Malware/Virus blocking any ability to scan (including Hijack

View previous topic View next topic Go down

Malware/Virus blocking any ability to scan (including HijackThis) - Help pls

Post by rexnervous on 27th August 2009, 8:55 pm

subject line tells story

getting the search engine redirects, occasional IE-based pop-ups (even though I'm using FF, but actually now posting this on Chrome which doesn't seem to have the same problems), slow system, etc.

Big issue is this - whenever I try to scan using anything - HJ, Malwarebytes, SuperAntiSpyware, AdAware, Spybot - nothing happens. Worse, it seems to delete the .exe file for those each time I run them (I have to re-download). Even booting in safe mode does nothing.

Tried searching here but nothing directly helpful (at least to my very unknowledgeable self)

Thanks

rexnervous
Novice
Novice

Posts Posts : 14
Joined Joined : 2009-08-27
OS OS : XP
Points Points : 26636
# Likes # Likes : 0

View user profile

Back to top Go down

BUMP

Post by rexnervous on 30th August 2009, 2:04 am

bump

2 day, no response bump

I have a little more detail - as I was following some of the other, similar threads. Was able to download/run GMER and The Avenger against the named rootkits, which managed to eliminate one of the (guess I had two) but the other one persists - even though after running the Avenger (post restart) it says no rootkits found, I re-run GMER and there it is.

I keep trying to post the GMER log but every time I get a "The posted message is too big" error, don't want to do multiple posts as want to make sure someone sees this if they can. Will post remainder later

GMER 1.0.15.15077 [6nxz3lod.exe] - [You must be registered and logged in to see this link.]
Rootkit scan 2009-08-29 21:56:13
Windows 5.1.2600 Service Pack 3


---- System - GMER 1.0.15 ----

Code 869BED08 ZwEnumerateKey
Code 86762B38 ZwFlushInstructionCache
Code 86760606 ZwSaveKey
Code 8675E606 ZwSaveKeyEx
Code 867553F6 IofCallDriver
Code 865EFB0E IofCompleteRequest

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!IofCallDriver 804EE130 5 Bytes JMP 867553FB
.text ntkrnlpa.exe!IofCompleteRequest 804EE1C0 5 Bytes JMP 865EFB13
PAGE ntkrnlpa.exe!ZwFlushInstructionCache 805ABEC4 5 Bytes JMP 86762B3C
PAGE ntkrnlpa.exe!ZwEnumerateKey 8061AB70 5 Bytes JMP 869BED0C
PAGE ntkrnlpa.exe!ZwSaveKey 8061BDE4 5 Bytes JMP 8676060A
PAGE ntkrnlpa.exe!ZwSaveKeyEx 8061BECA 5 Bytes JMP 8675E60A
? win32k.sys:1 The system cannot find the file specified. !
? win32k.sys:2 The system cannot find the file specified. !

rexnervous
Novice
Novice

Posts Posts : 14
Joined Joined : 2009-08-27
OS OS : XP
Points Points : 26636
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Malware/Virus blocking any ability to scan (including Hijack

Post by Belahzur on 30th August 2009, 5:08 pm

Please download SystemLook from one of the links below and save it to your Desktop.
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    Code:

    :filefind
    scecli.dll
    netlogon.dll
    eventlog.dll

  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Malware/Virus blocking any ability to scan (including Hijack

Post by rexnervous on 30th August 2009, 7:11 pm

Results for SystmeLook

SystemLook v1.0 by jpshortstuff (18.05.09)
Log created at 15:07 on 30/08/2009 by Chris W (Administrator - Elevation successful)

========== filefind ==========

Searching for "scecli.dll"
C:\WINDOWS\$NtServicePackUninstall$\scecli.dll -----c 180224 bytes [23:32 02/10/2008] [12:00 04/08/2004] 0F78E27F563F2AAF74B91A49E2ABF19A
C:\WINDOWS\ServicePackFiles\i386\scecli.dll ------ 181248 bytes [22:24 29/08/2008] [00:12 14/04/2008] A86BB5E61BF3E39B62AB4C7E7085A084
C:\WINDOWS\system32\scecli.dll --a--- 181248 bytes [12:00 04/08/2004] [00:12 14/04/2008] A86BB5E61BF3E39B62AB4C7E7085A084

Searching for "netlogon.dll"
C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll -----c 407040 bytes [23:32 02/10/2008] [12:00 04/08/2004] 96353FCECBA774BB8DA74A1C6507015A
C:\WINDOWS\ServicePackFiles\i386\netlogon.dll ------ 407040 bytes [22:24 29/08/2008] [00:12 14/04/2008] 1B7F071C51B77C272875C3A23E1E4550
C:\WINDOWS\system32\netlogon.dll --a--- 407040 bytes [12:00 04/08/2004] [00:12 14/04/2008] 1B7F071C51B77C272875C3A23E1E4550

Searching for "eventlog.dll"
C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll -----c 55808 bytes [23:32 02/10/2008] [12:00 04/08/2004] 82B24CB70E5944E6E34662205A2A5B78
C:\WINDOWS\ServicePackFiles\i386\eventlog.dll ------ 56320 bytes [22:23 29/08/2008] [00:11 14/04/2008] 6D4FEB43EE538FC5428CC7F0565AA656
C:\WINDOWS\system32\eventlog.dll --a--- 62976 bytes [12:00 04/08/2004] [00:11 14/04/2008] (Unable to calculate MD5)

-=End Of File=-

rexnervous
Novice
Novice

Posts Posts : 14
Joined Joined : 2009-08-27
OS OS : XP
Points Points : 26636
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Malware/Virus blocking any ability to scan (including Hijack

Post by Belahzur on 30th August 2009, 8:05 pm

1. Please download The Avenger by Swandog46 to your Desktop
Link: [You must be registered and logged in to see this link.]

  • Click on Avenger.zip to open the file
  • Extract avenger.exe to your desktop
2. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+CCrying


Files to delete:
C:\WINDOWS\system32\eventlog.dll

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.


3. Now, start The Avenger program by clicking on its icon on your desktop.

  • Under "Input script here:", paste in the script from the quote box above.
  • Leave the ticked box "Scan for rootkit" ticked.
  • Then tick "Disable any rootkits found"
  • Now click on the Execute to begin execution of the script.
  • Answer "Yes" twice when prompted.

    The Avenger will automatically do the following:

  • It will Restart your computer.
  • On reboot, it will briefly open a black command window on your desktop, this is normal.
  • After the restart, it creates a log file that should open with the results of Avengerís actions. This log file will be located at C:\avenger.txt
  • The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
4. Please copy/paste the content of c:\avenger.txt into your reply.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Malware/Virus blocking any ability to scan (including Hijack

Post by rexnervous on 30th August 2009, 8:16 pm

Results

Logfile of The Avenger Version 2.0, (c) by Swandog46
[You must be registered and logged in to see this link.]

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

File "C:\WINDOWS\system32\eventlog.dll" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

rexnervous
Novice
Novice

Posts Posts : 14
Joined Joined : 2009-08-27
OS OS : XP
Points Points : 26636
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Malware/Virus blocking any ability to scan (including Hijack

Post by Belahzur on 30th August 2009, 8:20 pm

Hello.
Delete the Hijack This you have now, re-download it from here, it should work fine now.
[You must be registered and logged in to see this link.]


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Malware/Virus blocking any ability to scan (including Hijack

Post by rexnervous on 30th August 2009, 8:43 pm

Here's HJ log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:42:00 PM, on 8/30/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ASUS\Probe\AsusProb.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Napster\napster.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\AGEIA Technologies\TrayIcon.exe
C:\Program Files\Mindjet\MindManager 7\MMReminderService.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Citrix\GoToMeeting\320\g2mstart.exe
C:\Documents and Settings\Chris W\Local Settings\Application Data\ATT Connect\Participant\pull.exe
C:\Documents and Settings\Chris W\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe
C:\Program Files\Citrix\GoToMeeting\320\g2mcomm.exe
C:\Program Files\TechSmith\SnagIt 8\TSCHelp.exe
C:\Program Files\TechSmith\SnagIt 8\SnagPriv.exe
C:\Program Files\Citrix\GoToMeeting\320\g2mlauncher.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\Chris W\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Chris W\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Chris W\My Documents\Downloads\winlogon.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: CmjBrowserHelperObject Object - {07A11D74-9D25-4fea-A833-8B0D76A5577A} - C:\Program Files\Mindjet\MindManager 7\Mm7InternetExplorer.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [AGEIA PhysX SysTray] "C:\Program Files\AGEIA Technologies\TrayIcon.exe"
O4 - HKLM\..\Run: [MMReminderService] C:\Program Files\Mindjet\MindManager 7\MMReminderService.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [net] "C:\WINDOWS\system32\net.net"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [18673124] C:\Documents and Settings\All Users\Application Data\18673124\18673124.exe
O4 - HKCU\..\Run: [LDM] \Program\
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [GoToMeeting] C:\Program Files\Citrix\GoToMeeting\320\g2mstart.exe "/Trigger RunAtLogon"
O4 - HKCU\..\Run: [Push Client] C:\Documents and Settings\Chris W\Local Settings\Application Data\ATT Connect\Participant\pull.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Chris W\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Monopod] C:\DOCUME~1\CHRISW~1\LOCALS~1\Temp\b.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Monitor Apache Servers.lnk = C:\Program Files\Apache Group\Apache2\bin\ApacheMonitor.exe
O4 - Global Startup: SnagIt 8.lnk = C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe
O4 - Global Startup: VPN Client.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - [You must be registered and logged in to see this link.]
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Send to Mindjet MindManager - {941E1A34-C6AF-4baa-A973-224F9C3E04BF} - C:\Program Files\Mindjet\MindManager 7\Mm7InternetExplorer.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

rexnervous
Novice
Novice

Posts Posts : 14
Joined Joined : 2009-08-27
OS OS : XP
Points Points : 26636
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Malware/Virus blocking any ability to scan (including Hijack

Post by rexnervous on 30th August 2009, 8:43 pm

O16 - DPF: {03A13D5D-2C8E-4C1A-970D-D6D07A4FE3D0} (FileMgr Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - [You must be registered and logged in to see this link.]
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - [You must be registered and logged in to see this link.]
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {6EE39BFC-2FB6-4B69-9D05-CFC10E4F5B3E} (MavenBootInstallerAXControl Class) - [You must be registered and logged in to see this link.]
O18 - Protocol: bw+0 - {5ACDBD66-42AB-480A-BC31-D2456F667D7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {5ACDBD66-42AB-480A-BC31-D2456F667D7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {5ACDBD66-42AB-480A-BC31-D2456F667D7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {5ACDBD66-42AB-480A-BC31-D2456F667D7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {5ACDBD66-42AB-480A-BC31-D2456F667D7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {5ACDBD66-42AB-480A-BC31-D2456F667D7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {5ACDBD66-42AB-480A-BC31-D2456F667D7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {5ACDBD66-42AB-480A-BC31-D2456F667D7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {5ACDBD66-42AB-480A-BC31-D2456F667D7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {5ACDBD66-42AB-480A-BC31-D2456F667D7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {5ACDBD66-42AB-480A-BC31-D2456F667D7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {5ACDBD66-42AB-480A-BC31-D2456F667D7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {5ACDBD66-42AB-480A-BC31-D2456F667D7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {5ACDBD66-42AB-480A-BC31-D2456F667D7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {5ACDBD66-42AB-480A-BC31-D2456F667D7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {5ACDBD66-42AB-480A-BC31-D2456F667D7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {5ACDBD66-42AB-480A-BC31-D2456F667D7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {5ACDBD66-42AB-480A-BC31-D2456F667D7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {5ACDBD66-42AB-480A-BC31-D2456F667D7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {5ACDBD66-42AB-480A-BC31-D2456F667D7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {5ACDBD66-42AB-480A-BC31-D2456F667D7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {5ACDBD66-42AB-480A-BC31-D2456F667D7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {5ACDBD66-42AB-480A-BC31-D2456F667D7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {5ACDBD66-42AB-480A-BC31-D2456F667D7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {5ACDBD66-42AB-480A-BC31-D2456F667D7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {5ACDBD66-42AB-480A-BC31-D2456F667D7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {5ACDBD66-42AB-480A-BC31-D2456F667D7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {5ACDBD66-42AB-480A-BC31-D2456F667D7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {5ACDBD66-42AB-480A-BC31-D2456F667D7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {5ACDBD66-42AB-480A-BC31-D2456F667D7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {5ACDBD66-42AB-480A-BC31-D2456F667D7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {5ACDBD66-42AB-480A-BC31-D2456F667D7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {5ACDBD66-42AB-480A-BC31-D2456F667D7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {5ACDBD66-42AB-480A-BC31-D2456F667D7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {5ACDBD66-42AB-480A-BC31-D2456F667D7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {5ACDBD66-42AB-480A-BC31-D2456F667D7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {5ACDBD66-42AB-480A-BC31-D2456F667D7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {5ACDBD66-42AB-480A-BC31-D2456F667D7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {5ACDBD66-42AB-480A-BC31-D2456F667D7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {5ACDBD66-42AB-480A-BC31-D2456F667D7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {5ACDBD66-42AB-480A-BC31-D2456F667D7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {5ACDBD66-42AB-480A-BC31-D2456F667D7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {5ACDBD66-42AB-480A-BC31-D2456F667D7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {5ACDBD66-42AB-480A-BC31-D2456F667D7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {5ACDBD66-42AB-480A-BC31-D2456F667D7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {5ACDBD66-42AB-480A-BC31-D2456F667D7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {5ACDBD66-42AB-480A-BC31-D2456F667D7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {5ACDBD66-42AB-480A-BC31-D2456F667D7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {5ACDBD66-42AB-480A-BC31-D2456F667D7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {5ACDBD66-42AB-480A-BC31-D2456F667D7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {5ACDBD66-42AB-480A-BC31-D2456F667D7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {5ACDBD66-42AB-480A-BC31-D2456F667D7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {5ACDBD66-42AB-480A-BC31-D2456F667D7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {5ACDBD66-42AB-480A-BC31-D2456F667D7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {5ACDBD66-42AB-480A-BC31-D2456F667D7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {5ACDBD66-42AB-480A-BC31-D2456F667D7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {5ACDBD66-42AB-480A-BC31-D2456F667D7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {5ACDBD66-42AB-480A-BC31-D2456F667D7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {5ACDBD66-42AB-480A-BC31-D2456F667D7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {5ACDBD66-42AB-480A-BC31-D2456F667D7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {5ACDBD66-42AB-480A-BC31-D2456F667D7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {5ACDBD66-42AB-480A-BC31-D2456F667D7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {5ACDBD66-42AB-480A-BC31-D2456F667D7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {5ACDBD66-42AB-480A-BC31-D2456F667D7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {5ACDBD66-42AB-480A-BC31-D2456F667D7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {5ACDBD66-42AB-480A-BC31-D2456F667D7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {5ACDBD66-42AB-480A-BC31-D2456F667D7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {5ACDBD66-42AB-480A-BC31-D2456F667D7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {5ACDBD66-42AB-480A-BC31-D2456F667D7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {5ACDBD66-42AB-480A-BC31-D2456F667D7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {5ACDBD66-42AB-480A-BC31-D2456F667D7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {5ACDBD66-42AB-480A-BC31-D2456F667D7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {5ACDBD66-42AB-480A-BC31-D2456F667D7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {5ACDBD66-42AB-480A-BC31-D2456F667D7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {5ACDBD66-42AB-480A-BC31-D2456F667D7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {5ACDBD66-42AB-480A-BC31-D2456F667D7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O18 - Protocol: offline-8876480 - {5ACDBD66-42AB-480A-BC31-D2456F667D7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O23 - Service: Apache2 - Apache Software Foundation - C:\Program Files\Apache Group\Apache2\bin\Apache.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Citrix Diagnostic Facility COM Server (CdfSvc) - Citrix Systems, Inc. - C:\Program Files\Common Files\Citrix\System32\CdfSvc.exe
O23 - Service: CSIScanner - Unknown owner - C:\Program Files\Prevx\prevx.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Unknown owner - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Citrix Streaming Service (RadeSvc) - Citrix Systems, Inc. - C:\Program Files\Citrix\Streaming Client\RadeSvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\apache2\bin\Apache.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\mysql\bin\mysqld-nt.exe

--
End of file - 24058 bytes

rexnervous
Novice
Novice

Posts Posts : 14
Joined Joined : 2009-08-27
OS OS : XP
Points Points : 26636
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Malware/Virus blocking any ability to scan (including Hijack

Post by Belahzur on 30th August 2009, 9:34 pm

Hello.

  • Open HijackThis
  • Choose "Do a system scan only"
  • Check the boxes in front of these lines:


    R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
    O4 - HKLM\..\Run: [net] "C:\WINDOWS\system32\net.net"
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [18673124] C:\Documents and Settings\All Users\Application Data\18673124\18673124.exe
    O4 - HKCU\..\Run: [LDM] \Program\
    O4 - HKCU\..\Run: [Monopod] C:\DOCUME~1\CHRISW~1\LOCALS~1\Temp\b.exe
    O18 - Protocol: bw+0 - {5ACDBD66-42AB-480A-BC31-D2456F667D7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll Fix ALL these O18 items
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
    O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)


  • Press "Fix Checked"
  • Close Hijack This.

Please download and run this tool.

Download Malwarebytes' Anti-Malware from [You must be registered and logged in to see this link.]

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Malware/Virus blocking any ability to scan (including Hijack

Post by rexnervous on 30th August 2009, 10:08 pm

MBAM log (I have re-booted as it asked me, done nothing else except copy log here)

Malwarebytes' Anti-Malware 1.40
Database version: 2719
Windows 5.1.2600 Service Pack 3

8/30/2009 6:02:49 PM
mbam-log-2009-08-30 (18-02-49).txt

Scan type: Quick Scan
Objects scanned: 121898
Time elapsed: 11 minute(s), 11 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 6
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 35

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Monopod (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\NordBull (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\net (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\UAC (Rootkit.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\xpreapp (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\kbiwkmiwwkiqad.dll (Trojan.TDSS) -> Delete on reboot.
C:\WINDOWS\system32\kbiwkmlevymxxu.dll (Trojan.TDSS) -> Delete on reboot.
C:\WINDOWS\system32\kbiwkmoxbwtumg.dll (Trojan.TDSS) -> Delete on reboot.
C:\WINDOWS\system32\kbiwkmqeecblnn.dll (Trojan.TDSS) -> Delete on reboot.
C:\WINDOWS\system32\kbiwkmrielesix.dll (Trojan.TDSS) -> Delete on reboot.
C:\WINDOWS\system32\net.net (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vsfocemupnsjne.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vsfocevrgyyjdy.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\UACgkykedkytb.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\UACoviylfxyxw.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\UACsvsawnqjpk.dll (Rogue.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\UACuoyuehodxl.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kbiwkmwsp.dll (Trojan.TDSS) -> Delete on reboot.
C:\WINDOWS\system32\kbiwkmyctqeeci.dll (Trojan.TDSS) -> Delete on reboot.
C:\WINDOWS\system32\drivers\kbiwkmxednclqe.sys (Trojan.TDSS) -> Delete on reboot.
C:\WINDOWS\system32\drivers\UACjgijxulrvq.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Chris W\Local Settings\Temp\prun.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Chris W\Local Settings\Temp\UAC2bdc.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\Documents and Settings\Chris W\Local Settings\Temp\UAC471a.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\Documents and Settings\Chris W\Local Settings\Temp\UAC6001.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\Documents and Settings\Chris W\Local Settings\Temp\UAC60e6.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\Documents and Settings\Chris W\Local Settings\Temp\rasvsnet.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Chris W\Local Settings\Temp\recmsaxonw.tmp (Rogue.AVCare) -> Quarantined and deleted successfully.
C:\Documents and Settings\Chris W\Local Settings\Temp\soeacwrxmn.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Chris W\Local Settings\Temp\xomcwrnsae.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Chris W\Local Settings\Temp\xpre.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Chris W\Local Settings\Temp\kbiwkmvnmduyfqqy.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\uacinit.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\{7B02EF0B-A410-4938-8480-9BA26420A627}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\{BB65B0FB-5712-401b-B616-E69AC55E2757}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\UACptiritindo.dat (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\UACdhaowybenh.db (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vsfoceknbdosiw.dat (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vsfocelldbosru.dat (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\Documents and Settings\Chris W\Desktop\svchost.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.

rexnervous
Novice
Novice

Posts Posts : 14
Joined Joined : 2009-08-27
OS OS : XP
Points Points : 26636
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Malware/Virus blocking any ability to scan (including Hijack

Post by Belahzur on 31st August 2009, 1:27 am

Hello.

  • Download combofix from here
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]

    1. If you are using Firefox, make sure that your download settings are as follows:

    * Tools->Options->Main tab
    * Set to "Always ask me where to Save the files".

    2. During the download, rename Combofix to Combo-Fix as follows:





    3. It is important you rename Combofix during the download, but not after.
    4. Please do not rename Combofix to other names, but only to the one indicated.
    5. Close any open browsers.
    6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

  • We need to disable your local AV (Anti-virus) before running Combofix.
  • See [You must be registered and logged in to see this link.] for how to disable your AV.
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.


  • The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.



  • Allow ComboFix to download the Recovery Console.
  • Accept the End-User License Agreement.
  • The Recovery Console will be installed.
  • You will then get this next prompt that asks if you want to continue the malware scan, select yes



  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Malware/Virus blocking any ability to scan (including Hijack

Post by rexnervous on 31st August 2009, 2:00 am

ComboFix Log

ComboFix 09-08-30.01 - Chris W 08/30/2009 21:39.1.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.610 [GMT -4:00]
Running from: c:\documents and settings\Chris W\Desktop\Combo-Fix.exe
AV: AVG Internet Security *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *enabled* {8decf618-9569-4340-b34a-d78d28969b66}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Chris W\My Documents\Winlogon.exe
c:\windows\Installer\3a8d42.msi
c:\windows\run.log
c:\windows\system32\kbiwkmcspvvgrx.dat
c:\windows\system32\kbiwkmlog.dat
c:\windows\system32\kbiwkmmuwfhxnc.dat
c:\windows\system32\kbiwkmptivpwmi.dat
c:\windows\system32\kbiwkmsfjoyxjn.dat
c:\windows\system32\kbiwkmumqfwbiw.dat

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_kbiwkmeppvfkjy
-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED}
-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226EE}
-------\Service_kbiwkmeppvfkjy


((((((((((((((((((((((((( Files Created from 2009-07-28 to 2009-08-31 )))))))))))))))))))))))))))))))
.

2009-08-30 21:50 . 2009-08-03 17:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-30 21:50 . 2009-08-03 17:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-30 21:49 . 2009-08-30 21:50 -------- d-----w- c:\program files\mabmfake
2009-08-30 03:09 . 2009-08-30 03:09 27656 ----a-w- c:\windows\system32\drivers\pxsec.sys
2009-08-30 03:09 . 2009-08-30 03:09 22024 ----a-w- c:\windows\system32\drivers\pxscan.sys
2009-08-30 03:09 . 2009-08-30 03:09 -------- d-----w- c:\program files\Prevx
2009-08-30 03:07 . 2009-08-30 03:09 -------- d-----w- c:\documents and settings\All Users\Application Data\PrevxCSI
2009-08-28 13:58 . 2009-08-28 13:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-08-27 17:05 . 2009-08-27 17:05 -------- d-----w- c:\program files\AVG
2009-08-27 17:05 . 2009-08-30 01:19 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-08-27 16:53 . 2009-08-27 16:53 -------- d-----w- c:\documents and settings\Chris W\Application Data\AVG8
2009-08-27 13:19 . 2009-08-27 13:20 117760 ----a-w- c:\documents and settings\Chris W\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-08-27 13:19 . 2009-08-27 13:19 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-08-27 13:19 . 2009-08-31 01:45 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-08-27 13:19 . 2009-08-27 13:19 -------- d-----w- c:\documents and settings\Chris W\Application Data\SUPERAntiSpyware.com
2009-08-27 12:50 . 2009-08-27 12:50 -------- d-----w- C:\spoolerlogs
2009-08-24 01:44 . 2009-08-24 01:44 38208 ----a-w- c:\documents and settings\Default User\Application Data\Macromedia\Flash Player\[You must be registered and logged in to see this link.]
2009-08-24 01:43 . 2009-08-24 01:43 -------- d-----w- c:\documents and settings\Chris W\Application Data\ahv2.188B8094779BEFAABA1D70C6602409E1C81B16E6.1
2009-08-22 01:22 . 2009-08-22 01:22 -------- d-----w- c:\windows\Internet Logs
2009-08-22 01:22 . 2007-01-31 17:45 101904 ----a-w- c:\windows\system32\dneinobj.dll
2009-08-22 01:22 . 2007-01-31 17:45 127376 ----a-w- c:\windows\system32\drivers\dne2000.sys
2009-08-22 01:22 . 2009-08-22 01:22 -------- d-----w- c:\program files\Common Files\Deterministic Networks
2009-08-22 01:22 . 2009-08-22 01:22 -------- d-----w- c:\program files\Cisco Systems
2009-08-16 00:27 . 2009-07-10 13:27 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
2009-08-07 07:04 . 2009-08-07 07:04 -------- d-----w- c:\windows\system32\XPSViewer
2009-08-07 07:04 . 2009-08-07 07:04 -------- d-----w- c:\program files\Reference Assemblies
2009-08-07 07:03 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-08-07 07:03 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-08-07 07:03 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2009-08-07 07:03 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2009-08-07 07:03 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2009-08-07 07:03 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2009-08-07 07:03 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-08-07 07:03 . 2009-08-07 07:03 -------- d-----w- C:\87993b1a6fee7b220dfa40f6b2d87147
2009-08-07 07:03 . 2009-08-27 13:04 -------- d-----w- c:\windows\SxsCaPendDel
2009-08-05 09:01 . 2009-08-05 09:01 204800 -c----w- c:\windows\system32\dllcache\mswebdvd.dll
2009-08-03 21:07 . 2009-08-27 13:34 -------- d-----w- c:\documents and settings\All Users\Application Data\2222
2009-08-03 04:40 . 2009-08-29 22:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-08-02 17:15 . 2009-08-02 17:15 -------- d-----w- c:\program files\SDHelper (Spybot - Search & Destroy)
2009-08-02 17:15 . 2009-08-02 17:15 -------- d-----w- c:\program files\Misc. Support Library (Spybot - Search & Destroy)
2009-08-02 17:15 . 2009-08-02 17:15 -------- d-----w- c:\program files\File Scanner Library (Spybot - Search & Destroy)
2009-08-02 17:01 . 2009-08-02 17:01 -------- d-----w- c:\documents and settings\Chris W\Application Data\Malwarebytes
2009-08-02 17:01 . 2009-08-02 17:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-29 23:24 . 2009-08-27 19:34 -------- d-----w- c:\program files\specialk
2009-08-28 12:39 . 2009-08-27 17:06 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2009-08-28 03:38 . 2004-10-15 16:22 -------- d-----w- c:\program files\Common Files\Adobe
2009-08-28 03:37 . 2009-08-28 03:37 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-08-28 03:37 . 2004-10-16 15:34 -------- d-----w- c:\program files\Java
2009-08-28 03:36 . 2009-08-28 03:36 152576 ----a-w- c:\documents and settings\Chris W\Application Data\Sun\Java\jre1.6.0_15\lzma.dll
2009-08-28 03:30 . 2004-10-15 23:20 -------- d-----w- c:\program files\Trillian
2009-08-28 03:30 . 2007-04-24 04:58 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-08-28 03:29 . 2004-10-15 21:39 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-28 03:29 . 2006-01-26 01:18 -------- d-----w- c:\documents and settings\Chris W\Application Data\My Games
2009-08-28 03:26 . 2004-10-15 05:41 -------- d-----w- c:\program files\Google
2009-08-28 03:25 . 2005-10-10 23:09 -------- d-----w- c:\program files\FileZilla
2009-08-28 02:57 . 2005-05-28 16:39 -------- d-----w- c:\program files\Webteh
2009-08-28 02:57 . 2006-04-15 13:34 -------- d-----w- c:\program files\TurboTax
2009-08-28 02:55 . 2007-12-22 03:55 -------- d-----w- c:\program files\Audible
2009-08-28 02:54 . 2008-09-08 01:17 -------- d-----w- c:\program files\AGD Interactive
2009-08-28 02:49 . 2009-03-25 18:36 -------- d-----w- c:\program files\Telltale Games
2009-08-28 02:41 . 2005-04-16 12:10 -------- d-----w- c:\program files\MegaSpoof
2009-08-28 01:40 . 2009-08-28 01:40 -------- d-----w- c:\documents and settings\Chris W\Application Data\Uniblue
2009-08-28 01:40 . 2009-08-28 01:40 -------- d-----w- c:\program files\Uniblue
2009-08-27 20:10 . 2009-02-08 11:24 -------- d-----w- c:\program files\Bonjour
2009-08-27 17:06 . 2009-08-27 17:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Downloaded Installations
2009-08-24 01:44 . 2009-04-16 23:24 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-08-24 01:44 . 2009-04-16 23:25 38208 ----a-w- c:\documents and settings\Chris W\Application Data\Macromedia\Flash Player\[You must be registered and logged in to see this link.]
2009-08-24 01:30 . 2008-07-24 04:18 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet
2009-08-16 07:03 . 2007-07-20 02:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-08-07 09:59 . 2004-10-15 16:33 73912 ----a-w- c:\documents and settings\Chris W\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-07 07:04 . 2007-07-20 02:37 -------- d-----w- c:\program files\MSBuild
2009-08-05 09:01 . 2004-08-04 12:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-03 03:11 . 2004-10-17 03:50 -------- d-----w- c:\documents and settings\Chris W\Application Data\Lavasoft
2009-08-02 16:02 . 2007-10-16 02:02 -------- d-----w- c:\program files\Microsoft Silverlight
2009-07-24 13:56 . 2009-08-28 12:39 1062144 ----a-w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar\IEToolbar.dll
2009-07-23 22:57 . 2007-11-30 14:47 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-07-18 22:11 . 2005-07-14 03:14 -------- d-----w- c:\program files\QuickTime
2009-07-17 19:01 . 2004-08-04 12:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-14 03:43 . 2004-08-04 12:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-09 16:16 . 2009-05-16 11:43 2060288 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-07-09 16:16 . 2007-11-30 12:25 39424 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-07-09 15:52 . 2009-07-09 15:52 59976 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files\Kaspersky Anti-Virus 2010 9.0.0.463\English\setup.exe
2009-07-03 19:14 . 2009-07-03 19:14 -------- d-----w- c:\program files\TweetDeck
2009-06-29 16:12 . 2004-08-04 12:00 827392 ----a-w- c:\windows\system32\wininet.dll
2009-06-29 16:12 . 2004-08-04 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-06-29 16:12 . 2004-08-04 12:00 17408 ----a-w- c:\windows\system32\corpol.dll
2009-06-16 14:36 . 2004-08-04 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:36 . 2004-08-04 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-12 16:03 . 2009-06-12 16:03 62768 ----a-r- c:\documents and settings\Chris W\Application Data\Microsoft\Installer\{9072E043-EAEB-4982-89D9-6D16CE21B3F4}\NewShortcut61_2D3C8000E5E448CBBB06A4C37D5AF48D.exe
2009-06-12 16:03 . 2009-06-12 16:03 62768 ----a-r- c:\documents and settings\Chris W\Application Data\Microsoft\Installer\{9072E043-EAEB-4982-89D9-6D16CE21B3F4}\NewShortcut6_F141B017782D48D89542DCC38F786FF0.exe
2009-06-12 16:03 . 2009-06-12 16:03 62768 ----a-r- c:\documents and settings\Chris W\Application Data\Microsoft\Installer\{9072E043-EAEB-4982-89D9-6D16CE21B3F4}\NewShortcut2_8C036D68389D4A8096880D074C330130.exe
2009-06-12 16:03 . 2009-06-12 16:03 62768 ----a-r- c:\documents and settings\Chris W\Application Data\Microsoft\Installer\{9072E043-EAEB-4982-89D9-6D16CE21B3F4}\NewShortcut11_0A40599CA5B444D89111273D573729A6.exe
2009-06-12 16:03 . 2009-06-12 16:03 62768 ----a-r- c:\documents and settings\Chris W\Application Data\Microsoft\Installer\{9072E043-EAEB-4982-89D9-6D16CE21B3F4}\NewShortcut1_4DB66930574740058BAEBCD0FC73005A.exe
2009-06-12 16:03 . 2009-06-12 16:03 46384 ----a-r- c:\documents and settings\Chris W\Application Data\Microsoft\Installer\{9072E043-EAEB-4982-89D9-6D16CE21B3F4}\NewShortcut3_E6C09482ED40447BAE1874BC5D76023B.exe
2009-06-12 16:03 . 2009-06-12 16:03 62768 ----a-r- c:\documents and settings\Chris W\Application Data\Microsoft\Installer\{9072E043-EAEB-4982-89D9-6D16CE21B3F4}\NewShortcut4_CBE5964CD1B94DDFBCD2E9466D73DBE0.exe
2009-06-12 16:03 . 2009-06-12 16:03 62768 ----a-r- c:\documents and settings\Chris W\Application Data\Microsoft\Installer\{9072E043-EAEB-4982-89D9-6D16CE21B3F4}\ARPPRODUCTICON.exe
2009-06-12 16:03 . 2009-06-12 16:03 58672 ----a-r- c:\documents and settings\Chris W\Application Data\Microsoft\Installer\{9072E043-EAEB-4982-89D9-6D16CE21B3F4}\NewShortcut5_7BB38625F898498EBEF4B8EF4DC93AF2.exe
2009-06-12 12:31 . 2004-08-04 12:00 80896 ----a-w- c:\windows\system32\tlntsess.exe
2009-06-12 12:31 . 2004-08-04 12:00 76288 ----a-w- c:\windows\system32\telnet.exe
2009-06-10 14:13 . 2004-08-04 12:00 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-06-10 13:19 . 2004-10-15 15:22 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-06-10 06:14 . 2004-08-04 12:00 132096 ----a-w- c:\windows\system32\wkssvc.dll
2009-06-03 19:09 . 2004-08-04 12:00 1291264 ----a-w- c:\windows\system32\quartz.dll
2007-02-12 02:55 . 2007-02-11 23:01 249 ----a-w- c:\program files\Garden Plannerini.xml
2005-07-16 09:41 . 2004-11-13 22:07 44153 ----a-w- c:\program files\mozilla firefox\components\inspector.dll
2009-04-14 14:01 . 2007-11-26 23:31 27976 ----a-w- c:\program files\mozilla firefox\plugins\atgpcdec.dll
2009-04-14 14:01 . 2007-11-26 23:31 126360 ----a-w- c:\program files\mozilla firefox\plugins\atgpcext.dll
2008-10-27 18:02 . 2008-02-22 15:58 46408 ----a-w- c:\program files\mozilla firefox\plugins\atmccli.dll
2008-02-22 15:58 . 2008-02-22 15:58 98712 ----a-w- c:\program files\mozilla firefox\plugins\ieatgpc.dll
2007-01-23 18:07 . 2007-06-08 03:43 1847296 ----a-w- c:\program files\mozilla firefox\plugins\Seadragon.dll

rexnervous
Novice
Novice

Posts Posts : 14
Joined Joined : 2009-08-27
OS OS : XP
Points Points : 26636
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Malware/Virus blocking any ability to scan (including Hijack

Post by rexnervous on 31st August 2009, 2:00 am

------- Sigcheck -------

[7] 2004-08-04 12:00 55808 82B24CB70E5944E6E34662205A2A5B78 c:\windows\$NtServicePackUninstall$\eventlog.dll
[7] 2008-04-14 00:11 56320 6D4FEB43EE538FC5428CC7F0565AA656 c:\windows\ServicePackFiles\i386\eventlog.dll

c:\windows\system32\eventlog.dll ... is missing !!
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1062144]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-07-24 13:56 1062144 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1062144]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1062144]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LDM"="\Program\" [X]
"GoToMeeting"="c:\program files\Citrix\GoToMeeting\320\g2mstart.exe" [2008-10-08 31552]
"Push Client"="c:\documents and settings\Chris W\Local Settings\Application Data\ATT Connect\Participant\pull.exe" [2009-01-20 922864]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-08-05 1830128]
"Google Update"="c:\documents and settings\Chris W\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-08-27 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ASUS Probe"="c:\program files\ASUS\Probe\AsusProb.exe" [2002-12-06 617984]
"zBrowser Launcher"="c:\program files\Logitech\iTouch\iTouch.exe" [2002-11-23 631362]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-08-28 149280]
"RoxioEngineUtility"="c:\program files\Common Files\Roxio Shared\System\EngUtil.exe" [2003-05-01 65536]
"RoxioDragToDisc"="c:\program files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe" [2003-12-09 868352]
"RoxioAudioCentral"="c:\program files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe" [2003-07-15 319488]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-03-09 7561216]
"NapsterShell"="c:\program files\Napster\napster.exe" [2009-02-03 323216]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"AGEIA PhysX SysTray"="c:\program files\AGEIA Technologies\TrayIcon.exe" [2006-08-16 339968]
"MMReminderService"="c:\program files\Mindjet\MindManager 7\MMReminderService.exe" [2007-11-21 37144]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-11-29 196608]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-03-09 86016]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-03-26 177472]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"Logitech Utility"="Logi_MwX.Exe" - c:\windows\LOGI_MWX.EXE [2002-11-08 19968]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2005-04-15 77824]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-03-09 1519616]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2004-10-16 110592]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2005-2-9 450560]
Monitor Apache Servers.lnk - c:\program files\Apache Group\Apache2\bin\ApacheMonitor.exe [2004-9-23 41042]
SnagIt 8.lnk - c:\program files\TechSmith\SnagIt 8\SnagIt32.exe [2007-2-16 6379080]
VPN Client.lnk - c:\windows\Installer\{CCBAA1F7-E5E1-48B2-9ED9-A79C6A37CE78}\Icon3E5562ED7.ico [2009-8-21 6144]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\ASUS\\AsusUpdate\\Update.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Napster\\napster.exe"=
"c:\\Program Files\\Macromedia\\Dreamweaver MX\\Dreamweaver.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\NetMeeting\\conf.exe"=
"c:\\Program Files\\Macromedia\\Fireworks MX\\Fireworks.exe"=
"c:\\Program Files\\Macromedia\\Flash MX\\Flash.exe"=
"c:\\Documents and Settings\\Chris W\\Application Data\\Macromedia\\Flash Player\\[You must be registered and logged in to see this link.]
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"46220:TCP"= 46220:TCP:*:Disabled:bittorrent

R0 pxscan;pxscan;c:\windows\system32\drivers\pxscan.sys [8/29/2009 11:09 PM 22024]
R0 pxsec;pxsec;c:\windows\system32\drivers\pxsec.sys [8/29/2009 11:09 PM 27656]
R0 viasraid;viasraid;c:\windows\system32\drivers\viasraid.sys [12/12/2003 11:49 AM 77312]
R1 cdfdrv;Cdfdrv;c:\windows\system32\drivers\cdfdrv.sys [5/24/2007 3:40 PM 22968]
R2 ctxpidmn;ctxpidmn;c:\windows\system32\drivers\ctxpidmn.sys [7/5/2007 3:45 PM 20424]
R2 CtxSbx;CtxSbx;c:\windows\system32\drivers\CtxSbx.sys [7/5/2007 4:50 PM 161352]
R2 RadeSvc;Citrix Streaming Service;c:\program files\Citrix\Streaming Client\RadeSvc.exe [7/5/2007 3:56 PM 237568]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [11/5/2007 2:43 PM 24652]
R3 LCcfltr;Logitech USB Filter Driver;c:\windows\system32\drivers\LCcfltr.sys [10/15/2004 6:58 PM 14156]
S1 SASKUTIL;SASKUTIL;\??\c:\program files\SUPERAntiSpyware\SASKUTIL.sys --> c:\program files\SUPERAntiSpyware\SASKUTIL.sys [?]
S2 CSIScanner;CSIScanner;c:\program files\Prevx\prevx.exe [8/29/2009 11:09 PM 4368952]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;"c:\program files\Lavasoft\Ad-Aware\AAWService.exe" --> c:\program files\Lavasoft\Ad-Aware\AAWService.exe [?]
S3 ASUSHWIO;ASUSHWIO;\??\c:\windows\system32\drivers\ASUSHWIO.sys --> c:\windows\system32\drivers\ASUSHWIO.sys [?]
S3 Avgfwdx;Avgfwdx;c:\windows\system32\DRIVERS\avgfwdx.sys --> c:\windows\system32\DRIVERS\avgfwdx.sys [?]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwdx.sys --> c:\windows\system32\DRIVERS\avgfwdx.sys [?]
S3 IPN2120;Instant Wireless-B PCI Adapter Driver;c:\windows\system32\drivers\LSIPNDS.sys [7/10/2003 10:09 AM 96256]
.
Contents of the 'Scheduled Tasks' folder

2009-08-30 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:34]

2009-08-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1614895754-115176313-839522115-1003Core.job
- c:\documents and settings\Chris W\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-08-27 17:51]

2009-08-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1614895754-115176313-839522115-1003UA.job
- c:\documents and settings\Chris W\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-08-27 17:51]
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
HKCU-Run-Steam - (no file)
HKCU-Run-Aim6 - (no file)
HKLM-Run-pdfSaver3 - (no file)


.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uSearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: google.com\www
Trusted Zone: turbotax.com
DPF: {03A13D5D-2C8E-4C1A-970D-D6D07A4FE3D0} - [You must be registered and logged in to see this link.]
DPF: {6EE39BFC-2FB6-4B69-9D05-CFC10E4F5B3E} - [You must be registered and logged in to see this link.]
FF - ProfilePath - c:\documents and settings\Chris W\Application Data\Mozilla\Firefox\Profiles\ostsb927.default\
FF - prefs.js: browser.search.defaulturl - [You must be registered and logged in to see this link.]
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - plugin: c:\documents and settings\Chris W\Local Settings\Application Data\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npatgpc.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\nppsynth.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\nprade.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npstrlnk.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npwdplugin.dll
FF - plugin: c:\program files\Photosynth\npPhotosynthMozilla.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - plugin: c:\program files\Virtual Earth 3D\npVE3D.dll
FF - plugin: c:\windows\system32\IBM\npwdplugin.dll
FF - plugin: c:\windows\system32\Photosynth\nppsynth.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

rexnervous
Novice
Novice

Posts Posts : 14
Joined Joined : 2009-08-27
OS OS : XP
Points Points : 26636
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Malware/Virus blocking any ability to scan (including Hijack

Post by rexnervous on 31st August 2009, 2:01 am

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2009-08-30 21:50
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:e2,63,26,f1,3f,c8,ff,68,80,57,61,a0,40,
7b,88,0e,c8,28,51,af,b0,29,a3,98,44,dc,14,85,5c,db,8a,e7,e2,63,26,f1,3f,c8,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:71,3b,04,66,8b,46,0d,96,37,9a,72,b6,53,
5a,be,ec,71,3b,04,66,8b,46,0d,96,b3,3a,7d,6b,42,88,26,d3,6a,9c,d6,61,af,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:ff,7c,85,e0,43,d4,0e,fe,75,1b,2c,93,08,
d3,47,0a,25,da,ec,7e,55,20,c9,26,1f,5a,c6,16,b0,e9,63,01,ff,7c,85,e0,43,d4,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:3e,1e,9e,e0,57,5a,93,61,12,97,4f,0b,82,
4e,84,c9,3e,1e,9e,e0,57,5a,93,61,fc,06,91,4e,fb,e0,2c,93,86,8c,21,01,be,91,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:e9,02,6c,fa,fb,1d,47,57,32,19,91,c9,6f,
56,ee,03,cd,44,cd,b9,a6,33,6c,cd,46,49,03,ad,c0,8f,b4,aa,f5,1d,4d,73,a8,13,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:b0,18,ed,a7,3f,8d,37,a4,e2,17,7f,85,5c,
c6,52,2b,b0,18,ed,a7,3f,8d,37,a4,08,6a,bb,d1,02,b8,b6,6c,df,20,58,62,78,6b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:fb,a7,78,e6,12,2f,9a,ea,21,a6,fd,be,40,
4a,c1,c3,31,77,e1,ba,b1,f8,68,02,ef,28,57,48,88,3b,9e,2e,fb,a7,78,e6,12,2f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:01,3a,48,fc,e8,04,4a,f1,73,f4,c8,54,2a,
5e,fc,44,83,6c,56,8b,a0,85,96,ab,53,42,8c,a8,47,aa,5e,a0,01,3a,48,fc,e8,04,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:51,fa,6e,91,28,9e,14,cc,c5,a7,24,fe,3c,
36,04,40,51,fa,6e,91,28,9e,14,cc,e9,88,23,ad,ac,1d,84,6c,f6,0f,4e,58,98,5b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:b1,cd,45,5a,a8,c4,f8,b9,a9,d5,42,fc,2f,
bb,4b,b7,b1,cd,45,5a,a8,c4,f8,b9,c0,77,8d,66,e1,e0,d7,37,3d,ce,ea,26,2d,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:f8,31,0f,a9,5f,a0,ec,fb,52,2b,ce,f9,ee,
0d,f1,48,e3,0e,66,d5,eb,bc,2f,6b,30,d1,c2,85,31,ca,5f,c9,2a,b7,cc,b5,b9,7f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:fa,ea,66,7f,d4,3b,6b,70,25,30,60,6d,9d,
58,8e,19,fa,ea,66,7f,d4,3b,6b,70,9e,90,bd,8e,c1,86,3e,ea,6c,43,2d,1e,aa,22,\

[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,79,00,73,00,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3776)
c:\windows\system32\WININET.dll
c:\program files\Logitech\MouseWare\System\LgWndHk.dll
c:\program files\Logitech\iTouch\iTchHk.dll
c:\windows\system32\ieframe.dll
c:\program files\Common Files\Logitech\Scrolling\LgMsgHk.dll
c:\windows\system32\hnetcfg.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\WinSCP3\DragExt.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\Citrix\System32\CdfSvc.exe
c:\program files\Cisco Systems\VPN Client\cvpnd.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\MsPMSPSv.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\program files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
c:\program files\Logitech\MouseWare\system\EM_EXEC.EXE
c:\windows\system32\rundll32.exe
c:\program files\TechSmith\SnagIt 8\TscHelp.exe
c:\program files\Citrix\GoToMeeting\320\g2mcomm.exe
c:\program files\TechSmith\SnagIt 8\SnagPriv.exe
c:\program files\Citrix\GoToMeeting\320\g2mlauncher.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2009-08-31 21:57 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-31 01:57

Pre-Run: 6,817,652,736 bytes free
Post-Run: 9,157,697,536 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

445 --- E O F --- 2009-08-26 07:00

rexnervous
Novice
Novice

Posts Posts : 14
Joined Joined : 2009-08-27
OS OS : XP
Points Points : 26636
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Malware/Virus blocking any ability to scan (including Hijack

Post by Belahzur on 31st August 2009, 5:25 pm

Now open a new notepad file.
Input this into the notepad file:

FCopy::
c:\windows\ServicePackFiles\i386\eventlog.dll | C:\WINDOWS\system32\eventlog.dll

Save this as CFScript.txt, save it to your desktop also.
Then drag and drop CFScript.txt into combofix as seen below:


This will open combofix again, agree to it's terms and allow it to run.
It may want to reboot after it's done. (It will warn you if it wants to)
Post the resulting log back here.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Malware/Virus blocking any ability to scan (including Hijack

Post by rexnervous on 31st August 2009, 5:47 pm

Here you go. Note that when CF launched, it said an update was available to which I replied "yes".

Also - thanks for your amazing help so far.

ComboFix 09-08-30.04 - Chris W 08/31/2009 13:32.2.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.591 [GMT -4:00]
Running from: c:\documents and settings\Chris W\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\Chris W\Desktop\CFScript.txt
AV: AVG Internet Security *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *enabled* {8decf618-9569-4340-b34a-d78d28969b66}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
--------------- FCopy ---------------

c:\windows\ServicePackFiles\i386\eventlog.dll --> c:\windows\system32\eventlog.dll
.
((((((((((((((((((((((((( Files Created from 2009-07-28 to 2009-08-31 )))))))))))))))))))))))))))))))
.

2009-08-31 17:32 . 2008-04-14 00:11 56320 -c--a-w- c:\windows\system32\dllcache\eventlog.dll
2009-08-31 17:32 . 2008-04-14 00:11 56320 ----a-w- c:\windows\system32\eventlog.dll
2009-08-30 21:50 . 2009-08-03 17:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-30 21:50 . 2009-08-03 17:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-30 21:49 . 2009-08-30 21:50 -------- d-----w- c:\program files\mabmfake
2009-08-30 03:09 . 2009-08-30 03:09 27656 ----a-w- c:\windows\system32\drivers\pxsec.sys
2009-08-30 03:09 . 2009-08-30 03:09 22024 ----a-w- c:\windows\system32\drivers\pxscan.sys
2009-08-30 03:09 . 2009-08-30 03:09 -------- d-----w- c:\program files\Prevx
2009-08-30 03:07 . 2009-08-30 03:09 -------- d-----w- c:\documents and settings\All Users\Application Data\PrevxCSI
2009-08-28 13:58 . 2009-08-28 13:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-08-27 17:05 . 2009-08-27 17:05 -------- d-----w- c:\program files\AVG
2009-08-27 17:05 . 2009-08-30 01:19 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-08-27 16:53 . 2009-08-27 16:53 -------- d-----w- c:\documents and settings\Chris W\Application Data\AVG8
2009-08-27 13:19 . 2009-08-27 13:20 117760 ----a-w- c:\documents and settings\Chris W\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-08-27 13:19 . 2009-08-27 13:19 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-08-27 13:19 . 2009-08-31 17:40 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-08-27 13:19 . 2009-08-27 13:19 -------- d-----w- c:\documents and settings\Chris W\Application Data\SUPERAntiSpyware.com
2009-08-27 12:50 . 2009-08-27 12:50 -------- d-----w- C:\spoolerlogs
2009-08-24 01:44 . 2009-08-24 01:44 38208 ----a-w- c:\documents and settings\Default User\Application Data\Macromedia\Flash Player\[You must be registered and logged in to see this link.]
2009-08-24 01:43 . 2009-08-24 01:43 -------- d-----w- c:\documents and settings\Chris W\Application Data\ahv2.188B8094779BEFAABA1D70C6602409E1C81B16E6.1
2009-08-22 01:22 . 2009-08-22 01:22 -------- d-----w- c:\windows\Internet Logs
2009-08-22 01:22 . 2007-01-31 17:45 101904 ----a-w- c:\windows\system32\dneinobj.dll
2009-08-22 01:22 . 2007-01-31 17:45 127376 ----a-w- c:\windows\system32\drivers\dne2000.sys
2009-08-22 01:22 . 2009-08-22 01:22 -------- d-----w- c:\program files\Common Files\Deterministic Networks
2009-08-22 01:22 . 2009-08-22 01:22 -------- d-----w- c:\program files\Cisco Systems
2009-08-16 00:27 . 2009-07-10 13:27 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
2009-08-07 07:04 . 2009-08-07 07:04 -------- d-----w- c:\windows\system32\XPSViewer
2009-08-07 07:04 . 2009-08-07 07:04 -------- d-----w- c:\program files\Reference Assemblies
2009-08-07 07:03 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-08-07 07:03 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-08-07 07:03 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2009-08-07 07:03 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2009-08-07 07:03 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2009-08-07 07:03 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2009-08-07 07:03 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-08-07 07:03 . 2009-08-07 07:03 -------- d-----w- C:\87993b1a6fee7b220dfa40f6b2d87147
2009-08-07 07:03 . 2009-08-27 13:04 -------- d-----w- c:\windows\SxsCaPendDel
2009-08-05 09:01 . 2009-08-05 09:01 204800 -c----w- c:\windows\system32\dllcache\mswebdvd.dll
2009-08-03 21:07 . 2009-08-27 13:34 -------- d-----w- c:\documents and settings\All Users\Application Data\2222
2009-08-03 04:40 . 2009-08-29 22:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-08-02 17:15 . 2009-08-02 17:15 -------- d-----w- c:\program files\SDHelper (Spybot - Search & Destroy)
2009-08-02 17:15 . 2009-08-02 17:15 -------- d-----w- c:\program files\Misc. Support Library (Spybot - Search & Destroy)
2009-08-02 17:15 . 2009-08-02 17:15 -------- d-----w- c:\program files\File Scanner Library (Spybot - Search & Destroy)
2009-08-02 17:01 . 2009-08-02 17:01 -------- d-----w- c:\documents and settings\Chris W\Application Data\Malwarebytes
2009-08-02 17:01 . 2009-08-02 17:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-29 23:24 . 2009-08-27 19:34 -------- d-----w- c:\program files\specialk
2009-08-28 12:39 . 2009-08-27 17:06 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2009-08-28 03:38 . 2004-10-15 16:22 -------- d-----w- c:\program files\Common Files\Adobe
2009-08-28 03:37 . 2009-08-28 03:37 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-08-28 03:37 . 2004-10-16 15:34 -------- d-----w- c:\program files\Java
2009-08-28 03:36 . 2009-08-28 03:36 152576 ----a-w- c:\documents and settings\Chris W\Application Data\Sun\Java\jre1.6.0_15\lzma.dll
2009-08-28 03:30 . 2004-10-15 23:20 -------- d-----w- c:\program files\Trillian
2009-08-28 03:30 . 2007-04-24 04:58 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-08-28 03:29 . 2004-10-15 21:39 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-28 03:29 . 2006-01-26 01:18 -------- d-----w- c:\documents and settings\Chris W\Application Data\My Games
2009-08-28 03:26 . 2004-10-15 05:41 -------- d-----w- c:\program files\Google
2009-08-28 03:25 . 2005-10-10 23:09 -------- d-----w- c:\program files\FileZilla
2009-08-28 02:57 . 2005-05-28 16:39 -------- d-----w- c:\program files\Webteh
2009-08-28 02:57 . 2006-04-15 13:34 -------- d-----w- c:\program files\TurboTax
2009-08-28 02:55 . 2007-12-22 03:55 -------- d-----w- c:\program files\Audible
2009-08-28 02:54 . 2008-09-08 01:17 -------- d-----w- c:\program files\AGD Interactive
2009-08-28 02:49 . 2009-03-25 18:36 -------- d-----w- c:\program files\Telltale Games
2009-08-28 02:41 . 2005-04-16 12:10 -------- d-----w- c:\program files\MegaSpoof
2009-08-28 01:40 . 2009-08-28 01:40 -------- d-----w- c:\documents and settings\Chris W\Application Data\Uniblue
2009-08-28 01:40 . 2009-08-28 01:40 -------- d-----w- c:\program files\Uniblue
2009-08-27 20:10 . 2009-02-08 11:24 -------- d-----w- c:\program files\Bonjour
2009-08-27 17:06 . 2009-08-27 17:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Downloaded Installations
2009-08-24 01:44 . 2009-04-16 23:24 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-08-24 01:44 . 2009-04-16 23:25 38208 ----a-w- c:\documents and settings\Chris W\Application Data\Macromedia\Flash Player\[You must be registered and logged in to see this link.]
2009-08-24 01:30 . 2008-07-24 04:18 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet
2009-08-16 07:03 . 2007-07-20 02:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-08-07 09:59 . 2004-10-15 16:33 73912 ----a-w- c:\documents and settings\Chris W\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-07 07:04 . 2007-07-20 02:37 -------- d-----w- c:\program files\MSBuild
2009-08-05 09:01 . 2004-08-04 12:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-03 03:11 . 2004-10-17 03:50 -------- d-----w- c:\documents and settings\Chris W\Application Data\Lavasoft
2009-08-02 16:02 . 2007-10-16 02:02 -------- d-----w- c:\program files\Microsoft Silverlight
2009-07-24 13:56 . 2009-08-28 12:39 1062144 ----a-w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar\IEToolbar.dll
2009-07-23 22:57 . 2007-11-30 14:47 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-07-18 22:11 . 2005-07-14 03:14 -------- d-----w- c:\program files\QuickTime
2009-07-17 19:01 . 2004-08-04 12:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-14 03:43 . 2004-08-04 12:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-09 16:16 . 2009-05-16 11:43 2060288 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-07-09 16:16 . 2007-11-30 12:25 39424 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-07-09 15:52 . 2009-07-09 15:52 59976 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files\Kaspersky Anti-Virus 2010 9.0.0.463\English\setup.exe
2009-07-03 19:14 . 2009-07-03 19:14 -------- d-----w- c:\program files\TweetDeck
2009-06-29 16:12 . 2004-08-04 12:00 827392 ------w- c:\windows\system32\wininet.dll
2009-06-29 16:12 . 2004-08-04 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-06-29 16:12 . 2004-08-04 12:00 17408 ----a-w- c:\windows\system32\corpol.dll
2009-06-16 14:36 . 2004-08-04 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:36 . 2004-08-04 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-12 16:03 . 2009-06-12 16:03 62768 ----a-r- c:\documents and settings\Chris W\Application Data\Microsoft\Installer\{9072E043-EAEB-4982-89D9-6D16CE21B3F4}\NewShortcut61_2D3C8000E5E448CBBB06A4C37D5AF48D.exe
2009-06-12 16:03 . 2009-06-12 16:03 62768 ----a-r- c:\documents and settings\Chris W\Application Data\Microsoft\Installer\{9072E043-EAEB-4982-89D9-6D16CE21B3F4}\NewShortcut6_F141B017782D48D89542DCC38F786FF0.exe
2009-06-12 16:03 . 2009-06-12 16:03 62768 ----a-r- c:\documents and settings\Chris W\Application Data\Microsoft\Installer\{9072E043-EAEB-4982-89D9-6D16CE21B3F4}\NewShortcut2_8C036D68389D4A8096880D074C330130.exe
2009-06-12 16:03 . 2009-06-12 16:03 62768 ----a-r- c:\documents and settings\Chris W\Application Data\Microsoft\Installer\{9072E043-EAEB-4982-89D9-6D16CE21B3F4}\NewShortcut11_0A40599CA5B444D89111273D573729A6.exe
2009-06-12 16:03 . 2009-06-12 16:03 62768 ----a-r- c:\documents and settings\Chris W\Application Data\Microsoft\Installer\{9072E043-EAEB-4982-89D9-6D16CE21B3F4}\NewShortcut1_4DB66930574740058BAEBCD0FC73005A.exe
2009-06-12 16:03 . 2009-06-12 16:03 46384 ----a-r- c:\documents and settings\Chris W\Application Data\Microsoft\Installer\{9072E043-EAEB-4982-89D9-6D16CE21B3F4}\NewShortcut3_E6C09482ED40447BAE1874BC5D76023B.exe
2009-06-12 16:03 . 2009-06-12 16:03 62768 ----a-r- c:\documents and settings\Chris W\Application Data\Microsoft\Installer\{9072E043-EAEB-4982-89D9-6D16CE21B3F4}\NewShortcut4_CBE5964CD1B94DDFBCD2E9466D73DBE0.exe
2009-06-12 16:03 . 2009-06-12 16:03 62768 ----a-r- c:\documents and settings\Chris W\Application Data\Microsoft\Installer\{9072E043-EAEB-4982-89D9-6D16CE21B3F4}\ARPPRODUCTICON.exe
2009-06-12 16:03 . 2009-06-12 16:03 58672 ----a-r- c:\documents and settings\Chris W\Application Data\Microsoft\Installer\{9072E043-EAEB-4982-89D9-6D16CE21B3F4}\NewShortcut5_7BB38625F898498EBEF4B8EF4DC93AF2.exe
2009-06-12 12:31 . 2004-08-04 12:00 80896 ----a-w- c:\windows\system32\tlntsess.exe
2009-06-12 12:31 . 2004-08-04 12:00 76288 ----a-w- c:\windows\system32\telnet.exe
2009-06-10 14:13 . 2004-08-04 12:00 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-06-10 13:19 . 2004-10-15 15:22 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-06-10 06:14 . 2004-08-04 12:00 132096 ----a-w- c:\windows\system32\wkssvc.dll
2009-06-03 19:09 . 2004-08-04 12:00 1291264 ----a-w- c:\windows\system32\quartz.dll
2007-02-12 02:55 . 2007-02-11 23:01 249 ----a-w- c:\program files\Garden Plannerini.xml
2005-07-16 09:41 . 2004-11-13 22:07 44153 ----a-w- c:\program files\mozilla firefox\components\inspector.dll
2009-04-14 14:01 . 2007-11-26 23:31 27976 ----a-w- c:\program files\mozilla firefox\plugins\atgpcdec.dll
2009-04-14 14:01 . 2007-11-26 23:31 126360 ----a-w- c:\program files\mozilla firefox\plugins\atgpcext.dll
2008-10-27 18:02 . 2008-02-22 15:58 46408 ----a-w- c:\program files\mozilla firefox\plugins\atmccli.dll
2008-02-22 15:58 . 2008-02-22 15:58 98712 ----a-w- c:\program files\mozilla firefox\plugins\ieatgpc.dll
2007-01-23 18:07 . 2007-06-08 03:43 1847296 ----a-w- c:\program files\mozilla firefox\plugins\Seadragon.dll

rexnervous
Novice
Novice

Posts Posts : 14
Joined Joined : 2009-08-27
OS OS : XP
Points Points : 26636
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Malware/Virus blocking any ability to scan (including Hijack

Post by rexnervous on 31st August 2009, 5:47 pm

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1062144]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-07-24 13:56 1062144 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1062144]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1062144]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LDM"="\Program\" [X]
"GoToMeeting"="c:\program files\Citrix\GoToMeeting\320\g2mstart.exe" [2008-10-08 31552]
"Push Client"="c:\documents and settings\Chris W\Local Settings\Application Data\ATT Connect\Participant\pull.exe" [2009-01-20 922864]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-08-05 1830128]
"Google Update"="c:\documents and settings\Chris W\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-08-27 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ASUS Probe"="c:\program files\ASUS\Probe\AsusProb.exe" [2002-12-06 617984]
"zBrowser Launcher"="c:\program files\Logitech\iTouch\iTouch.exe" [2002-11-23 631362]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-08-28 149280]
"RoxioEngineUtility"="c:\program files\Common Files\Roxio Shared\System\EngUtil.exe" [2003-05-01 65536]
"RoxioDragToDisc"="c:\program files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe" [2003-12-09 868352]
"RoxioAudioCentral"="c:\program files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe" [2003-07-15 319488]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-03-09 7561216]
"NapsterShell"="c:\program files\Napster\napster.exe" [2009-02-03 323216]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"AGEIA PhysX SysTray"="c:\program files\AGEIA Technologies\TrayIcon.exe" [2006-08-16 339968]
"MMReminderService"="c:\program files\Mindjet\MindManager 7\MMReminderService.exe" [2007-11-21 37144]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-11-29 196608]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-03-09 86016]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-03-26 177472]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"Logitech Utility"="Logi_MwX.Exe" - c:\windows\LOGI_MWX.EXE [2002-11-08 19968]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2005-04-15 77824]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-03-09 1519616]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2004-10-16 110592]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2005-2-9 450560]
Monitor Apache Servers.lnk - c:\program files\Apache Group\Apache2\bin\ApacheMonitor.exe [2004-9-23 41042]
SnagIt 8.lnk - c:\program files\TechSmith\SnagIt 8\SnagIt32.exe [2007-2-16 6379080]
VPN Client.lnk - c:\windows\Installer\{CCBAA1F7-E5E1-48B2-9ED9-A79C6A37CE78}\Icon3E5562ED7.ico [2009-8-21 6144]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\ASUS\\AsusUpdate\\Update.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Napster\\napster.exe"=
"c:\\Program Files\\Macromedia\\Dreamweaver MX\\Dreamweaver.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\NetMeeting\\conf.exe"=
"c:\\Program Files\\Macromedia\\Fireworks MX\\Fireworks.exe"=
"c:\\Program Files\\Macromedia\\Flash MX\\Flash.exe"=
"c:\\Documents and Settings\\Chris W\\Application Data\\Macromedia\\Flash Player\\[You must be registered and logged in to see this link.]
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"46220:TCP"= 46220:TCP:*:Disabled:bittorrent

R0 pxscan;pxscan;c:\windows\system32\drivers\pxscan.sys [8/29/2009 11:09 PM 22024]
R0 pxsec;pxsec;c:\windows\system32\drivers\pxsec.sys [8/29/2009 11:09 PM 27656]
R0 viasraid;viasraid;c:\windows\system32\drivers\viasraid.sys [12/12/2003 11:49 AM 77312]
R1 cdfdrv;Cdfdrv;c:\windows\system32\drivers\cdfdrv.sys [5/24/2007 3:40 PM 22968]
R2 ctxpidmn;ctxpidmn;c:\windows\system32\drivers\ctxpidmn.sys [7/5/2007 3:45 PM 20424]
R2 CtxSbx;CtxSbx;c:\windows\system32\drivers\CtxSbx.sys [7/5/2007 4:50 PM 161352]
R2 RadeSvc;Citrix Streaming Service;c:\program files\Citrix\Streaming Client\RadeSvc.exe [7/5/2007 3:56 PM 237568]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [11/5/2007 2:43 PM 24652]
R3 LCcfltr;Logitech USB Filter Driver;c:\windows\system32\drivers\LCcfltr.sys [10/15/2004 6:58 PM 14156]
S1 SASKUTIL;SASKUTIL;\??\c:\program files\SUPERAntiSpyware\SASKUTIL.sys --> c:\program files\SUPERAntiSpyware\SASKUTIL.sys [?]
S2 CSIScanner;CSIScanner;c:\program files\Prevx\prevx.exe [8/29/2009 11:09 PM 4368952]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;"c:\program files\Lavasoft\Ad-Aware\AAWService.exe" --> c:\program files\Lavasoft\Ad-Aware\AAWService.exe [?]
S3 ASUSHWIO;ASUSHWIO;\??\c:\windows\system32\drivers\ASUSHWIO.sys --> c:\windows\system32\drivers\ASUSHWIO.sys [?]
S3 Avgfwdx;Avgfwdx;c:\windows\system32\DRIVERS\avgfwdx.sys --> c:\windows\system32\DRIVERS\avgfwdx.sys [?]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwdx.sys --> c:\windows\system32\DRIVERS\avgfwdx.sys [?]
S3 IPN2120;Instant Wireless-B PCI Adapter Driver;c:\windows\system32\drivers\LSIPNDS.sys [7/10/2003 10:09 AM 96256]
.
Contents of the 'Scheduled Tasks' folder

2009-08-30 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:34]

2009-08-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1614895754-115176313-839522115-1003Core.job
- c:\documents and settings\Chris W\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-08-27 17:51]

2009-08-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1614895754-115176313-839522115-1003UA.job
- c:\documents and settings\Chris W\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-08-27 17:51]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uSearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: google.com\www
Trusted Zone: turbotax.com
DPF: {03A13D5D-2C8E-4C1A-970D-D6D07A4FE3D0} - [You must be registered and logged in to see this link.]
DPF: {6EE39BFC-2FB6-4B69-9D05-CFC10E4F5B3E} - [You must be registered and logged in to see this link.]
FF - ProfilePath - c:\documents and settings\Chris W\Application Data\Mozilla\Firefox\Profiles\ostsb927.default\
FF - prefs.js: browser.search.defaulturl - [You must be registered and logged in to see this link.]
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - plugin: c:\documents and settings\Chris W\Local Settings\Application Data\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npatgpc.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\nppsynth.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\nprade.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npstrlnk.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npwdplugin.dll
FF - plugin: c:\program files\Photosynth\npPhotosynthMozilla.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - plugin: c:\program files\Virtual Earth 3D\npVE3D.dll
FF - plugin: c:\windows\system32\IBM\npwdplugin.dll
FF - plugin: c:\windows\system32\Photosynth\nppsynth.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.

rexnervous
Novice
Novice

Posts Posts : 14
Joined Joined : 2009-08-27
OS OS : XP
Points Points : 26636
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Malware/Virus blocking any ability to scan (including Hijack

Post by rexnervous on 31st August 2009, 5:48 pm

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2009-08-31 13:40
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:e2,63,26,f1,3f,c8,ff,68,80,57,61,a0,40,
7b,88,0e,c8,28,51,af,b0,29,a3,98,44,dc,14,85,5c,db,8a,e7,e2,63,26,f1,3f,c8,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:71,3b,04,66,8b,46,0d,96,37,9a,72,b6,53,
5a,be,ec,71,3b,04,66,8b,46,0d,96,b3,3a,7d,6b,42,88,26,d3,6a,9c,d6,61,af,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:ff,7c,85,e0,43,d4,0e,fe,75,1b,2c,93,08,
d3,47,0a,25,da,ec,7e,55,20,c9,26,1f,5a,c6,16,b0,e9,63,01,ff,7c,85,e0,43,d4,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:3e,1e,9e,e0,57,5a,93,61,12,97,4f,0b,82,
4e,84,c9,3e,1e,9e,e0,57,5a,93,61,fc,06,91,4e,fb,e0,2c,93,86,8c,21,01,be,91,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:e9,02,6c,fa,fb,1d,47,57,32,19,91,c9,6f,
56,ee,03,cd,44,cd,b9,a6,33,6c,cd,46,49,03,ad,c0,8f,b4,aa,f5,1d,4d,73,a8,13,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:b0,18,ed,a7,3f,8d,37,a4,e2,17,7f,85,5c,
c6,52,2b,b0,18,ed,a7,3f,8d,37,a4,08,6a,bb,d1,02,b8,b6,6c,df,20,58,62,78,6b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:fb,a7,78,e6,12,2f,9a,ea,21,a6,fd,be,40,
4a,c1,c3,31,77,e1,ba,b1,f8,68,02,ef,28,57,48,88,3b,9e,2e,fb,a7,78,e6,12,2f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:01,3a,48,fc,e8,04,4a,f1,73,f4,c8,54,2a,
5e,fc,44,83,6c,56,8b,a0,85,96,ab,53,42,8c,a8,47,aa,5e,a0,01,3a,48,fc,e8,04,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:51,fa,6e,91,28,9e,14,cc,c5,a7,24,fe,3c,
36,04,40,51,fa,6e,91,28,9e,14,cc,e9,88,23,ad,ac,1d,84,6c,f6,0f,4e,58,98,5b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:b1,cd,45,5a,a8,c4,f8,b9,a9,d5,42,fc,2f,
bb,4b,b7,b1,cd,45,5a,a8,c4,f8,b9,c0,77,8d,66,e1,e0,d7,37,3d,ce,ea,26,2d,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:f8,31,0f,a9,5f,a0,ec,fb,52,2b,ce,f9,ee,
0d,f1,48,e3,0e,66,d5,eb,bc,2f,6b,30,d1,c2,85,31,ca,5f,c9,2a,b7,cc,b5,b9,7f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:fa,ea,66,7f,d4,3b,6b,70,25,30,60,6d,9d,
58,8e,19,fa,ea,66,7f,d4,3b,6b,70,9e,90,bd,8e,c1,86,3e,ea,6c,43,2d,1e,aa,22,\

[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,79,00,73,00,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3924)
c:\windows\system32\WININET.dll
c:\program files\Logitech\MouseWare\System\LgWndHk.dll
c:\program files\Logitech\iTouch\iTchHk.dll
c:\program files\Common Files\Logitech\Scrolling\LgMsgHk.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\hnetcfg.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-08-31 13:44
ComboFix-quarantined-files.txt 2009-08-31 17:43
ComboFix2.txt 2009-08-31 01:57

Pre-Run: 9,289,490,432 bytes free
Post-Run: 9,273,540,608 bytes free

397 --- E O F --- 2009-08-26 07:00

rexnervous
Novice
Novice

Posts Posts : 14
Joined Joined : 2009-08-27
OS OS : XP
Points Points : 26636
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Malware/Virus blocking any ability to scan (including Hijack

Post by Belahzur on 1st September 2009, 5:27 pm

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /u



This will also reset your restore points.

How is the machine running now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Malware/Virus blocking any ability to scan (including Hijack

Post by rexnervous on 1st September 2009, 10:35 pm

seemed to fix it, thanks a ton. You were a fantastic aid.

Will be donating to the site shortly

rexnervous
Novice
Novice

Posts Posts : 14
Joined Joined : 2009-08-27
OS OS : XP
Points Points : 26636
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum