antivirs 2010 removal, no desktop cannot d/l and use hijk or malware bytes

Page 1 of 2 1, 2  Next

View previous topic View next topic Go down

antivirs 2010 removal, no desktop cannot d/l and use hijk or malware bytes

Post by James101 on Sat Sep 19, 2009 4:50 am

Hello,

Thank you in advance, you guys are awesome! I have been infected by antivirus 2010 and have no desktop. I've tried using malwarebytes to remove it and apparently it's being blocked. I have tried downloading hijack this and it flashes on then dissapears. I wish I were as good as you guys. but unfortunately I'm not. I hate to be a bother to anyone but I'm desperate and I know you guys are pros! Again Thank You!

James101
Novice
Novice

Posts Posts : 34
Joined Joined : 2009-09-15
Gender Gender : Male
OS OS : XP
Points Points : 26428
# Likes # Likes : 0

View user profile

Back to top Go down

Re: antivirs 2010 removal, no desktop cannot d/l and use hijk or malware bytes

Post by Dr Jay on Sat Sep 19, 2009 8:11 am

Hi

Please download ComboFix by sUBs
[You must be registered and logged in to see this link.] or [You must be registered and logged in to see this link.]

Please save the file to your Desktop, but rename it first:




Important information about ComboFix

Before the download:
  • Please copy and paste these instructions to Notepad and save to your Desktop, or print them - for easier access.
  • It is important to rename ComboFix before the download.
  • Please do not rename ComboFix to other names, but only the one indicated.

After the download:
  • Close any open browsers.
  • Very Important: Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". [You must be registered and logged in to see this link.] if you don't know how.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until ComboFix has completely finished.
  • If there is no Internet connection after running ComboFix, then restart your computer to restore back your connection.

Running ComboFix:
  • Double click on svchost.exe & follow the prompts.
  • It will attempt to install the Recovery Console:




  • When ComboFix finishes, it will produce a report for you.
  • Please post the "C:\Combo-Fix.txt" in your next reply.


Troubleshooting ComboFix

Safe Mode:

If you still cannot get ComboFix to run, try booting into Safe Mode, and run it there.

(To boot into Safe Mode, tap F8 after BIOS, and just before the Windows
logo appears. A list of options will appear, select "Safe Mode.")

Re-downloading:

If this doesn't work either, try the same method (above method), but try to download it again, except name
ComboFix.exe to iexplore.exe, explorer.exe, or winlogon.exe.

Malware is known for blocking all "user" processes, except for its whitelist of system important processes such as iexplore.exe, explorer.exe, winlogon.exe.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13717
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302127
# Likes # Likes : 10

View user profile

Back to top Go down

combofix

Post by James101 on Sun Sep 20, 2009 4:58 am

ComboFix 09-09-18.02 - Jim 09/20/2009 0:47.2.1 - NTFSx86
Running from: c:\documents and settings\Jim\Desktop\ComboFix.exe
AV: iolo AntiVirus® *On-access scanning disabled* (Updated) {2565CEEE-6BDB-4A6D-AD6D-F682F2695014}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\11rhbu.cmd
C:\2.com
C:\2vk6wn.exe
C:\2w.cmd
C:\982um3s9.exe
C:\a2h2.com
C:\cahpcg.cmd
C:\ceb6eu98.bat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\documents and settings\All Users\Application Data\ohymax.exe
c:\documents and settings\All Users\Documents\ahenogovos._dl
c:\documents and settings\clark boys\Application Data\ifaqitude.scr
c:\documents and settings\clark boys\Application Data\Microsoft\Internet Explorer\Quick Launch\AntivirusPro_2010.lnk
c:\documents and settings\clark boys\Application Data\ogefixoti.scr
c:\documents and settings\clark boys\Cookies\degig.dll
c:\documents and settings\clark boys\Cookies\mevu.sys
c:\documents and settings\clark boys\Cookies\orybov.pif
c:\documents and settings\clark boys\Desktop\AntivirusPro_2010.lnk
c:\documents and settings\clark boys\Local Settings\Application Data\bewan.bin
c:\documents and settings\clark boys\Local Settings\Application Data\inycoj.dl
c:\documents and settings\clark boys\Local Settings\Application Data\syxacam.pif
c:\documents and settings\clark boys\Local Settings\Application Data\uvegyl.pif
c:\documents and settings\clark boys\Local Settings\Temporary Internet Files\gypywi.bin
c:\documents and settings\clark boys\Local Settings\Temporary Internet Files\ubavubu.bat
c:\documents and settings\clark boys\Start Menu\Programs\AntivirusPro_2010
c:\documents and settings\clark boys\Start Menu\Programs\AntivirusPro_2010\AntivirusPro_2010.lnk
c:\documents and settings\clark boys\Start Menu\Programs\AntivirusPro_2010\Uninstall.lnk
C:\g8k.exe
C:\hifdmgt.com
C:\lel3cx.com
C:\ln9.exe
C:\m.com
C:\metdgv.bat
c:\program files\Common Files\huru.reg
c:\program files\Common Files\ihufequraq.bat
c:\program files\Common Files\logu.ban
c:\program files\Windows Police Pro
c:\program files\Windows Police Pro\msvcm80.dll
c:\program files\Windows Police Pro\msvcp80.dll
c:\program files\Windows Police Pro\msvcr80.dll
c:\program files\Windows Police Pro\tmp\dbsinit.exe
c:\program files\Windows Police Pro\tmp\images\i1.gif
c:\program files\Windows Police Pro\tmp\images\i2.gif
c:\program files\Windows Police Pro\tmp\images\i3.gif
c:\program files\Windows Police Pro\tmp\images\j1.gif
c:\program files\Windows Police Pro\tmp\images\j2.gif
c:\program files\Windows Police Pro\tmp\images\j3.gif
c:\program files\Windows Police Pro\tmp\images\jj1.gif
c:\program files\Windows Police Pro\tmp\images\jj2.gif
c:\program files\Windows Police Pro\tmp\images\jj3.gif
c:\program files\Windows Police Pro\tmp\images\l1.gif
c:\program files\Windows Police Pro\tmp\images\l2.gif
c:\program files\Windows Police Pro\tmp\images\l3.gif
c:\program files\Windows Police Pro\tmp\images\pix.gif
c:\program files\Windows Police Pro\tmp\images\t1.gif
c:\program files\Windows Police Pro\tmp\images\t2.gif
c:\program files\Windows Police Pro\tmp\images\up1.gif
c:\program files\Windows Police Pro\tmp\images\up2.gif
c:\program files\Windows Police Pro\tmp\images\w1.gif
c:\program files\Windows Police Pro\tmp\images\w11.gif
c:\program files\Windows Police Pro\tmp\images\w2.gif
c:\program files\Windows Police Pro\tmp\images\w3.gif
c:\program files\Windows Police Pro\tmp\images\w3.jpg
c:\program files\Windows Police Pro\tmp\images\wt1.gif
c:\program files\Windows Police Pro\tmp\images\wt2.gif
c:\program files\Windows Police Pro\tmp\images\wt3.gif
c:\program files\Windows Police Pro\tmp\wispex.html
c:\program files\Windows Police Pro\windows Police Pro.exe
c:\recycler\S-1-5-21-2220035878-3111292644-2104965004-1008
C:\sv8c2bjw.bat
C:\uo10sn.cmd
C:\v63enh.exe
c:\windows\braviax.exe
c:\windows\cru629.dat
c:\windows\Installer\1201dd0.msp
c:\windows\Installer\194423.msp
c:\windows\Installer\2ee60b4.msp
c:\windows\Installer\3235866.msp
c:\windows\Installer\d9c8ea.msp
c:\windows\jezumecizi.bin
c:\windows\ppp3.dat
c:\windows\ppp4.dat
c:\windows\sohasij.inf
c:\windows\system32\_000006_.tmp.dll
c:\windows\system32\_000007_.tmp.dll
c:\windows\system32\_006031_.tmp.dll
c:\windows\system32\_006032_.tmp.dll
c:\windows\system32\_006033_.tmp.dll
c:\windows\system32\_006034_.tmp.dll
c:\windows\system32\_006041_.tmp.dll
c:\windows\system32\_006042_.tmp.dll
c:\windows\system32\_006043_.tmp.dll
c:\windows\system32\_006044_.tmp.dll
c:\windows\system32\_006046_.tmp.dll
c:\windows\system32\_006047_.tmp.dll
c:\windows\system32\_006050_.tmp.dll
c:\windows\system32\_006051_.tmp.dll
c:\windows\system32\_006053_.tmp.dll
c:\windows\system32\_006054_.tmp.dll
c:\windows\system32\_006055_.tmp.dll
c:\windows\system32\_006057_.tmp.dll
c:\windows\system32\_006060_.tmp.dll
c:\windows\system32\_006061_.tmp.dll
c:\windows\system32\_006065_.tmp.dll
c:\windows\system32\_006066_.tmp.dll
c:\windows\system32\_006068_.tmp.dll
c:\windows\system32\_006071_.tmp.dll
c:\windows\system32\_006073_.tmp.dll
c:\windows\system32\_006074_.tmp.dll
c:\windows\system32\_006075_.tmp.dll
c:\windows\system32\_006076_.tmp.dll
c:\windows\system32\_006077_.tmp.dll
c:\windows\system32\_006080_.tmp.dll
c:\windows\system32\_006081_.tmp.dll
c:\windows\system32\_006082_.tmp.dll
c:\windows\system32\_006083_.tmp.dll
c:\windows\system32\_006084_.tmp.dll
c:\windows\system32\_006089_.tmp.dll
c:\windows\system32\_006091_.tmp.dll
c:\windows\system32\1817148822.dat
c:\windows\system32\bennuar.old
c:\windows\system32\braviax.exe
c:\windows\system32\cru629.dat
c:\windows\system32\dddesot.dll
c:\windows\system32\desote.exe
c:\windows\system32\dllcache\figaro.sys
c:\windows\system32\dokela._dl
c:\windows\system32\hjgruinpyltdbo.dat
c:\windows\system32\hjgruioqqgpkmb.dll
c:\windows\system32\hjgruiyavtkylk.dll
c:\windows\system32\hjgruiydvrjnrv.dat
c:\windows\system32\images
c:\windows\system32\images\i1.gif
c:\windows\system32\images\i2.gif
c:\windows\system32\images\i3.gif
c:\windows\system32\images\j1.gif
c:\windows\system32\images\j2.gif
c:\windows\system32\images\j3.gif
c:\windows\system32\images\jj1.gif
c:\windows\system32\images\jj2.gif
c:\windows\system32\images\jj3.gif
c:\windows\system32\images\l1.gif
c:\windows\system32\images\l2.gif
c:\windows\system32\images\l3.gif
c:\windows\system32\images\pix.gif
c:\windows\system32\images\t1.gif
c:\windows\system32\images\t2.gif
c:\windows\system32\images\up1.gif
c:\windows\system32\images\up2.gif
c:\windows\system32\images\w1.gif
c:\windows\system32\images\w11.gif
c:\windows\system32\images\w2.gif
c:\windows\system32\images\w3.gif
c:\windows\system32\images\w3.jpg
c:\windows\system32\images\wt1.gif
c:\windows\system32\images\wt2.gif
c:\windows\system32\images\wt3.gif
c:\windows\system32\kav321.dll
c:\windows\system32\kewiryh.dll
c:\windows\system32\onhelp.htm
c:\windows\system32\sonhelp.htm
c:\windows\system32\sysnet.dat
c:\windows\system32\wisdstr.exe
c:\windows\system32\wispex.html
c:\windows\ucawopyvem.bat
C:\xh319r9b.bat
C:\xrdygg.bat
C:\yftvl.com

-- Previous Run --

Infected copy of c:\windows\system32\eventlog.dll was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\eventlog.dll

-- Previous Run --

Infected copy of c:\windows\system32\eventlog.dll was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\eventlog.dll

--------

Infected copy of c:\windows\system32\drivers\beep.sys was found and disinfected
Restored copy from - c:\i386\BEEP.SYS

--------

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_hjgruiygjdcfex
-------\Legacy_MYWEBSEARCHSERVICE
-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED}
-------\Service_AVPsys
-------\Service_hjgruiygjdcfex
-------\Service_MyWebSearchService


((((((((((((((((((((((((( Files Created from 2009-08-20 to 2009-09-20 )))))))))))))))))))))))))))))))
.

2009-09-14 16:16 . 2009-09-14 16:16 -------- d-----w- c:\documents and settings\LocalService\Application Data\Yahoo!
2009-09-14 02:46 . 2009-09-20 04:27 -------- d--h--w- c:\windows\PIF
2009-09-09 11:32 . 2009-09-09 11:32 -------- d-----w- c:\documents and settings\Administrator.DB2B3L51.000\Local Settings\Application Data\Mozilla
2009-09-08 19:37 . 2009-09-08 19:37 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-09-08 11:22 . 2009-08-03 17:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-08 11:22 . 2009-09-14 19:46 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-08 11:22 . 2009-08-03 17:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-08 11:15 . 2009-09-08 11:15 -------- d-----w- C:\sh4ldr
2009-09-08 11:14 . 2009-09-08 11:14 -------- d-----w- c:\program files\Enigma Software Group
2009-09-07 19:54 . 2009-09-07 19:54 -------- d-----w- c:\windows\system32\wbem\Repository
2009-09-07 19:07 . 2009-09-07 19:07 163840 ----a-w- c:\windows\svchasts.exe
2009-09-07 10:58 . 2009-09-07 10:58 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Yahoo!
2009-09-06 13:05 . 2009-09-07 09:10 29184 ----a-w- c:\windows\system32\dllcache\beep.sys
2009-09-06 13:04 . 2009-09-06 13:04 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2009-09-04 22:17 . 2009-09-04 22:17 -------- d-----w- c:\documents and settings\clark boys\Application Data\Malwarebytes
2009-09-04 02:31 . 2009-09-04 02:31 -------- d-----w- c:\documents and settings\clark boys\Local Settings\Application Data\Mozilla
2009-09-03 11:45 . 2009-09-03 11:45 -------- d-----w- c:\documents and settings\All Users\Application Data\TomTom
2009-09-03 11:36 . 2009-09-03 11:36 -------- d-----w- c:\program files\TomTom DesktopSuite
2009-09-01 15:46 . 2009-09-01 15:46 -------- d-----w- C:\Cache
2009-08-24 04:31 . 2009-08-24 04:31 -------- d-----w- c:\documents and settings\Administrator.DB2B3L51.000\Application Data\Malwarebytes
2009-08-24 04:31 . 2009-08-24 04:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-08-24 03:28 . 2009-08-24 03:28 -------- d-----w- c:\documents and settings\Administrator.DB2B3L51.000\Application Data\vlc
2009-08-24 03:23 . 2009-08-24 03:23 680960 ----a-w- c:\windows\is-CSKTN.exe
2009-08-22 11:42 . 2009-08-22 11:42 -------- d-----w- c:\documents and settings\Administrator.DB2B3L51.000\Application Data\iolo
2009-08-21 20:01 . 2009-08-21 20:01 -------- d-----w- c:\documents and settings\Administrator.DB2B3L51.000\Local Settings\Application Data\BVRP Software
2009-08-21 16:46 . 2009-08-21 16:48 0 ----a-w- c:\windows\system32\cmpwrap.dat
2009-08-21 11:01 . 2009-08-21 11:02 1336 ----a-w- c:\windows\r.vbs
2009-08-21 11:01 . 2009-08-21 11:02 21 ----a-w- c:\windows\c.bat
2009-08-21 11:01 . 2009-08-21 11:01 53 ----a-w- c:\windows\m.bat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-19 03:53 . 2009-04-10 01:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-09-14 16:16 . 2009-04-23 12:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2009-09-14 03:11 . 2009-08-21 19:48 46312 ----a-w- c:\documents and settings\Administrator.DB2B3L51.000\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-07 11:29 . 2008-03-12 04:22 -------- d-----w- c:\documents and settings\clark boys\Application Data\PreCast
2009-09-07 11:01 . 2009-07-12 20:23 -------- d-----w- c:\documents and settings\clark boys\Application Data\iolo
2009-09-03 13:30 . 2008-09-08 16:56 -------- d-----w- c:\program files\TomTom HOME 2
2009-08-02 23:00 . 2009-08-02 23:00 -------- d-----w- c:\program files\ICQ6Toolbar
2009-08-02 23:00 . 2009-08-02 22:59 -------- d-----w- c:\documents and settings\All Users\Application Data\ICQ
2009-08-02 22:59 . 2004-08-25 18:57 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-27 16:56 . 2008-03-12 04:25 -------- d-----w- c:\documents and settings\clark boys\Application Data\Yahoo!
2008-08-22 19:36 . 2008-11-18 03:32 163840 ----a-w- c:\program files\mozilla firefox\components\nsgkff20_meter2.dll
2007-08-21 01:47 . 2007-08-21 01:46 848 --sha-w- c:\windows\SYSTEM32\KGyGaAvL.sys
.

------- Sigcheck -------

[7] 2008-04-14 . 2DC5A8019E2387987905F77C664E4BE2 . 19968 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\linkinfo.dll
[-] 2005-09-01 . 648BF0B4DDE4F7A1156DAE7174D36EFA . 19968 . . [5.1.2600.2751] . . c:\windows\$hf_mig$\KB900725\SP2QFE\linkinfo.dll
[-] 2005-09-01 . A1A688EE56CF3BBD24EDEB815D48E9BA . 19968 . . [5.1.2600.2751] . . c:\windows\$hf_mig$\KB900725\SP2GDR\linkinfo.dll
[-] 2005-09-01 . A1A688EE56CF3BBD24EDEB815D48E9BA . 19968 . . [5.1.2600.2751] . . c:\windows\$NtServicePackUninstall$\linkinfo.dll
[-] 2005-09-01 . A1A688EE56CF3BBD24EDEB815D48E9BA . 19968 . . [5.1.2600.2751] . . c:\windows\SYSTEM32\linkinfo.dll
[7] 2004-08-04 . C2BBD044C741EA4292016C36F718D2E4 . 18944 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB900725$\linkinfo.dll
[-] 2002-08-29 . 7D8C58C0CBB7331E9296A7357827CA8E . 15360 . . [5.1.2600.0] . . c:\windows\$NtUninstallKB900725_0$\linkinfo.dll
[-] 2002-08-29 . 7D8C58C0CBB7331E9296A7357827CA8E . 15360 . . [5.1.2600.0] . . c:\windows\SoftwareDistribution\Download\b3ba2a040ecf3ac2cd2da399851bda00\backup\sp1qfe\linkinfo.dll
[-] 2002-08-29 . 7D8C58C0CBB7331E9296A7357827CA8E . 15360 . . [5.1.2600.0] . . c:\windows\SoftwareDistribution\Download\b3ba2a040ecf3ac2cd2da399851bda00\backup\sp2gdr\linkinfo.dll
[-] 2002-08-29 . 7D8C58C0CBB7331E9296A7357827CA8E . 15360 . . [5.1.2600.0] . . c:\windows\SoftwareDistribution\Download\b3ba2a040ecf3ac2cd2da399851bda00\backup\sp2qfe\linkinfo.dll

[7] 2008-04-14 . 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE . 198144 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\netman.dll
[-] 2005-08-22 . 36739B39267914BA69AD0610A0299732 . 197632 . . [5.1.2600.2743] . . c:\windows\$hf_mig$\KB905414\SP2GDR\netman.dll
[-] 2005-08-22 . 36739B39267914BA69AD0610A0299732 . 197632 . . [5.1.2600.2743] . . c:\windows\$NtServicePackUninstall$\netman.dll
[-] 2005-08-22 . 36739B39267914BA69AD0610A0299732 . 197632 . . [5.1.2600.2743] . . c:\windows\SYSTEM32\netman.dll
[-] 2005-08-22 . 3516D8A18B36784B1005B950B84232E1 . 197632 . . [5.1.2600.2743] . . c:\windows\$hf_mig$\KB905414\SP2QFE\netman.dll
[7] 2004-08-04 . DAB9E6C7105D2EF49876FE92C524F565 . 198144 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB905414$\netman.dll
[-] 2002-08-29 . E7FF9267BBEB1386975278A27378526F . 154112 . . [5.1.2600.1106] . . c:\windows\$NtUninstallKB905414_0$\netman.dll

[7] 2008-04-14 . D8E14A61ACC1D4A6CD0D38AEBAC7FA3B . 57856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\spoolsv.exe
[-] 2005-06-11 . AD3D9D191AEA7B5445FE1D82FFBB4788 . 57856 . . [5.1.2600.2696] . . c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
[-] 2005-06-10 . DA81EC57ACD4CDC3D4C51CF3D409AF9F . 57856 . . [5.1.2600.2696] . . c:\windows\$hf_mig$\KB896423\SP2GDR\spoolsv.exe
[-] 2005-06-10 . DA81EC57ACD4CDC3D4C51CF3D409AF9F . 57856 . . [5.1.2600.2696] . . c:\windows\$NtServicePackUninstall$\spoolsv.exe
[-] 2005-06-10 . DA81EC57ACD4CDC3D4C51CF3D409AF9F . 57856 . . [5.1.2600.2696] . . c:\windows\SYSTEM32\spoolsv.exe
[7] 2004-08-04 . 7435B108B935E42EA92CA94F59C8E717 . 57856 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB896423$\spoolsv.exe
[-] 2002-08-29 . 9B4155BA58192D4073082B8FC5D42612 . 51200 . . [5.1.2600.0] . . c:\windows\$NtUninstallKB896423_0$\spoolsv.exe

[7] 2008-04-14 . 3CB78C17BB664637787C9A1C98F79C38 . 249856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tapisrv.dll
[-] 2005-07-08 . 1418A3A6E76E5A2E3F5E43866E793A8B . 249344 . . [5.1.2600.2716] . . c:\windows\$hf_mig$\KB893756\SP2QFE\tapisrv.dll
[-] 2005-07-08 . FB78839B36025AA286A51289ED28B73E . 249344 . . [5.1.2600.2716] . . c:\windows\$hf_mig$\KB893756\SP2GDR\tapisrv.dll
[-] 2005-07-08 . FB78839B36025AA286A51289ED28B73E . 249344 . . [5.1.2600.2716] . . c:\windows\$NtServicePackUninstall$\tapisrv.dll
[-] 2005-07-08 . FB78839B36025AA286A51289ED28B73E . 249344 . . [5.1.2600.2716] . . c:\windows\SYSTEM32\tapisrv.dll
[7] 2004-08-04 . EB4A4187D74A8EFDCBEA3EA2CB1BDFBD . 246272 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB893756$\tapisrv.dll
[-] 2002-08-29 . 9B3A213B6591A79EBABBFB4E4EA0A23E . 233984 . . [5.1.2600.1106] . . c:\windows\$NtUninstallKB893756_0$\tapisrv.dll

[7] 2008-04-14 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\user32.dll
[-] 2007-03-08 . 7AA4F6C00405DFC4B70ED4214E7D687B . 578048 . . [5.1.2600.3099] . . c:\windows\$hf_mig$\KB925902\SP2QFE\user32.dll
[-] 2007-03-08 . B409909F6E2E8A7067076ED748ABF1E7 . 577536 . . [5.1.2600.3099] . . c:\windows\$NtServicePackUninstall$\user32.dll
[-] 2007-03-08 . B409909F6E2E8A7067076ED748ABF1E7 . 577536 . . [5.1.2600.3099] . . c:\windows\SYSTEM32\user32.dll
[-] 2005-03-02 . 1800F293BCCC8EDE8A70E12B88D80036 . 577024 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\user32.dll
[-] 2005-03-02 . DE2DB164BBB35DB061AF0997E4499054 . 577024 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2GDR\user32.dll
[-] 2005-03-02 . DE2DB164BBB35DB061AF0997E4499054 . 577024 . . [5.1.2600.2622] . . c:\windows\$NtUninstallKB925902$\user32.dll
[7] 2004-08-04 . C72661F8552ACE7C5C85E16A3CF505C4 . 577024 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB890859$\user32.dll
[-] 2002-11-01 . 68E1F4EF02DF52CA9C5E157045D23582 . 528896 . . [5.1.2600.1134] . . c:\windows\$NtUninstallKB890859_0$\user32.dll
[-] 2002-11-01 . 68E1F4EF02DF52CA9C5E157045D23582 . 528896 . . [5.1.2600.1134] . . c:\windows\SoftwareDistribution\Download\5652d934eec8bfa4dc68c4e256a23d5e\backup\sp1qfe\user32.dll
[-] 2002-11-01 . 68E1F4EF02DF52CA9C5E157045D23582 . 528896 . . [5.1.2600.1134] . . c:\windows\SoftwareDistribution\Download\5652d934eec8bfa4dc68c4e256a23d5e\backup\sp2gdr\user32.dll
[-] 2002-11-01 . 68E1F4EF02DF52CA9C5E157045D23582 . 528896 . . [5.1.2600.1134] . . c:\windows\SoftwareDistribution\Download\5652d934eec8bfa4dc68c4e256a23d5e\backup\sp2qfe\user32.dll

[7] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\explorer.exe
[-] 2007-06-13 . 7712DF0CDDE3A5AC89843E61CD5B3658 . 1033216 . . [6.00.2900.3156] . . c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
[-] 2007-06-13 10:23 . !HASH: COULD NOT OPEN FILE !!!!! . 1033216 . . [------] . . c:\windows\explorer.exe
[-] 2007-06-13 . 97BD6515465659FF8F3B7BE375B2EA87 . 1033216 . . [6.00.2900.3156] . . c:\windows\$NtServicePackUninstall$\explorer.exe
[7] 2004-08-04 . A0732187050030AE399B241436565E64 . 1032192 . . [6.00.2900.2180] . . c:\windows\$NtUninstallKB938828$\explorer.exe

[7] 2008-04-14 . 1926899BF9FFE2602B63074971700412 . 135168 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\shsvcs.dll
[-] 2006-12-19 . 6815DEF9B810AEFAC107EEAF72DA6F82 . 134656 . . [6.00.2900.3051] . . c:\windows\$NtServicePackUninstall$\shsvcs.dll
[-] 2006-12-19 . 6815DEF9B810AEFAC107EEAF72DA6F82 . 134656 . . [6.00.2900.3051] . . c:\windows\SYSTEM32\shsvcs.dll
[-] 2006-12-19 . 53D9184A21C5CBF600D918E51EF3A7E5 . 135168 . . [6.00.2900.3051] . . c:\windows\$hf_mig$\KB928255\SP2QFE\shsvcs.dll
[7] 2004-08-04 . E7518DC542D3EBDCB80EDD98462C7821 . 134656 . . [6.00.2900.2180] . . c:\windows\$NtUninstallKB928255$\shsvcs.dll
[-] 2002-08-29 . 61684089A54936E40F65DA02D47A28AE . 116224 . . [6.00.2800.1106] . . c:\windows\$NtUninstallKB885835_0$\shsvcs.dll
[-] 2002-08-29 . 61684089A54936E40F65DA02D47A28AE . 116224 . . [6.00.2800.1106] . . c:\windows\SoftwareDistribution\Download\080070f6461c8001578e5e4cd4bb024b\backup\sp1qfe\shsvcs.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-21 39408]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-02-19 120320]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Shockwave Updater"="c:\windows\system32\Adobe\Shockwave 11\SwHelper_1150595.exe" [2009-03-19 460216]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592]
"SpyHunter Security Suite"="c:\program files\Enigma Software Group\SpyHunter\SpyHunter3.exe" [2009-04-02 868352]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-06-07 77824]
"PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [2004-04-12 290816]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2008-06-10 1442888]
"IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-04 221184]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2008-06-10 1406024]
"IgfxTray"="c:\windows\System32\igfxtray.exe" [2004-02-10 155648]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2004-02-10 118784]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-04-11 53248]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-03-15 122933]
"Dell Photo AIO Printer 922"="c:\program files\Dell Photo AIO Printer 922\dlbtbmgr.exe" [2004-06-18 290816]
"Dell AIO Printer A920"="c:\program files\Dell AIO Printer A920\dlbkbmgr.exe" [2003-05-02 270336]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2008-11-20 178688]
"MSConfig"="c:\windows\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2008-04-14 169984]
"iolo AntiVirus"="c:\program files\iolo\System Mechanic Professional\AntiVirus\ioloAV.exe" [2009-05-13 1109856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"ShOsPostRemover"="c:\sh4ldr\shospostremover.exe" [2009-04-03 80384]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2009-09-10 420176]
"*Restore"="c:\windows\system32\restore\rstrui.exe" [2008-04-14 380416]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
PreCast Monitor.lnk - c:\program files\Ocucom\PreCast\tmon.exe [2008-2-12 1811120]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\WINDOWS\\SYSTEM32\\[You must be registered and logged in to see this link.]
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\WINDOWS\\SYSTEM32\\mmc.exe"=
"c:\\Program Files\\iolo\\System Mechanic Professional\\AntiVirus\\ioloAV.exe"=
"c:\\Program Files\\iolo\\System Mechanic Professional\\AntiVirus\\iAVEmailScanner.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017

S2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [2009-06-02 222968]
S2 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2009-05-21 600944]
S2 ioloSystemService;iolo System Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2009-05-21 600944]


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,LaunchINFSectionEx c:\program files\Internet Explorer\clrtour.inf,DefaultInstall.ResetTour,,12
.
Contents of the 'Scheduled Tasks' folder

2009-09-20 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 22:39]

2009-09-20 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-02-21 01:03]

2009-09-20 c:\windows\Tasks\User_Feed_Synchronization-{25D65CB4-9ADE-4ED7-AE46-1F1762C8E39F}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 22:36]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultUrl = [You must be registered and logged in to see this link.]
uStart Page = [You must be registered and logged in to see this link.]
mStart Page = [You must be registered and logged in to see this link.]
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = 127.0.0.1
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
IE: &Search - [You must be registered and logged in to see this link.]
LSP: c:\windows\system32\iavlsp.dll
LSP: c:\program files\Google\Google Desktop Search\GoogleDesktopNetwork1.dll
TCP: {76AC16A1-8A80-4DE2-83BA-DCD922C1D4CA} = 166.102.165.11,207.91.5.20
DPF: Microsoft XML Parser for Java - [You must be registered and logged in to see this link.]
DPF: {3713F92E-2252-4A87-868E-C5F17704D4C6} - [You must be registered and logged in to see this link.]
.
.
------- File Associations -------
.
JSEFile=NOTEPAD.EXE %1
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
HKCU-Run-AROReminder - c:\program files\Advanced Registry Optimizer\ARO.exe
HKLM-Run-MyWebSearch Plugin - c:\progra~1\MYWEBS~1\bar\4.bin\M3PLUGIN.DLL
HKLM-Run-My Web Search Bar Search Scope Monitor - c:\progra~1\MYWEBS~1\bar\4.bin\m3SrchMn.exe
HKLM-Run-NWEReboot - (no file)
AddRemove-HijackThis - c:\documents and settings\Jim\My Documents\Downloads\HijackThis.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2009-09-20 00:50
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2220035878-3111292644-2104965004-1007\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(760)
c:\windows\system32\iavlsp.dll
.
Completion time: 2009-09-20 0:53
ComboFix-quarantined-files.txt 2009-09-20 04:52

Pre-Run: 116,497,555,456 bytes free
Post-Run: 116,562,542,592 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

Current=6 Default=6 Failed=5 LastKnownGood=7 Sets=1,2,3,4,5,6,7
432 --- E O F --- 2009-09-19 07:06

James101
Novice
Novice

Posts Posts : 34
Joined Joined : 2009-09-15
Gender Gender : Male
OS OS : XP
Points Points : 26428
# Likes # Likes : 0

View user profile

Back to top Go down

Re: antivirs 2010 removal, no desktop cannot d/l and use hijk or malware bytes

Post by Dr Jay on Sun Sep 20, 2009 10:33 am

Hi

Re-running ComboFix to remove infections:

  1. Close any open browsers.
  2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  3. Open notepad and copy/paste the text in the quotebox below into it:

    Folder::
    c:\sh4ldr
    c:\program files\Enigma Software Group

    File::
    c:\windows\svchasts.exe
    c:\windows\is-CSKTN.exe
    c:\windows\system32\cmpwrap.dat
    c:\windows\r.vbs
    c:\windows\c.bat
    c:\windows\m.bat
  4. Save this as CFScript.txt, in the same location as ComboFix.exe



  5. Referring to the picture above, drag CFScript into ComboFix.exe
  6. When finished, it shall produce a log for you at C:\ComboFix.txt
  7. Please post the contents of the log in your next reply.


==

Please download Malwarebytes Anti-Malware from [You must be registered and logged in to see this link.].

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • Please save the log to a location you will remember.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

==

Please include the ComboFix and the Malwarebytes logs in your next reply. Also, please tell me how your computer is running.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13717
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302127
# Likes # Likes : 10

View user profile

Back to top Go down

Re: antivirs 2010 removal, no desktop cannot d/l and use hijk or malware bytes

Post by James101 on Sun Sep 20, 2009 2:21 pm

Folder::
c:\sh4ldr
c:\program files\Enigma Software Group

File::
c:\windows\svchasts.exe
c:\windows\is-CSKTN.exe
c:\windows\system32\cmpwrap.dat
c:\windows\r.vbs
c:\windows\c.bat
c:\windows\m.batComboFix 09-09-18.02 - Jim 09/20/2009 10:00.3.1 - NTFSx86
Running from: c:\documents and settings\Jim\Desktop\ComboFix.exe
AV: iolo AntiVirus® *On-access scanning disabled* (Updated) {2565CEEE-6BDB-4A6D-AD6D-F682F2695014}
.

((((((((((((((((((((((((( Files Created from 2009-08-20 to 2009-09-20 )))))))))))))))))))))))))))))))
.

2009-09-14 16:16 . 2009-09-14 16:16 -------- d-----w- c:\documents and settings\LocalService\Application Data\Yahoo!
2009-09-14 02:46 . 2009-09-20 04:27 -------- d--h--w- c:\windows\PIF
2009-09-09 11:32 . 2009-09-09 11:32 -------- d-----w- c:\documents and settings\Administrator.DB2B3L51.000\Local Settings\Application Data\Mozilla
2009-09-08 19:37 . 2009-09-08 19:37 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-09-08 11:22 . 2009-08-03 17:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-08 11:22 . 2009-09-14 19:46 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-08 11:22 . 2009-08-03 17:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-08 11:15 . 2009-09-08 11:15 -------- d-----w- C:\sh4ldr
2009-09-08 11:14 . 2009-09-08 11:14 -------- d-----w- c:\program files\Enigma Software Group
2009-09-07 19:54 . 2009-09-07 19:54 -------- d-----w- c:\windows\system32\wbem\Repository
2009-09-07 19:07 . 2009-09-07 19:07 163840 ----a-w- c:\windows\svchasts.exe
2009-09-07 10:58 . 2009-09-07 10:58 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Yahoo!
2009-09-06 13:05 . 2009-09-07 09:10 29184 ----a-w- c:\windows\system32\dllcache\beep.sys
2009-09-06 13:04 . 2009-09-06 13:04 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2009-09-04 22:17 . 2009-09-04 22:17 -------- d-----w- c:\documents and settings\clark boys\Application Data\Malwarebytes
2009-09-04 02:31 . 2009-09-04 02:31 -------- d-----w- c:\documents and settings\clark boys\Local Settings\Application Data\Mozilla
2009-09-03 11:45 . 2009-09-03 11:45 -------- d-----w- c:\documents and settings\All Users\Application Data\TomTom
2009-09-03 11:36 . 2009-09-03 11:36 -------- d-----w- c:\program files\TomTom DesktopSuite
2009-09-01 15:46 . 2009-09-01 15:46 -------- d-----w- C:\Cache
2009-08-24 04:31 . 2009-08-24 04:31 -------- d-----w- c:\documents and settings\Administrator.DB2B3L51.000\Application Data\Malwarebytes
2009-08-24 04:31 . 2009-08-24 04:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-08-24 03:28 . 2009-08-24 03:28 -------- d-----w- c:\documents and settings\Administrator.DB2B3L51.000\Application Data\vlc
2009-08-24 03:23 . 2009-08-24 03:23 680960 ----a-w- c:\windows\is-CSKTN.exe
2009-08-22 11:42 . 2009-08-22 11:42 -------- d-----w- c:\documents and settings\Administrator.DB2B3L51.000\Application Data\iolo
2009-08-21 20:01 . 2009-08-21 20:01 -------- d-----w- c:\documents and settings\Administrator.DB2B3L51.000\Local Settings\Application Data\BVRP Software
2009-08-21 16:46 . 2009-08-21 16:48 0 ----a-w- c:\windows\system32\cmpwrap.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-19 03:53 . 2009-04-10 01:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-09-14 16:16 . 2009-04-23 12:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2009-09-14 03:11 . 2009-08-21 19:48 46312 ----a-w- c:\documents and settings\Administrator.DB2B3L51.000\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-07 11:29 . 2008-03-12 04:22 -------- d-----w- c:\documents and settings\clark boys\Application Data\PreCast
2009-09-07 11:01 . 2009-07-12 20:23 -------- d-----w- c:\documents and settings\clark boys\Application Data\iolo
2009-09-03 13:30 . 2008-09-08 16:56 -------- d-----w- c:\program files\TomTom HOME 2
2009-08-21 11:02 . 2009-08-21 11:01 1336 ----a-w- c:\windows\r.vbs
2009-08-21 11:02 . 2009-08-21 11:01 21 ----a-w- c:\windows\c.bat
2009-08-21 11:01 . 2009-08-21 11:01 53 ----a-w- c:\windows\m.bat
2009-08-02 23:00 . 2009-08-02 23:00 -------- d-----w- c:\program files\ICQ6Toolbar
2009-08-02 23:00 . 2009-08-02 22:59 -------- d-----w- c:\documents and settings\All Users\Application Data\ICQ
2009-08-02 22:59 . 2004-08-25 18:57 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-27 16:56 . 2008-03-12 04:25 -------- d-----w- c:\documents and settings\clark boys\Application Data\Yahoo!
2008-08-22 19:36 . 2008-11-18 03:32 163840 ----a-w- c:\program files\mozilla firefox\components\nsgkff20_meter2.dll
2007-08-21 01:47 . 2007-08-21 01:46 848 --sha-w- c:\windows\SYSTEM32\KGyGaAvL.sys
.

------- Sigcheck -------

[7] 2008-04-14 . 2DC5A8019E2387987905F77C664E4BE2 . 19968 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\linkinfo.dll
[-] 2005-09-01 . 648BF0B4DDE4F7A1156DAE7174D36EFA . 19968 . . [5.1.2600.2751] . . c:\windows\$hf_mig$\KB900725\SP2QFE\linkinfo.dll
[-] 2005-09-01 . A1A688EE56CF3BBD24EDEB815D48E9BA . 19968 . . [5.1.2600.2751] . . c:\windows\$hf_mig$\KB900725\SP2GDR\linkinfo.dll
[-] 2005-09-01 . A1A688EE56CF3BBD24EDEB815D48E9BA . 19968 . . [5.1.2600.2751] . . c:\windows\$NtServicePackUninstall$\linkinfo.dll
[-] 2005-09-01 . A1A688EE56CF3BBD24EDEB815D48E9BA . 19968 . . [5.1.2600.2751] . . c:\windows\SYSTEM32\linkinfo.dll
[7] 2004-08-04 . C2BBD044C741EA4292016C36F718D2E4 . 18944 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB900725$\linkinfo.dll
[-] 2002-08-29 . 7D8C58C0CBB7331E9296A7357827CA8E . 15360 . . [5.1.2600.0] . . c:\windows\$NtUninstallKB900725_0$\linkinfo.dll
[-] 2002-08-29 . 7D8C58C0CBB7331E9296A7357827CA8E . 15360 . . [5.1.2600.0] . . c:\windows\SoftwareDistribution\Download\b3ba2a040ecf3ac2cd2da399851bda00\backup\sp1qfe\linkinfo.dll
[-] 2002-08-29 . 7D8C58C0CBB7331E9296A7357827CA8E . 15360 . . [5.1.2600.0] . . c:\windows\SoftwareDistribution\Download\b3ba2a040ecf3ac2cd2da399851bda00\backup\sp2gdr\linkinfo.dll
[-] 2002-08-29 . 7D8C58C0CBB7331E9296A7357827CA8E . 15360 . . [5.1.2600.0] . . c:\windows\SoftwareDistribution\Download\b3ba2a040ecf3ac2cd2da399851bda00\backup\sp2qfe\linkinfo.dll

[7] 2008-04-14 . 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE . 198144 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\netman.dll
[-] 2005-08-22 . 36739B39267914BA69AD0610A0299732 . 197632 . . [5.1.2600.2743] . . c:\windows\$hf_mig$\KB905414\SP2GDR\netman.dll
[-] 2005-08-22 . 36739B39267914BA69AD0610A0299732 . 197632 . . [5.1.2600.2743] . . c:\windows\$NtServicePackUninstall$\netman.dll
[-] 2005-08-22 . 36739B39267914BA69AD0610A0299732 . 197632 . . [5.1.2600.2743] . . c:\windows\SYSTEM32\netman.dll
[-] 2005-08-22 . 3516D8A18B36784B1005B950B84232E1 . 197632 . . [5.1.2600.2743] . . c:\windows\$hf_mig$\KB905414\SP2QFE\netman.dll
[7] 2004-08-04 . DAB9E6C7105D2EF49876FE92C524F565 . 198144 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB905414$\netman.dll
[-] 2002-08-29 . E7FF9267BBEB1386975278A27378526F . 154112 . . [5.1.2600.1106] . . c:\windows\$NtUninstallKB905414_0$\netman.dll

[7] 2008-04-14 . D8E14A61ACC1D4A6CD0D38AEBAC7FA3B . 57856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\spoolsv.exe
[-] 2005-06-11 . AD3D9D191AEA7B5445FE1D82FFBB4788 . 57856 . . [5.1.2600.2696] . . c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
[-] 2005-06-10 . DA81EC57ACD4CDC3D4C51CF3D409AF9F . 57856 . . [5.1.2600.2696] . . c:\windows\$hf_mig$\KB896423\SP2GDR\spoolsv.exe
[-] 2005-06-10 . DA81EC57ACD4CDC3D4C51CF3D409AF9F . 57856 . . [5.1.2600.2696] . . c:\windows\$NtServicePackUninstall$\spoolsv.exe
[-] 2005-06-10 . DA81EC57ACD4CDC3D4C51CF3D409AF9F . 57856 . . [5.1.2600.2696] . . c:\windows\SYSTEM32\spoolsv.exe
[7] 2004-08-04 . 7435B108B935E42EA92CA94F59C8E717 . 57856 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB896423$\spoolsv.exe
[-] 2002-08-29 . 9B4155BA58192D4073082B8FC5D42612 . 51200 . . [5.1.2600.0] . . c:\windows\$NtUninstallKB896423_0$\spoolsv.exe

[7] 2008-04-14 . 3CB78C17BB664637787C9A1C98F79C38 . 249856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tapisrv.dll
[-] 2005-07-08 . 1418A3A6E76E5A2E3F5E43866E793A8B . 249344 . . [5.1.2600.2716] . . c:\windows\$hf_mig$\KB893756\SP2QFE\tapisrv.dll
[-] 2005-07-08 . FB78839B36025AA286A51289ED28B73E . 249344 . . [5.1.2600.2716] . . c:\windows\$hf_mig$\KB893756\SP2GDR\tapisrv.dll
[-] 2005-07-08 . FB78839B36025AA286A51289ED28B73E . 249344 . . [5.1.2600.2716] . . c:\windows\$NtServicePackUninstall$\tapisrv.dll
[-] 2005-07-08 . FB78839B36025AA286A51289ED28B73E . 249344 . . [5.1.2600.2716] . . c:\windows\SYSTEM32\tapisrv.dll
[7] 2004-08-04 . EB4A4187D74A8EFDCBEA3EA2CB1BDFBD . 246272 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB893756$\tapisrv.dll
[-] 2002-08-29 . 9B3A213B6591A79EBABBFB4E4EA0A23E . 233984 . . [5.1.2600.1106] . . c:\windows\$NtUninstallKB893756_0$\tapisrv.dll

[7] 2008-04-14 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\user32.dll
[-] 2007-03-08 . 7AA4F6C00405DFC4B70ED4214E7D687B . 578048 . . [5.1.2600.3099] . . c:\windows\$hf_mig$\KB925902\SP2QFE\user32.dll
[-] 2007-03-08 . B409909F6E2E8A7067076ED748ABF1E7 . 577536 . . [5.1.2600.3099] . . c:\windows\$NtServicePackUninstall$\user32.dll
[-] 2007-03-08 . B409909F6E2E8A7067076ED748ABF1E7 . 577536 . . [5.1.2600.3099] . . c:\windows\SYSTEM32\user32.dll
[-] 2005-03-02 . 1800F293BCCC8EDE8A70E12B88D80036 . 577024 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\user32.dll
[-] 2005-03-02 . DE2DB164BBB35DB061AF0997E4499054 . 577024 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2GDR\user32.dll
[-] 2005-03-02 . DE2DB164BBB35DB061AF0997E4499054 . 577024 . . [5.1.2600.2622] . . c:\windows\$NtUninstallKB925902$\user32.dll
[7] 2004-08-04 . C72661F8552ACE7C5C85E16A3CF505C4 . 577024 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB890859$\user32.dll
[-] 2002-11-01 . 68E1F4EF02DF52CA9C5E157045D23582 . 528896 . . [5.1.2600.1134] . . c:\windows\$NtUninstallKB890859_0$\user32.dll
[-] 2002-11-01 . 68E1F4EF02DF52CA9C5E157045D23582 . 528896 . . [5.1.2600.1134] . . c:\windows\SoftwareDistribution\Download\5652d934eec8bfa4dc68c4e256a23d5e\backup\sp1qfe\user32.dll
[-] 2002-11-01 . 68E1F4EF02DF52CA9C5E157045D23582 . 528896 . . [5.1.2600.1134] . . c:\windows\SoftwareDistribution\Download\5652d934eec8bfa4dc68c4e256a23d5e\backup\sp2gdr\user32.dll
[-] 2002-11-01 . 68E1F4EF02DF52CA9C5E157045D23582 . 528896 . . [5.1.2600.1134] . . c:\windows\SoftwareDistribution\Download\5652d934eec8bfa4dc68c4e256a23d5e\backup\sp2qfe\user32.dll

[7] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\explorer.exe
[-] 2007-06-13 . 7712DF0CDDE3A5AC89843E61CD5B3658 . 1033216 . . [6.00.2900.3156] . . c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
[-] 2007-06-13 10:23 . !HASH: COULD NOT OPEN FILE !!!!! . 1033216 . . [------] . . c:\windows\explorer.exe
[-] 2007-06-13 . 97BD6515465659FF8F3B7BE375B2EA87 . 1033216 . . [6.00.2900.3156] . . c:\windows\$NtServicePackUninstall$\explorer.exe
[7] 2004-08-04 . A0732187050030AE399B241436565E64 . 1032192 . . [6.00.2900.2180] . . c:\windows\$NtUninstallKB938828$\explorer.exe

[7] 2008-04-14 . 1926899BF9FFE2602B63074971700412 . 135168 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\shsvcs.dll
[-] 2006-12-19 . 6815DEF9B810AEFAC107EEAF72DA6F82 . 134656 . . [6.00.2900.3051] . . c:\windows\$NtServicePackUninstall$\shsvcs.dll
[-] 2006-12-19 . 6815DEF9B810AEFAC107EEAF72DA6F82 . 134656 . . [6.00.2900.3051] . . c:\windows\SYSTEM32\shsvcs.dll
[-] 2006-12-19 . 53D9184A21C5CBF600D918E51EF3A7E5 . 135168 . . [6.00.2900.3051] . . c:\windows\$hf_mig$\KB928255\SP2QFE\shsvcs.dll
[7] 2004-08-04 . E7518DC542D3EBDCB80EDD98462C7821 . 134656 . . [6.00.2900.2180] . . c:\windows\$NtUninstallKB928255$\shsvcs.dll
[-] 2002-08-29 . 61684089A54936E40F65DA02D47A28AE . 116224 . . [6.00.2800.1106] . . c:\windows\$NtUninstallKB885835_0$\shsvcs.dll
[-] 2002-08-29 . 61684089A54936E40F65DA02D47A28AE . 116224 . . [6.00.2800.1106] . . c:\windows\SoftwareDistribution\Download\080070f6461c8001578e5e4cd4bb024b\backup\sp1qfe\shsvcs.dll
.
((((((((((((((((((((((((((((( [You must be registered and logged in to see this link.] )))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-21 39408]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-02-19 120320]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Shockwave Updater"="c:\windows\system32\Adobe\Shockwave 11\SwHelper_1150595.exe" [2009-03-19 460216]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592]
"SpyHunter Security Suite"="c:\program files\Enigma Software Group\SpyHunter\SpyHunter3.exe" [2009-04-02 868352]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-06-07 77824]
"PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [2004-04-12 290816]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2008-06-10 1442888]
"IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-04 221184]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2008-06-10 1406024]
"IgfxTray"="c:\windows\System32\igfxtray.exe" [2004-02-10 155648]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2004-02-10 118784]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-04-11 53248]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-03-15 122933]
"Dell Photo AIO Printer 922"="c:\program files\Dell Photo AIO Printer 922\dlbtbmgr.exe" [2004-06-18 290816]
"Dell AIO Printer A920"="c:\program files\Dell AIO Printer A920\dlbkbmgr.exe" [2003-05-02 270336]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2008-11-20 178688]
"MSConfig"="c:\windows\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2008-04-14 169984]
"iolo AntiVirus"="c:\program files\iolo\System Mechanic Professional\AntiVirus\ioloAV.exe" [2009-05-13 1109856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"ShOsPostRemover"="c:\sh4ldr\shospostremover.exe" [2009-04-03 80384]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2009-09-10 420176]
"*Restore"="c:\windows\system32\restore\rstrui.exe" [2008-04-14 380416]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
PreCast Monitor.lnk - c:\program files\Ocucom\PreCast\tmon.exe [2008-2-12 1811120]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\WINDOWS\\SYSTEM32\\[You must be registered and logged in to see this link.]
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\WINDOWS\\SYSTEM32\\mmc.exe"=
"c:\\Program Files\\iolo\\System Mechanic Professional\\AntiVirus\\ioloAV.exe"=
"c:\\Program Files\\iolo\\System Mechanic Professional\\AntiVirus\\iAVEmailScanner.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017

S2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [2009-06-02 222968]
S2 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2009-05-21 600944]
S2 ioloSystemService;iolo System Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2009-05-21 600944]


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,LaunchINFSectionEx c:\program files\Internet Explorer\clrtour.inf,DefaultInstall.ResetTour,,12
.
Contents of the 'Scheduled Tasks' folder

2009-09-20 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 22:39]

2009-09-20 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-02-21 01:03]

2009-09-20 c:\windows\Tasks\User_Feed_Synchronization-{25D65CB4-9ADE-4ED7-AE46-1F1762C8E39F}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 22:36]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultUrl = [You must be registered and logged in to see this link.]
uStart Page = [You must be registered and logged in to see this link.]
mStart Page = [You must be registered and logged in to see this link.]
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = 127.0.0.1
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
IE: &Search - [You must be registered and logged in to see this link.]
LSP: c:\windows\system32\iavlsp.dll
LSP: c:\program files\Google\Google Desktop Search\GoogleDesktopNetwork1.dll
TCP: {76AC16A1-8A80-4DE2-83BA-DCD922C1D4CA} = 166.102.165.11,207.91.5.20
DPF: Microsoft XML Parser for Java - [You must be registered and logged in to see this link.]
DPF: {3713F92E-2252-4A87-868E-C5F17704D4C6} - [You must be registered and logged in to see this link.]
.
.
------- File Associations -------
.
JSEFile=NOTEPAD.EXE %1
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2009-09-20 10:04
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2220035878-3111292644-2104965004-1007\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(756)
c:\windows\system32\iavlsp.dll
.
Completion time: 2009-09-20 10:07
ComboFix-quarantined-files.txt 2009-09-20 14:06
ComboFix2.txt 2009-09-20 04:53

Pre-Run: 116,523,134,976 bytes free
Post-Run: 116,484,173,824 bytes free

Current=6 Default=6 Failed=5 LastKnownGood=7 Sets=1,2,3,4,5,6,7
229 --- E O F --- 2009-09-20 07:00

James101
Novice
Novice

Posts Posts : 34
Joined Joined : 2009-09-15
Gender Gender : Male
OS OS : XP
Points Points : 26428
# Likes # Likes : 0

View user profile

Back to top Go down

Re: antivirs 2010 removal, no desktop cannot d/l and use hijk or malware bytes

Post by Dr Jay on Sun Sep 20, 2009 5:16 pm

Hi

Please download F-Secure's Blacklight from [You must be registered and logged in to see this link.]

  • Save it to your Desktop
  • Double-click blbeta.exe then accept the agreement.
  • click > scan then > next,
  • You'll see a list of all items found.
  • Don't choose for rename yet! I want to see the log first, because legit items can also be present there...
  • There must be also a log on your desktop with the name fsbl.xxxxxxx.log (the xxxxxxx stand for numbers)
  • Post the contents of the log in your next reply.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13717
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302127
# Likes # Likes : 10

View user profile

Back to top Go down

Re: antivirs 2010 removal, no desktop cannot d/l and use hijk or malware bytes

Post by James101 on Mon Sep 21, 2009 4:06 am

Malwarebytes' Anti-Malware 1.41
Database version: 2830
Windows 5.1.2600 Service Pack 3

9/21/2009 12:03:15 AM
mbam-log-2009-09-21 (00-03-15).txt

Scan type: Full Scan (C:\|)
Objects scanned: 211775
Time elapsed: 10 hour(s), 33 minute(s), 25 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 5
Registry Values Infected: 2
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 21

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{a6573479-9075-4a65-98a6-19fd29cf7374} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Setup.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Adssite ToolBar (Adware.Adssite) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\igfxtray (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\&Search\(default) (Adware.Hotbar) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\SYSTEM32\igfxtray.exe (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jim\My Documents\WebfettiSetup2.3.50.19.ZKman000.exe (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jim\My Documents\LimeWire\Saved\i can only imagine tab\Setup.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\g8k.exe.vir (Worm.Magania) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\m.com.vir (Worm.Magania) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Program Files\Windows Police Pro\windows Police Pro.exe.vir (Antivirus2009) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Program Files\Windows Police Pro\tmp\dbsinit.exe.vir (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\cru629.dat.vir (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\cru629.dat.vir (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\dddesot.dll.vir (Rogue.ASC-AntiSpyware) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\desote.exe.vir (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\eventlog.dll.vir (Trojan.Sirefef) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\hjgruioqqgpkmb.dll.vir (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\wisdstr.exe.vir (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\DLLCACHE\figaro.sys.vir (Trojan.KillAV) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\DRIVERS\BEEP.SYS.vir (Trojan.KillAV) -> Quarantined and deleted successfully.
C:\WINDOWS\svchasts.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\DLLCACHE\beep.sys (Trojan.KillAV) -> Quarantined and deleted successfully.
C:\Program Files\MSN Messenger\msimg32.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MSN Messenger\riched20.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jim\Desktop\winlogon.scr (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.

James101
Novice
Novice

Posts Posts : 34
Joined Joined : 2009-09-15
Gender Gender : Male
OS OS : XP
Points Points : 26428
# Likes # Likes : 0

View user profile

Back to top Go down

Re: antivirs 2010 removal, no desktop cannot d/l and use hijk or malware bytes

Post by James101 on Mon Sep 21, 2009 4:37 am

Hi,

Thanks so much for helping me! I also ran blacklight and it didn't save a log file. It said " hidden items found 0." and "items queued for renaming 0."
I stll have no desktop and cannot open things, when I try, it sais cannot open, you may not have permission. Again thanks so much!

Jim

James101
Novice
Novice

Posts Posts : 34
Joined Joined : 2009-09-15
Gender Gender : Male
OS OS : XP
Points Points : 26428
# Likes # Likes : 0

View user profile

Back to top Go down

Re: antivirs 2010 removal, no desktop cannot d/l and use hijk or malware bytes

Post by Dr Jay on Mon Sep 21, 2009 4:46 am

Hi

  • Download DDS by sUBs from one of the following links. Save it to your Desktop.


    NOTE: Before scanning, make sure all other running programs are closed.
    There shouldn't be any scheduled antivirus scans running while the scan is being performed.
    Do not use your computer for anything else during the scan.

  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results, click Yes to the Optional_Scan
  • >>Follow the instructions that pop up for posting the results.<<
  • Close the program window, and delete the program from your Desktop.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13717
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302127
# Likes # Likes : 10

View user profile

Back to top Go down

Re: antivirs 2010 removal, no desktop cannot d/l and use hijk or malware bytes

Post by James101 on Mon Sep 21, 2009 5:36 am

DDS (Ver_09-07-30.01) - NTFSx86
Run by Jim at 1:24:00.73 on Mon 09/21/2009
Internet Explorer: 7.0.5730.13
AV: iolo AntiVirus® *On-access scanning disabled* (Updated) {2565CEEE-6BDB-4A6D-AD6D-F682F2695014}

============== Running Processes ===============


============== Pseudo HJT Report ===============

uSearchMigratedDefaultUrl = [You must be registered and logged in to see this link.]
uStart Page = [You must be registered and logged in to see this link.]
mStart Page = [You must be registered and logged in to see this link.]
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = 127.0.0.1
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
uURLSearchHooks: H - No File
uURLSearchHooks: ICQToolBar: {855f3b16-6d32-4fe6-8a56-bbb695989046} - c:\program files\icq6toolbar\ICQToolBar.dll
mURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: Windows Live Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
BHO: 1 (0x1) - No File
TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
TB: ICQToolBar: {855f3b16-6d32-4fe6-8a56-bbb695989046} - c:\program files\icq6toolbar\ICQToolBar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRunOnce: [Shockwave Updater] c:\windows\system32\adobe\shockwave 11\SwHelper_1150595.exe -Update -1150595 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; GTB6; FunWebProducts; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 1.0.3705; yie8; yie8)" -"http://www.maidmarian.com/ClubMarian.htm"
mRun: [UpdateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r
mRun: [SpyHunter Security Suite] c:\program files\enigma software group\spyhunter\SpyHunter3.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [PCMService] "c:\program files\dell\media experience\PCMService.exe"
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"
mRun: [IntelMeM] c:\program files\intel\modem event monitor\IntelMEM.exe
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [Dell Photo AIO Printer 922] "c:\program files\dell photo aio printer 922\dlbtbmgr.exe"
mRun: [Dell AIO Printer A920] "c:\program files\dell aio printer a920\dlbkbmgr.exe"
mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto
mRun: [iolo AntiVirus] "c:\program files\iolo\system mechanic professional\antivirus\ioloAV.exe"
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\new folder\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRunOnce: [ShOsPostRemover] c:\sh4ldr\shospostremover.exe
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
mRunOnce: [*Restore] c:\windows\system32\restore\rstrui.exe -i
StartupFolder: c:\documents and settings\jim\start menu\programs\startup\PowerReg Scheduler V3.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\precas~1.lnk - c:\program files\ocucom\precast\tmon.exe
IE: &Search
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - [You must be registered and logged in to see this link.]
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_02\bin\ssv.dll
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
LSP: c:\windows\system32\iavlsp.dll
LSP: c:\program files\google\google desktop search\GoogleDesktopNetwork1.dll
DPF: Microsoft XML Parser for Java - [You must be registered and logged in to see this link.]
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - [You must be registered and logged in to see this link.]
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - [You must be registered and logged in to see this link.]
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - [You must be registered and logged in to see this link.]
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - [You must be registered and logged in to see this link.]
DPF: {1E3F1348-4370-4BBE-A67A-CC7ED824CA85} - [You must be registered and logged in to see this link.]
DPF: {3713F92E-2252-4A87-868E-C5F17704D4C6} - [You must be registered and logged in to see this link.]
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - [You must be registered and logged in to see this link.]
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - [You must be registered and logged in to see this link.]
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
TCP: {76AC16A1-8A80-4DE2-83BA-DCD922C1D4CA} = 166.102.165.11,207.91.5.20
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============


============== File Associations ===============

JSEFile=NOTEPAD.EXE %1

=============== Created Last 30 ================

2009-09-20 09:58 --d----- C:\ComboFix
2009-09-20 00:45 a-dshr-- C:\cmdcons
2009-09-20 00:26 229,888 a------- c:\windows\PEV.exe
2009-09-20 00:26 161,792 a------- c:\windows\SWREG.exe
2009-09-20 00:26 98,816 a------- c:\windows\sed.exe
2009-09-13 22:46 --d-h--- c:\windows\PIF
2009-09-08 15:37 664 a------- c:\windows\system32\d3d9caps.dat
2009-09-08 07:22 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-08 07:22 19,160 a------- c:\windows\system32\drivers\mbam.sys
2009-09-08 07:22 --d----- c:\program files\Malwarebytes' Anti-Malware
2009-09-08 07:15 414 a------- C:\spyhunter.fix
2009-09-08 07:15 --d----- C:\sh4ldr
2009-09-08 07:14 --d----- c:\program files\Enigma Software Group
2009-09-07 15:54 --d----- c:\windows\system32\wbem\Repository
2009-09-07 06:58 12,537 a------- c:\windows\opybu._sy
2009-09-03 07:45 --d----- c:\docume~1\alluse~1\applic~1\TomTom
2009-09-03 07:36 --d----- c:\program files\TomTom DesktopSuite
2009-09-01 11:46 --d----- C:\Cache
2009-08-24 00:44 --d----- c:\docume~1\jim\applic~1\Malwarebytes
2009-08-24 00:31 --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-08-23 23:23 680,960 a------- c:\windows\is-CSKTN.exe
2009-08-23 23:23 10,504 a------- c:\windows\is-CSKTN.msg
2009-08-23 23:23 530 a------- c:\windows\is-CSKTN.lst

==================== Find3M ====================

2007-08-20 21:47 848 a--sh--- c:\windows\system32\KGyGaAvL.sys
2009-05-18 18:59 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009051820090519\index.dat

============= FINISH: 1:24:09.31 ===============

James101
Novice
Novice

Posts Posts : 34
Joined Joined : 2009-09-15
Gender Gender : Male
OS OS : XP
Points Points : 26428
# Likes # Likes : 0

View user profile

Back to top Go down

Re: antivirs 2010 removal, no desktop cannot d/l and use hijk or malware bytes

Post by Dr Jay on Mon Sep 21, 2009 8:57 am

1. Click the Start Menu.
2. Click Run.
3. Type in "mbam.exe /developer", without the quotes.
4. Run the same type of scan you did before and save the logfile and post it.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13717
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302127
# Likes # Likes : 10

View user profile

Back to top Go down

Re: antivirs 2010 removal, no desktop cannot d/l and use hijk or malware bytes

Post by Belahzur on Mon Sep 21, 2009 9:39 am

Hello James101.

Before doing the special scan Dragon has ordered, please go into MBAM's quarantine tab and restore these two items:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\igfxtray

and this file:
C:\WINDOWS\SYSTEM32\igfxtray.exe

Then follow what Dragon has posted for you, just make sure you have the latest database.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: antivirs 2010 removal, no desktop cannot d/l and use hijk or malware bytes

Post by James101 on Mon Sep 21, 2009 5:09 pm

Hi,
I can't find either item in quarantine.

I cannot find run. I have no start menu, task bar on my desktop or any desktop icons. Thanks!!

Jim

James101
Novice
Novice

Posts Posts : 34
Joined Joined : 2009-09-15
Gender Gender : Male
OS OS : XP
Points Points : 26428
# Likes # Likes : 0

View user profile

Back to top Go down

Re: antivirs 2010 removal, no desktop cannot d/l and use hijk or malware bytes

Post by Belahzur on Mon Sep 21, 2009 5:16 pm

Hello.
Sounds like something has killed off Explore.exe.

Open Task Manager via alt/ctrl/del, go into the Applications tab, and hit "New Task...", type explorer into the open field.

Now can you see your Desktop icons and everything else?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: antivirs 2010 removal, no desktop cannot d/l and use hijk or malware bytes

Post by James101 on Mon Sep 21, 2009 5:20 pm

hey,
It says windows cannot access the file, or you may not have the correct permission. Thanks

James101
Novice
Novice

Posts Posts : 34
Joined Joined : 2009-09-15
Gender Gender : Male
OS OS : XP
Points Points : 26428
# Likes # Likes : 0

View user profile

Back to top Go down

Re: antivirs 2010 removal, no desktop cannot d/l and use hijk or malware bytes

Post by Belahzur on Mon Sep 21, 2009 5:47 pm

Hello.
We may need to reset the permission on explorer.exe, looks like the malware has locked it.

Please download [You must be registered and logged in to see this link.] file.

  • Please download Junction.zip and save it.
  • Unzip it and put junction.exe in the Windows directory (C:\Windows).
  • Go to Start => Run... => Copy and paste the following command in the run box and click OK:

    cmd /c junction -s c:\ >log.txt&log.txt& del log.txt

  • A command window opens starting to scan the system. Wait until a log file opens. Copy and paste or attach the content of it.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: antivirs 2010 removal, no desktop cannot d/l and use hijk or malware bytes

Post by James101 on Tue Sep 22, 2009 3:15 am

Hello,
I'm sorry but it will not let me download it. It sais windows cannot access the specified device, path, or file. You may not have the appropriate permission to access the item. Also, I get this quite a bit from other things I try to open. Thank You!!
Jim

James101
Novice
Novice

Posts Posts : 34
Joined Joined : 2009-09-15
Gender Gender : Male
OS OS : XP
Points Points : 26428
# Likes # Likes : 0

View user profile

Back to top Go down

Re: antivirs 2010 removal, no desktop cannot d/l and use hijk or malware bytes

Post by Dr Jay on Tue Sep 22, 2009 4:19 am

Hi

TrendMicro™ HouseCall Java Scan

  • Please go [You must be registered and logged in to see this link.] to run the Trend Micro™ HouseCall Scan.
  • Click Scan now. It's free!
  • Read and put a Check next to Yes I accept the terms of use.
  • Click the Launching HouseCall>> button.
  • If confirmed that HouseCall can run on your system, under Using Java-based HouseCall kernel click the Starting HouseCall>> button.
  • You may receive a Security Warning about the TrendMicro Java applet, click YES.
  • Under Scan complete computer for malware, grayware, and vulnerabilities click the Next>> button.
  • Please be patient while it installs, updates, and scans your system.
  • Once the scan is complete, it will take you to the summary page.
  • Under Cleanup options, choose clean all detected infections automatically.
  • Click the Clean now>> button.
  • If anything was found you may be prompted to run the scan again, you can just close the browser window.


Please post here any results, good or bad.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13717
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302127
# Likes # Likes : 10

View user profile

Back to top Go down

Re: antivirs 2010 removal, no desktop cannot d/l and use hijk or malware bytes

Post by James101 on Tue Sep 22, 2009 12:10 pm

Hi,
I ran the scan and it found a few things, but there is no change to the computer after removal. I still have no task bar or desktop icons. Thanks!!
Jim

James101
Novice
Novice

Posts Posts : 34
Joined Joined : 2009-09-15
Gender Gender : Male
OS OS : XP
Points Points : 26428
# Likes # Likes : 0

View user profile

Back to top Go down

Re: antivirs 2010 removal, no desktop cannot d/l and use hijk or malware bytes

Post by Dr Jay on Tue Sep 22, 2009 3:42 pm

Hi

Do you have the results?

Please navigate to this webpage: [You must be registered and logged in to see this link.] and see the section "Fix it for me" and click the Microsoft Fix-It button. This will download a fix utility to repair the security settings on your computer, due to damages of malware or other harmful system changes. Install the file after download.

Has this fixed anything?


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13717
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302127
# Likes # Likes : 10

View user profile

Back to top Go down

Re: antivirs 2010 removal, no desktop cannot d/l and use hijk or malware bytes

Post by James101 on Wed Sep 23, 2009 1:49 am

Hello,

windows installer will not let me download it. It said, " The windows installer service could not be accessed. This can occur if you are running windows in safe mode, or if the windows installer is not correctly installed." I'm not sure what the deal is or how to correct this problem. Oh, and I am also not running in safe mode.Thanks!!

James101
Novice
Novice

Posts Posts : 34
Joined Joined : 2009-09-15
Gender Gender : Male
OS OS : XP
Points Points : 26428
# Likes # Likes : 0

View user profile

Back to top Go down

Re: antivirs 2010 removal, no desktop cannot d/l and use hijk or malware bytes

Post by Dr Jay on Wed Sep 23, 2009 3:11 am

Hi

Please download SystemLook from one of the links below and save it to your Desktop.
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    Code:

    :filefind
    scecli.dll
    netlogon.dll
    eventlog.dll
    winlogon.exe
    comres.dll
    crypt32.dll
    gpedit.dll
    rundll32.exe
    sfc.dll
    svchost.exe

  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13717
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302127
# Likes # Likes : 10

View user profile

Back to top Go down

Re: antivirs 2010 removal, no desktop cannot d/l and use hijk or malware bytes

Post by James101 on Wed Sep 23, 2009 4:16 pm

SystemLook v1.0 by jpshortstuff (29.08.09)
Log created at 12:14 on 23/09/2009 by Jim (Administrator - Elevation successful)

No Context: filefind

No Context: scecli.dll

No Context: netlogon.dll

No Context: eventlog.dll

No Context: winlogon.exe

No Context: comres.dll

No Context: crypt32.dll

No Context: gpedit.dll

No Context: rundll32.exe

No Context: sfc.dll

No Context: svchost.exe

-=End Of File=-

James101
Novice
Novice

Posts Posts : 34
Joined Joined : 2009-09-15
Gender Gender : Male
OS OS : XP
Points Points : 26428
# Likes # Likes : 0

View user profile

Back to top Go down

Re: antivirs 2010 removal, no desktop cannot d/l and use hijk or malware bytes

Post by Belahzur on Wed Sep 23, 2009 6:59 pm

Hello.
You missed the colon before :filefind in the script.
Please re-run it and post the new log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: antivirs 2010 removal, no desktop cannot d/l and use hijk or malware bytes

Post by James101 on Wed Sep 23, 2009 7:07 pm

hello,
Oops, sorry about that. Thanks for catching that, and again thanks so much for the help!


SystemLook v1.0 by jpshortstuff (29.08.09)
Log created at 15:04 on 23/09/2009 by Jim (Administrator - Elevation successful)

========== filefind ==========

Searching for "scecli.dll"
C:\I386\SCECLI.DLL --a--- 174592 bytes [01:40 12/12/2006] [10:00 29/08/2002] 97418A5C642A5C748A28BD7CF6860B57
C:\WINDOWS\$NtServicePackUninstall$\scecli.dll -----c 180224 bytes [22:32 18/05/2009] [07:56 04/08/2004] 0F78E27F563F2AAF74B91A49E2ABF19A
C:\WINDOWS\ERDNT\cache\scecli.dll --a--- 180224 bytes [04:51 20/09/2009] [07:56 04/08/2004] 0F78E27F563F2AAF74B91A49E2ABF19A
C:\WINDOWS\ServicePackFiles\i386\scecli.dll ------ 181248 bytes [08:09 20/08/2007] [00:12 14/04/2008] A86BB5E61BF3E39B62AB4C7E7085A084
C:\WINDOWS\SYSTEM32\scecli.dll ------ 180224 bytes [10:00 29/08/2002] [07:56 04/08/2004] 0F78E27F563F2AAF74B91A49E2ABF19A

Searching for "netlogon.dll"
C:\I386\NETLOGON.DLL --a--- 399360 bytes [01:39 12/12/2006] [10:00 29/08/2002] 3ADD563ED7A1C66E6F5E0F7A661AA96D
C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll -----c 407040 bytes [22:32 18/05/2009] [07:56 04/08/2004] 96353FCECBA774BB8DA74A1C6507015A
C:\WINDOWS\ERDNT\cache\netlogon.dll --a--- 407040 bytes [04:51 20/09/2009] [07:56 04/08/2004] 96353FCECBA774BB8DA74A1C6507015A
C:\WINDOWS\ServicePackFiles\i386\netlogon.dll ------ 407040 bytes [08:09 20/08/2007] [00:12 14/04/2008] 1B7F071C51B77C272875C3A23E1E4550
C:\WINDOWS\SYSTEM32\netlogon.dll ------ 407040 bytes [10:00 29/08/2002] [07:56 04/08/2004] 96353FCECBA774BB8DA74A1C6507015A

Searching for "eventlog.dll"
C:\I386\EVENTLOG.DLL --a--- 49152 bytes [01:36 12/12/2006] [10:00 29/08/2002] BF3C8CF53C77B48206B39910B6D6CBCC
C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll -----c 55808 bytes [22:32 18/05/2009] [07:56 04/08/2004] 82B24CB70E5944E6E34662205A2A5B78
C:\WINDOWS\ERDNT\cache\eventlog.dll --a--- 56320 bytes [04:51 20/09/2009] [00:11 14/04/2008] 6D4FEB43EE538FC5428CC7F0565AA656
C:\WINDOWS\ServicePackFiles\i386\eventlog.dll ------ 56320 bytes [08:08 20/08/2007] [00:11 14/04/2008] 6D4FEB43EE538FC5428CC7F0565AA656
C:\WINDOWS\SYSTEM32\eventlog.dll ------ 56320 bytes [10:00 29/08/2002] [00:11 14/04/2008] 6D4FEB43EE538FC5428CC7F0565AA656

Searching for "winlogon.exe"
C:\I386\WINLOGON.EXE --a--- 516608 bytes [01:43 12/12/2006] [10:00 29/08/2002] 2246D8D8F4714A2CEDB21AB9B1849ABB
C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe -----c 502272 bytes [22:32 18/05/2009] [07:56 04/08/2004] 01C3346C241652F43AED8E2149881BFE
C:\WINDOWS\ERDNT\cache\winlogon.exe --a--- 502272 bytes [04:51 20/09/2009] [07:56 04/08/2004] 01C3346C241652F43AED8E2149881BFE
C:\WINDOWS\ServicePackFiles\i386\winlogon.exe ------ 507904 bytes [08:09 20/08/2007] [00:12 14/04/2008] ED0EF0A136DEC83DF69F04118870003E
C:\WINDOWS\SYSTEM32\winlogon.exe ------ 502272 bytes [10:00 29/08/2002] [07:56 04/08/2004] 01C3346C241652F43AED8E2149881BFE

Searching for "comres.dll"
C:\I386\COMRES.DLL --a--- 792064 bytes [01:34 12/12/2006] [10:00 29/08/2002] 1F51839ECCF908FD86558198909262E4
C:\WINDOWS\$NtServicePackUninstall$\comres.dll -----c 792064 bytes [22:32 18/05/2009] [07:56 04/08/2004] 6728270CB7DBB776ED086F5AC4C82310
C:\WINDOWS\ServicePackFiles\i386\comres.dll ------ 792064 bytes [08:08 20/08/2007] [00:11 14/04/2008] 1280A158C722FA95A80FB7AEBE78FA7D
C:\WINDOWS\SYSTEM32\comres.dll ------ 792064 bytes [10:00 29/08/2002] [07:56 04/08/2004] 6728270CB7DBB776ED086F5AC4C82310

Searching for "crypt32.dll"
C:\I386\crypt32.dll --a--- 544256 bytes [01:34 12/12/2006] [22:10 23/09/2002] C4386C3598E8DF9A406B4A3537C997B2
C:\WINDOWS\$NtServicePackUninstall$\crypt32.dll -----c 597504 bytes [22:32 18/05/2009] [07:56 04/08/2004] EFC958396A7A7EF7E6D4A52B97512E18
C:\WINDOWS\ServicePackFiles\i386\crypt32.dll ------ 599040 bytes [08:08 20/08/2007] [00:11 14/04/2008] BDAAF79DD63F194434D31A74B9BB8B77
C:\WINDOWS\SYSTEM32\crypt32.dll ------ 597504 bytes [18:54 25/08/2004] [07:56 04/08/2004] EFC958396A7A7EF7E6D4A52B97512E18

Searching for "gpedit.dll"
No files found.

Searching for "rundll32.exe"
C:\I386\RUNDLL32.EXE --a--- 31744 bytes [01:40 12/12/2006] [10:00 29/08/2002] 0FB22DD37C17F80AD71316049F725170
C:\WINDOWS\$NtServicePackUninstall$\rundll32.exe -----c 33280 bytes [22:32 18/05/2009] [07:56 04/08/2004] DA285490BBD8A1D0CE6623577D5BA1FF
C:\WINDOWS\ServicePackFiles\i386\rundll32.exe ------ 33280 bytes [08:09 20/08/2007] [00:12 14/04/2008] 037B1E7798960E0420003D05BB577EE6
C:\WINDOWS\SYSTEM32\rundll32.exe --a--- 33280 bytes [10:00 29/08/2002] [00:12 14/04/2008] (Unable to calculate MD5)

Searching for "sfc.dll"
C:\I386\SFC.DLL --a--- 4096 bytes [01:41 12/12/2006] [10:00 29/08/2002] 52BB2A508CB3EB8AAA5F6F142F5B73D6
C:\WINDOWS\$NtServicePackUninstall$\sfc.dll -----c 5120 bytes [22:32 18/05/2009] [07:56 04/08/2004] E8A12A12EA9088B4327D49EDCA3ADD3E
C:\WINDOWS\ERDNT\cache\sfc.dll --a--- 5120 bytes [04:51 20/09/2009] [07:56 04/08/2004] E8A12A12EA9088B4327D49EDCA3ADD3E
C:\WINDOWS\ServicePackFiles\i386\sfc.dll ------ 5120 bytes [08:09 20/08/2007] [00:12 14/04/2008] 96E1C926F22EE1BFBAE82901A35F6BF3
C:\WINDOWS\SYSTEM32\sfc.dll ------ 5120 bytes [10:00 29/08/2002] [07:56 04/08/2004] E8A12A12EA9088B4327D49EDCA3ADD3E

Searching for "svchost.exe"
C:\I386\SVCHOST.EXE --a--- 12800 bytes [01:41 12/12/2006] [10:00 29/08/2002] 0F7D9C87B0CE1FA520473119752C6F79
C:\WINDOWS\$NtServicePackUninstall$\svchost.exe -----c 14336 bytes [22:32 18/05/2009] [07:56 04/08/2004] 8F078AE4ED187AAABC0A305146DE6716
C:\WINDOWS\ERDNT\cache\svchost.exe --a--- 14336 bytes [04:51 20/09/2009] [07:56 04/08/2004] 8F078AE4ED187AAABC0A305146DE6716
C:\WINDOWS\ServicePackFiles\i386\svchost.exe ------ 14336 bytes [08:09 20/08/2007] [00:12 14/04/2008] 27C6D03BCDB8CFEB96B716F3D8BE3E18
C:\WINDOWS\SYSTEM32\svchost.exe ------ 14336 bytes [10:00 29/08/2002] [07:56 04/08/2004] 8F078AE4ED187AAABC0A305146DE6716

-=End Of File=-

James101
Novice
Novice

Posts Posts : 34
Joined Joined : 2009-09-15
Gender Gender : Male
OS OS : XP
Points Points : 26428
# Likes # Likes : 0

View user profile

Back to top Go down

Re: antivirs 2010 removal, no desktop cannot d/l and use hijk or malware bytes

Post by Dr Jay on Wed Sep 23, 2009 7:39 pm

Hi

Please go to this page: [You must be registered and logged in to see this link.] and follow the section Let me fix it myself
If you have any questions, please post back here. If you cannot do it, I can prepare a file to help you.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13717
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302127
# Likes # Likes : 10

View user profile

Back to top Go down

Re: antivirs 2010 removal, no desktop cannot d/l and use hijk or malware bytes

Post by James101 on Thu Sep 24, 2009 12:29 am

Hello again,

I/m very sorry about this, but I cannot use the fix it myself. It said I cannot use this if I am running XP Home Edition, that I would have to use system restore or a backup. I have no restore points available. Again Thank You!

James101
Novice
Novice

Posts Posts : 34
Joined Joined : 2009-09-15
Gender Gender : Male
OS OS : XP
Points Points : 26428
# Likes # Likes : 0

View user profile

Back to top Go down

Re: antivirs 2010 removal, no desktop cannot d/l and use hijk or malware bytes

Post by Dr Jay on Thu Sep 24, 2009 1:03 am

So...you typed this:
secedit /configure /cfg %windir%\repair\secsetup.inf /db secsetup.sdb /verbose

in to Command Prompt, and got no results?


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13717
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302127
# Likes # Likes : 10

View user profile

Back to top Go down

Re: antivirs 2010 removal, no desktop cannot d/l and use hijk or malware bytes

Post by James101 on Thu Sep 24, 2009 1:07 am

hi,

Yes, it said it does not recognize secedit.

James101
Novice
Novice

Posts Posts : 34
Joined Joined : 2009-09-15
Gender Gender : Male
OS OS : XP
Points Points : 26428
# Likes # Likes : 0

View user profile

Back to top Go down

Re: antivirs 2010 removal, no desktop cannot d/l and use hijk or malware bytes

Post by Dr Jay on Thu Sep 24, 2009 1:20 am

It is a Windows XP issue. Please download the hotfix to fix the secedit command: [You must be registered and logged in to see this link.]

Then, please try the above again.

Tell me results.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13717
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302127
# Likes # Likes : 10

View user profile

Back to top Go down

Re: antivirs 2010 removal, no desktop cannot d/l and use hijk or malware bytes

Post by James101 on Thu Sep 24, 2009 1:45 am

Hello,

I'm sorry, secedit is still not recognised, Thanks!

Jim

James101
Novice
Novice

Posts Posts : 34
Joined Joined : 2009-09-15
Gender Gender : Male
OS OS : XP
Points Points : 26428
# Likes # Likes : 0

View user profile

Back to top Go down

Re: antivirs 2010 removal, no desktop cannot d/l and use hijk or malware bytes

Post by James101 on Thu Sep 24, 2009 4:10 am

Hello,

I was wandering if I had gotten rid of the viruses now and maybe have a completely different problem? Or is this all related to antivirus 2010? Thank You, you guys are awesome!

James101
Novice
Novice

Posts Posts : 34
Joined Joined : 2009-09-15
Gender Gender : Male
OS OS : XP
Points Points : 26428
# Likes # Likes : 0

View user profile

Back to top Go down

Re: antivirs 2010 removal, no desktop cannot d/l and use hijk or malware bytes

Post by Dr Jay on Thu Sep 24, 2009 4:18 am

Hi

I can be sure the viruses are gone, but there is a permissions issue somewhere that is preventing you from accessing a lot of things. I am trying to find the appropriate fix, but most of them have failed.

Is ComboFix still on your Desktop? Please double-click it and do another run, and please post the log in your next reply. If you do not have Com,boFix, see the first page of this thread for the download link and instructions.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13717
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302127
# Likes # Likes : 10

View user profile

Back to top Go down

Re: antivirs 2010 removal, no desktop cannot d/l and use hijk or malware bytes

Post by James101 on Thu Sep 24, 2009 4:33 am

ComboFix 09-09-18.02 - Jim 09/24/2009 0:21.4.1 - NTFSx86
Running from: c:\documents and settings\Jim\Desktop\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2009-08-24 to 2009-09-24 )))))))))))))))))))))))))))))))
.

2009-09-24 01:39 . 2009-09-16 23:48 55536 ----a-w- C:\WindowsXP-KB897327-x86-Symbols-ENU.exe
2009-09-24 01:39 . 2009-09-16 23:48 491248 ----a-w- C:\WindowsXP-KB897327-x86-ENU.exe
2009-09-24 00:10 . 2009-09-24 01:30 -------- d-----w- c:\program files\ACW
2009-09-22 05:39 . 2009-09-22 05:39 2855 ----a-w- c:\windows\explorer.PIF
2009-09-22 04:26 . 2009-09-22 05:33 -------- d-----w- c:\documents and settings\Jim\.housecall6.6
2009-09-22 03:03 . 2009-09-22 03:03 46375 ----a-w- c:\windows\Junction.zip
2009-09-14 16:16 . 2009-09-14 16:16 -------- d-----w- c:\documents and settings\LocalService\Application Data\Yahoo!
2009-09-14 02:46 . 2009-09-20 04:27 -------- d--h--w- c:\windows\PIF
2009-09-09 11:32 . 2009-09-09 11:32 -------- d-----w- c:\documents and settings\Administrator.DB2B3L51.000\Local Settings\Application Data\Mozilla
2009-09-08 19:37 . 2009-09-08 19:37 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-09-08 11:22 . 2009-09-10 18:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-08 11:22 . 2009-09-14 19:46 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-08 11:22 . 2009-09-10 18:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-08 11:15 . 2009-09-08 11:15 -------- d-----w- C:\sh4ldr
2009-09-08 11:14 . 2009-09-08 11:14 -------- d-----w- c:\program files\Enigma Software Group
2009-09-07 19:54 . 2009-09-07 19:54 -------- d-----w- c:\windows\system32\wbem\Repository
2009-09-07 10:58 . 2009-09-07 10:58 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Yahoo!
2009-09-06 13:04 . 2009-09-06 13:04 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2009-09-04 22:17 . 2009-09-04 22:17 -------- d-----w- c:\documents and settings\clark boys\Application Data\Malwarebytes
2009-09-04 02:31 . 2009-09-04 02:31 -------- d-----w- c:\documents and settings\clark boys\Local Settings\Application Data\Mozilla
2009-09-03 11:45 . 2009-09-03 11:45 -------- d-----w- c:\documents and settings\All Users\Application Data\TomTom
2009-09-03 11:36 . 2009-09-03 11:36 -------- d-----w- c:\program files\TomTom DesktopSuite
2009-09-01 15:46 . 2009-09-01 15:46 -------- d-----w- C:\Cache

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-23 12:58 . 2009-04-10 01:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-09-22 05:29 . 2007-08-29 11:54 -------- d-----w- c:\program files\LimeWire
2009-09-22 05:29 . 2009-05-07 03:10 -------- d-----w- c:\program files\VVSN
2009-09-14 16:16 . 2009-04-23 12:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2009-09-14 03:11 . 2009-08-21 19:48 46312 ----a-w- c:\documents and settings\Administrator.DB2B3L51.000\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-07 11:29 . 2008-03-12 04:22 -------- d-----w- c:\documents and settings\clark boys\Application Data\PreCast
2009-09-07 11:01 . 2009-07-12 20:23 -------- d-----w- c:\documents and settings\clark boys\Application Data\iolo
2009-09-03 13:30 . 2008-09-08 16:56 -------- d-----w- c:\program files\TomTom HOME 2
2009-08-24 04:31 . 2009-08-24 04:31 -------- d-----w- c:\documents and settings\Administrator.DB2B3L51.000\Application Data\Malwarebytes
2009-08-24 04:31 . 2009-08-24 04:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-08-24 03:28 . 2009-08-24 03:28 -------- d-----w- c:\documents and settings\Administrator.DB2B3L51.000\Application Data\vlc
2009-08-24 03:23 . 2009-08-24 03:23 680960 ----a-w- c:\windows\is-CSKTN.exe
2009-08-22 11:42 . 2009-08-22 11:42 -------- d-----w- c:\documents and settings\Administrator.DB2B3L51.000\Application Data\iolo
2009-08-21 16:48 . 2009-08-21 16:46 0 ----a-w- c:\windows\system32\cmpwrap.dat
2009-08-21 11:02 . 2009-08-21 11:01 1336 ----a-w- c:\windows\r.vbs
2009-08-21 11:02 . 2009-08-21 11:01 21 ----a-w- c:\windows\c.bat
2009-08-21 11:01 . 2009-08-21 11:01 53 ----a-w- c:\windows\m.bat
2009-08-02 23:00 . 2009-08-02 23:00 -------- d-----w- c:\program files\ICQ6Toolbar
2009-08-02 23:00 . 2009-08-02 22:59 -------- d-----w- c:\documents and settings\All Users\Application Data\ICQ
2009-08-02 22:59 . 2004-08-25 18:57 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-27 16:56 . 2008-03-12 04:25 -------- d-----w- c:\documents and settings\clark boys\Application Data\Yahoo!
2008-08-22 19:36 . 2008-11-18 03:32 163840 ----a-w- c:\program files\mozilla firefox\components\nsgkff20_meter2.dll
2007-08-21 01:47 . 2007-08-21 01:46 848 --sha-w- c:\windows\SYSTEM32\KGyGaAvL.sys
.

------- Sigcheck -------

[7] 2008-04-14 . 2DC5A8019E2387987905F77C664E4BE2 . 19968 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\linkinfo.dll
[-] 2005-09-01 . 648BF0B4DDE4F7A1156DAE7174D36EFA . 19968 . . [5.1.2600.2751] . . c:\windows\$hf_mig$\KB900725\SP2QFE\linkinfo.dll
[-] 2005-09-01 . A1A688EE56CF3BBD24EDEB815D48E9BA . 19968 . . [5.1.2600.2751] . . c:\windows\$hf_mig$\KB900725\SP2GDR\linkinfo.dll
[-] 2005-09-01 . A1A688EE56CF3BBD24EDEB815D48E9BA . 19968 . . [5.1.2600.2751] . . c:\windows\$NtServicePackUninstall$\linkinfo.dll
[-] 2005-09-01 . A1A688EE56CF3BBD24EDEB815D48E9BA . 19968 . . [5.1.2600.2751] . . c:\windows\SYSTEM32\linkinfo.dll
[7] 2004-08-04 . C2BBD044C741EA4292016C36F718D2E4 . 18944 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB900725$\linkinfo.dll
[-] 2002-08-29 . 7D8C58C0CBB7331E9296A7357827CA8E . 15360 . . [5.1.2600.0] . . c:\windows\$NtUninstallKB900725_0$\linkinfo.dll
[-] 2002-08-29 . 7D8C58C0CBB7331E9296A7357827CA8E . 15360 . . [5.1.2600.0] . . c:\windows\SoftwareDistribution\Download\b3ba2a040ecf3ac2cd2da399851bda00\backup\sp1qfe\linkinfo.dll
[-] 2002-08-29 . 7D8C58C0CBB7331E9296A7357827CA8E . 15360 . . [5.1.2600.0] . . c:\windows\SoftwareDistribution\Download\b3ba2a040ecf3ac2cd2da399851bda00\backup\sp2gdr\linkinfo.dll
[-] 2002-08-29 . 7D8C58C0CBB7331E9296A7357827CA8E . 15360 . . [5.1.2600.0] . . c:\windows\SoftwareDistribution\Download\b3ba2a040ecf3ac2cd2da399851bda00\backup\sp2qfe\linkinfo.dll

[7] 2008-04-14 . 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE . 198144 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\netman.dll
[-] 2005-08-22 . 36739B39267914BA69AD0610A0299732 . 197632 . . [5.1.2600.2743] . . c:\windows\$hf_mig$\KB905414\SP2GDR\netman.dll
[-] 2005-08-22 . 36739B39267914BA69AD0610A0299732 . 197632 . . [5.1.2600.2743] . . c:\windows\$NtServicePackUninstall$\netman.dll
[-] 2005-08-22 . 36739B39267914BA69AD0610A0299732 . 197632 . . [5.1.2600.2743] . . c:\windows\SYSTEM32\netman.dll
[-] 2005-08-22 . 3516D8A18B36784B1005B950B84232E1 . 197632 . . [5.1.2600.2743] . . c:\windows\$hf_mig$\KB905414\SP2QFE\netman.dll
[7] 2004-08-04 . DAB9E6C7105D2EF49876FE92C524F565 . 198144 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB905414$\netman.dll
[-] 2002-08-29 . E7FF9267BBEB1386975278A27378526F . 154112 . . [5.1.2600.1106] . . c:\windows\$NtUninstallKB905414_0$\netman.dll

[7] 2008-04-14 . D8E14A61ACC1D4A6CD0D38AEBAC7FA3B . 57856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\spoolsv.exe
[-] 2005-06-11 . AD3D9D191AEA7B5445FE1D82FFBB4788 . 57856 . . [5.1.2600.2696] . . c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
[-] 2005-06-10 . DA81EC57ACD4CDC3D4C51CF3D409AF9F . 57856 . . [5.1.2600.2696] . . c:\windows\$hf_mig$\KB896423\SP2GDR\spoolsv.exe
[-] 2005-06-10 . DA81EC57ACD4CDC3D4C51CF3D409AF9F . 57856 . . [5.1.2600.2696] . . c:\windows\$NtServicePackUninstall$\spoolsv.exe
[-] 2005-06-10 . DA81EC57ACD4CDC3D4C51CF3D409AF9F . 57856 . . [5.1.2600.2696] . . c:\windows\SYSTEM32\spoolsv.exe
[7] 2004-08-04 . 7435B108B935E42EA92CA94F59C8E717 . 57856 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB896423$\spoolsv.exe
[-] 2002-08-29 . 9B4155BA58192D4073082B8FC5D42612 . 51200 . . [5.1.2600.0] . . c:\windows\$NtUninstallKB896423_0$\spoolsv.exe

[7] 2008-04-14 . 3CB78C17BB664637787C9A1C98F79C38 . 249856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tapisrv.dll
[-] 2005-07-08 . 1418A3A6E76E5A2E3F5E43866E793A8B . 249344 . . [5.1.2600.2716] . . c:\windows\$hf_mig$\KB893756\SP2QFE\tapisrv.dll
[-] 2005-07-08 . FB78839B36025AA286A51289ED28B73E . 249344 . . [5.1.2600.2716] . . c:\windows\$hf_mig$\KB893756\SP2GDR\tapisrv.dll
[-] 2005-07-08 . FB78839B36025AA286A51289ED28B73E . 249344 . . [5.1.2600.2716] . . c:\windows\$NtServicePackUninstall$\tapisrv.dll
[-] 2005-07-08 . FB78839B36025AA286A51289ED28B73E . 249344 . . [5.1.2600.2716] . . c:\windows\SYSTEM32\tapisrv.dll
[7] 2004-08-04 . EB4A4187D74A8EFDCBEA3EA2CB1BDFBD . 246272 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB893756$\tapisrv.dll
[-] 2002-08-29 . 9B3A213B6591A79EBABBFB4E4EA0A23E . 233984 . . [5.1.2600.1106] . . c:\windows\$NtUninstallKB893756_0$\tapisrv.dll

[7] 2008-04-14 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\user32.dll
[-] 2007-03-08 . 7AA4F6C00405DFC4B70ED4214E7D687B . 578048 . . [5.1.2600.3099] . . c:\windows\$hf_mig$\KB925902\SP2QFE\user32.dll
[-] 2007-03-08 . B409909F6E2E8A7067076ED748ABF1E7 . 577536 . . [5.1.2600.3099] . . c:\windows\$NtServicePackUninstall$\user32.dll
[-] 2007-03-08 . B409909F6E2E8A7067076ED748ABF1E7 . 577536 . . [5.1.2600.3099] . . c:\windows\SYSTEM32\user32.dll
[-] 2005-03-02 . 1800F293BCCC8EDE8A70E12B88D80036 . 577024 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\user32.dll
[-] 2005-03-02 . DE2DB164BBB35DB061AF0997E4499054 . 577024 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2GDR\user32.dll
[-] 2005-03-02 . DE2DB164BBB35DB061AF0997E4499054 . 577024 . . [5.1.2600.2622] . . c:\windows\$NtUninstallKB925902$\user32.dll
[7] 2004-08-04 . C72661F8552ACE7C5C85E16A3CF505C4 . 577024 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB890859$\user32.dll
[-] 2002-11-01 . 68E1F4EF02DF52CA9C5E157045D23582 . 528896 . . [5.1.2600.1134] . . c:\windows\$NtUninstallKB890859_0$\user32.dll
[-] 2002-11-01 . 68E1F4EF02DF52CA9C5E157045D23582 . 528896 . . [5.1.2600.1134] . . c:\windows\SoftwareDistribution\Download\5652d934eec8bfa4dc68c4e256a23d5e\backup\sp1qfe\user32.dll
[-] 2002-11-01 . 68E1F4EF02DF52CA9C5E157045D23582 . 528896 . . [5.1.2600.1134] . . c:\windows\SoftwareDistribution\Download\5652d934eec8bfa4dc68c4e256a23d5e\backup\sp2gdr\user32.dll
[-] 2002-11-01 . 68E1F4EF02DF52CA9C5E157045D23582 . 528896 . . [5.1.2600.1134] . . c:\windows\SoftwareDistribution\Download\5652d934eec8bfa4dc68c4e256a23d5e\backup\sp2qfe\user32.dll

[7] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\explorer.exe
[-] 2007-06-13 . 7712DF0CDDE3A5AC89843E61CD5B3658 . 1033216 . . [6.00.2900.3156] . . c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
[-] 2007-06-13 10:23 . !HASH: COULD NOT OPEN FILE !!!!! . 1033216 . . [------] . . c:\windows\explorer.exe
[-] 2007-06-13 . 97BD6515465659FF8F3B7BE375B2EA87 . 1033216 . . [6.00.2900.3156] . . c:\windows\$NtServicePackUninstall$\explorer.exe
[7] 2004-08-04 . A0732187050030AE399B241436565E64 . 1032192 . . [6.00.2900.2180] . . c:\windows\$NtUninstallKB938828$\explorer.exe

[7] 2008-04-14 . 1926899BF9FFE2602B63074971700412 . 135168 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\shsvcs.dll
[-] 2006-12-19 . 6815DEF9B810AEFAC107EEAF72DA6F82 . 134656 . . [6.00.2900.3051] . . c:\windows\$NtServicePackUninstall$\shsvcs.dll
[-] 2006-12-19 . 6815DEF9B810AEFAC107EEAF72DA6F82 . 134656 . . [6.00.2900.3051] . . c:\windows\SYSTEM32\shsvcs.dll
[-] 2006-12-19 . 53D9184A21C5CBF600D918E51EF3A7E5 . 135168 . . [6.00.2900.3051] . . c:\windows\$hf_mig$\KB928255\SP2QFE\shsvcs.dll
[7] 2004-08-04 . E7518DC542D3EBDCB80EDD98462C7821 . 134656 . . [6.00.2900.2180] . . c:\windows\$NtUninstallKB928255$\shsvcs.dll
[-] 2002-08-29 . 61684089A54936E40F65DA02D47A28AE . 116224 . . [6.00.2800.1106] . . c:\windows\$NtUninstallKB885835_0$\shsvcs.dll
[-] 2002-08-29 . 61684089A54936E40F65DA02D47A28AE . 116224 . . [6.00.2800.1106] . . c:\windows\SoftwareDistribution\Download\080070f6461c8001578e5e4cd4bb024b\backup\sp1qfe\shsvcs.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-21 39408]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-02-19 120320]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Shockwave Updater"="c:\windows\system32\Adobe\Shockwave 11\SwHelper_1150595.exe" [2009-03-19 460216]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592]
"SpyHunter Security Suite"="c:\program files\Enigma Software Group\SpyHunter\SpyHunter3.exe" [2009-04-02 868352]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-06-07 77824]
"PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [2004-04-12 290816]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2008-06-10 1442888]
"IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-04 221184]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2008-06-10 1406024]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2004-02-10 118784]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-04-11 53248]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-03-15 122933]
"Dell Photo AIO Printer 922"="c:\program files\Dell Photo AIO Printer 922\dlbtbmgr.exe" [2004-06-18 290816]
"Dell AIO Printer A920"="c:\program files\Dell AIO Printer A920\dlbkbmgr.exe" [2003-05-02 270336]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2008-11-20 178688]
"iolo AntiVirus"="c:\program files\iolo\System Mechanic Professional\AntiVirus\ioloAV.exe" [2009-05-13 1109856]
"Malwarebytes Anti-Malware (reboot)"="c:\new folder\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"ShOsPostRemover"="c:\sh4ldr\shospostremover.exe" [2009-04-03 80384]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2009-09-10 420176]
"*Restore"="c:\windows\system32\restore\rstrui.exe" [2008-04-14 380416]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
PreCast Monitor.lnk - c:\program files\Ocucom\PreCast\tmon.exe [2008-2-12 1811120]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\WINDOWS\\SYSTEM32\\[You must be registered and logged in to see this link.]
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\WINDOWS\\SYSTEM32\\mmc.exe"=
"c:\\Program Files\\iolo\\System Mechanic Professional\\AntiVirus\\ioloAV.exe"=
"c:\\Program Files\\iolo\\System Mechanic Professional\\AntiVirus\\iAVEmailScanner.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017

S2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [2009-06-02 222968]
S2 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2009-05-21 600944]
S2 ioloSystemService;iolo System Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2009-05-21 600944]


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,LaunchINFSectionEx c:\program files\Internet Explorer\clrtour.inf,DefaultInstall.ResetTour,,12
.
Contents of the 'Scheduled Tasks' folder

2009-09-24 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 22:39]

2009-09-24 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-02-21 01:03]

2009-09-23 c:\windows\Tasks\User_Feed_Synchronization-{25D65CB4-9ADE-4ED7-AE46-1F1762C8E39F}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 22:36]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultUrl = [You must be registered and logged in to see this link.]
uStart Page = [You must be registered and logged in to see this link.]
mStart Page = [You must be registered and logged in to see this link.]
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = 127.0.0.1
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
IE: &Search
LSP: c:\windows\system32\iavlsp.dll
LSP: c:\program files\Google\Google Desktop Search\GoogleDesktopNetwork1.dll
TCP: {76AC16A1-8A80-4DE2-83BA-DCD922C1D4CA} = 166.102.165.11,207.91.5.20
DPF: Microsoft XML Parser for Java - [You must be registered and logged in to see this link.]
DPF: {3713F92E-2252-4A87-868E-C5F17704D4C6} - [You must be registered and logged in to see this link.]
.
.
------- File Associations -------
.
JSEFile=NOTEPAD.EXE %1
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2009-09-24 00:26
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2220035878-3111292644-2104965004-1007\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(760)
c:\windows\system32\iavlsp.dll
.
Completion time: 2009-09-24 0:29
ComboFix-quarantined-files.txt 2009-09-24 04:28
ComboFix2.txt 2009-09-20 14:07
ComboFix3.txt 2009-09-20 04:53

Pre-Run: 116,298,412,032 bytes free
Post-Run: 116,255,956,992 bytes free

Current=6 Default=6 Failed=5 LastKnownGood=7 Sets=1,2,3,4,5,6,7
228 --- E O F --- 2009-09-23 07:00

James101
Novice
Novice

Posts Posts : 34
Joined Joined : 2009-09-15
Gender Gender : Male
OS OS : XP
Points Points : 26428
# Likes # Likes : 0

View user profile

Back to top Go down

Re: antivirs 2010 removal, no desktop cannot d/l and use hijk or malware bytes

Post by Dr Jay on Thu Sep 24, 2009 5:34 am

Hi

Please remove SpyHunter, as it seems to be contributing to part of the problem. Control Panel > Add or Remove Programs - Find SpyHunter in the list and choose Change/Remove.

==

Restore Permissions for explorer.exe

Please download [You must be registered and logged in to see this link.] by sUBs

  1. Drag and drop explorer.exe (Located in C:\Windows) onto Inherit
  2. This shall restore permissions to the application
  3. The application should now run normally
Please indicate in your next post if this was successful.

==

Re-running ComboFix to remove infections:

  1. Close any open browsers.
  2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  3. Open notepad and copy/paste the text in the quotebox below into it:

    File::
    c:\windows\r.vbs
    c:\windows\c.bat
    c:\windows\m.bat
  4. Save this as CFScript.txt, in the same location as ComboFix.exe



  5. Referring to the picture above, drag CFScript into ComboFix.exe
  6. When finished, it shall produce a log for you at C:\ComboFix.txt
  7. Please post the contents of the log in your next reply.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13717
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302127
# Likes # Likes : 10

View user profile

Back to top Go down

Re: antivirs 2010 removal, no desktop cannot d/l and use hijk or malware bytes

Post by James101 on Tue Sep 29, 2009 12:49 am

Hello,

I now have my desktop! I am still having problems accessing many programs.
here is combofix.txt. Thank!


ComboFix 09-09-18.02 - Jim 09/24/2009 15:12.5.1 - NTFSx86
Running from: c:\documents and settings\Jim\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Jim\Desktop\cfscript.text
* Created a new restore point

FILE ::
"c:\windows\c.bat"
"c:\windows\m.bat"
"c:\windows\r.vbs"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\c.bat
c:\windows\m.bat
c:\windows\r.vbs

.
((((((((((((((((((((((((( Files Created from 2009-08-24 to 2009-09-24 )))))))))))))))))))))))))))))))
.

2009-09-24 19:03 . 2009-09-24 09:25 85504 ----a-w- c:\windows\Inherit.exe
2009-09-24 01:39 . 2009-09-16 23:48 55536 ----a-w- C:\WindowsXP-KB897327-x86-Symbols-ENU.exe
2009-09-24 01:39 . 2009-09-16 23:48 491248 ----a-w- C:\WindowsXP-KB897327-x86-ENU.exe
2009-09-24 00:10 . 2009-09-24 01:30 -------- d-----w- c:\program files\ACW
2009-09-22 05:39 . 2009-09-22 05:39 2855 ----a-w- c:\windows\explorer.PIF
2009-09-22 04:26 . 2009-09-22 05:33 -------- d-----w- c:\documents and settings\Jim\.housecall6.6
2009-09-22 03:03 . 2009-09-22 03:03 46375 ----a-w- c:\windows\Junction.zip
2009-09-14 16:16 . 2009-09-14 16:16 -------- d-----w- c:\documents and settings\LocalService\Application Data\Yahoo!
2009-09-14 02:46 . 2009-09-20 04:27 -------- d--h--w- c:\windows\PIF
2009-09-09 11:32 . 2009-09-09 11:32 -------- d-----w- c:\documents and settings\Administrator.DB2B3L51.000\Local Settings\Application Data\Mozilla
2009-09-08 19:37 . 2009-09-08 19:37 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-09-08 11:22 . 2009-09-10 18:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-08 11:22 . 2009-09-14 19:46 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-08 11:22 . 2009-09-10 18:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-08 11:15 . 2009-09-08 11:15 -------- d-----w- C:\sh4ldr
2009-09-07 19:54 . 2009-09-07 19:54 -------- d-----w- c:\windows\system32\wbem\Repository
2009-09-07 10:58 . 2009-09-07 10:58 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Yahoo!
2009-09-06 13:04 . 2009-09-06 13:04 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2009-09-04 22:17 . 2009-09-04 22:17 -------- d-----w- c:\documents and settings\clark boys\Application Data\Malwarebytes
2009-09-04 02:31 . 2009-09-04 02:31 -------- d-----w- c:\documents and settings\clark boys\Local Settings\Application Data\Mozilla
2009-09-03 11:45 . 2009-09-03 11:45 -------- d-----w- c:\documents and settings\All Users\Application Data\TomTom
2009-09-03 11:36 . 2009-09-03 11:36 -------- d-----w- c:\program files\TomTom DesktopSuite
2009-09-01 15:46 . 2009-09-01 15:46 -------- d-----w- C:\Cache

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-24 13:59 . 2009-04-10 01:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-09-22 05:29 . 2007-08-29 11:54 -------- d-----w- c:\program files\LimeWire
2009-09-22 05:29 . 2009-05-07 03:10 -------- d-----w- c:\program files\VVSN
2009-09-14 16:16 . 2009-04-23 12:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2009-09-14 03:11 . 2009-08-21 19:48 46312 ----a-w- c:\documents and settings\Administrator.DB2B3L51.000\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-07 11:29 . 2008-03-12 04:22 -------- d-----w- c:\documents and settings\clark boys\Application Data\PreCast
2009-09-07 11:01 . 2009-07-12 20:23 -------- d-----w- c:\documents and settings\clark boys\Application Data\iolo
2009-09-03 13:30 . 2008-09-08 16:56 -------- d-----w- c:\program files\TomTom HOME 2
2009-08-24 04:31 . 2009-08-24 04:31 -------- d-----w- c:\documents and settings\Administrator.DB2B3L51.000\Application Data\Malwarebytes
2009-08-24 04:31 . 2009-08-24 04:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-08-24 03:28 . 2009-08-24 03:28 -------- d-----w- c:\documents and settings\Administrator.DB2B3L51.000\Application Data\vlc
2009-08-24 03:23 . 2009-08-24 03:23 680960 ----a-w- c:\windows\is-CSKTN.exe
2009-08-22 11:42 . 2009-08-22 11:42 -------- d-----w- c:\documents and settings\Administrator.DB2B3L51.000\Application Data\iolo
2009-08-21 16:48 . 2009-08-21 16:46 0 ----a-w- c:\windows\system32\cmpwrap.dat
2009-08-02 23:00 . 2009-08-02 23:00 -------- d-----w- c:\program files\ICQ6Toolbar
2009-08-02 23:00 . 2009-08-02 22:59 -------- d-----w- c:\documents and settings\All Users\Application Data\ICQ
2009-08-02 22:59 . 2004-08-25 18:57 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-27 16:56 . 2008-03-12 04:25 -------- d-----w- c:\documents and settings\clark boys\Application Data\Yahoo!
2008-08-22 19:36 . 2008-11-18 03:32 163840 ----a-w- c:\program files\mozilla firefox\components\nsgkff20_meter2.dll
2007-08-21 01:47 . 2007-08-21 01:46 848 --sha-w- c:\windows\SYSTEM32\KGyGaAvL.sys
.

------- Sigcheck -------

[7] 2008-04-14 . 2DC5A8019E2387987905F77C664E4BE2 . 19968 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\linkinfo.dll
[-] 2005-09-01 . 648BF0B4DDE4F7A1156DAE7174D36EFA . 19968 . . [5.1.2600.2751] . . c:\windows\$hf_mig$\KB900725\SP2QFE\linkinfo.dll
[-] 2005-09-01 . A1A688EE56CF3BBD24EDEB815D48E9BA . 19968 . . [5.1.2600.2751] . . c:\windows\$hf_mig$\KB900725\SP2GDR\linkinfo.dll
[-] 2005-09-01 . A1A688EE56CF3BBD24EDEB815D48E9BA . 19968 . . [5.1.2600.2751] . . c:\windows\$NtServicePackUninstall$\linkinfo.dll
[-] 2005-09-01 . A1A688EE56CF3BBD24EDEB815D48E9BA . 19968 . . [5.1.2600.2751] . . c:\windows\SYSTEM32\linkinfo.dll
[7] 2004-08-04 . C2BBD044C741EA4292016C36F718D2E4 . 18944 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB900725$\linkinfo.dll
[-] 2002-08-29 . 7D8C58C0CBB7331E9296A7357827CA8E . 15360 . . [5.1.2600.0] . . c:\windows\$NtUninstallKB900725_0$\linkinfo.dll
[-] 2002-08-29 . 7D8C58C0CBB7331E9296A7357827CA8E . 15360 . . [5.1.2600.0] . . c:\windows\SoftwareDistribution\Download\b3ba2a040ecf3ac2cd2da399851bda00\backup\sp1qfe\linkinfo.dll
[-] 2002-08-29 . 7D8C58C0CBB7331E9296A7357827CA8E . 15360 . . [5.1.2600.0] . . c:\windows\SoftwareDistribution\Download\b3ba2a040ecf3ac2cd2da399851bda00\backup\sp2gdr\linkinfo.dll
[-] 2002-08-29 . 7D8C58C0CBB7331E9296A7357827CA8E . 15360 . . [5.1.2600.0] . . c:\windows\SoftwareDistribution\Download\b3ba2a040ecf3ac2cd2da399851bda00\backup\sp2qfe\linkinfo.dll

[7] 2008-04-14 . 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE . 198144 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\netman.dll
[-] 2005-08-22 . 36739B39267914BA69AD0610A0299732 . 197632 . . [5.1.2600.2743] . . c:\windows\$hf_mig$\KB905414\SP2GDR\netman.dll
[-] 2005-08-22 . 36739B39267914BA69AD0610A0299732 . 197632 . . [5.1.2600.2743] . . c:\windows\$NtServicePackUninstall$\netman.dll
[-] 2005-08-22 . 36739B39267914BA69AD0610A0299732 . 197632 . . [5.1.2600.2743] . . c:\windows\SYSTEM32\netman.dll
[-] 2005-08-22 . 3516D8A18B36784B1005B950B84232E1 . 197632 . . [5.1.2600.2743] . . c:\windows\$hf_mig$\KB905414\SP2QFE\netman.dll
[7] 2004-08-04 . DAB9E6C7105D2EF49876FE92C524F565 . 198144 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB905414$\netman.dll
[-] 2002-08-29 . E7FF9267BBEB1386975278A27378526F . 154112 . . [5.1.2600.1106] . . c:\windows\$NtUninstallKB905414_0$\netman.dll

[7] 2008-04-14 . D8E14A61ACC1D4A6CD0D38AEBAC7FA3B . 57856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\spoolsv.exe
[-] 2005-06-11 . AD3D9D191AEA7B5445FE1D82FFBB4788 . 57856 . . [5.1.2600.2696] . . c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
[-] 2005-06-10 . DA81EC57ACD4CDC3D4C51CF3D409AF9F . 57856 . . [5.1.2600.2696] . . c:\windows\$hf_mig$\KB896423\SP2GDR\spoolsv.exe
[-] 2005-06-10 . DA81EC57ACD4CDC3D4C51CF3D409AF9F . 57856 . . [5.1.2600.2696] . . c:\windows\$NtServicePackUninstall$\spoolsv.exe
[-] 2005-06-10 . DA81EC57ACD4CDC3D4C51CF3D409AF9F . 57856 . . [5.1.2600.2696] . . c:\windows\SYSTEM32\spoolsv.exe
[7] 2004-08-04 . 7435B108B935E42EA92CA94F59C8E717 . 57856 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB896423$\spoolsv.exe
[-] 2002-08-29 . 9B4155BA58192D4073082B8FC5D42612 . 51200 . . [5.1.2600.0] . . c:\windows\$NtUninstallKB896423_0$\spoolsv.exe

[7] 2008-04-14 . 3CB78C17BB664637787C9A1C98F79C38 . 249856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tapisrv.dll
[-] 2005-07-08 . 1418A3A6E76E5A2E3F5E43866E793A8B . 249344 . . [5.1.2600.2716] . . c:\windows\$hf_mig$\KB893756\SP2QFE\tapisrv.dll
[-] 2005-07-08 . FB78839B36025AA286A51289ED28B73E . 249344 . . [5.1.2600.2716] . . c:\windows\$hf_mig$\KB893756\SP2GDR\tapisrv.dll
[-] 2005-07-08 . FB78839B36025AA286A51289ED28B73E . 249344 . . [5.1.2600.2716] . . c:\windows\$NtServicePackUninstall$\tapisrv.dll
[-] 2005-07-08 . FB78839B36025AA286A51289ED28B73E . 249344 . . [5.1.2600.2716] . . c:\windows\SYSTEM32\tapisrv.dll
[7] 2004-08-04 . EB4A4187D74A8EFDCBEA3EA2CB1BDFBD . 246272 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB893756$\tapisrv.dll
[-] 2002-08-29 . 9B3A213B6591A79EBABBFB4E4EA0A23E . 233984 . . [5.1.2600.1106] . . c:\windows\$NtUninstallKB893756_0$\tapisrv.dll

[7] 2008-04-14 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\user32.dll
[-] 2007-03-08 . 7AA4F6C00405DFC4B70ED4214E7D687B . 578048 . . [5.1.2600.3099] . . c:\windows\$hf_mig$\KB925902\SP2QFE\user32.dll
[-] 2007-03-08 . B409909F6E2E8A7067076ED748ABF1E7 . 577536 . . [5.1.2600.3099] . . c:\windows\$NtServicePackUninstall$\user32.dll
[-] 2007-03-08 . B409909F6E2E8A7067076ED748ABF1E7 . 577536 . . [5.1.2600.3099] . . c:\windows\SYSTEM32\user32.dll
[-] 2005-03-02 . 1800F293BCCC8EDE8A70E12B88D80036 . 577024 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\user32.dll
[-] 2005-03-02 . DE2DB164BBB35DB061AF0997E4499054 . 577024 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2GDR\user32.dll
[-] 2005-03-02 . DE2DB164BBB35DB061AF0997E4499054 . 577024 . . [5.1.2600.2622] . . c:\windows\$NtUninstallKB925902$\user32.dll
[7] 2004-08-04 . C72661F8552ACE7C5C85E16A3CF505C4 . 577024 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB890859$\user32.dll
[-] 2002-11-01 . 68E1F4EF02DF52CA9C5E157045D23582 . 528896 . . [5.1.2600.1134] . . c:\windows\$NtUninstallKB890859_0$\user32.dll
[-] 2002-11-01 . 68E1F4EF02DF52CA9C5E157045D23582 . 528896 . . [5.1.2600.1134] . . c:\windows\SoftwareDistribution\Download\5652d934eec8bfa4dc68c4e256a23d5e\backup\sp1qfe\user32.dll
[-] 2002-11-01 . 68E1F4EF02DF52CA9C5E157045D23582 . 528896 . . [5.1.2600.1134] . . c:\windows\SoftwareDistribution\Download\5652d934eec8bfa4dc68c4e256a23d5e\backup\sp2gdr\user32.dll
[-] 2002-11-01 . 68E1F4EF02DF52CA9C5E157045D23582 . 528896 . . [5.1.2600.1134] . . c:\windows\SoftwareDistribution\Download\5652d934eec8bfa4dc68c4e256a23d5e\backup\sp2qfe\user32.dll

[7] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\explorer.exe
[-] 2007-06-13 . 7712DF0CDDE3A5AC89843E61CD5B3658 . 1033216 . . [6.00.2900.3156] . . c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
[-] 2007-06-13 . 97BD6515465659FF8F3B7BE375B2EA87 . 1033216 . . [6.00.2900.3156] . . c:\windows\explorer.exe
[-] 2007-06-13 . 97BD6515465659FF8F3B7BE375B2EA87 . 1033216 . . [6.00.2900.3156] . . c:\windows\$NtServicePackUninstall$\explorer.exe
[7] 2004-08-04 . A0732187050030AE399B241436565E64 . 1032192 . . [6.00.2900.2180] . . c:\windows\$NtUninstallKB938828$\explorer.exe

[7] 2008-04-14 . 1926899BF9FFE2602B63074971700412 . 135168 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\shsvcs.dll
[-] 2006-12-19 . 6815DEF9B810AEFAC107EEAF72DA6F82 . 134656 . . [6.00.2900.3051] . . c:\windows\$NtServicePackUninstall$\shsvcs.dll
[-] 2006-12-19 . 6815DEF9B810AEFAC107EEAF72DA6F82 . 134656 . . [6.00.2900.3051] . . c:\windows\SYSTEM32\shsvcs.dll
[-] 2006-12-19 . 53D9184A21C5CBF600D918E51EF3A7E5 . 135168 . . [6.00.2900.3051] . . c:\windows\$hf_mig$\KB928255\SP2QFE\shsvcs.dll
[7] 2004-08-04 . E7518DC542D3EBDCB80EDD98462C7821 . 134656 . . [6.00.2900.2180] . . c:\windows\$NtUninstallKB928255$\shsvcs.dll
[-] 2002-08-29 . 61684089A54936E40F65DA02D47A28AE . 116224 . . [6.00.2800.1106] . . c:\windows\$NtUninstallKB885835_0$\shsvcs.dll
[-] 2002-08-29 . 61684089A54936E40F65DA02D47A28AE . 116224 . . [6.00.2800.1106] . . c:\windows\SoftwareDistribution\Download\080070f6461c8001578e5e4cd4bb024b\backup\sp1qfe\shsvcs.dll
.
((((((((((((((((((((((((((((( [You must be registered and logged in to see this link.] )))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-21 39408]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-02-19 120320]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Shockwave Updater"="c:\windows\system32\Adobe\Shockwave 11\SwHelper_1150595.exe" [2009-03-19 460216]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-06-07 77824]
"PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [2004-04-12 290816]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2008-06-10 1442888]
"IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-04 221184]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2008-06-10 1406024]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2004-02-10 118784]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-04-11 53248]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-03-15 122933]
"Dell Photo AIO Printer 922"="c:\program files\Dell Photo AIO Printer 922\dlbtbmgr.exe" [2004-06-18 290816]
"Dell AIO Printer A920"="c:\program files\Dell AIO Printer A920\dlbkbmgr.exe" [2003-05-02 270336]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2008-11-20 178688]
"iolo AntiVirus"="c:\program files\iolo\System Mechanic Professional\AntiVirus\ioloAV.exe" [2009-05-13 1109856]
"Malwarebytes Anti-Malware (reboot)"="c:\new folder\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"ShOsPostRemover"="c:\sh4ldr\shospostremover.exe" [2009-04-03 80384]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2009-09-10 420176]
"*Restore"="c:\windows\system32\restore\rstrui.exe" [2008-04-14 380416]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
PreCast Monitor.lnk - c:\program files\Ocucom\PreCast\tmon.exe [2008-2-12 1811120]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\WINDOWS\\SYSTEM32\\[You must be registered and logged in to see this link.]
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\WINDOWS\\SYSTEM32\\mmc.exe"=
"c:\\Program Files\\iolo\\System Mechanic Professional\\AntiVirus\\ioloAV.exe"=
"c:\\Program Files\\iolo\\System Mechanic Professional\\AntiVirus\\iAVEmailScanner.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017

S2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [2009-06-02 222968]
S2 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2009-05-21 600944]
S2 ioloSystemService;iolo System Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2009-05-21 600944]


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,LaunchINFSectionEx c:\program files\Internet Explorer\clrtour.inf,DefaultInstall.ResetTour,,12
.
Contents of the 'Scheduled Tasks' folder

2009-09-24 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 22:39]

2009-09-24 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-02-21 01:03]

2009-09-24 c:\windows\Tasks\User_Feed_Synchronization-{25D65CB4-9ADE-4ED7-AE46-1F1762C8E39F}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 22:36]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultUrl = [You must be registered and logged in to see this link.]
uStart Page = [You must be registered and logged in to see this link.]
mStart Page = [You must be registered and logged in to see this link.]
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = 127.0.0.1
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
IE: &Search
LSP: c:\windows\system32\iavlsp.dll
LSP: c:\program files\Google\Google Desktop Search\GoogleDesktopNetwork1.dll
TCP: {76AC16A1-8A80-4DE2-83BA-DCD922C1D4CA} = 166.102.165.11,207.91.5.20
DPF: Microsoft XML Parser for Java - [You must be registered and logged in to see this link.]
DPF: {3713F92E-2252-4A87-868E-C5F17704D4C6} - [You must be registered and logged in to see this link.]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-SpyHunter Security Suite - c:\program files\Enigma Software Group\SpyHunter\SpyHunter3.exe
AddRemove-{03CE1BCB-03F5-4C6A-B37E-69799AA3C544} - c:\program files\Enigma Software Group\SpyHunter\Uninstall.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2009-09-24 15:16
Windows 5.1.2600 Service Pack 3 NTFS

scanning hȋdden processes ...

scanning hȋdden autostart entries ...

scanning hȋdden files ...

scan completed successfully
hȋdden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2220035878-3111292644-2104965004-1007\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(760)
c:\windows\system32\iavlsp.dll
.
Completion time: 2009-09-24 15:19
ComboFix-quarantined-files.txt 2009-09-24 19:18
ComboFix2.txt 2009-09-24 04:29
ComboFix3.txt 2009-09-20 14:07
ComboFix4.txt 2009-09-20 04:53

Pre-Run: 116,250,562,560 bytes free
Post-Run: 116,206,739,456 bytes free

Current=6 Default=6 Failed=5 LastKnownGood=7 Sets=1,2,3,4,5,6,7
238 --- E O F --- 2009-09-24 07:00

James101
Novice
Novice

Posts Posts : 34
Joined Joined : 2009-09-15
Gender Gender : Male
OS OS : XP
Points Points : 26428
# Likes # Likes : 0

View user profile

Back to top Go down

Re: antivirs 2010 removal, no desktop cannot d/l and use hijk or malware bytes

Post by Dr Jay on Tue Sep 29, 2009 1:31 am

Hi

Please re-open Malwarebytes, click the Update tab, and click Check for Updates. Then, click the Scanner tab, select Perform Quick Scan, and press Scan. Remove selected, and post the log in your next reply.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13717
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302127
# Likes # Likes : 10

View user profile

Back to top Go down

Re: antivirs 2010 removal, no desktop cannot d/l and use hijk or malware bytes

Post by James101 on Tue Sep 29, 2009 2:44 am

Malwarebytes' Anti-Malware 1.41
Database version: 2869
Windows 5.1.2600 Service Pack 3

9/28/2009 10:39:00 PM
mbam-log-2009-09-28 (22-39-00).txt

Scan type: Quick Scan
Objects scanned: 128182
Time elapsed: 56 minute(s), 14 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\Jim\My Documents\downloads\winlogon.scr (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.

James101
Novice
Novice

Posts Posts : 34
Joined Joined : 2009-09-15
Gender Gender : Male
OS OS : XP
Points Points : 26428
# Likes # Likes : 0

View user profile

Back to top Go down

Re: antivirs 2010 removal, no desktop cannot d/l and use hijk or malware bytes

Post by Dr Jay on Tue Sep 29, 2009 3:14 am

Hi

Download Security Check by screen317 from [You must be registered and logged in to see this link.] or [You must be registered and logged in to see this link.].
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13717
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302127
# Likes # Likes : 10

View user profile

Back to top Go down

Re: antivirs 2010 removal, no desktop cannot d/l and use hijk or malware bytes

Post by James101 on Tue Sep 29, 2009 3:25 am

Results of screen317's Security Check version 0.99.0
Windows XP Service Pack 3
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Disabled!
OneCare Advisor (Windows Live Toolbar)
Authentium AntiVirus SDK - 2
iolo Antivirus
iolo technologies' System Mechanic Professional
``````````````````````````````
Anti-malware/Other Utilities Check:

Scholastic's I SPY Mystery
Java(TM) 6 Update 2
Java 2 Runtime Environment, SE v1.4.2_03
Out of date Java installed!
Adobe Flash Player 10
Adobe Reader 8.1.2
Adobe Reader 8.1.2 Security Update 1 (KB403742)
Out of date Adobe Reader installed!
``````````````````````````````
Process Check:
objlist.exe by Laurent

``````````````````````````````
DNS Vulnerability Check:

GREAT! (Not vulnerable to DNS cache poisoning)

`````````End of Log```````````

James101
Novice
Novice

Posts Posts : 34
Joined Joined : 2009-09-15
Gender Gender : Male
OS OS : XP
Points Points : 26428
# Likes # Likes : 0

View user profile

Back to top Go down

Re: antivirs 2010 removal, no desktop cannot d/l and use hijk or malware bytes

Post by Dr Jay on Tue Sep 29, 2009 3:45 am

Hi

Please download the newest version of Java from [You must be registered and logged in to see this link.].

Before installing: it is important to remove older versions of Java since it does not do so automatically and old versions still leave you vulnerable.
Go to the Control Panel and enter Add or Remove Programs.
Search in the list for all previous installed versions of Java. (J2SE Runtime Environment). Please uninstall/remove each of them.

Once old versions are gone, please install the newest version.

==

Please download the newest version of Adobe Acrobat Reader from [You must be registered and logged in to see this link.]

Before installing: it is important to remove older versions of Acrobat Reader since it does not do so automatically and old versions still leave you vulnerable.
Go to the Control Panel and enter Add or Remove Programs.
Search in the list for all previous installed versions of Adobe Acrobat Reader. Uninstall/Remove each of them.

Once old versions are gone, please install the newest version.

==

Are you having any more issues? It seems the malware is gone from your computer.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13717
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302127
# Likes # Likes : 10

View user profile

Back to top Go down

Re: antivirs 2010 removal, no desktop cannot d/l and use hijk or malware bytes

Post by James101 on Tue Sep 29, 2009 3:55 am

Hey,
Yes, I'm sorry to say but I cannot access add/remove programs. You have been great helping me rid antivirus 2010! Remarkable!
Anyway, here's what I get "C:\windows\system32\rundll32.exe
windows cannot access the specified device, path, or file. You may not have the appropriate permission to access the item."

James101
Novice
Novice

Posts Posts : 34
Joined Joined : 2009-09-15
Gender Gender : Male
OS OS : XP
Points Points : 26428
# Likes # Likes : 0

View user profile

Back to top Go down

Re: antivirs 2010 removal, no desktop cannot d/l and use hijk or malware bytes

Post by Dr Jay on Tue Sep 29, 2009 4:25 am

Hi

Please reboot to Safe Mode (tap the F8 key just before Windows starts to load and select the Safe Mode option from the menu).

Please navigate to rundll32.exe which is located in C:\Windows\System32

and take ownership of it: [You must be registered and logged in to see this link.]

Once you have taken ownership, please boot back in to Normal Mode and see if you can access Add or Remove Programs.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13717
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302127
# Likes # Likes : 10

View user profile

Back to top Go down

Re: antivirs 2010 removal, no desktop cannot d/l and use hijk or malware bytes

Post by James101 on Tue Sep 29, 2009 9:42 pm

Hello,

Everything in the security tab was checked that I and all users have full permission. I also cannot access many other things in control panel, I get the same message "cannot access the file......" Thanks!

James101
Novice
Novice

Posts Posts : 34
Joined Joined : 2009-09-15
Gender Gender : Male
OS OS : XP
Points Points : 26428
# Likes # Likes : 0

View user profile

Back to top Go down

Re: antivirs 2010 removal, no desktop cannot d/l and use hijk or malware bytes

Post by Belahzur on Tue Sep 29, 2009 10:32 pm

Hello.
We'll need to unlock more files. Can you run junction.exe like I asked here?
[You must be registered and logged in to see this link.]


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: antivirs 2010 removal, no desktop cannot d/l and use hijk or malware bytes

Post by James101 on Wed Sep 30, 2009 9:41 am

Junction v1.05 - Windows junction creator and reparse point viewer
Copyright (C) 2000-2007 Mark Russinovich
Systems Internals - [You must be registered and logged in to see this link.]


Failed to open \\?\c:\\hiberfil.sys: The process cannot access the file because it is being used by another process.



Failed to open \\?\c:\\pagefile.sys: The process cannot access the file because it is being used by another process.


...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...


Failed to open \\?\c:\\New Folder\mwbe\mbam.exe: Access is denied.


...

...

...

...

..
Failed to open \\?\c:\\Program Files\iolo\System Mechanic Professional\SMSystemAnalyzer.exe: Access is denied.



Failed to open \\?\c:\\Program Files\iolo\System Mechanic Professional\SysMech.exe: Access is denied.


.

...

...

...

...

.
Failed to open \\?\c:\\Program Files\Malwarebytes' Anti-Malware\mbam.exe: Access is denied.


..

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...
Failed to open \\?\c:\\WINDOWS\PCHealth\HelpCtr\Binaries\helpsvc.exe: Access is denied.




...

...

...
Failed to open \\?\c:\\WINDOWS\SYSTEM32\dumprep.exe: Access is denied.



Failed to open \\?\c:\\WINDOWS\SYSTEM32\hkcmd.exe: Access is denied.




.
Failed to open \\?\c:\\WINDOWS\SYSTEM32\rundll32.exe: Access is denied.


..

...

.
Failed to open \\?\c:\\WINDOWS\SYSTEM32\WBEM\wmiprvse.exe: Access is denied.


.No reparse points found.

James101
Novice
Novice

Posts Posts : 34
Joined Joined : 2009-09-15
Gender Gender : Male
OS OS : XP
Points Points : 26428
# Likes # Likes : 0

View user profile

Back to top Go down

Re: antivirs 2010 removal, no desktop cannot d/l and use hijk or malware bytes

Post by Belahzur on Wed Sep 30, 2009 10:04 pm

Hello.

Please download [You must be registered and logged in to see this link.] file.

Like you did with juntion.exe, place inherit.exe into windows folder.

Now open a new notepad file.
Input this into the notepad file:

@echo off
"inherit.exe" "c:\New Folder\mwbe\mbam.exe"
"inherit.exe" "c:\Program Files\iolo\System Mechanic Professional\SMSystemAnalyzer.exe"
"inherit.exe" "c:\Program Files\iolo\System Mechanic Professional\SysMech.ex"
"inherit.exe" "c:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"
"inherit.exe" "c:\WINDOWS\SYSTEM32\dumprep.exe"
"inherit.exe" "c:\WINDOWS\SYSTEM32\hkcmd.exe"
"inherit.exe" "c:\WINDOWS\SYSTEM32\rundll32.exe"
"inherit.exe" "c:\WINDOWS\SYSTEM32\WBEM\wmiprvse.exe"
exit

Save this as fix.bat, save it to your desktop.
Double click fix.bat and the black cmd window will open and close, this is normal.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: antivirs 2010 removal, no desktop cannot d/l and use hijk or malware bytes

Post by James101 on Wed Sep 30, 2009 10:40 pm

Hello,

You guy's are the bomb!! I can access Add/Remove now and the other things I couldn't before! I'm ganna go and see if I can now remove some of the things suggested before. Thank you so much!

James101
Novice
Novice

Posts Posts : 34
Joined Joined : 2009-09-15
Gender Gender : Male
OS OS : XP
Points Points : 26428
# Likes # Likes : 0

View user profile

Back to top Go down

Re: antivirs 2010 removal, no desktop cannot d/l and use hijk or malware bytes

Post by James101 on Wed Sep 30, 2009 10:49 pm

hey again,

I tried to remove the older version of java but I couldn't. " windows installer is not correctly installed" Thanks!!

James101
Novice
Novice

Posts Posts : 34
Joined Joined : 2009-09-15
Gender Gender : Male
OS OS : XP
Points Points : 26428
# Likes # Likes : 0

View user profile

Back to top Go down

Re: antivirs 2010 removal, no desktop cannot d/l and use hijk or malware bytes

Post by Belahzur on Thu Oct 01, 2009 12:17 am

Hello.
Don't worry about that for now. Smile Update and run MBAM please.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Page 1 of 2 1, 2  Next

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum