Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

cant run or update any antivirus


  • This topic is locked This topic is locked

#16
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,723 posts
Hi. :D

but then using firefox when i try to install the eset it cant connect to internet.

OK, there are some suspicious entries in the Gmer Log, so lets proceed as follows shall we.

Download/Run ComboFix:

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingc...to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs <-- Click on this link.

Please include the C:\ComboFix.txt in your next reply for further review.

Note: If ComboFix detects Rootkit activity and asks to reboot the system, please allow this to be done.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own.
This tool is not a toy and not for everyday use. ComboFix Should Not be used unless requested by a forum helper


When completed the above, please post back the following in the order asked for:

  • How is your computer performing now, any other symptoms and or problems encountered?
  • ComboFix Log.

  • 0

Advertisements


#17
r1sk

r1sk

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
ComboFix 11-02-09.05 - Kalin 10/02/2011 21:52:34.1.1 - x86
Running from: c:\documents and settings\Kalin\My Documents\Downloads\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\Data
c:\windows\system32\drivers\hwinterface.sys
c:\windows\system32\svchost
D:\install.exe

c:\windows\regedit.exe . . . is infected!!

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_hwinterface
-------\Service_hwinterface


((((((((((((((((((((((((( Files Created from 2011-01-11 to 2011-02-11 )))))))))))))))))))))))))))))))
.

2011-02-11 06:04 . 2011-02-11 06:04 -------- d-----w- c:\windows\LastGood
2011-02-10 06:16 . 2011-02-10 06:16 -------- d-----w- c:\program files\ESET
2011-02-07 03:10 . 2011-02-07 03:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-02-07 03:10 . 2010-12-21 02:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-02-07 03:09 . 2011-02-07 03:10 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-02-07 03:09 . 2010-12-21 02:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-02-05 22:55 . 2011-02-05 22:55 -------- d-----w- C:\_OTL
2011-01-28 08:39 . 2011-01-28 08:39 -------- d-----w- c:\program files\ERUNT
2011-01-24 01:30 . 2011-01-24 01:47 -------- d-----w- c:\documents and settings\Kalin\Local Settings\Application Data\MediaMonkey
2011-01-24 01:30 . 2011-01-24 01:31 -------- d-----w- c:\program files\MediaMonkey
2011-01-24 01:17 . 2011-02-07 02:10 2572 ----a-w- c:\windows\system32\ASOROSet.bin
2011-01-24 01:17 . 2010-04-20 00:15 15080 ----a-w- c:\windows\system32\ROBoot.exe
2011-01-23 19:16 . 2011-01-23 19:16 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-01-23 18:52 . 2011-01-23 19:11 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2011-01-23 02:47 . 2011-01-23 02:47 -------- d-----w- c:\documents and settings\Kalin\Application Data\SUPERAntiSpyware.com
2011-01-23 02:47 . 2011-01-23 02:47 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2011-01-22 19:07 . 2010-11-09 21:56 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-01-22 19:07 . 2010-11-09 21:56 27984 ----a-w- c:\windows\system32\sbbd.exe
2011-01-22 19:07 . 2011-01-22 21:01 -------- d-----w- C:\VIPRERESCUE
2011-01-22 18:08 . 2011-01-22 18:08 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
2011-01-22 02:36 . 2011-01-22 02:36 -------- d-----w- c:\documents and settings\Kalin\Application Data\.minecraft
2011-01-15 19:48 . 2011-01-15 19:51 -------- d-----w- c:\windows\system32\drivers\NIS\1205000.07D

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-15 19:50 . 2010-05-30 20:03 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2011-01-15 19:50 . 2010-05-30 20:03 126512 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-12-27 02:58 . 2010-12-27 02:58 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2010-12-27 02:58 . 2010-12-27 02:58 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2010-11-18 18:12 . 2008-06-27 04:33 81920 ------w- c:\windows\system32\isign32.dll
2001-05-24 20:59 . 2009-02-14 06:56 162304 ----a-w- c:\program files\UNWISE.EXE
2007-07-25 02:03 . 2007-07-25 02:03 118784 ----a-w- c:\program files\internet explorer\plugins\LV85ActiveXControl.dll
2008-12-10 21:50 . 2008-12-10 21:50 118784 ----a-w- c:\program files\internet explorer\plugins\LV86ActiveXControl.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-12-07 2387968]
"Steam"="c:\program files\steam\steam.exe" [2011-01-06 1242448]
"Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2010-09-12 2969496]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-01-13 2424560]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UMonit"="c:\windows\system32\umonit.exe" [2004-10-28 53248]
"USBDetector"="c:\usbstorage\USBDetector.exe" [2003-04-01 53248]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2009-06-01 1468296]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-04-04 110696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-04-04 13670504]
"ANIWZCS2Service"="c:\program files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2007-01-19 49152]
"D-Link D-Link Xtreme N Dual Band DWA-160"="c:\program files\D-Link\DWA-160 revA\AirNCFG.exe" [2009-02-13 1687552]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-08-10 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-01 421160]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"SystemProtector"="c:\program files\Advanced System Optimizer 3\SystemProtector.exe" [2010-04-20 9999080]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Brian\Start Menu\Programs\Startup\
Wallpaper Changer.lnk - c:\program files\WallpaperToy\Wallpapertoy.Exe [2008-7-15 110592]

c:\documents and settings\Kalin\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
APC UPS Status.lnk - c:\program files\APC\APC PowerChute Personal Edition\Display.exe [2010-4-15 221247]
Philips GoGear SA018 Device Manager.lnk - c:\program files\Philips\GoGear SA018 Device Manager\GoGear_SA018_DeviceManager.exe [2010-7-11 1615232]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0sasnative32
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel Photo Downloader

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel File Shell Monitor]
2007-10-31 02:52 16200 ----a-w- c:\program files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InstantAccess]
2000-01-19 23:43 49152 ----a-w- c:\program files\TextBridge Pro Millennium\Bin\InstantAccess.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2006-09-11 12:40 218032 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2006-09-11 12:40 86960 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MediaFace Integration]
2003-08-19 00:46 53248 ----a-w- c:\program files\Fellowes\MediaFACE 4.0\SetHook.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-02-07 01:51 3885408 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-08-10 12:15 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-05-30 22:01 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\SightSpeed\\SightSpeed.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Laplink\\PCmover\\PCmover.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\Roxio\\Digital Home 9\\RoxioUPnPRenderer9.exe"=
"c:\\Program Files\\Roxio\\Audio Master 9\\MusicDiscCreator9.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Steam\\steamapps\\grothzyrat\\insurgency\\hl2.exe"=
"c:\\Program Files\\Steam\\steamapps\\grothzyrat\\half-life 2 deathmatch\\hl2.exe"=
"c:\\Program Files\\Steam\\steamapps\\grothzyrat\\dystopia\\hl2.exe"=
"c:\\Program Files\\Steam\\steamapps\\grothzyrat\\source sdk base 2007\\hl2.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Steam\\steamapps\\grothzyrat\\condition zero\\hl.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\Steam\\steamapps\\grothzyrat\\counter-strike\\hl.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\darwinia\\darwinia.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\osmos\\osmos.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\plain sight\\PlainSight.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\galcon fusion\\GalconFusion.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\audiosurf\\engine\\QuestViewer.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\foreign legion (buckets of blood)\\Foreign Legion.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\amnesia the dark descent\\Launcher.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\eufloria\\Eufloria.exe"=
"c:\\Program Files\\Raptr\\raptr.exe"=
"c:\\Program Files\\Raptr\\raptr_im.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\star wars battlefront ii\\GameData\\BattlefrontII.exe"=
"c:\\Program Files\\Steam\\steamapps\\grothzyrat\\counter-strike source\\hl2.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\killingfloor\\System\\KillingFloor.exe"=
"c:\\Program Files\\Steam\\steamapps\\grothzyrat\\pirates, vikings, and knights ii\\hl2.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\swords and soldiers\\Swords and Soldiers Launcher.exe"=
"c:\\Program Files\\Steam\\steamapps\\grothzyrat\\day of defeat source\\hl2.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"67:UDP"= 67:UDP:DHCP Discovery Service
"57926:TCP"= 57926:TCP:Pando Media Booster
"57926:UDP"= 57926:UDP:Pando Media Booster
"8378:TCP"= 8378:TCP:League of Legends Launcher
"8378:UDP"= 8378:UDP:League of Legends Launcher
"8379:TCP"= 8379:TCP:League of Legends Launcher
"8379:UDP"= 8379:UDP:League of Legends Launcher
"56945:TCP"= 56945:TCP:Pando Media Booster
"56945:UDP"= 56945:UDP:Pando Media Booster

R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NIS\1205000.07D\SymDS.sys [15/01/2011 11:48 AM 340016]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1205000.07D\SymEFA.sys [15/01/2011 11:48 AM 652336]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\BASHDefs\20110114.001\BHDrvx86.sys [19/01/2011 5:12 PM 691248]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [17/02/2010 10:25 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [10/05/2010 10:41 AM 67656]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [22/01/2011 11:07 AM 98392]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NIS\1205000.07D\Ironx86.sys [15/01/2011 11:48 AM 136312]
R2 ANIWConnService;ANIWConn Service;c:\windows\system32\ANIWConnService.exe [30/05/2010 11:28 AM 147456]
R2 ASO3DiskOptimizer;ASO3DiskOptimizer;c:\program files\Advanced System Optimizer 3\ASO3DefragSrv.exe [25/10/2009 5:52 PM 238824]
R2 NIS;Norton Internet Security;c:\program files\Norton Internet Security\Engine\18.5.0.125\ccSvcHst.exe [15/01/2011 11:48 AM 130000]
R3 ADASPROT;SYSTWEAKASO;c:\program files\Advanced System Optimizer 3\adasprot32.sys [25/10/2009 5:52 PM 6656]
R3 arusb(Atheros);D-Link Wireless Network Adapter Service;c:\windows\system32\drivers\dwarusb.sys [30/05/2010 11:27 AM 592384]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [30/05/2010 12:05 PM 102448]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\IPSDefs\20110210.001\IDSXpx86.sys [10/02/2011 10:15 PM 341944]
S0 tpcdrdrv;tpcdrdrv;c:\windows\system32\DRIVERS\tpcdrdrv.sys --> c:\windows\system32\DRIVERS\tpcdrdrv.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/2010 1:16 PM 130384]
S2 gupdate1c9e17254587758;Google Update Service (gupdate1c9e17254587758);c:\program files\Google\Update\GoogleUpdate.exe [30/05/2009 2:02 PM 133104]
S2 IcRecUsb;IC Recorder Driver;c:\windows\system32\drivers\IcRecUsb.sys [09/07/2009 5:44 PM 17432]
S3 AWINDIS5;AWINDIS5 Protocol Driver;c:\windows\system32\AWINDIS5.SYS [25/10/2009 10:11 AM 16194]
S3 fixustor;fixustor;c:\windows\system32\drivers\fixustor.sys [15/07/2008 12:42 PM 6016]
S3 NETGEAR_WG311T_SERVICE;NETGEAR WG311T Wireless Adapter Service;c:\windows\system32\DRIVERS\wg311tn5.sys --> c:\windows\system32\DRIVERS\wg311tn5.sys [?]
S3 notecable;NoteCable Driver (WDM);c:\windows\system32\drivers\notcable.sys --> c:\windows\system32\drivers\notcable.sys [?]
S3 NUVision;NUVision Video Service;c:\windows\system32\drivers\NUVvid2.sys [01/02/2001 9:00 AM 153824]
S3 RTL8192u;Realtek RTL8192U Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8192u.sys [26/10/2009 1:56 PM 450944]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/03/2010 1:16 PM 753504]
S3 WPRO_40_1340;WinPcap Packet Driver (WPRO_40_1340);c:\windows\system32\drivers\WPRO_40_1340.sys --> c:\windows\system32\drivers\WPRO_40_1340.sys [?]
S3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [16/11/2009 10:29 AM 16640]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - IPOD_SERVICE

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-12-07 06:18 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9C450606-ED24-4958-92BA-B8940C99D441}]
2009-03-05 00:32 8192 ----a-w- c:\program files\PixiePack Codec Pack\InstallerHelper.exe
.
Contents of the 'Scheduled Tasks' folder

2011-01-21 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 20:34]

2011-02-11 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-05-30 22:01]

2011-02-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-30 22:02]

2011-01-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-30 22:02]

2009-08-04 c:\windows\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job
- c:\program files\Microsoft IntelliPoint\ipoint.exe [2009-06-01 20:51]

2011-01-15 c:\windows\Tasks\Norton Security Scan for Kalin.job
- c:\program files\Norton Security Scan\Engine\2.7.3.34\Nss.exe [2010-03-25 18:04]

2011-02-11 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2009-11-19 02:40]

2011-02-11 c:\windows\Tasks\User_Feed_Synchronization-{7E60004C-CF9C-40F3-B2CB-FB79394A5166}.job
- c:\windows\system32\msfeedssync.exe [2007-08-14 11:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.facebook.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://blueheronproject.dyndns.org/activex/AMC.cab
FF - ProfilePath - c:\documents and settings\Kalin\Application Data\Mozilla\Firefox\Profiles\x5q2a0gn.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2260173&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2260173&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: XfireXO Community Toolbar: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - %profile%\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}
FF - Ext: Swag Bucks Toolbar: {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - %profile%\extensions\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: [email protected] - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Norton Toolbar: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62} - c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\coFFPlgn
FF - Ext: Norton IPS: {BBDA0591-3099-440a-AA10-41764D9DB4DB} - c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\IPSFFPlgn
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-CanonMyPrinter - c:\program files\Canon\MyPrinter\BJMyPrt.exe
MSConfigStartUp-DriverCure - c:\program files\ParetoLogic\DriverCure\DriverCure.exe
MSConfigStartUp-LELA - c:\program files\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe
MSConfigStartUp-ParetoLogic Anti-Spyware - c:\program files\ParetoLogic\Anti-Spyware\Pareto_AS.exe
AddRemove-NVIDIA Display Control Panel - c:\program files\NVIDIA Corporation\Uninstall\nvuninst.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-02-10 22:29
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\Common Files\Acronis\Schedule2\schedul2.exe
c:\program files\APC\APC PowerChute Personal Edition\mainserv.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\CTsvcCDA.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\lkcitdl.exe
c:\windows\system32\lkads.exe
c:\windows\system32\lktsrv.exe
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\program files\National Instruments\Shared\Security\nidmsrv.exe
c:\windows\system32\nisvcloc.exe
c:\windows\system32\PSIService.exe
c:\windows\System32\locator.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\system32\SearchIndexer.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\RUNDLL32.EXE
c:\program files\APC\APC PowerChute Personal Edition\apcsystray.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Advanced System Optimizer 3\CheckUpdate.exe
c:\program files\Common Files\Java\Java Update\jucheck.exe
.
**************************************************************************
.
Completion time: 2011-02-10 22:36:24 - machine was rebooted
ComboFix-quarantined-files.txt 2011-02-11 06:36

Pre-Run: 25,951,911,936 bytes free
Post-Run: 25,681,956,864 bytes free

- - End Of File - - 7C9C9425BC1905E7FB6D0860D0A5563F





wow that really helped out alot, my norton is running again, i can see whats open in the taskbar again, and sound is running again! seems to be running back at its normal ways, but are there any other things that i should still check?
  • 0

#18
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,723 posts
Hi. :D

wow that really helped out alot, my norton is running again, i can see whats open in the taskbar again, and sound is running again! seems to be running back at its normal ways,

Good, a marked improvement indeed!

but are there any other things that i should still check?

Aye we still have some way to go as of yet.

Install the Recovery Console:

With malware infections being as they are today, it's strongly recommended to have the Windows Recovery Console pre-installed on your machine before doing any malware removal.

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Please move ComboFix to the Desktop, currently it is in this folder:-

c:\documents and settings\Kalin\My Documents\Downloads\ComboFix.exe

It needs to be on the Desktop for the below to work correctly.

Now go to Microsoft's website => http://support.microsoft.com/kb/310994

Scroll down to Step 1, and select the download that's appropriate for your Operating System. Download the file & save it as it's originally named.

Note: If you have SP3, use the SP2 package.

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

Posted Image

  • Drag the setup package onto ComboFix.exe and drop it.

  • Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement to install the Microsoft Recovery Console.


    Posted Image
  • At the next prompt, click 'Yes' to run the full ComboFix scan.

  • When the tool is finished, it will produce a report for you.
Please post the C:\ComboFix.txt in your next reply.

Next:

Please download SystemLook from one of the links below and save it to your Desktop.

Download Mirror #1
Download Mirror #2

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    :filefind
    regedit.exe 
    
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
  • 0

#19
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,723 posts
PM acknowledged and I am prepared to leave this topic open longer. :D
  • 0

#20
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,723 posts
Everything Ok, do you still require my assistance? Only reason asking is my actual online time is limited at present and I will not leave this topic open indefinitely, thank you.
  • 0

#21
r1sk

r1sk

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
ok sorry been soo busy lately. im trying my best to get on but just have lots going on.

so anyways when i drag the recovery console into combo fix, its shows the loading bar for combofix but nothing happens after that it just quits. i think that i downloaded the right one.
  • 0

#22
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,723 posts
Hi. :D

ok sorry been soo busy lately. im trying my best to get on but just have lots going on.

Fair play...However if you feel that you will be unable to reply in a timely fashion please let myself know and I will close this topic. Then if you still require assistance you will have to create a new topic requesting such and wait until a trained helper is availble...Though saying that you are not doing yourself any favours what so ever being so flippant/posting when suits, I have a life too as do my colleagues and I(we) provide support on a volunteer basis! :D

so anyways when i drag the recovery console into combo fix, its shows the loading bar for combofix but nothing happens after that it just quits. i think that i downloaded the right one.

OK try it again, if no luck re-download a fresh copy of ComboFix from here and try again...In the event still unsuccessful merely proceed to my prior SystemLook instructions here and we will go from there, thank you.
  • 0

#23
r1sk

r1sk

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
SystemLook 04.09.10 by jpshortstuff
Log created at 21:01 on 20/02/2011 by Kalin
Administrator - Elevation successful

========== filefind ==========

Searching for "regedit.exe "
C:\WINDOWS\regedit.exe ------- 146432 bytes [20:43 16/07/2003] [12:42 14/04/2008] 058710B720282CA82B909912D3EF28DB
C:\WINDOWS\$NtServicePackUninstall$\regedit.exe -----c- 134144 bytes [06:25 27/06/2008] [20:43 16/07/2003] B28FB518CD2949715CBFCE0E93A7A535
C:\WINDOWS\ServicePackFiles\i386\regedit.exe ------- 146432 bytes [12:42 14/04/2008] [12:42 14/04/2008] 058710B720282CA82B909912D3EF28DB

-= EOF =-
heres my systemlook log. and again sorry but i will beable to post alot this week! thanks so much for the help so far!
  • 0

#24
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,723 posts
Hi. :D

OK I do appreciate your situation as mentioned in a prior post and you're welcome!

Unfortunately the results of SystemLook are not truly favorable for us with regard to replacing a infected/patched system file. So do you have a copy of the XP Installation CD-ROM or maybe borrow one form a friend?

If not we can work around that if the need, anyway for now just answer my query and we will go from there, thank you.
  • 0

#25
r1sk

r1sk

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
sadly i dont :\ and cant get a hold of one
and just a side note, my dad got a new pc so he cleaned out all of his stuff and supposedly did abunch of things to get it running and fix problems, so im hoping that helped abit
  • 0

Advertisements


#26
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,723 posts
Hi. :D

sadly i dont :\ and cant get a hold of one
and just a side note, my dad got a new pc so he cleaned out all of his stuff and supposedly did abunch of things to get it running and fix problems, so im hoping that helped abit

OK a pity but as I mentioned in my last post we can work around this. Though this may be problematic in the future if your machine does require say a reformat and reinstallation of the Windows Operating System and or you need to run a System File Check for example. I suggest you either contact Microsoft about this and or a local reputable IT Repair Centre to enquire about purchasing a replacement installation CD-ROM.

Backup the Registry:

Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.

Click on Start >> Run...(or the Windows key and R together) to bring up the Run box and and copy and paste in:

"C:\Program Files\ERUNT\ERUNT.EXE" %SystemRoot%\ERDNT\otl-backup

and click on OK.

Note: If you have uninstalled ERUNT since we last used it, please inform myself before proceeding any further.

Next:

Please download the attachment below(it is a clean copy of the file we require from my XP machine). It is in a Zip file, so you will need to extract it to your Desktop >> Right click on and select Extract...

Note: Ensure once extracted it is on the Desktop, as this is crucial for the below script to work.

Custom OTL Script:

  • Dight-click OTL.exe to start the program.
  • Copy the lines from the codebox to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
:Files
[override]
C:\Windows\Regedit.exe|C:\Documents and Settings\Kalin\Desktop\Regedit.exe /replace
[stopoverride]
ipconfig /flushdns /c

:Reg
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000000
HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000000
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel Photo Downloader]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel File Shell Monitor]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InstantAccess]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MediaFace Integration]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

:Commands
[CreateRestorePoint]
[EmptyFlash]
[EmptyTemp]
[Reboot]
  • Return to OTL, right-click in the Custom Scans/Fixes window (under the cyan bar) and choose Paste.
  • Then click the red Run Fix button.
  • Let the program run unhindered.
  • If OTL asks to reboot your computer, allow it to do so. The report should appear in Notepad after the reboot.
Note: The logfile can also be located C: >> _OTL >> MovedFiles >> DD/DD/DD TT/TT.txt <-- denotes date/time log created.

Next:

Uninstall your current version....Then download a new installer for Malwarebytes' Anti-Malware to your Desktop.

  • Double-click mbam-setup.exe and select then follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please post that log in your next reply.
The log can also be found here:

  • Launch Malwarebytes' Anti-Malware
  • Click on the Logs radio tab.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

When completed the above, please post back the following in the order asked for:

  • How is you computer performing now, any further symptoms and or problems encountered?
  • OTL Log from the Custom Script.
  • Malwarebytes Anti-Malware Log.

  • 0

#27
r1sk

r1sk

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Just a question before I go ahead with those fixes, would it be better for my computer if I could just get a new windows cd? It sounds like doing this could cause future problems, would they be serious?
  • 0

#28
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,723 posts
Hi. :D

Just a question before I go ahead with those fixes, would it be better for my computer if I could just get a new windows cd? It sounds like doing this could cause future problems, would they be serious?

What I have advised thus far should not excabiriate the current situation and in fact improve but in the long run it may be prudent to either repair the Operating System and or carry out a full a a reformat and reinstallation of the Windows Operating System... So yes in the long run it would be in your own best interest to purchase a new genuine XP installation CD-ROM.

What you choose to do now/follow my prior post is entirely up to your good self as the machine is your property and I can only provide my advice/assistance. I will further add if you choose to follow my advice for now and purchase a replacement XP installation CD-ROM later on I will try my best to resolve your machines current issues. If I may refer to a portion of my first reply here:-

Before we start:

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.


  • 0

#29
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,723 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP