09 48128]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-02-24 1343400]

R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [2009-02-13 11520]

R4 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2009-09-28 133104]

R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2008-07-10 47128]

R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [2009-03-30 239336]

R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2009-11-11 691696]

R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 366936]

S0 hotcore3;hc3ServiceName;c:\windows\system32\DRIVERS\hotcore3.sys [2010-04-01 40560]

S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2010-06-21 224240]

S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2010-06-08 30112]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-11-25 172032]

S2 CLPSLS;COMODO livePCsupport Service;c:\program files\COMODO\COMODO livePCsupport\CLPSLS.exe [2010-02-19 148744]

S2 WDDMService;WD SmartWare Drive Manager;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2009-11-05 110592]

S2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [2009-06-16 20480]

S3 connctfyMP;connctfyMP;c:\windows\system32\DRIVERS\connctfy.sys [2010-06-14 29248]

S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [2009-07-07 7680]

S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-08-05 171520]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2010-01-12 257568]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

iissvcs REG_MULTI_SZ w3svc was

apphost REG_MULTI_SZ apphostsvc

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

HPService REG_MULTI_SZ HPSLPSVC

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

Contents of the 'Scheduled Tasks' folder

2009-10-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-28 12:53]

2009-10-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-28 12:53]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.daemon-search.com/startpage

uInternet Settings,ProxyOverride = *.local

IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000

IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html

IE: RoboForm Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html

IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html

LSP: %SystemRoot%\system32\PrxerDrv.dll

TCP: {9B3BC02E-BD13-4E74-9EB8-724E58A4B86A} = 156.154.70.22,156.154.71.22

TCP: {A3831605-80D1-467C-BE42-99CB456E2190} = 156.154.70.22,156.154.71.22

TCP: {E538A58F-58DD-41A0-8B1F-AA82D1620D75} = 156.154.70.22,156.154.71.22

TCP: 16474777966696 = 156.154.70.22,156.154.71.22

TCP: 2596368602E456470223 = 156.154.70.22,156.154.71.22

TCP: 4646D2772747 = 156.154.70.22,156.154.71.22

TCP: 7457563747 = 156.154.70.22,156.154.71.22

TCP: C416B65667965677 = 156.154.70.22,156.154.71.22

TCP: C696E6B6379737 = 156.154.70.22,156.154.71.22

FF - ProfilePath - c:\users\Greg\AppData\Roaming\Mozilla\Firefox\Profiles\nolkkiie.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1098640&SearchSource=3&q=

FF - prefs.js: browser.search.selectedEngine - Scroogle

FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT972927&SearchSource=13

FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT972927&q=

FF - prefs.js: network.proxy.type - 4

FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll

FF - component: c:\program files\Siber Systems\AI RoboForm\Firefox\components\rfproxy_31.dll

FF - component: c:\users\Greg\AppData\Roaming\Mozilla\Firefox\Profiles\nolkkiie.default\extensions\{98ddacf9-f1d7-4baa-9d10-44840e8ada77}\components\FFExternalAlert.dll

FF - component: c:\users\Greg\AppData\Roaming\Mozilla\Firefox\Profiles\nolkkiie.default\extensions\{98ddacf9-f1d7-4baa-9d10-44840e8ada77}\components\RadioWMPCore.dll

FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll

FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\NPHapPlugin411.dll

FF - plugin: c:\program files\Opera\program\plugins\NPHapPlugIn411.dll

FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll

---- FIREFOX POLICIES ----

FF - user.js: browser.cache.memory.capacity - 65536

FF - user.js: browser.chrome.favicons - fales

FF - user.js: browser.display.show_image_placeholders - true

FF - user.js: browser.turbo.enabled - true

FF - user.js: browser.urlbar.autocomplete.enabled - true

FF - user.js: browser.urlbar.autofill - true

FF - user.js: content.interrupt.parsing - true

FF - user.js: content.max.tokenizing.time - 2250000

FF - user.js: content.notify.backoffcount - 5

FF - user.js: content.notify.interval - 750000

FF - user.js: content.notify.ontimer - true

FF - user.js: content.switch.threshold - 750000

FF - user.js: network.http.max-connections - 48

FF - user.js: network.http.max-connections-per-server - 16

FF - user.js: network.http.max-persistent-connections-per-proxy - 16

FF - user.js: network.http.max-persistent-connections-per-server - 8

FF - user.js: network.http.pipelining - true

FF - user.js: network.http.pipelining.firstrequest - true

FF - user.js: network.http.pipelining.maxrequests - 8

FF - user.js: network.http.proxy.pipelining - true

FF - user.js: network.http.request.max-start-delay - 0

FF - user.js: nglayout.initialpaint.delay - 0

FF - user.js: plugin.expose_full_path - true

FF - user.js: ui.submenuDelay - 0

FF - user.js: yahoo.homepage.dontask - true

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);

.

- - - - ORPHANS REMOVED - - - -

ActiveSetup-Nitro PDF Professional - (no file)

AddRemove-Final Fantasy VII - c:\program files\Final Fantasy VII\Uninst.isu

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]

"ImagePath"="c:\windows\system32\GameMon.des -service"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(664)

c:\windows\system32\guard32.dll

- - - - - - - > 'lsass.exe'(572)

c:\windows\system32\guard32.dll

.

Completion time: 2010-09-20 15:15:17

ComboFix-quarantined-files.txt 2010-09-20 19:15

Pre-Run: 23,982,448,640 bytes free

Post-Run: 23,899,975,680 bytes free

- - End Of File - - 64F404F3F7DD24BB288F1897A1485A0E

Link to post
Share on other sites

Hi,

Download TFC to your desktop

  • Open the file and close any other windows.
  • It will close all programs itself when run, make sure to let it run uninterrupted.
  • Click the Start button to begin the process. The program should not take long to finish its job
  • Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

I'd like us to scan your machine with ESET OnlineScan

  1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  2. Click the esetOnline.png button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

    1. Click on esetSmartInstall.png to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the esetSmartInstallDesktopIcon.png icon on your desktop.

    3. Check esetAcceptTerms.png
    4. Click the esetStart.png button.
    5. Accept any security warnings from your browser.
    6. Check esetScanArchives.png
    7. Push the Start button.
    8. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    9. When the scan completes, push esetListThreats.png
    10. Push esetExport.png, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    11. Push the esetBack.png button.
    12. Push esetFinish.png

Link to post
Share on other sites

Hi,

Download TFC to your desktop

  • Open the file and close any other windows.
  • It will close all programs itself when run, make sure to let it run uninterrupted.
  • Click the Start button to begin the process. The program should not take long to finish its job
  • Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

I'd like us to scan your machine with ESET OnlineScan

  1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  2. Click the esetOnline.png button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

    1. Click on esetSmartInstall.png to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the esetSmartInstallDesktopIcon.png icon on your desktop.

    3. Check esetAcceptTerms.png
    4. Click the esetStart.png button.
    5. Accept any security warnings from your browser.
    6. Check esetScanArchives.png
    7. Push the Start button.
    8. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    9. When the scan completes, push esetListThreats.png
    10. Push esetExport.png, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    11. Push the esetBack.png button.
    12. Push esetFinish.png


      I've not yet followed your advice but, I was wondering what exactly TFC does.
      Before reading this reply I decided to run a full scan and watch to see when mbam crashes and it seems to be around C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files after the full scan I ran a quick scan on that folder (via the context menu) and after a few minutes of scanning got the following error:
      Run0time error '28':
      Out of stack space
      I honestly didn't think about Temporary files before since I use programs like CCleaner to get rid of them but, it seems these files are in use even when my browsers are not (thus I can't delete them.)
      Since they aren't attached to my browsers I'm thinking these files are either attached to a background service like my Firewall (though I've never had an issue before) or some new virus.
Link to post
Share on other sites

Hi,

TFC (Temp File Cleaner) will clear out some temp folders.

Please do this (I've added MBAM to the instructions):

Download TFC to your desktop

  • Open the file and close any other windows.
  • It will close all programs itself when run, make sure to let it run uninterrupted.
  • Click the Start button to begin the process. The program should not take long to finish its job
  • Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Start Malwarebytes' Anti-Malware

  • Once the program has loaded, click the "Update" tab and click the "Check For updates" button.
  • Once the updates were downloaded, click the "Scanner" tab, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

I'd like us to scan your machine with ESET OnlineScan

  1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  2. Click the esetOnline.png button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

    1. Click on esetSmartInstall.png to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the esetSmartInstallDesktopIcon.png icon on your desktop.

    3. Check esetAcceptTerms.png
    4. Click the esetStart.png button.
    5. Accept any security warnings from your browser.
    6. Check esetScanArchives.png
    7. Push the Start button.
    8. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    9. When the scan completes, push esetListThreats.png
    10. Push esetExport.png, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    11. Push the esetBack.png button.
    12. Push esetFinish.png

Link to post
Share on other sites

Hi,

Do you still advise I run the ESET scan?

The MBAM crashes weren't caused by malware, so you don't have to run the ESET scan, if you don't want to. :)

Your logs appear to be clean now. There is only a bit of cleanup that we will deal with in this post, as well as prevention from future infections. :P

Remove Combofix now that we're done with it.

  • Please press the Windows Key and R on your keyboard. This will bring up the Run... command.
  • Now type in Combofix /Uninstall in the runbox and click OK. (Notice the space between the "x" and "/")
    CF_Uninstall-1.jpg
  • Please follow the prompts to uninstall Combofix.
  • You will then recieve a message saying Combofix was uninstalled successfully once it's done uninstalling itself.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

  • Download OTC to your desktop and run it
  • A list of tool components used in the Cleanup of malware will be downloaded.
  • If your Firewall or Real Time protection attempts to block OTC to reach the Internet, please allow the application to do so.
  • Click Yes to begin the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Keep a backup of your important files

Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Make proper use of your anti-virus and firewall

You should keep your anti-virus and firewall guard enabled at all times, don't shut them off unless there's a specific reason to do so.

Also, regularly performing a full system scan with your anti-virus program is a good idea to make sure nothing has slipped through your protection. Once every two weeks works well for many people. You can set the scan to run during a time when you don't plan to use the computer and just leave it to complete on its own.

Keep in mind that anti-virus programs are far from perfect. They don't protect you against every piece of malware that's out there, so don't trust them blindly. If an anti-virus reports a file as 'clean' then it's doesn't necessarily has to mean it is.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Keep all your software updated

It is important to keep up on system updates from Microsoft by regularly checking their website at: http://windowsupdate.microsoft.com/, as these patch critical security vulnerabilities and help to keep you safe.

It's also important to keep programs up to date so that malware doesn't exploit any old security flaws. FileHippo Update Checker is an extremely helpful program that will tell you which of your programs need to be updated. Java and Adobe Reader are two of the main security vulnerabilities. You can find the latest version of Java here, you will want the Java SE Runtime Environment (JRE) one. You can find the latest version of Adobe Reader here.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Use a safer web browser

Internet Explorer is not the most secure tool for browsing the web. It has been known to be very susceptible to infection, and there are a couple good free alternatives: Firefox and Opera. Both are excellent faster, safer, more powerful and functional free alternatives to Internet Explorer. It's definitely worth the short period of adjustment to start using one of these. If you wish to continue using Internet Explorer, it would be a good idea to follow the tutorial here which will help you to make IE much safer.

If you decide to use the Firefox browser, the McAfee SiteAdvisor add-on will nicely help to enhance your security. This add-on tells you whether the sites you are about to visit are safe or not. A must if you do a lot of Googling.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Some other security programs

It is wise these days to have a few security programs installed and running on your machine except from just an anti-virus and a firewall. I will list some of them.

  • A good anti-spyware program installed on your pc is very important to help remove any spyware that may have gotten on your computer. I highly recommend Malwarebytes' Anti-Malware.
  • SpywareBlaster to help prevent spyware from installing in the first place.
  • MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. This prevents your computer from connecting to those sites in the future.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Be careful

Having security programs installed is very helpful to you, but none of them have the gift of human thought. The best way to make sure you don't get infected is to exercise common sense. Be careful of what websites you visit - if a site looks suspicious, trust your instincts and get out of there. Be careful of what attachments you open in emails and files you download from websites - check them over carefully to make sure that you know what you're getting.

Using peer-to-peer programs (eg: LimeWire, BitTorrent, uTorrent, Kazaa) or downloading cracks and keygens is something else to avoid. These are the most common way to get infected. Malware writers use these programs to spread infections as it is the easiest way for them. The majority of infections we see in the Malware Removal forum are due to people using p2p programs to download cracks/keygens/warez. These are not only illegal, but will always contain some form of malware. You have no way of verifying that the things you download are legitimate or that they don't contain malware. Even with an up to date anti-virus and firewall, some of these things will still infect you. It is highly recommend that you uninstall all peer-to-peer programs. It just isn't worth it.

Other common ways of getting infected are dis-reputable sites forcing you to download and install a codec. Or viruses using Instant Messaging programs (Windows Live Messenger, MSN Messenger, AIM) to send a file claiming it to be "photos" from a friend, only for it to turn out to be a virus.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Slow computer?

If your computer begins to slow down in the future for no particular reason, your first step should not be to come to the malware forum. As your computer ages and is used, it's parts wear, files and programs accumulate, and its performance can decrease. To restore your computer's performance to its best possible level, follow the steps in this page written by malware expert Miekiemoes.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

I'll leave this thread open for a couple days in case you come across any lingering problems that need fixing, then I'll close it up. If you need it reopened for any reason just shoot me a PM. It's been a pleasure working with you, now best of luck!

Cheers,

Gammo :)

Link to post
Share on other sites

Seems ComboFix either removed itself or got removed by another cleaner.

Will run OTC when I've finished my current work (Later tonight).

Current Backup Solution is to use SyncToy (2.1) to copy all copyable files to my EHDD

Comodo usually runs as just a firewall but, due to a recent problematic email (which come to think of it could be related to those weird Temp files-they didn't send anything though.) I'm running Defense+ as well.

Malwarebyte's is my only Anti-virus right now but, since I have Comodo and run scans regularly I don't see a need for anything heavier (No need to have to active protection modules).

I have my own updater.bat file I created that uses FileHippo, SoftInformer, and Windows Update to check for updates. It also runs the update for mbam from the Command Line.

I use Firefox and Opera depending on the application. I like the customization features of Firefox and use AdBlock+ along with WOT to keep spy/adware down (Very few issues there). I use opera for safe browsing and when I'm running on a limited power supply for extended periods of time. (Meetings outside without an outlet). I once had the McAfee Site Advisor and I didn't really like it. I get the same effect with the two smaller plugins I just mentioned.

I believe Comodo replaces the HOST file for me. It's also good at blocking incoming stuff. Basically if a program tries to access the net and it's not in Comodo's safe list it will prompt me and if I don't answer in time it will block the request.

As far as performance goes I'm planning to reformat it soon and install Win7 64 and possibly switch from having an actual Ubuntu Partition to a virtual Ubuntu using VirtualBox. I'm still looking into all the +'s and -'s that would go along with this. Either way the reformat will give me a chance to really test my hard drive and I'll probably run a MemTest before I even begin the reformatting process.

Thanks for all the help.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.