fleamour Posted July 15, 2011 ID:454123 Share Posted July 15, 2011 HiMBAM runs with random gobbledygook file output after enumerating registry objects, then terminates before completing.DeFogger does not reboot PC. And GMER terminates before finishing scan. I am unsure how to access GMER logs.Here is DDS output: DDS (Ver_2011-07-14.01) - NTFS_x86 Internet Explorer: 9.0.8112.16421Run by fleamour at 7:38:52 on 2011-07-15Microsoft Windows 7 Ultimate 6.1.7601.1.1252.44.1033.18.3199.1899 [GMT 1:00].AV: ESET NOD32 Antivirus 4.2 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}SP: ESET NOD32 Antivirus 4.2 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}SP: COMODO Defense+ *Enabled/Updated* {CE351521-78FA-2048-BB22-B68A4A5CA7EC}FW: COMODO Firewall *Enabled* {4D6F75E0-14AF-2E9E-AACD-24CDCF08AA2A}.============== Running Processes ================.C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\nvvsvc.exeC:\Program Files\NVIDIA Corporation\Display\nvxdsync.exeC:\Windows\system32\nvvsvc.exeC:\Windows\System32\spoolsv.exeC:\Windows\system32\Dwm.exeC:\Windows\system32\taskhost.exeC:\Windows\Explorer.EXEC:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exeC:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exeC:\Program Files\Google\Gmail Notifier\gnotify.exeC:\Program Files\Microsoft IntelliPoint\ipoint.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\ESET\ESET NOD32 Antivirus\egui.exeC:\Program Files\Windows Sidebar\sidebar.exeC:\Program Files\Windows Live\Messenger\msnmsgr.exeC:\Program Files\Microsoft IntelliPoint\dpupdchk.exeC:\Windows\System32\StikyNot.exeC:\Users\fleamour\AppData\Local\Google\Update\1.3.21.57\GoogleCrashHandler.exeC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXEC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exeC:\Windows\system32\SearchIndexer.exeC:\Windows\system32\WUDFHost.exeC:\Program Files\Windows Live\Contacts\wlcomm.exeC:\Program Files\Windows Media Player\wmpnetwk.exeC:\Program Files\iPod\bin\iPodService.exeC:\Windows\system32\DllHost.exeC:\Windows\system32\taskhost.exeC:\Users\fleamour\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\fleamour\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\fleamour\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\fleamour\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\fleamour\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\fleamour\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\fleamour\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\fleamour\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\fleamour\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\fleamour\AppData\Local\Google\Chrome\Application\chrome.exeC:\Windows\system32\rundll32.exeC:\Users\fleamour\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\fleamour\AppData\Local\Google\Chrome\Application\chrome.exeC:\Windows\system32\SearchProtocolHost.exeC:\Windows\system32\SearchFilterHost.exeC:\Windows\system32\conhost.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k RPCSSC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonationC:\Windows\system32\svchost.exe -k hpdevmgmtC:\Windows\system32\svchost.exe -k imgsvcC:\Windows\System32\svchost.exe -k secsvcsC:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalServicePeerNetC:\Windows\system32\svchost.exe -k SDRSVC.============== Pseudo HJT Report ===============.uStart Page = hxxp://www.google.co.uk/BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dllBHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dllBHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dllBHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dllBHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dllEB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dllEB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dlluRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRunuRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /backgrounduRun: [Crystal Desktop] c:\program files\crystal desktop 3\CDesktop.exeuRun: [Google Update] "c:\users\fleamour\appdata\local\google\update\GoogleUpdate.exe" /cuRun: [RESTART_STICKY_NOTES] c:\windows\system32\StikyNot.exemRun: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] c:\program files\google\gmail notifier\gnotify.exemRun: [intelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -hmRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservicemRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silentmPolicies-System: ConsentPromptBehaviorAdmin = dword:5mPolicies-System: ConsentPromptBehaviorUser = dword:3mPolicies-System: EnableUIADesktopToggle = dword:0IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dllIE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dllDPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cabTCP: NameServer = 8.8.4.4 8.8.8.8TCP: Interfaces\{04AD08EB-4501-48CF-BB47-C20926A76678} : DHCPNameServer = 8.8.4.4 8.8.8.8SSODL: WebCheck - <orphaned>LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg pku2u livesspmASetup: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "c:\program files\windows mail\WinMail.exe" OCInstallUserConfigOE.================= FIREFOX ===================.FF - ProfilePath - c:\users\fleamour\appdata\roaming\mozilla\firefox\profiles\r0nnu1kt.default\FF - prefs.js: browser.startup.homepage - www.google.co.ukFF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dllFF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dllFF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dllFF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dllFF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dllFF - plugin: c:\users\fleamour\appdata\local\google\update\1.3.21.57\npGoogleUpdate3.dllFF - plugin: c:\users\fleamour\appdata\roaming\mozilla\firefox\profiles\r0nnu1kt.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dllFF - plugin: c:\windows\system32\wat\npWatWeb.dll.============= SERVICES / DRIVERS ===============.R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [2011-6-22 53816]R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [2011-6-30 238960]R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2011-6-30 37592]R1 RapportCerberus_28711;RapportCerberus_28711;c:\programdata\trusteer\rapport\store\exts\rapportcerberus\28711\RapportCerberus32_28711.sys [2011-7-11 216752]R1 RapportEI;RapportEI;c:\program files\trusteer\rapport\bin\RapportEI.sys [2011-6-22 66360]R1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2011-6-22 158904]R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2011-6-6 64952]R2 eamonm;eamonm;c:\windows\system32\drivers\eamonm.sys [2010-12-21 137144]R2 ekrn;ESET Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2011-1-12 810144]R2 epfwwfpr;epfwwfpr;c:\windows\system32\drivers\epfwwfpr.sys [2010-12-21 95384]R2 RapportMgmtService;Rapport Management Service;c:\program files\trusteer\rapport\bin\RapportMgmtService.exe [2011-6-22 870200]R3 rt61x86;RT61 Extensible Wireless Driver;c:\windows\system32\drivers\netr61.sys [2010-4-7 376160]R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-3-1 139776]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]S3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [2011-3-20 16472]S3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [2011-3-20 11104]S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2011-2-23 15872]S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-2-23 52224]S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-8-6 1343400]S4 PuranDefrag;PuranDefrag;c:\windows\system32\PuranDefragS.exe [2011-3-3 229376].=============== Created Last 30 ================.2011-07-15 06:27:08 -------- d-----w- c:\users\fleamour\appdata\local\ESET2011-07-15 04:01:11 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys2011-07-15 04:01:07 22712 ----a-w- c:\windows\system32\drivers\mbam.sys2011-07-15 04:01:07 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware2011-07-15 01:13:41 -------- d-----w- c:\users\fleamour\appdata\local\{48E917FD-65FE-4D1F-BD27-2EB82FF86CF8}2011-07-14 13:13:16 -------- d-----w- c:\users\fleamour\appdata\local\{344A375B-0AB1-41B1-830B-978877B3EE6C}2011-07-13 16:51:39 -------- d-----w- c:\users\fleamour\SecurityScans2011-07-13 16:50:48 -------- d-----w- c:\program files\Microsoft Baseline Security Analyzer 22011-07-13 16:44:18 -------- d-----w- c:\users\fleamour\appdata\local\{FF9A1E98-2512-4119-8EAD-94ACA4BCC7A8}2011-07-12 19:58:35 7074640 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{8a67de1b-d197-4ffe-888f-c618c8768896}\mpengine.dll2011-07-12 19:54:49 -------- d-----w- c:\users\fleamour\appdata\local\{59658CAE-C2D9-4DB6-9828-7980E64367EF}2011-07-11 19:05:35 -------- d-----w- c:\program files\ESET2011-07-11 18:45:04 -------- d-----w- c:\users\fleamour\appdata\local\{CC717ACE-D0EB-4121-A80F-6511CC40320C}2011-07-05 15:45:29 -------- d-----w- c:\users\fleamour\appdata\local\{764807B2-3CFE-4030-8FA4-F9154C08A26E}2011-07-04 18:01:57 -------- d-----w- c:\program files\COMODO2011-07-04 18:01:24 -------- d-----w- c:\programdata\Comodo2011-07-04 18:00:59 -------- d-----w- c:\programdata\Comodo Downloader2011-07-04 13:10:28 -------- d-----w- c:\users\fleamour\appdata\local\{A05B776D-1EF9-4436-852B-F63FF4B77EA8}2011-07-03 15:14:09 -------- d-----w- c:\users\fleamour\appdata\local\{1CADC845-3F69-4FF6-973E-4B9CD3ED17D7}2011-07-01 15:36:33 -------- d-----w- c:\users\fleamour\appdata\local\Adobe2011-07-01 15:31:47 2560616 ----a-w- c:\windows\system32\nvsvcr.dll2011-07-01 15:31:46 543336 ----a-w- c:\windows\system32\easyupdatusapiu.dll2011-07-01 15:23:07 -------- d-----w- c:\program files\Tracker Software2011-07-01 11:17:55 293376 ----a-w- c:\windows\system32\umpnpmgr.dll2011-07-01 11:17:51 86528 ----a-w- c:\windows\system32\SearchFilterHost.exe2011-07-01 11:17:51 666624 ----a-w- c:\windows\system32\mssvp.dll2011-07-01 11:17:51 59392 ----a-w- c:\windows\system32\msscntrs.dll2011-07-01 11:17:51 427520 ----a-w- c:\windows\system32\SearchIndexer.exe2011-07-01 11:17:51 337408 ----a-w- c:\windows\system32\mssph.dll2011-07-01 11:17:51 197120 ----a-w- c:\windows\system32\mssphtb.dll2011-07-01 11:17:51 164352 ----a-w- c:\windows\system32\SearchProtocolHost.exe2011-07-01 11:17:51 1549312 ----a-w- c:\windows\system32\tquery.dll2011-07-01 11:17:51 1401344 ----a-w- c:\windows\system32\mssrch.dll2011-07-01 11:15:40 -------- d-----w- c:\users\fleamour\appdata\local\{42A4A021-9866-4AFD-9E76-E3AB15AF810A}2011-06-30 08:38:06 37592 ----a-w- c:\windows\system32\drivers\cmdhlp.sys2011-06-30 08:38:04 238960 ----a-w- c:\windows\system32\drivers\cmdGuard.sys2011-06-30 08:38:04 19088 ----a-w- c:\windows\system32\drivers\cmderd.sys2011-06-30 08:37:26 285256 ----a-w- c:\windows\system32\guard32.dll2011-06-28 12:34:49 -------- d-----w- c:\users\fleamour\appdata\local\{C0995C03-FFB8-4E72-9147-28A1C6A10482}2011-06-27 14:52:24 -------- d-----w- c:\users\fleamour\appdata\local\{85C9F839-F595-4873-A8F7-4D69861F55E7}2011-06-26 16:34:55 -------- d-----w- c:\users\fleamour\appdata\local\{B097DEE0-7B31-4D2B-9E40-686C445AFC9F}2011-06-22 17:01:26 53816 ----a-w- c:\windows\system32\drivers\RapportKELL.sys2011-06-18 14:21:08 -------- d-----w- c:\users\fleamour\appdata\local\{125446F9-6B61-48F0-9D97-D534F88E9A7A}2011-06-17 14:58:45 2382848 ----a-w- c:\windows\system32\mshtml.tlb2011-06-17 14:58:44 1797632 ----a-w- c:\windows\system32\jscript9.dll2011-06-17 14:58:44 141104 ----a-w- c:\program files\internet explorer\sqmapi.dll2011-06-17 14:55:09 311808 ----a-w- c:\windows\system32\drivers\srv.sys2011-06-17 14:55:09 310272 ----a-w- c:\windows\system32\drivers\srv2.sys2011-06-17 14:55:09 114688 ----a-w- c:\windows\system32\drivers\srvnet.sys2011-06-17 14:55:08 338944 ----a-w- c:\windows\system32\drivers\afd.sys2011-06-17 14:55:08 1290624 ----a-w- c:\windows\system32\drivers\tcpip.sys2011-06-17 14:55:06 571904 ----a-w- c:\windows\system32\oleaut32.dll2011-06-17 14:55:05 741376 ----a-w- c:\windows\system32\inetcomm.dll2011-06-17 14:55:04 96768 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys2011-06-17 14:55:04 223744 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys2011-06-17 14:55:04 123904 ----a-w- c:\windows\system32\drivers\mrxsmb.sys2011-06-17 14:52:04 -------- d-----w- c:\users\fleamour\appdata\local\{E6321568-9885-4EE6-9516-6CB1DF366BB6}.==================== Find3M ====================.2011-07-04 18:00:25 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl2011-06-11 02:29:25 2334208 ----a-w- c:\windows\system32\win32k.sys2011-06-03 06:01:04 169984 ----a-w- c:\windows\system32\winsrv.dll2011-06-03 05:59:23 290816 ----a-w- c:\windows\system32\KernelBase.dll2011-06-03 05:56:57 271872 ----a-w- c:\windows\system32\conhost.exe2011-06-03 03:48:32 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll2011-06-03 03:48:31 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll2011-06-03 03:48:31 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll2011-06-03 03:48:31 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll2011-05-24 18:14:10 222080 ------w- c:\windows\system32\MpSigStub.exe2011-04-29 21:50:51 61 ----a-w- C:\Restart Explorer.bat2011-04-22 19:14:16 27008 ----a-w- c:\windows\system32\drivers\Diskdump.sys.============= FINISH: 7:39:32.86 ===============defogger_disable.zipmbam-log-2011-07-15 (07-35-32).txt Link to post Share on other sites More sharing options...
Elise Posted July 15, 2011 ID:454172 Share Posted July 15, 2011 Hello and I think this is rather a problem with the file system than malware, so lets check for that first.Click Start > All Programs > Accessories, right click on Command Prompt and select Run As Administrator.Type chkdsk /r and press enter. When asked to schedule the scan for next reboot, please confirm.Restart your computer and let the disk check run unhindered.When done, try to rerun MBAM and see if the problem persists. Link to post Share on other sites More sharing options...
fleamour Posted July 15, 2011 Author ID:454190 Share Posted July 15, 2011 Problem persists after CHK DSK scan. Link to post Share on other sites More sharing options...
Elise Posted July 15, 2011 ID:454210 Share Posted July 15, 2011 Hi again,COMBOFIX---------------Please download ComboFix from one of these locations:BleepingcomputerForoSpywareDisable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)Double click on Combofix.exe and follow the prompts.As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:Click on Yes, to continue scanning for malware.When finished, it shall produce a log for you. Please include the C:\Combofix.txt in your next reply. Link to post Share on other sites More sharing options...
fleamour Posted July 15, 2011 Author ID:454225 Share Posted July 15, 2011 I'm running Windows 7 Ultimate. I get these 2 x errors:[Window Title]NIRCMD[Content]Windows cannot find 'NIRCMD'. Make sure you typed the name correctly, and then try again.[OK][Window Title]C:\ComboFix\CF6850.cfxxe[Content]Windows cannot find 'C:\ComboFix\CF6850.cfxxe'. Make sure you typed the name correctly, and then try again.[OK]Please advise. Link to post Share on other sites More sharing options...
Elise Posted July 15, 2011 ID:454228 Share Posted July 15, 2011 Please redownload combofix (delete your old copy) and run it again. Be sure to disable antivirus protection before doing so. Link to post Share on other sites More sharing options...
fleamour Posted July 15, 2011 Author ID:454229 Share Posted July 15, 2011 I disabled Windows Defender, Comodo Firewall and ESET NOD32, re-downloaded ComboFix but same error messages. Link to post Share on other sites More sharing options...
fleamour Posted July 15, 2011 Author ID:454230 Share Posted July 15, 2011 Right click run as administrator does not work either. Link to post Share on other sites More sharing options...
fleamour Posted July 15, 2011 Author ID:454235 Share Posted July 15, 2011 MBAM will run in Safe Mode, however I do not want to make things worse... Link to post Share on other sites More sharing options...
Elise Posted July 15, 2011 ID:454263 Share Posted July 15, 2011 Please run MBAM in safe mode and post me the scan results. Link to post Share on other sites More sharing options...
fleamour Posted July 15, 2011 Author ID:454274 Share Posted July 15, 2011 OK. Am running ESET AV scan from within Ubuntu with all NTFS drives mounted except system drive (BitLocker encrypted.) I will get on it soon as... Link to post Share on other sites More sharing options...
Elise Posted July 15, 2011 ID:454289 Share Posted July 15, 2011 I do not recommend you to scan your windows installation this way; this will scan the file system, but not also the associated registry entries, which can complicate matters.The chance that you make things worse by running ESET this way is a lot bigger than by running MBAM from safe mode. Link to post Share on other sites More sharing options...
fleamour Posted July 15, 2011 Author ID:454304 Share Posted July 15, 2011 OK. Aborted.I ran Rouge Killer as recommended on Experts Exchange, ComboFix would then run but complain that Comodo Defence was on. Had to use Comodo forum specific tool to scrub all remnants.Please find attached ComboFix log for your perusal.log.txt Link to post Share on other sites More sharing options...
Elise Posted July 15, 2011 ID:454311 Share Posted July 15, 2011 How are things running at this point besides the scan issue? Link to post Share on other sites More sharing options...
fleamour Posted July 15, 2011 Author ID:454326 Share Posted July 15, 2011 Everything seems OK TBH apart from MBAM scan issue. My AV found three files in amongst 7's backups, but I think they where potentially unwanted programs. ComboFix would def not run & as for Rouge Killer my several reboots should've nullified it's effacy.CHK DSK seems to be running fine on drive (E:) now. It went crazy yesterday & one possible culprit was self replicating malware, which is why I tried MBAM & then panicked when it would not scan (it still wont.)I am going to try BitDefender's online scan (not sure if they disinfect for free?) Link to post Share on other sites More sharing options...
fleamour Posted July 15, 2011 Author ID:454338 Share Posted July 15, 2011 Should I run MBAM in Safe Mode? Link to post Share on other sites More sharing options...
Elise Posted July 15, 2011 ID:454417 Share Posted July 15, 2011 CHK DSK seems to be running fine on drive (E:) now. It went crazy yesterday & one possible culprit was self replicating malware, which is why I tried MBAM & then panicked when it would not scan (it still wont.)How did you determine that checkdisk "went crazy on self replicating malware"?The problems you have with MBAM are usually caused by file system problems that are fixed by checkdisk.Please run MBAM in safe mode, yes. Link to post Share on other sites More sharing options...
fleamour Posted July 15, 2011 Author ID:454432 Share Posted July 15, 2011 How did you determine that checkdisk "went crazy on self replicating malware"?Paranoia. Link to post Share on other sites More sharing options...
fleamour Posted July 15, 2011 Author ID:454436 Share Posted July 15, 2011 CHK DSK (E:) had absolute fit of deleting index entry's. I've since run CHK DSK again & it corrected some more errors. I will get round to testing disk integrity with Western Digital's own utility. Pretty recent purchase but... Link to post Share on other sites More sharing options...
Elise Posted July 16, 2011 ID:454639 Share Posted July 16, 2011 checkdisk fixing indexes is not an indication of malware. Checkdisk does not touch files, it looks at file system integrity and does a surface scan.It would indeed be a good idea to scan with a WD utility. Please let me know what comes from it. Link to post Share on other sites More sharing options...
fleamour Posted July 16, 2011 Author ID:454807 Share Posted July 16, 2011 Volume E's integrity checks out OK. MBAM scan return no malicious items in Safe Mode. Link to post Share on other sites More sharing options...
Elise Posted July 17, 2011 ID:454962 Share Posted July 17, 2011 Good to hear that. What problems do you still have left?ESET ONLINE SCANNER----------------------------I'd like us to scan your machine with ESET OnlineScanHold down Control and click on this link to open ESET OnlineScan in a new window.Click the button.For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.Double click on the icon on your desktop.Check "YES, I accept the Terms of Use."Click the Start button.Accept any security warnings from your browser.Under scan settings, check "Scan Archives" and "Remove found threats" Click Advanced settings and select the following:Scan potentially unwanted applicationsScan for potentially unsafe applicationsEnable Anti-Stealth technology[*]ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.[*]When the scan completes, click List Threats[*]Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.[*]Click the Back button.[*]Click the Finish button. Link to post Share on other sites More sharing options...
fleamour Posted July 17, 2011 Author ID:455035 Share Posted July 17, 2011 Will report back when scan complete. However I already have ESET's NOD32 Antivirus installed & have completed a scan.MBAM still displays gobbledygook output then aborts. Link to post Share on other sites More sharing options...
fleamour Posted July 17, 2011 Author ID:455075 Share Posted July 17, 2011 It's found some nasties (currently at 55% progress.) Confuzzled why ESET AV not pick up on Fri?!? Maybe it's a recent variant or maybe been infected since? Scary how malware so easily gets onto PC. I will post log when scan completes... Link to post Share on other sites More sharing options...
Elise Posted July 17, 2011 ID:455085 Share Posted July 17, 2011 It might be because you didn't do a complete scan with ESET (you can configure the Smart Scan in different ways).When MBAM displays this output, is it possible to pause the scan and take a screenshot? Or does it abort anyway? Link to post Share on other sites More sharing options...
Recommended Posts