Cannot Open Programs in Safe Mode ('Open With' virus).....
#61
Posted 16 June 2012 - 08:15 AM
#62
Posted 16 June 2012 - 08:23 AM
#63
Posted 16 June 2012 - 09:05 AM
#64
Posted 16 June 2012 - 09:11 AM
Can you download the other things as well??
FF 13 is no significant change to me.
#65
Posted 16 June 2012 - 09:15 AM
Regards,
CompCav
#66
Posted 16 June 2012 - 09:24 AM
#67
Posted 16 June 2012 - 09:51 AM
#68
Posted 17 June 2012 - 03:05 PM
ComboFix 12-06-16.02 - User 06/17/2012 16:09:26.4.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.510.200 [GMT -4:00]
Running from: c:\documents and settings\User\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\User\Desktop\CFScript.txt
.
.
((((((((((((((((((((((((( Files Created from 2012-05-17 to 2012-06-17 )))))))))))))))))))))))))))))))
.
.
2012-06-16 05:00 . 2012-06-16 05:00 32072 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2012-06-14 00:27 . 2012-06-14 00:27 -------- dc----w- C:\_OTL
2012-06-02 05:28 . 2012-06-04 19:34 -------- d-----w- c:\documents and settings\All Users\Application Data\boost_interprocess
2012-06-02 05:26 . 2012-06-04 19:35 -------- d-----w- c:\documents and settings\User\Application Data\Skype
2012-06-02 05:17 . 2012-06-04 19:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2012-05-29 11:26 . 2012-06-04 19:28 -------- d-----w- c:\documents and settings\All Users\Application Data\SecTaskMan
2012-05-29 09:19 . 2012-05-29 09:20 -------- d-----w- c:\documents and settings\User\Application Data\IObit
2012-05-29 09:18 . 2012-05-29 09:18 -------- d-----w- c:\program files\IObit
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-04 19:56 . 2011-05-20 00:25 22344 -c--a-w- c:\windows\system32\drivers\mbam.sys
2012-06-17 06:56 . 2012-06-17 06:56 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMMyDocs"= 1 (0x1)
"NoFavoritesMenu"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-03 07:37 843712 -c--a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2004-08-04 07:56 15360 -c--a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-03-07 19:33 421160 -c--a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2012-04-04 19:56 462408 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 21:38 421888 -c--a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-01-18 19:02 254696 -c--a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"MBAMService"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Rhapsody\\rhapsody.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"50000:UDP"= 50000:UDP:IHA_MessageCenter
.
R3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [2012-06-16 32072]
R3 WinDefend;Windows Defender;c:\windows\System32\svchost.exe [2004-08-04 14336]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 22344]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-06 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 22:57]
.
.
------- Supplementary Scan -------
.
uStart Page =
mStart Page =
Trusted Zone: streamwrhu.net\live
TCP: DhcpNameServer = 66.189.0.100 24.159.64.23 24.247.24.53
FF - ProfilePath - c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\2dx88my5.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-06-17 16:29
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(1228)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\wscntfy.exe
c:\windows\SoftwareDistribution\Download\fd0264849c01086f3c6b505dc02dbd44\update\update.exe
.
**************************************************************************
.
Completion time: 2012-06-17 16:44:50 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-17 20:44
ComboFix2.txt 2012-06-15 13:09
ComboFix3.txt 2012-06-15 00:48
.
Pre-Run: 3,067,150,336 bytes free
Post-Run: 2,683,654,144 bytes free
.
- - End Of File - - F7ED85379B2DA466C5563AE2E527CB50
#69
Posted 17 June 2012 - 03:10 PM
#70
Posted 17 June 2012 - 03:43 PM
#71
Posted 17 June 2012 - 03:58 PM
Posts 22 and 24 discuss why of this. I am recommending a course of action based on sound principles and recommendations consistent with our website guidelines. If you choose to do differently, that is your right. But we believe not following these guides increases your risk of infection and may makes it more difficult to completely clean your machine.
You apparently want to keep all the data you have on this machine. So I would also recommend this:
The data you have on that hard drive needs to be backed up. If the hard drive is as old as the computer it could fail and you would need to replace it and you would lose your data. You need to back up the data.
You can backup to DVD's, external hard drives connected by USB, and flash USB drives.
Here is a linux (Puppy Linux) bootable CD you can create and use to move the data and save it.
#72
Posted 17 June 2012 - 04:20 PM
#73
Posted 17 June 2012 - 04:45 PM
Yo could use DVD's at about 4.7 GB per disk or purchase a USB flash drive to use on the back at 8 GB or so.as for the puppy Linux program, where exactly would I put the backup data anyhow under the circumstances I've cited?
You can install SuperAntiSpyware anytime you wish.
#74
Posted 17 June 2012 - 05:12 PM
#75
Posted 17 June 2012 - 06:30 PM
Yes at about 700 MB per disc......does that also go for CD-Rs as well?
You can go to www.avast.com and herefor information on Security essentials,if you could please give me some idea, though, how large are the Avast! and MS Security Suite programs so I can confirm my suspicions?
How are you connecting to post here if you are installing SP3?
No it ran fine and completed, that is what counts..do you want me to run ComboFix again minus Malwarebytes as background?
Some downloads are coming through like SP3 and Firefox what happens exactly when you try something else?
Regards,
CompCav
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users