Jump to content

Infected by Pro Sheild and can't run any malware programs


Recommended Posts

Hi,

I have acquired a virus of the Pro Sheild variety and was having problems removing it.

I am also being prevented from running any malware spyware applications and anytime I initiate a scan Malware Bytes or any other scanner shuts down and disapears with out an error message.

I have tried most things I have seen on forums - renaming files. running as administrator running hijack programs but nothing seems to work and I am blocked from running most exe's and once I do manage to start them they get shut down :-(

I have ran through the steps were possible in your forums and any help would be much appreciated.

I ran Defooger and this appears to have ran OK

Contents of DSS -

.

DDS (Ver_2011-06-23.01) - NTFSx86 NETWORK

Internet Explorer: 8.0.6001.19048 BrowserJavaVersion: 1.6.0_23

Run by John at 13:53:42 on 2011-07-24

Microsoftฎ Windows Vista Home Premium 6.0.6002.2.1252.44.1033.18.3068.2527 [GMT 1:00]

.

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

"\\.\globalroot\Device\svchost.exe\svchost.exe"

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\Explorer.EXE

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uWindow Title = Internet Explorer, optimized for Bing and MSN

mStart Page = hxxp://en.uk.acer.yahoo.com

mDefault_Page_URL = hxxp://en.uk.acer.yahoo.com

uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll

BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20110515171440.dll

BHO: ShowBarObj Class: {83a2f9b1-01a2-4aa5-87d1-45b6b8505e96} - c:\program files\acer\empowering technology\edatasecurity\x86\ActiveToolBand.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll

BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn1\YTSingleInstance.dll

TB: Acer eDataSecurity Management: {5cbe3b7c-1e47-477e-a7dd-396db0476e29} - c:\program files\acer\empowering technology\edatasecurity\x86\eDStoolbar.dll

TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll

TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun

uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

mRun: [eRecoveryService]

mRun: [Malwarebytes' Anti-Malware] c:\users\john\desktop\mbamgui.exe /starttray

mRunOnce: [Malwarebytes' Anti-Malware] c:\users\john\desktop\mbamgui.exe /install /silent

mRunOnce: [GrpConv] grpconv -o

mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html

IE: {10954C80-4F0F-11d3-B17C-00C0DFE39736} - c:\program files\acer\acer bio protection\PwdBank.exe

IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm

LSP: mswsock.dll

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

TCP: DhcpNameServer = 192.168.1.254

TCP: Interfaces\{313B769C-D57D-43CC-BDAC-B4A9B6B25E71} : DhcpNameServer = 192.168.1.254

TCP: Interfaces\{6A70FEF4-4059-4373-B01E-F552EC24D449} : DhcpNameServer = 192.168.1.254

Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll

Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

Notify: AWinNotifyVitaKey MC3000 - c:\program files\acer\acer bio protection\WinNotify.dll

Notify: GoToAssist - c:\program files\citrix\gotoassist\615\G2AWinLogon.dll

LSA: Notification Packages = scecli c:\program files\acer\acer bio protection\PwdFilter

mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12

.

================= FIREFOX ===================

.

FF - ProfilePath -

.

============= SERVICES / DRIVERS ===============

.

R0 AlfaFF;AlfaFF File System mini-filter;c:\windows\system32\drivers\AlfaFF.sys [2008-8-28 43184]

R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-8-10 387480]

R1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\drivers\mfenlfk.sys [2010-8-10 64584]

R1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2010-8-10 165032]

R3 itecir;ITECIR Infrared Receiver;c:\windows\system32\drivers\itecir.sys [2008-8-28 54784]

R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-8-10 314088]

R3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2009-5-28 4233728]

S0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [2011-6-22 53816]

S1 RapportCerberus_28711;RapportCerberus_28711;c:\programdata\trusteer\rapport\store\exts\rapportcerberus\28711\RapportCerberus32_28711.sys [2011-7-18 216752]

S1 RapportEI;RapportEI;c:\program files\trusteer\rapport\bin\RapportEI.sys [2011-6-22 66360]

S1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2011-6-22 158904]

S1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]

S1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]

S2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\acer arcade deluxe\playmovie\000.fcl [2008-8-28 61424]

S2 CLHNService;CLHNService;c:\program files\acer arcade deluxe\homemedia\kernel\dmp\CLHNService.exe [2008-8-28 81920]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 ETService;Empowering Technology Service;c:\program files\acer\empowering technology\service\ETService.exe [2008-7-10 24576]

S2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-3 135664]

S2 IGBASVC;iGroupTec Service;c:\program files\acer\acer bio protection\BASVC.exe [2008-8-28 3522560]

S2 LicCtrlService;LicCtrl Service;c:\windows\Runservice.exe [2009-6-21 4608]

S2 MBAMService;MBAMService;c:\users\john\desktop\mbamservice.exe [2011-7-24 366640]

S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2011-4-28 88176]

S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-3-5 271480]

S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-3-5 271480]

S2 McProxy;McAfee Proxy Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-3-5 271480]

S2 McShield;McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2010-8-10 171168]

S2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2010-8-10 188136]

S2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\common files\mcafee\systemcore\mfevtps.exe [2010-8-10 141792]

S2 NTIPPKernel;NTIPPKernel;c:\program files\acer arcade deluxe\homemedia\kernel\dmp\NTIPPKernel.sys [2008-8-28 122368]

S2 RapportMgmtService;Rapport Management Service;c:\program files\trusteer\rapport\bin\RapportMgmtService.exe [2011-6-22 870200]

S2 RS_Service;Raw Socket Service;c:\program files\acer\acer vcm\RS_Service.exe [2008-8-28 233472]

S2 vfsFPService;Validity Fingerprint Service;c:\windows\system32\vfsFPService.exe [2008-5-26 599344]

S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-8-10 56064]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-2-3 135664]

S3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2008-7-10 85136]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-7-24 22712]

S3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-8-10 153280]

S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2010-8-10 52320]

S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-8-10 84488]

S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2009-5-11 64544]

S3 vfs101x;vfs101x;c:\windows\system32\drivers\vfs101x.sys [2008-5-26 40752]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

.

=============== Created Last 30 ================

.

2011-07-24 11:37:18 -------- d-----w- c:\users\john\appdata\roaming\Malwarebytes

2011-07-24 11:32:55 -------- d-----w- c:\users\john\appdata\local\Google

2011-07-24 10:58:55 -------- d-----w- c:\program files\Loaris

2011-07-24 10:27:33 163840 ----a-w- c:\windows\system32\iexplorer.exe

2011-07-24 09:58:50 163840 ----a-w- c:\windows\system32\explorer.exe

2011-07-24 09:49:23 -------- d--h--w- c:\windows\PIF

2011-07-24 09:46:36 -------- d-----w- c:\programdata\SUPERAntiSpyware.com

2011-07-24 09:46:30 -------- d-----w- c:\program files\SUPERAntiSpyware

2011-07-24 09:43:24 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-07-24 09:43:21 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-07-07 19:27:09 -------- d-----w- c:\program files\Fotosizer

2011-06-29 17:45:09 276992 ----a-w- c:\windows\system32\schannel.dll

.

==================== Find3M ====================

.

2011-07-24 11:15:42 1433 --sha-w- c:\windows\system32\mmf.sys

2011-06-26 13:10:05 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-06-22 17:01:26 53816 ----a-w- c:\windows\system32\drivers\RapportKELL.sys

.

============= FINISH: 13:53:52.81 ===============

I have enclosed the Attach log file.

However, the 3rd step would not work and in similar fashion to other applications I ran it and it fell over when I hit SCAN, when I try to access the file again I get ' Windows cannot access the specified device, path or file. You may not have the appropriate permissions to access them.'

I also cannot run MBAM to generate the relevant logs there either.

I am logged in as administrator.

If you need anymore info. then please let me know.

many thanks.

attach.zip

Link to post
Share on other sites

  • 3 weeks later...
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.