Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

I can't open run / install any antivirus software in my system [Cl


  • This topic is locked This topic is locked

#1
Rory Ko

Rory Ko

    New Member

  • Member
  • Pip
  • 1 posts
Hi expert,

I formatted my system recently and no antivirus software being re-installed. After some time, I suspect I have some kind of virus. Try to download and install Avira, Panda, bitdefender, etc but fail miserably. They all just simply stopped installing midway or can't even open up the webpage(as for bitdefender) first place. I can open and surf all other websites without any problem. I read in your past article similar to my problem posted in 2009.

http://www.geekstogo...ost__p__1458959

I followed the procedure but still nothing fixed. Here is the report from the Combofix and HijackThis log.

Thank you so much in advance for helping troubled people like me.

ComboFix 11-11-24.01 - Administrator 25/11/2011 11:29:45.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.991.685 [GMT 8:00]
Running from: c:\documents and settings\Administrator\My Documents\Downloads\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\autorun.inf
C:\bnyhd.pif
c:\documents and settings\All Users\Application Data\TEMP
C:\slgle.pif
c:\winxp\ALCMTR.EXE
c:\winxp\system32\wmm_cur.log
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_AMSINT32
-------\Service_amsint32
.
.
((((((((((((((((((((((((( Files Created from 2011-10-25 to 2011-11-25 )))))))))))))))))))))))))))))))
.
.
2011-11-25 03:13 . 2011-11-25 03:13 291 ----a-w- C:\autorun.inf.vir
2011-11-25 03:09 . 2006-06-19 05:01 69632 ----a-w- c:\winxp\system32\ztvcabinet.dll
2011-11-25 03:09 . 2006-05-25 07:52 162304 ----a-w- c:\winxp\system32\ztvunrar36.dll
2011-11-25 03:09 . 2005-08-25 17:50 77312 ----a-w- c:\winxp\system32\ztvunace26.dll
2011-11-25 03:09 . 2003-02-02 12:06 153088 ----a-w- c:\winxp\system32\UNRAR3.dll
2011-11-25 03:09 . 2002-03-05 17:00 75264 ----a-w- c:\winxp\system32\unacev2.dll
2011-11-25 03:09 . 2011-11-25 03:09 -------- d-----w- c:\program files\Trojan Remover
2011-11-25 03:09 . 2011-11-25 03:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Simply Super Software
2011-11-25 03:09 . 2011-11-25 03:09 -------- d-----w- c:\documents and settings\Administrator\Application Data\Simply Super Software
2011-11-25 02:29 . 2010-07-05 02:39 131072 ----a-w- c:\winxp\system32\drivers\mt7118xu.sys
2011-11-25 02:29 . 2010-07-05 02:38 1896488 ----a-w- c:\winxp\system32\drivers\mt7118u.bin
2011-11-25 02:29 . 2010-04-26 04:23 22016 ----a-w- c:\winxp\system32\drivers\mtkwmptx.sys
2011-11-25 02:29 . 2010-01-05 10:34 319456 ----a-w- c:\winxp\system32\difxapi.dll
2011-11-25 02:28 . 2011-11-25 02:28 -------- d-----w- c:\program files\P1
2011-11-16 08:21 . 2011-11-16 08:21 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2011-11-16 08:00 . 2011-11-16 08:00 -------- d-----w- c:\program files\Common Files\Java
2011-11-16 07:59 . 2011-11-16 07:59 73728 ----a-w- c:\winxp\system32\javacpl.cpl
2011-11-16 07:59 . 2011-11-16 07:59 -------- d-----w- c:\program files\Java
2011-11-15 07:22 . 2011-11-15 07:22 -------- d-----w- c:\program files\Common Files\Adobe
2011-11-09 11:11 . 2011-11-09 11:11 -------- d--h--w- c:\program files\InstallShield Installation Information
2011-11-09 11:09 . 2011-11-09 11:09 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA Corporation
2011-11-09 11:02 . 2010-03-04 10:05 755200 ----a-w- c:\winxp\system32\cohelper.dll
2011-11-09 11:02 . 2010-02-21 23:45 10084 ----a-w- c:\winxp\system32\drivers\nvphy.bin
2011-11-09 11:02 . 2011-11-09 11:11 -------- d-----w- c:\program files\NVIDIA Corporation
2011-11-09 10:59 . 2011-11-09 10:59 -------- d-----w- C:\NVIDIA
2011-11-09 09:39 . 2011-11-09 09:39 -------- d-----w- c:\documents and settings\Administrator\Application Data\Easeware
2011-11-09 09:39 . 2011-11-09 09:39 -------- d-----w- c:\program files\Easeware
2011-11-09 09:30 . 2009-03-15 06:17 14720 ----a-w- c:\winxp\system32\drivers\sr9usb.sys
2011-11-09 09:30 . 2011-11-09 09:30 -------- d-----w- c:\program files\SUPERAL Semiconductor, Inc
2011-11-09 08:47 . 2011-11-09 08:47 103140 --sh--r- C:\qixep.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-24 04:29 . 2011-09-18 07:42 414368 ----a-w- c:\winxp\system32\FlashPlayerCPLApp.cpl
2011-11-16 07:59 . 2011-09-23 07:54 472808 ----a-w- c:\winxp\system32\deployJava1.dll
2011-11-05 06:53 . 2011-11-16 08:21 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"P1 4G"="c:\program files\P1\P1 4G\P1 4G.exe" [2010-10-26 905216]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2008-02-17 16859648]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 100648]
"NvCplDaemon"="c:\winxp\system32\NvCpl.dll" [2010-03-15 13670504]
"NvMediaCenter"="c:\winxp\system32\NvMcTray.dll" [2010-03-15 110696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 328424]
"TrojanScanner"="c:\program files\Trojan Remover\Trjscan.exe" [2011-05-18 1233856]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"UacDisableNotify"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Google\\Update\\GoogleUpdate.exe"=
"c:\\Program Files\\Common Files\\Java\\Java Update\\jusched.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Adobe\\Reader 10.0\\Reader\\Reader_sl.exe"=
"c:\\Documents and Settings\\Administrator\\My Documents\\Downloads\\HousecallLauncher.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\GrooveMonitor.exe"=
.
R2 GPCommonService;GPCommonService;c:\program files\P1\P1 4G\GPCommonService.exe [25/11/2011 10:29 90112]
R2 MTKWMPROT;MediaTek WiMAX Modem Protocol Driver;c:\winxp\system32\drivers\mtkwmptx.sys [25/11/2011 10:29 22016]
R3 MT7118XU;MediaTek MT7118 WiMAX USB Card Driver;c:\winxp\system32\drivers\mt7118xu.sys [25/11/2011 10:29 131072]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [24/09/2011 12:04 218096]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [24/09/2011 12:04 218096]
S3 SR9USB;SR9600 USB To Fast Ethernet Adapter;c:\winxp\system32\drivers\sr9usb.sys [09/11/2011 17:30 14720]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - AMSINT32
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-09 c:\winxp\Tasks\DriverEasy Scheduled Scan.job
- c:\program files\Easeware\DriverEasy\DriverEasy.exe [2011-11-09 04:38]
.
2011-11-25 c:\winxp\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-09-24 04:04]
.
2011-11-25 c:\winxp\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-09-24 04:04]
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 122.255.99.236 122.255.99.228
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\vj768z0q.default\
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-nwiz - nwiz.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-11-25 11:34
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-842925246-1645522239-682003330-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,32,ef,d0,92,83,64,82,47,98,20,4b,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,32,ef,d0,92,83,64,82,47,98,20,4b,\
.
------------------------ Other Running Processes ------------------------
.
c:\winxp\system32\nvsvc32.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
.
**************************************************************************
.
Completion time: 2011-11-25 11:35:49 - machine was rebooted
ComboFix-quarantined-files.txt 2011-11-25 03:35
.
Pre-Run: 73,721,081,856 bytes free
Post-Run: 74,620,223,488 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINXP
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINXP="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 386491884ADE3DF9DC8BA08E4B447C6C

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:07:13, on 25/11/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINXP\System32\smss.exe
C:\WINXP\system32\winlogon.exe
C:\WINXP\system32\services.exe
C:\WINXP\system32\lsass.exe
C:\WINXP\system32\nvsvc32.exe
C:\WINXP\system32\svchost.exe
C:\WINXP\System32\svchost.exe
C:\WINXP\system32\spoolsv.exe
C:\Program Files\P1\P1 4G\GPCommonService.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
C:\WINXP\RTHDCPL.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\P1\P1 4G\P1 4G.exe
C:\Program Files\P1\P1 4G\wimax\WmMMgr.exe
C:\WINXP\explorer.exe
C:\WINXP\system32\ctfmon.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\wkuww.exe
C:\WINXP\system32\msiexec.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Administrator\My Documents\Downloads\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINXP\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINXP\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [P1 4G] C:\Program Files\P1\P1 4G\P1 4G.exe minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINXP\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINXP\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINXP\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINXP\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINXP\system32\browseui.dll
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
O23 - Service: GPCommonService - Green Packet Inc. - C:\Program Files\P1\P1 4G\GPCommonService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINXP\system32\nvsvc32.exe

--
End of file - 5354 bytes
  • 0

Advertisements


#2
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,714 posts
Hi. :)

I apologise for the delay, the forum is very busy at times. Do you still require assistance or not? If so merely acknowledge this reply...

In the meantime some friendly advice, what you mentioned in your post:-

I formatted my system recently and no antivirus software being re-installed. After some time, I suspect I have some kind of virus

Hardly surprising I'm afraid, as using any one machine online without a installed/active Anti-Virus application is just asking for trouble end off. Plus running such a powerful tool as ComboFix without trained supervision is also asking for trouble potentially...

Anyway as I mentioned prior if you still require assistance merely acknowledge this reply, thank you.
  • 0

#3
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,714 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP