Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Can't install antivirus or visit any antivirus website


  • Please log in to reply

#1
ayman86

ayman86

    New Member

  • Member
  • Pip
  • 2 posts
I can't install any antivirus or open any antivirus website. My task manager is disabled also the "show hidden fies and folders" option.
here's the Combofix log

ComboFix 09-10-20.03 - ayman 10/21/2009 23:24.1.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1015.565 [GMT 2:00]
Running from: c:\documents and settings\ayman\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\ayman\Desktop\Smart Virus Remover.lnk
c:\windows\system32\oem14.inf

.
((((((((((((((((((((((((( Files Created from 2009-09-21 to 2009-10-21 )))))))))))))))))))))))))))))))
.

2009-10-21 20:47 . 2009-10-21 20:47 -------- d-----w- c:\documents and settings\ayman\Application Data\Malwarebytes
2009-10-21 20:47 . 2009-09-10 12:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-21 20:47 . 2009-10-21 20:47 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-21 20:47 . 2009-10-21 20:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-10-21 20:47 . 2009-09-10 12:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-21 20:29 . 2009-10-21 20:29 198064 ----a-w- c:\documents and settings\ayman\Application Data\IDM\idmmzcc3\components\idmmzcc.dll
2009-10-21 20:27 . 2009-10-21 20:27 -------- d-----w- c:\windows\system32\LogFiles
2009-10-21 20:25 . 2009-10-21 20:31 -------- d-----w- c:\documents and settings\ayman\Application Data\IDM
2009-10-21 20:25 . 2009-10-21 21:16 -------- d-----w- c:\documents and settings\ayman\Application Data\DMCache
2009-10-21 20:25 . 2009-10-21 20:25 -------- d-----w- c:\program files\Internet Download Manager
2009-10-21 20:10 . 2009-02-10 10:02 787672 ----a-w- c:\windows\system32\drivers\cfosspeed.sys
2009-10-21 20:10 . 2009-02-10 10:02 290008 ----a-w- c:\windows\system32\cfosspeed.dll
2009-10-21 20:07 . 2009-10-21 20:07 -------- d-----w- c:\documents and settings\ayman\Local Settings\Application Data\Opera
2009-10-21 20:07 . 2009-10-21 20:07 -------- d-----w- c:\program files\Opera

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-21 21:24 . 2009-10-21 18:44 -------- d-----w- c:\program files\cFosSpeed
2009-10-21 20:20 . 2009-10-21 18:55 -------- d-----w- c:\program files\Smart Virus Remover
2009-10-21 19:38 . 2009-10-21 19:05 -------- d-----w- c:\program files\AutorunRemover
2009-10-21 19:36 . 2009-10-21 17:56 -------- d-----w- c:\program files\Common Files\InstallShield
2009-10-21 19:32 . 2009-10-21 19:30 65536 ----a-w- c:\windows\system32\wltrynt.dll
2009-10-21 19:32 . 2009-10-21 19:30 2670592 ----a-w- c:\windows\system32\WLBCGCBPRO731.DLL
2009-10-21 19:32 . 2009-10-21 19:30 24576 ----a-w- c:\windows\system32\WLTRYSVC.EXE
2009-10-21 19:32 . 2009-10-21 19:30 1945600 ----a-w- c:\windows\system32\WLTRAY.EXE
2009-10-21 19:31 . 2009-10-21 19:30 749568 ----a-w- c:\windows\system32\BCMLogon.dll
2009-10-21 19:31 . 2009-10-21 19:30 416 ----a-w- c:\windows\system32\vcredist_x86.bat
2009-10-21 19:31 . 2009-10-21 19:30 33664 ----a-w- c:\windows\system32\drivers\BCMWLNPF.SYS
2009-10-21 19:31 . 2009-10-21 19:30 2682880 ----a-w- c:\windows\system32\vcredist_x86.exe
2009-10-21 19:31 . 2009-10-21 19:30 69632 ----a-w- c:\windows\system32\bcmwlpkt.dll
2009-10-21 19:31 . 2009-10-21 19:30 229376 ----a-w- c:\windows\system32\bcmwlu00.exe
2009-10-21 19:31 . 2009-10-21 19:30 143360 ----a-w- c:\windows\system32\preflib.dll
2009-10-21 19:31 . 2009-10-21 19:30 753664 ----a-w- c:\windows\system32\bcm1xsup.dll
2009-10-21 19:31 . 2009-10-21 19:30 1691648 ----a-w- c:\windows\system32\BCMWLTRY.EXE
2009-10-21 19:31 . 2009-10-21 18:16 87280 ----a-w- c:\windows\system32\bcmwlcoi.dll
2009-10-21 19:31 . 2009-10-21 18:16 1391104 ----a-w- c:\windows\system32\drivers\BCMWL5.SYS
2009-10-21 19:25 . 2009-10-21 18:48 -------- d-----w- c:\program files\BitDefender
2009-10-21 18:48 . 2009-10-21 18:48 -------- d-----w- c:\documents and settings\ayman\Application Data\BitDefender
2009-10-21 18:48 . 2009-10-21 18:48 -------- d-----w- c:\program files\Common Files\BitDefender
2009-10-21 18:41 . 2009-10-21 17:56 -------- d-----w- c:\program files\Hewlett-Packard
2009-10-21 18:41 . 2009-10-21 17:56 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-10-21 18:40 . 2009-10-21 18:40 -------- d-----w- c:\program files\Synaptics
2009-10-21 18:24 . 2009-10-21 18:24 -------- d-----w- c:\program files\WIDCOMM
2009-10-21 18:18 . 2009-10-21 18:18 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_HpqKbFiltr_01005.Wdf
2009-10-21 18:18 . 2009-10-21 18:18 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2009-10-21 18:16 . 2009-10-21 18:16 -------- d-----w- c:\program files\Broadcom
2009-10-21 18:16 . 2009-10-21 18:16 -------- d-----w- c:\documents and settings\ayman\Application Data\InstallShield
2009-10-21 18:16 . 2009-10-21 18:16 87280 ----a-w- c:\windows\system32\bcmwlcoi(6).dll
2009-10-21 18:16 . 2009-10-21 18:16 87280 ----a-w- c:\windows\system32\bcmwlcoi(5).dll
2009-10-21 18:16 . 2009-10-21 18:16 87280 ----a-w- c:\windows\system32\bcmwlcoi(4).dll
2009-10-21 18:16 . 2009-10-21 18:16 87280 ----a-w- c:\windows\system32\bcmwlcoi(3).dll
2009-10-21 18:16 . 2009-10-21 18:16 87280 ----a-w- c:\windows\system32\bcmwlcoi(2).dll
2009-10-21 18:14 . 2009-10-21 17:53 -------- d-----w- c:\program files\Intel
2009-10-21 18:08 . 2009-10-21 18:08 -------- d-----w- c:\program files\MSBuild
2009-10-21 18:08 . 2009-10-21 18:08 94248 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-10-21 18:04 . 2009-10-21 18:04 -------- d-----w- c:\program files\Reference Assemblies
2009-10-21 17:57 . 2009-10-21 17:57 -------- d-----w- c:\program files\Analog Devices
2009-10-21 17:53 . 2009-10-21 17:53 34616 ----a-w- c:\documents and settings\ayman\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-21 17:43 . 2009-10-21 17:43 -------- d-----w- c:\program files\microsoft frontpage
2009-10-21 17:39 . 2009-10-21 17:39 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2009-09-09 10:43 . 2009-09-09 09:52 210352 ----a-w- c:\windows\system32\idmmbc.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2009-10-21 3192240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-13 208952]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-13 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-13 455168]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-01-05 946176]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-01-21 212480]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-01-21 244736]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-01-21 212480]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-06-03 177456]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2009-10-21 1945600]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-01-18 1028096]
"cFosSpeed"="c:\program files\cFosSpeed\cFosSpeed.exe" [2009-02-10 946392]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1394000]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-2-6 561213]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"= 1 (0x1)
"DisableRegistryTools"= 1 (0x1)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"UacDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"e:\\Programmes\\Drivers HP\\Chipset\\Chipset.exe"=
"e:\\Programmes\\Drivers HP\\Audio\\2.exe"=
"e:\\Programmes\\Drivers HP\\Display\\Graphics media accelerator\\win2k_xp14371_2.exe"=
"e:\\Programmes\\Drivers HP\\HP Quick Launch Buttons\\HP Quick Launch Buttons.exe"=
"c:\\WINDOWS\\system32\\hkcmd.exe"=
"c:\\WINDOWS\\system32\\igfxtray.exe"=
"c:\\Program Files\\Analog Devices\\SoundMAX\\Smax4.exe"=
"c:\\Program Files\\Analog Devices\\Core\\smax4pnp.exe"=
"c:\\WINDOWS\\system32\\igfxpers.exe"=

R3 abp470n5;abp470n5;\??\c:\windows\system32\drivers\oqsokn.sys --> c:\windows\system32\drivers\oqsokn.sys [?]
R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [10/21/2009 8:18 PM 193840]

--- Other Services/Drivers In Memory ---

*Deregistered* - pxtdqpow
.
.
------- Supplementary Scan -------
.
IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\Internet Download Manager\IEGetVL.htm
IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
LSP: c:\windows\system32\idmmbc.dll
TCP: {FBDA0CFF-7AB9-4F5C-AD7A-52631210F86A} = 208.67.222.222,208.67.220.220
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-21 23:26
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1320)
c:\windows\System32\BCMLogon.dll

- - - - - - - > 'lsass.exe'(1376)
c:\windows\system32\idmmbc.dll
.
Completion time: 2009-10-21 23:27
ComboFix-quarantined-files.txt 2009-10-21 21:27

Pre-Run: 15,038,541,824 bytes free
Post-Run: 15,114,424,320 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - E2E15D690CAC6DADF959AD4964DF799D


MalwareBytes's LOG:

Malwarebytes' Anti-Malware 1.41
Database version: 3006
Windows 5.1.2600 Service Pack 3

10/22/2009 12:56:50 AM
mbam-log-2009-10-22 (00-56-50).txt

Scan type: Quick Scan
Objects scanned: 90565
Time elapsed: 4 minute(s), 22 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 5
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
C:\Documents and Settings\ayman\Local Settings\temp\mjeyap.exe (Trojan.Downloader) -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools (Hijack.Regedit) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\ayman\Local Settings\temp\mjeyap.exe (Trojan.Downloader) -> Quarantined and deleted successfully.



Please help me

Edited by ayman86, 21 October 2009 - 05:00 PM.

  • 0

Advertisements







Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP