System Security blocking every program

View previous topic View next topic Go down

Re: System Security blocking every program

Post by collinmeyers09 on Sun Aug 02, 2009 11:29 pm

ComboFix 09-08-01.09 - Collin 08/02/2009 18:53.1.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.616 [GMT -4:00]
Running from: c:\documents and settings\Collin\Desktop\Combo-Fix.exe
AV: avast! antivirus 4.8.1335 [VPS 090801-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Collin\My Documents\winlogon.exe
c:\windows\Installer\106afbfd.msi
c:\windows\system32\drivers\vsfocejbmlwlxe.sys
c:\windows\system32\vsfocegqkhxjyi.dat
c:\windows\system32\vsfoceiycvprue.dll
c:\windows\system32\vsfoceyabrntyp.dll
c:\windows\system32\vsfoceylmfvitu.dat

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_vsfocerjkvtftp


((((((((((((((((((((((((( Files Created from 2009-07-02 to 2009-08-02 )))))))))))))))))))))))))))))))
.

2009-08-02 19:01 . 2009-08-02 19:01 287232 ----a-w- c:\program files\jxoxm375.exe
2009-08-02 18:25 . 2009-08-02 18:25 401720 ----a-w- c:\program files\HijackThis.exe
2009-07-27 07:06 . 2009-07-27 07:06 -------- d-----w- c:\program files\Microsoft Games
2009-07-27 06:13 . 2009-07-27 06:13 -------- d-----w- c:\documents and settings\Collin\Application Data\Malwarebytes
2009-07-27 06:12 . 2009-07-13 17:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-27 06:12 . 2009-07-27 06:12 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Malwarebytes
2009-07-27 06:12 . 2009-07-13 17:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-27 06:12 . 2009-07-27 06:13 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-18 18:50 . 2009-07-18 18:50 -------- d-----w- c:\documents and settings\Default User\Application Data\Screaming Bee
2009-07-18 06:34 . 2009-07-18 18:50 -------- d-----w- c:\program files\Screaming Bee
2009-07-18 05:50 . 2009-07-18 05:51 -------- d-----w- c:\documents and settings\Collin\Application Data\Screaming Bee
2009-07-18 05:49 . 2009-07-18 05:51 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Screaming Bee
2009-07-17 20:50 . 2009-07-17 22:51 -------- d-----w- c:\documents and settings\Collin\Local Settings\Application Data\FullTiltPoker.NET
2009-07-16 07:01 . 2009-07-17 22:51 -------- d-----w- c:\program files\Full Tilt Poker.Net
2009-07-11 08:15 . 2008-10-27 14:04 23376 ----a-w- c:\windows\system32\X3DAudio1_5.dll
2009-07-11 08:14 . 2009-07-11 08:14 -------- d-----w- c:\windows\Logs
2009-07-11 08:02 . 2009-07-11 08:02 -------- d-----w- c:\documents and settings\Collin\Application Data\DriverCure
2009-07-11 08:02 . 2009-07-11 08:17 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\DriverCure
2009-07-11 08:02 . 2009-07-11 08:02 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\ParetoLogic

.

collinmeyers09
Novice
Novice

Status :
Online
Offline

Posts : 27
Joined : 2009-08-02
Gender : Male
OS : XP

View user profile

Back to top Go down

Re: System Security blocking every program

Post by collinmeyers09 on Sun Aug 02, 2009 11:29 pm

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-02 23:17 . 2008-10-03 01:42 256 ----a-w- c:\windows\system32\pool.bin
2009-08-02 18:35 . 2009-08-02 18:35 8290 ----a-w- c:\program files\log
2009-08-02 18:35 . 2009-08-02 18:27 8290 ----a-w- c:\program files\hijackthis.log
2009-07-27 15:35 . 2008-01-25 01:26 38552 ----a-w- c:\documents and settings\Collin\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-27 07:11 . 2006-10-29 23:42 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-16 22:11 . 2008-01-25 00:31 -------- d-----w- c:\program files\World of Warcraft
2009-07-11 08:09 . 2009-04-23 23:17 -------- d-----w- c:\program files\EA Games
2009-07-08 21:21 . 2008-08-20 18:54 -------- d-----w- c:\documents and settings\Collin\Application Data\Hamachi
2009-06-29 16:12 . 2004-08-04 06:56 827392 ----a-w- c:\windows\system32\wininet.dll
2009-06-29 16:12 . 2004-08-04 06:56 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-06-29 16:12 . 2004-08-04 06:56 17408 ----a-w- c:\windows\system32\corpol.dll
2009-06-25 03:46 . 2009-06-25 03:46 216 ----a-w- c:\documents and settings\Collin\CdHack.vbs
2009-06-24 17:10 . 2009-06-23 15:30 -------- d-----w- c:\program files\Lineage II
2009-06-24 06:39 . 2009-06-24 06:27 -------- d-----w- c:\program files\GRT
2009-06-23 15:09 . 2008-12-06 06:34 -------- d-----w- c:\program files\Lineage 2
2009-06-22 07:28 . 2009-06-22 07:28 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Trymedia
2009-06-22 07:27 . 2009-06-22 07:27 -------- d-----w- c:\program files\Hunting Unlimited 2009
2009-06-21 20:09 . 2008-05-01 16:58 -------- d---a-w- c:\docume~1\ALLUSE~1\APPLIC~1\TEMP
2009-06-19 02:27 . 2009-06-19 02:22 -------- d-----w- c:\program files\M&Ms The Lost Formulas
2009-06-18 14:59 . 2008-09-14 08:02 -------- d-----w- c:\program files\Hamachi
2009-06-18 14:58 . 2008-08-20 18:54 25280 ----a-w- c:\windows\system32\drivers\hamachi.sys
2009-06-18 14:47 . 2009-06-18 04:24 -------- d-----w- c:\program files\3.1.1 Server
2009-06-18 04:29 . 2009-06-18 04:29 -------- d-----w- c:\program files\3.1.1 private server
2009-06-16 14:36 . 2004-08-04 06:56 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-16 14:36 . 2001-08-23 13:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 04:05 . 2009-06-16 02:07 -------- d-----w- c:\program files\DAoC
2009-06-13 19:53 . 2009-06-13 19:53 5632 --sha-w- c:\program files\Thumbs.db
2009-06-05 00:24 . 2008-08-13 01:23 -------- d-----w- c:\documents and settings\Collin\Application Data\Yahoo!
2009-06-04 21:52 . 2009-06-04 21:52 102912 ----a-w- c:\program files\Shimmer_Book_Talk.ppt
2009-06-04 06:23 . 2009-06-04 06:19 3654839479 ----a-w- c:\program files\Runes-of-Magic-2011821.exe
2009-06-03 19:09 . 2004-08-04 06:56 1291264 ----a-w- c:\windows\system32\quartz.dll
2009-05-07 15:32 . 2004-08-04 06:56 345600 ----a-w- c:\windows\system32\localspl.dll
2009-05-06 02:41 . 2009-05-06 02:41 10558400 ----a-w- c:\program files\Vuze_Installer.exe
2009-05-05 02:47 . 2009-05-05 02:47 101464 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-03-14 03:24 . 2009-03-14 03:24 6667912 ----a-w- c:\program files\eadm-installer.exe
2009-03-14 03:15 . 2009-03-14 03:15 43396077 ----a-w- c:\program files\WarhammerOnlineInstaller.zip
2008-12-27 06:51 . 2008-12-27 06:51 25740144 ----a-w- c:\program files\wmp11-windowsxp-x86-enu.exe
2008-11-26 21:53 . 2008-11-26 21:53 130757 ----a-w- c:\program files\wh8.zip
2008-11-26 21:49 . 2008-11-26 21:49 39629592 ----a-w- c:\program files\Xenomorph_slim.exe
2008-11-26 02:19 . 2008-11-26 02:19 3064736 ----a-w- c:\program files\ventrilo-3.0.4-Windows-i386.exe
2008-11-19 20:01 . 2008-11-19 20:00 1234120 ----a-w- c:\program files\wrar380.exe
2008-11-18 22:46 . 2008-11-18 22:45 77738200 ----a-w- c:\program files\N3602008_2.0_Build_242A_EN_OEM90_Microsoft.exe
2008-11-18 22:34 . 2008-11-18 22:34 1751280 ----a-w- c:\program files\mirc635.exe
2008-11-17 20:36 . 2008-11-17 20:36 14896 ----a-w- c:\program files\[isoHunt]_I_Am_Legend[2007]DvDrip[Eng]-FXG.4034949.TPB.torrent
2008-11-17 20:32 . 2008-11-17 20:32 270128 ----a-w- c:\program files\utorrent.exe
2008-11-14 03:27 . 2008-11-14 03:27 35124856 ----a-w- c:\program files\AdbeRdr90_en_US.exe
2008-11-12 21:29 . 2008-11-12 21:29 1191056 ----a-w- c:\program files\Downloader_Diablo2_enUS.exe
2008-11-12 02:22 . 2008-11-12 02:22 1105069 ----a-w- c:\program files\Downloader_Diablo2_Lord_of_Destruction_enUS.exe
2008-06-30 04:34 . 2008-11-07 22:52 2839 ----a-w- c:\program files\README.txt
2009-07-23 17:00 . 2009-04-14 21:55 134648 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\lib\NMBgMonitor.exe" [2005-09-03 94208]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 4670704]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]
"Aim6"="c:\program files\AIM6\aim6.exe" [2009-04-27 49968]
"EA Core"="c:\program files\Electronic Arts\EADM\Core.exe" [2009-04-29 3338240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-10-25 136600]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2007-08-16 236016]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-10-25 413696]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-07 86016]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"ULiRaid"="c:\program files\ULi5287\ULi5287.exe" [2005-08-24 409600]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" - c:\windows\system32\HdAShCut.exe [2005-01-07 61952]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2005-09-22 14854144]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-10-07 1630208]

c:\documents and settings\Collin\Start Menu\Programs\Startup\
Desktop Manager.lnk - c:\program files\Research In Motion\BlackBerry\DesktopMgr.exe [2008-1-25 1447184]
MorphVOXJr.lnk - c:\program files\Screaming Bee\MorphVOX Junior\MorphVOXJr.exe [2009-5-19 1533264]

c:\docume~1\ALLUSE~1\STARTM~1\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-2.3.0-enUS-downloader.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\FlashGet\\flashget.exe"=
"c:\\Program Files\\World of Warcraft\\Launcher.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=
"c:\\Program Files\\CCP\\EVE\\bin\\ExeFile.exe"=
"c:\\Program Files\\3.1.1 Server\\Hearthstone\\mysql\\bin\\mysqld.exe"=
"c:\\Documents and Settings\\Collin\\Desktop\\3.1.1 Server\\Hearthstone\\mysql\\bin\\mysqld.exe"=
"c:\\Documents and Settings\\Collin\\Desktop\\3.1.1 Server\\Hearthstone\\hearthstone-world.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
"56550:TCP"= 56550:TCP:Pando Media Booster
"56550:UDP"= 56550:UDP:Pando Media Booster

R0 m5287;m5287;c:\windows\system32\drivers\m5287.sys [10/29/2006 11:18 PM 101120]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [3/2/2009 1:10 AM 114768]
R2 Apache2.2;Apache2.2;c:\program files\Wotlk Private Server\Server\apache\bin\apache.exe [11/5/2008 7:07 PM 17408]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [3/2/2009 1:10 AM 20560]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [12/13/2007 5:31 PM 24652]
R3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [12/19/2007 2:09 AM 23064]
S3 ghcegftwc;ghcegftwc;\??\c:\documents and settings\Collin\Desktop\ghcegftwc.sys --> c:\documents and settings\Collin\Desktop\ghcegftwc.sys [?]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-NWEReboot - (no file)

collinmeyers09
Novice
Novice

Status :
Online
Offline

Posts : 27
Joined : 2009-08-02
Gender : Male
OS : XP

View user profile

Back to top Go down

Re: System Security blocking every program

Post by collinmeyers09 on Sun Aug 02, 2009 11:30 pm

.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
mStart Page = [You must be registered and logged in to see this link.]
IE: &Download All with FlashGet - c:\program files\FlashGet\jc_all.htm
IE: &Download with FlashGet - c:\program files\FlashGet\jc_link.htm
IE: &Search
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
Trusted Zone: download.com\www
DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} - [You must be registered and logged in to see this link.]
FF - ProfilePath - c:\docume~1\Collin\APPLIC~1\Mozilla\Firefox\Profiles\qam37ngw.default\
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - plugin: c:\documents and settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll
FF - plugin: c:\program files\Java\jre1.5.0_12\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_12\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_12\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_12\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_12\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_12\bin\NPJPI150_12.dll
FF - plugin: c:\program files\Java\jre1.5.0_12\bin\NPOJI610.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2009-08-02 19:17
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-448539723-616249376-839522115-1007\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
@Denied: (Full) (LocalSystem)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(736)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(4512)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\system32\rundll32.exe
c:\program files\Yahoo!\Messenger\Ymsgr_tray.exe
c:\program files\Common Files\Research In Motion\RIMDeviceManager\RIMDeviceManager.exe
c:\program files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
c:\program files\AIM6\aolsoftware.exe
.
**************************************************************************
.
Completion time: 2009-08-02 19:23 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-02 23:23

Pre-Run: 197,355,671,552 bytes free
Post-Run: 198,634,528,768 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

247 --- E O F --- 2009-07-29 21:15

collinmeyers09
Novice
Novice

Status :
Online
Offline

Posts : 27
Joined : 2009-08-02
Gender : Male
OS : XP

View user profile

Back to top Go down

Re: System Security blocking every program

Post by collinmeyers09 on Sun Aug 02, 2009 11:31 pm

Just waiting for the next step Thanks guys

collinmeyers09
Novice
Novice

Status :
Online
Offline

Posts : 27
Joined : 2009-08-02
Gender : Male
OS : XP

View user profile

Back to top Go down

Re: System Security blocking every program

Post by collinmeyers09 on Mon Aug 03, 2009 5:15 pm

bump

collinmeyers09
Novice
Novice

Status :
Online
Offline

Posts : 27
Joined : 2009-08-02
Gender : Male
OS : XP

View user profile

Back to top Go down

Re: System Security blocking every program

Post by Belahzur on Mon Aug 03, 2009 7:28 pm

Hello.
Next,

  • Open HijackThis.
  • When Hijack This opens, click "Open the Misc Tools section"
  • Then select "Open Uninstall Manager"
  • Click on "Save List..." (generates uninstall_list.txt)
  • Click Save, copy and paste the results in your next post.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: System Security blocking every program

Post by collinmeyers09 on Mon Aug 03, 2009 11:01 pm

Acrobat.com
Acrobat.com
Adobe AIR
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9
Adobe Shockwave Player 11.5
AIM 6
AIMTunes
Apple Mobile Device Support
Apple Software Update
Athlon 64 Processor Driver
ATI - Software Uninstall Utility
ATI Display Driver
avast! Antivirus
AviSynth 2.5
BlackBerry Desktop Software 4.3
BlackBerry Desktop Software 4.3
Critical Update for Windows Media Player 11 (KB959772)
Diablo II
DivX Web Player
EA Download Manager
EVE-ONLINE (remove only)
Fraps (remove only)
FSX Flight Weather Report
Full Tilt Poker.Net
GearDrvs
Hamachi 1.0.3.0
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Format SDK (KB902344)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB961118)
Hunting Unlimited 2009
J2SE Runtime Environment 5.0 Update 12
Java(TM) 6 Update 10
M&Ms The Lost Formulas
Malwarebytes' Anti-Malware
Marvell Miniport Driver
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Flight Simulator X Demo
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office XP Professional
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
mIRC
MorphVOX Junior
MorphVOX Pro
Mozilla Firefox (3.0.12)
MSXML 4.0
MSXML 4.0
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 Parser and SDK
MSXML 6 Service Pack 2 (KB954459)
Nero 7 Premium
NVIDIA Drivers
Pando Media Booster
Realtek High Definition Audio Driver
Roxio Media Manager
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB973346)
SpeechRedist
ULi Chipset Driver
Uniblue DriverScanner 2009
Uniblue DriverScanner 2009
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
VC80CRTRedist - 8.0.50727.762
Ventrilo Client
Viewpoint Media Player
Visual C++ 8.0 CRT (x86) WinSXS MSM
VobSub v2.23 (Remove Only)
Vuze
Warhammer Online - Age of Reckoning
Windows Imaging Component
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Format SDK Hotfix - KB891122
Windows Media Player 11
Windows Media Player 11
Windows Presentation Foundation
Windows XP Service Pack 3
WinRAR archiver
World of Warcraft
XviD MPEG4 Video Codec (remove only)
Yahoo! Browser Services
Yahoo! Install Manager
Yahoo! Internet Mail
Yahoo! Messenger

collinmeyers09
Novice
Novice

Status :
Online
Offline

Posts : 27
Joined : 2009-08-02
Gender : Male
OS : XP

View user profile

Back to top Go down

Re: System Security blocking every program

Post by collinmeyers09 on Tue Aug 04, 2009 3:33 pm

bump

collinmeyers09
Novice
Novice

Status :
Online
Offline

Posts : 27
Joined : 2009-08-02
Gender : Male
OS : XP

View user profile

Back to top Go down

Re: System Security blocking every program

Post by Belahzur on Tue Aug 04, 2009 6:42 pm

Hello.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

    J2SE Runtime Environment 5.0 Update 12
    Java(TM) 6 Update 10
    Uniblue DriverScanner 2009
    Uniblue DriverScanner 2009
    Viewpoint Media Player
    Vuze

Now open a new notepad file.
Input this into the notepad file:

File::
c:\program files\jxoxm375.exe

Driver::
ghcegftwc

Save this as CFScript.txt, save it to your desktop also.
Then drag and drop CFScript.txt into combofix as seen below:


This will open combofix again, agree to it's terms and allow it to run.
It may want to reboot after it's done. (It will warn you if it wants to)
Post the resulting log back here.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: System Security blocking every program

Post by collinmeyers09 on Wed Aug 05, 2009 9:11 pm

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]
"Aim6"="c:\program files\AIM6\aim6.exe" [2009-04-27 49968]
"EA Core"="c:\program files\Electronic Arts\EADM\Core.exe" [2009-04-29 3338240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2007-08-16 236016]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-10-25 413696]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-07 86016]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"ULiRaid"="c:\program files\ULi5287\ULi5287.exe" [2005-08-24 409600]
"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_12\bin\jusched.exe" [2007-05-02 75520]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" - c:\windows\system32\HdAShCut.exe [2005-01-07 61952]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2005-09-22 14854144]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-10-07 1630208]

c:\documents and settings\Collin\Start Menu\Programs\Startup\
Desktop Manager.lnk - c:\program files\Research In Motion\BlackBerry\DesktopMgr.exe [2008-1-25 1447184]
MorphVOXJr.lnk - c:\program files\Screaming Bee\MorphVOX Junior\MorphVOXJr.exe [2009-5-19 1533264]

c:\docume~1\ALLUSE~1\STARTM~1\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-2.3.0-enUS-downloader.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\FlashGet\\flashget.exe"=
"c:\\Program Files\\World of Warcraft\\Launcher.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\CCP\\EVE\\bin\\ExeFile.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.1.3.9947-to-3.2.0.10192-enUS-downloader.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
"56550:TCP"= 56550:TCP:Pando Media Booster
"56550:UDP"= 56550:UDP:Pando Media Booster

R0 m5287;m5287;c:\windows\system32\drivers\m5287.sys [10/29/2006 11:18 PM 101120]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [3/2/2009 1:10 AM 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [3/2/2009 1:10 AM 20560]
R3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [12/19/2007 2:09 AM 23064]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
mStart Page = [You must be registered and logged in to see this link.]
IE: &Download All with FlashGet - c:\program files\FlashGet\jc_all.htm
IE: &Download with FlashGet - c:\program files\FlashGet\jc_link.htm
IE: &Search
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
Trusted Zone: download.com\www
DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} - [You must be registered and logged in to see this link.]
FF - ProfilePath - c:\docume~1\Collin\APPLIC~1\Mozilla\Firefox\Profiles\qam37ngw.default\
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - plugin: c:\documents and settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll
FF - plugin: c:\program files\Java\jre1.5.0_12\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_12\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_12\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_12\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_12\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_12\bin\NPJPI150_12.dll
FF - plugin: c:\program files\Java\jre1.5.0_12\bin\NPOJI610.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2009-08-05 17:03
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-448539723-616249376-839522115-1007\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
@Denied: (Full) (LocalSystem)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(740)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(2388)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\system32\rundll32.exe
c:\program files\Yahoo!\Messenger\Ymsgr_tray.exe
c:\program files\AIM6\aolsoftware.exe
.
**************************************************************************
.
Completion time: 2009-08-05 17:09 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-05 21:09
ComboFix2.txt 2009-08-02 23:23

Pre-Run: 205,457,129,472 bytes free
Post-Run: 205,462,589,440 bytes free

231 --- E O F --- 2009-07-29 21:15

collinmeyers09
Novice
Novice

Status :
Online
Offline

Posts : 27
Joined : 2009-08-02
Gender : Male
OS : XP

View user profile

Back to top Go down

Re: System Security blocking every program

Post by Belahzur on Thu Aug 06, 2009 3:23 pm

Hello.
Please go back to add/remove programs and uninstall this too: J2SE Runtime Environment 5.0 Update 12

How is the machine running now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: System Security blocking every program

Post by collinmeyers09 on Thu Aug 06, 2009 9:45 pm

it is running just fine i just wanted to make sure system security never came back...

collinmeyers09
Novice
Novice

Status :
Online
Offline

Posts : 27
Joined : 2009-08-02
Gender : Male
OS : XP

View user profile

Back to top Go down

Re: System Security blocking every program

Post by Belahzur on Fri Aug 07, 2009 11:19 pm

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /u



This will also reset your restore points.

This should be fine now.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum