antivirs 2010 removal, no desktop cannot d/l and use hijk or malware bytes

Page 1 of 2 1, 2  Next

View previous topic View next topic Go down

Re: antivirs 2010 removal, no desktop cannot d/l and use hijk or malware bytes

Post by Dr Jay on 23rd September 2009, 7:39 pm

Hi

Please go to this page: [You must be registered and logged in to see this link.] and follow the section Let me fix it myself
If you have any questions, please post back here. If you cannot do it, I can prepare a file to help you.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13760
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302265
# Likes # Likes : 10

View user profile

Back to top Go down

Re: antivirs 2010 removal, no desktop cannot d/l and use hijk or malware bytes

Post by James101 on 24th September 2009, 12:29 am

Hello again,

I/m very sorry about this, but I cannot use the fix it myself. It said I cannot use this if I am running XP Home Edition, that I would have to use system restore or a backup. I have no restore points available. Again Thank You!

James101
Novice
Novice

Posts Posts : 34
Joined Joined : 2009-09-15
Gender Gender : Male
OS OS : XP
Points Points : 26438
# Likes # Likes : 0

View user profile

Back to top Go down

Re: antivirs 2010 removal, no desktop cannot d/l and use hijk or malware bytes

Post by Dr Jay on 24th September 2009, 1:03 am

So...you typed this:
secedit /configure /cfg %windir%\repair\secsetup.inf /db secsetup.sdb /verbose

in to Command Prompt, and got no results?


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13760
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302265
# Likes # Likes : 10

View user profile

Back to top Go down

Re: antivirs 2010 removal, no desktop cannot d/l and use hijk or malware bytes

Post by James101 on 24th September 2009, 1:07 am

hi,

Yes, it said it does not recognize secedit.

James101
Novice
Novice

Posts Posts : 34
Joined Joined : 2009-09-15
Gender Gender : Male
OS OS : XP
Points Points : 26438
# Likes # Likes : 0

View user profile

Back to top Go down

Re: antivirs 2010 removal, no desktop cannot d/l and use hijk or malware bytes

Post by Dr Jay on 24th September 2009, 1:20 am

It is a Windows XP issue. Please download the hotfix to fix the secedit command: [You must be registered and logged in to see this link.]

Then, please try the above again.

Tell me results.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13760
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302265
# Likes # Likes : 10

View user profile

Back to top Go down

Re: antivirs 2010 removal, no desktop cannot d/l and use hijk or malware bytes

Post by James101 on 24th September 2009, 1:45 am

Hello,

I'm sorry, secedit is still not recognised, Thanks!

Jim

James101
Novice
Novice

Posts Posts : 34
Joined Joined : 2009-09-15
Gender Gender : Male
OS OS : XP
Points Points : 26438
# Likes # Likes : 0

View user profile

Back to top Go down

Re: antivirs 2010 removal, no desktop cannot d/l and use hijk or malware bytes

Post by James101 on 24th September 2009, 4:10 am

Hello,

I was wandering if I had gotten rid of the viruses now and maybe have a completely different problem? Or is this all related to antivirus 2010? Thank You, you guys are awesome!

James101
Novice
Novice

Posts Posts : 34
Joined Joined : 2009-09-15
Gender Gender : Male
OS OS : XP
Points Points : 26438
# Likes # Likes : 0

View user profile

Back to top Go down

Re: antivirs 2010 removal, no desktop cannot d/l and use hijk or malware bytes

Post by Dr Jay on 24th September 2009, 4:18 am

Hi

I can be sure the viruses are gone, but there is a permissions issue somewhere that is preventing you from accessing a lot of things. I am trying to find the appropriate fix, but most of them have failed.

Is ComboFix still on your Desktop? Please double-click it and do another run, and please post the log in your next reply. If you do not have Com,boFix, see the first page of this thread for the download link and instructions.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13760
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302265
# Likes # Likes : 10

View user profile

Back to top Go down

Re: antivirs 2010 removal, no desktop cannot d/l and use hijk or malware bytes

Post by James101 on 24th September 2009, 4:33 am

ComboFix 09-09-18.02 - Jim 09/24/2009 0:21.4.1 - NTFSx86
Running from: c:\documents and settings\Jim\Desktop\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2009-08-24 to 2009-09-24 )))))))))))))))))))))))))))))))
.

2009-09-24 01:39 . 2009-09-16 23:48 55536 ----a-w- C:\WindowsXP-KB897327-x86-Symbols-ENU.exe
2009-09-24 01:39 . 2009-09-16 23:48 491248 ----a-w- C:\WindowsXP-KB897327-x86-ENU.exe
2009-09-24 00:10 . 2009-09-24 01:30 -------- d-----w- c:\program files\ACW
2009-09-22 05:39 . 2009-09-22 05:39 2855 ----a-w- c:\windows\explorer.PIF
2009-09-22 04:26 . 2009-09-22 05:33 -------- d-----w- c:\documents and settings\Jim\.housecall6.6
2009-09-22 03:03 . 2009-09-22 03:03 46375 ----a-w- c:\windows\Junction.zip
2009-09-14 16:16 . 2009-09-14 16:16 -------- d-----w- c:\documents and settings\LocalService\Application Data\Yahoo!
2009-09-14 02:46 . 2009-09-20 04:27 -------- d--h--w- c:\windows\PIF
2009-09-09 11:32 . 2009-09-09 11:32 -------- d-----w- c:\documents and settings\Administrator.DB2B3L51.000\Local Settings\Application Data\Mozilla
2009-09-08 19:37 . 2009-09-08 19:37 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-09-08 11:22 . 2009-09-10 18:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-08 11:22 . 2009-09-14 19:46 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-08 11:22 . 2009-09-10 18:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-08 11:15 . 2009-09-08 11:15 -------- d-----w- C:\sh4ldr
2009-09-08 11:14 . 2009-09-08 11:14 -------- d-----w- c:\program files\Enigma Software Group
2009-09-07 19:54 . 2009-09-07 19:54 -------- d-----w- c:\windows\system32\wbem\Repository
2009-09-07 10:58 . 2009-09-07 10:58 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Yahoo!
2009-09-06 13:04 . 2009-09-06 13:04 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2009-09-04 22:17 . 2009-09-04 22:17 -------- d-----w- c:\documents and settings\clark boys\Application Data\Malwarebytes
2009-09-04 02:31 . 2009-09-04 02:31 -------- d-----w- c:\documents and settings\clark boys\Local Settings\Application Data\Mozilla
2009-09-03 11:45 . 2009-09-03 11:45 -------- d-----w- c:\documents and settings\All Users\Application Data\TomTom
2009-09-03 11:36 . 2009-09-03 11:36 -------- d-----w- c:\program files\TomTom DesktopSuite
2009-09-01 15:46 . 2009-09-01 15:46 -------- d-----w- C:\Cache

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-23 12:58 . 2009-04-10 01:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-09-22 05:29 . 2007-08-29 11:54 -------- d-----w- c:\program files\LimeWire
2009-09-22 05:29 . 2009-05-07 03:10 -------- d-----w- c:\program files\VVSN
2009-09-14 16:16 . 2009-04-23 12:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2009-09-14 03:11 . 2009-08-21 19:48 46312 ----a-w- c:\documents and settings\Administrator.DB2B3L51.000\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-07 11:29 . 2008-03-12 04:22 -------- d-----w- c:\documents and settings\clark boys\Application Data\PreCast
2009-09-07 11:01 . 2009-07-12 20:23 -------- d-----w- c:\documents and settings\clark boys\Application Data\iolo
2009-09-03 13:30 . 2008-09-08 16:56 -------- d-----w- c:\program files\TomTom HOME 2
2009-08-24 04:31 . 2009-08-24 04:31 -------- d-----w- c:\documents and settings\Administrator.DB2B3L51.000\Application Data\Malwarebytes
2009-08-24 04:31 . 2009-08-24 04:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-08-24 03:28 . 2009-08-24 03:28 -------- d-----w- c:\documents and settings\Administrator.DB2B3L51.000\Application Data\vlc
2009-08-24 03:23 . 2009-08-24 03:23 680960 ----a-w- c:\windows\is-CSKTN.exe
2009-08-22 11:42 . 2009-08-22 11:42 -------- d-----w- c:\documents and settings\Administrator.DB2B3L51.000\Application Data\iolo
2009-08-21 16:48 . 2009-08-21 16:46 0 ----a-w- c:\windows\system32\cmpwrap.dat
2009-08-21 11:02 . 2009-08-21 11:01 1336 ----a-w- c:\windows\r.vbs
2009-08-21 11:02 . 2009-08-21 11:01 21 ----a-w- c:\windows\c.bat
2009-08-21 11:01 . 2009-08-21 11:01 53 ----a-w- c:\windows\m.bat
2009-08-02 23:00 . 2009-08-02 23:00 -------- d-----w- c:\program files\ICQ6Toolbar
2009-08-02 23:00 . 2009-08-02 22:59 -------- d-----w- c:\documents and settings\All Users\Application Data\ICQ
2009-08-02 22:59 . 2004-08-25 18:57 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-27 16:56 . 2008-03-12 04:25 -------- d-----w- c:\documents and settings\clark boys\Application Data\Yahoo!
2008-08-22 19:36 . 2008-11-18 03:32 163840 ----a-w- c:\program files\mozilla firefox\components\nsgkff20_meter2.dll
2007-08-21 01:47 . 2007-08-21 01:46 848 --sha-w- c:\windows\SYSTEM32\KGyGaAvL.sys
.

------- Sigcheck -------

[7] 2008-04-14 . 2DC5A8019E2387987905F77C664E4BE2 . 19968 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\linkinfo.dll
[-] 2005-09-01 . 648BF0B4DDE4F7A1156DAE7174D36EFA . 19968 . . [5.1.2600.2751] . . c:\windows\$hf_mig$\KB900725\SP2QFE\linkinfo.dll
[-] 2005-09-01 . A1A688EE56CF3BBD24EDEB815D48E9BA . 19968 . . [5.1.2600.2751] . . c:\windows\$hf_mig$\KB900725\SP2GDR\linkinfo.dll
[-] 2005-09-01 . A1A688EE56CF3BBD24EDEB815D48E9BA . 19968 . . [5.1.2600.2751] . . c:\windows\$NtServicePackUninstall$\linkinfo.dll
[-] 2005-09-01 . A1A688EE56CF3BBD24EDEB815D48E9BA . 19968 . . [5.1.2600.2751] . . c:\windows\SYSTEM32\linkinfo.dll
[7] 2004-08-04 . C2BBD044C741EA4292016C36F718D2E4 . 18944 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB900725$\linkinfo.dll
[-] 2002-08-29 . 7D8C58C0CBB7331E9296A7357827CA8E . 15360 . . [5.1.2600.0] . . c:\windows\$NtUninstallKB900725_0$\linkinfo.dll
[-] 2002-08-29 . 7D8C58C0CBB7331E9296A7357827CA8E . 15360 . . [5.1.2600.0] . . c:\windows\SoftwareDistribution\Download\b3ba2a040ecf3ac2cd2da399851bda00\backup\sp1qfe\linkinfo.dll
[-] 2002-08-29 . 7D8C58C0CBB7331E9296A7357827CA8E . 15360 . . [5.1.2600.0] . . c:\windows\SoftwareDistribution\Download\b3ba2a040ecf3ac2cd2da399851bda00\backup\sp2gdr\linkinfo.dll
[-] 2002-08-29 . 7D8C58C0CBB7331E9296A7357827CA8E . 15360 . . [5.1.2600.0] . . c:\windows\SoftwareDistribution\Download\b3ba2a040ecf3ac2cd2da399851bda00\backup\sp2qfe\linkinfo.dll

[7] 2008-04-14 . 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE . 198144 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\netman.dll
[-] 2005-08-22 . 36739B39267914BA69AD0610A0299732 . 197632 . . [5.1.2600.2743] . . c:\windows\$hf_mig$\KB905414\SP2GDR\netman.dll
[-] 2005-08-22 . 36739B39267914BA69AD0610A0299732 . 197632 . . [5.1.2600.2743] . . c:\windows\$NtServicePackUninstall$\netman.dll
[-] 2005-08-22 . 36739B39267914BA69AD0610A0299732 . 197632 . . [5.1.2600.2743] . . c:\windows\SYSTEM32\netman.dll
[-] 2005-08-22 . 3516D8A18B36784B1005B950B84232E1 . 197632 . . [5.1.2600.2743] . . c:\windows\$hf_mig$\KB905414\SP2QFE\netman.dll
[7] 2004-08-04 . DAB9E6C7105D2EF49876FE92C524F565 . 198144 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB905414$\netman.dll
[-] 2002-08-29 . E7FF9267BBEB1386975278A27378526F . 154112 . . [5.1.2600.1106] . . c:\windows\$NtUninstallKB905414_0$\netman.dll

[7] 2008-04-14 . D8E14A61ACC1D4A6CD0D38AEBAC7FA3B . 57856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\spoolsv.exe
[-] 2005-06-11 . AD3D9D191AEA7B5445FE1D82FFBB4788 . 57856 . . [5.1.2600.2696] . . c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
[-] 2005-06-10 . DA81EC57ACD4CDC3D4C51CF3D409AF9F . 57856 . . [5.1.2600.2696] . . c:\windows\$hf_mig$\KB896423\SP2GDR\spoolsv.exe
[-] 2005-06-10 . DA81EC57ACD4CDC3D4C51CF3D409AF9F . 57856 . . [5.1.2600.2696] . . c:\windows\$NtServicePackUninstall$\spoolsv.exe
[-] 2005-06-10 . DA81EC57ACD4CDC3D4C51CF3D409AF9F . 57856 . . [5.1.2600.2696] . . c:\windows\SYSTEM32\spoolsv.exe
[7] 2004-08-04 . 7435B108B935E42EA92CA94F59C8E717 . 57856 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB896423$\spoolsv.exe
[-] 2002-08-29 . 9B4155BA58192D4073082B8FC5D42612 . 51200 . . [5.1.2600.0] . . c:\windows\$NtUninstallKB896423_0$\spoolsv.exe

[7] 2008-04-14 . 3CB78C17BB664637787C9A1C98F79C38 . 249856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tapisrv.dll
[-] 2005-07-08 . 1418A3A6E76E5A2E3F5E43866E793A8B . 249344 . . [5.1.2600.2716] . . c:\windows\$hf_mig$\KB893756\SP2QFE\tapisrv.dll
[-] 2005-07-08 . FB78839B36025AA286A51289ED28B73E . 249344 . . [5.1.2600.2716] . . c:\windows\$hf_mig$\KB893756\SP2GDR\tapisrv.dll
[-] 2005-07-08 . FB78839B36025AA286A51289ED28B73E . 249344 . . [5.1.2600.2716] . . c:\windows\$NtServicePackUninstall$\tapisrv.dll
[-] 2005-07-08 . FB78839B36025AA286A51289ED28B73E . 249344 . . [5.1.2600.2716] . . c:\windows\SYSTEM32\tapisrv.dll
[7] 2004-08-04 . EB4A4187D74A8EFDCBEA3EA2CB1BDFBD . 246272 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB893756$\tapisrv.dll
[-] 2002-08-29 . 9B3A213B6591A79EBABBFB4E4EA0A23E . 233984 . . [5.1.2600.1106] . . c:\windows\$NtUninstallKB893756_0$\tapisrv.dll

[7] 2008-04-14 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\user32.dll
[-] 2007-03-08 . 7AA4F6C00405DFC4B70ED4214E7D687B . 578048 . . [5.1.2600.3099] . . c:\windows\$hf_mig$\KB925902\SP2QFE\user32.dll
[-] 2007-03-08 . B409909F6E2E8A7067076ED748ABF1E7 . 577536 . . [5.1.2600.3099] . . c:\windows\$NtServicePackUninstall$\user32.dll
[-] 2007-03-08 . B409909F6E2E8A7067076ED748ABF1E7 . 577536 . . [5.1.2600.3099] . . c:\windows\SYSTEM32\user32.dll
[-] 2005-03-02 . 1800F293BCCC8EDE8A70E12B88D80036 . 577024 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\user32.dll
[-] 2005-03-02 . DE2DB164BBB35DB061AF0997E4499054 . 577024 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2GDR\user32.dll
[-] 2005-03-02 . DE2DB164BBB35DB061AF0997E4499054 . 577024 . . [5.1.2600.2622] . . c:\windows\$NtUninstallKB925902$\user32.dll
[7] 2004-08-04 . C72661F8552ACE7C5C85E16A3CF505C4 . 577024 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB890859$\user32.dll
[-] 2002-11-01 . 68E1F4EF02DF52CA9C5E157045D23582 . 528896 . . [5.1.2600.1134] . . c:\windows\$NtUninstallKB890859_0$\user32.dll
[-] 2002-11-01 . 68E1F4EF02DF52CA9C5E157045D23582 . 528896 . . [5.1.2600.1134] . . c:\windows\SoftwareDistribution\Download\5652d934eec8bfa4dc68c4e256a23d5e\backup\sp1qfe\user32.dll
[-] 2002-11-01 . 68E1F4EF02DF52CA9C5E157045D23582 . 528896 . . [5.1.2600.1134] . . c:\windows\SoftwareDistribution\Download\5652d934eec8bfa4dc68c4e256a23d5e\backup\sp2gdr\user32.dll
[-] 2002-11-01 . 68E1F4EF02DF52CA9C5E157045D23582 . 528896 . . [5.1.2600.1134] . . c:\windows\SoftwareDistribution\Download\5652d934eec8bfa4dc68c4e256a23d5e\backup\sp2qfe\user32.dll

[7] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\explorer.exe
[-] 2007-06-13 . 7712DF0CDDE3A5AC89843E61CD5B3658 . 1033216 . . [6.00.2900.3156] . . c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
[-] 2007-06-13 10:23 . !HASH: COULD NOT OPEN FILE !!!!! . 1033216 . . [------] . . c:\windows\explorer.exe
[-] 2007-06-13 . 97BD6515465659FF8F3B7BE375B2EA87 . 1033216 . . [6.00.2900.3156] . . c:\windows\$NtServicePackUninstall$\explorer.exe
[7] 2004-08-04 . A0732187050030AE399B241436565E64 . 1032192 . . [6.00.2900.2180] . . c:\windows\$NtUninstallKB938828$\explorer.exe

[7] 2008-04-14 . 1926899BF9FFE2602B63074971700412 . 135168 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\shsvcs.dll
[-] 2006-12-19 . 6815DEF9B810AEFAC107EEAF72DA6F82 . 134656 . . [6.00.2900.3051] . . c:\windows\$NtServicePackUninstall$\shsvcs.dll
[-] 2006-12-19 . 6815DEF9B810AEFAC107EEAF72DA6F82 . 134656 . . [6.00.2900.3051] . . c:\windows\SYSTEM32\shsvcs.dll
[-] 2006-12-19 . 53D9184A21C5CBF600D918E51EF3A7E5 . 135168 . . [6.00.2900.3051] . . c:\windows\$hf_mig$\KB928255\SP2QFE\shsvcs.dll
[7] 2004-08-04 . E7518DC542D3EBDCB80EDD98462C7821 . 134656 . . [6.00.2900.2180] . . c:\windows\$NtUninstallKB928255$\shsvcs.dll
[-] 2002-08-29 . 61684089A54936E40F65DA02D47A28AE . 116224 . . [6.00.2800.1106] . . c:\windows\$NtUninstallKB885835_0$\shsvcs.dll
[-] 2002-08-29 . 61684089A54936E40F65DA02D47A28AE . 116224 . . [6.00.2800.1106] . . c:\windows\SoftwareDistribution\Download\080070f6461c8001578e5e4cd4bb024b\backup\sp1qfe\shsvcs.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-21 39408]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-02-19 120320]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Shockwave Updater"="c:\windows\system32\Adobe\Shockwave 11\SwHelper_1150595.exe" [2009-03-19 460216]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592]
"SpyHunter Security Suite"="c:\program files\Enigma Software Group\SpyHunter\SpyHunter3.exe" [2009-04-02 868352]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-06-07 77824]
"PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [2004-04-12 290816]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2008-06-10 1442888]
"IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-04 221184]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2008-06-10 1406024]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2004-02-10 118784]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-04-11 53248]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-03-15 122933]
"Dell Photo AIO Printer 922"="c:\program files\Dell Photo AIO Printer 922\dlbtbmgr.exe" [2004-06-18 290816]
"Dell AIO Printer A920"="c:\program files\Dell AIO Printer A920\dlbkbmgr.exe" [2003-05-02 270336]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2008-11-20 178688]
"iolo AntiVirus"="c:\program files\iolo\System Mechanic Professional\AntiVirus\ioloAV.exe" [2009-05-13 1109856]
"Malwarebytes Anti-Malware (reboot)"="c:\new folder\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"ShOsPostRemover"="c:\sh4ldr\shospostremover.exe" [2009-04-03 80384]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2009-09-10 420176]
"*Restore"="c:\windows\system32\restore\rstrui.exe" [2008-04-14 380416]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
PreCast Monitor.lnk - c:\program files\Ocucom\PreCast\tmon.exe [2008-2-12 1811120]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\WINDOWS\\SYSTEM32\\[You must be registered and logged in to see this link.]
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\WINDOWS\\SYSTEM32\\mmc.exe"=
"c:\\Program Files\\iolo\\System Mechanic Professional\\AntiVirus\\ioloAV.exe"=
"c:\\Program Files\\iolo\\System Mechanic Professional\\AntiVirus\\iAVEmailScanner.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017

S2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [2009-06-02 222968]
S2 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2009-05-21 600944]
S2 ioloSystemService;iolo System Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2009-05-21 600944]


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,LaunchINFSectionEx c:\program files\Internet Explorer\clrtour.inf,DefaultInstall.ResetTour,,12
.
Contents of the 'Scheduled Tasks' folder

2009-09-24 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 22:39]

2009-09-24 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-02-21 01:03]

2009-09-23 c:\windows\Tasks\User_Feed_Synchronization-{25D65CB4-9ADE-4ED7-AE46-1F1762C8E39F}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 22:36]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultUrl = [You must be registered and logged in to see this link.]
uStart Page = [You must be registered and logged in to see this link.]
mStart Page = [You must be registered and logged in to see this link.]
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = 127.0.0.1
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
IE: &Search
LSP: c:\windows\system32\iavlsp.dll
LSP: c:\program files\Google\Google Desktop Search\GoogleDesktopNetwork1.dll
TCP: {76AC16A1-8A80-4DE2-83BA-DCD922C1D4CA} = 166.102.165.11,207.91.5.20
DPF: Microsoft XML Parser for Java - [You must be registered and logged in to see this link.]
DPF: {3713F92E-2252-4A87-868E-C5F17704D4C6} - [You must be registered and logged in to see this link.]
.
.
------- File Associations -------
.
JSEFile=NOTEPAD.EXE %1
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2009-09-24 00:26
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2220035878-3111292644-2104965004-1007\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(760)
c:\windows\system32\iavlsp.dll
.
Completion time: 2009-09-24 0:29
ComboFix-quarantined-files.txt 2009-09-24 04:28
ComboFix2.txt 2009-09-20 14:07
ComboFix3.txt 2009-09-20 04:53

Pre-Run: 116,298,412,032 bytes free
Post-Run: 116,255,956,992 bytes free

Current=6 Default=6 Failed=5 LastKnownGood=7 Sets=1,2,3,4,5,6,7
228 --- E O F --- 2009-09-23 07:00

James101
Novice
Novice

Posts Posts : 34
Joined Joined : 2009-09-15
Gender Gender : Male
OS OS : XP
Points Points : 26438
# Likes # Likes : 0

View user profile

Back to top Go down

Re: antivirs 2010 removal, no desktop cannot d/l and use hijk or malware bytes

Post by Dr Jay on 24th September 2009, 5:34 am

Hi

Please remove SpyHunter, as it seems to be contributing to part of the problem. Control Panel > Add or Remove Programs - Find SpyHunter in the list and choose Change/Remove.

==

Restore Permissions for explorer.exe

Please download [You must be registered and logged in to see this link.] by sUBs

  1. Drag and drop explorer.exe (Located in C:\Windows) onto Inherit
  2. This shall restore permissions to the application
  3. The application should now run normally
Please indicate in your next post if this was successful.

==

Re-running ComboFix to remove infections:

  1. Close any open browsers.
  2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  3. Open notepad and copy/paste the text in the quotebox below into it:

    File::
    c:\windows\r.vbs
    c:\windows\c.bat
    c:\windows\m.bat
  4. Save this as CFScript.txt, in the same location as ComboFix.exe



  5. Referring to the picture above, drag CFScript into ComboFix.exe
  6. When finished, it shall produce a log for you at C:\ComboFix.txt
  7. Please post the contents of the log in your next reply.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13760
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302265
# Likes # Likes : 10

View user profile

Back to top Go down

Re: antivirs 2010 removal, no desktop cannot d/l and use hijk or malware bytes

Post by James101 on 29th September 2009, 12:49 am

Hello,

I now have my desktop! I am still having problems accessing many programs.
here is combofix.txt. Thank!


ComboFix 09-09-18.02 - Jim 09/24/2009 15:12.5.1 - NTFSx86
Running from: c:\documents and settings\Jim\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Jim\Desktop\cfscript.text
* Created a new restore point

FILE ::
"c:\windows\c.bat"
"c:\windows\m.bat"
"c:\windows\r.vbs"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\c.bat
c:\windows\m.bat
c:\windows\r.vbs

.
((((((((((((((((((((((((( Files Created from 2009-08-24 to 2009-09-24 )))))))))))))))))))))))))))))))
.

2009-09-24 19:03 . 2009-09-24 09:25 85504 ----a-w- c:\windows\Inherit.exe
2009-09-24 01:39 . 2009-09-16 23:48 55536 ----a-w- C:\WindowsXP-KB897327-x86-Symbols-ENU.exe
2009-09-24 01:39 . 2009-09-16 23:48 491248 ----a-w- C:\WindowsXP-KB897327-x86-ENU.exe
2009-09-24 00:10 . 2009-09-24 01:30 -------- d-----w- c:\program files\ACW
2009-09-22 05:39 . 2009-09-22 05:39 2855 ----a-w- c:\windows\explorer.PIF
2009-09-22 04:26 . 2009-09-22 05:33 -------- d-----w- c:\documents and settings\Jim\.housecall6.6
2009-09-22 03:03 . 2009-09-22 03:03 46375 ----a-w- c:\windows\Junction.zip
2009-09-14 16:16 . 2009-09-14 16:16 -------- d-----w- c:\documents and settings\LocalService\Application Data\Yahoo!
2009-09-14 02:46 . 2009-09-20 04:27 -------- d--h--w- c:\windows\PIF
2009-09-09 11:32 . 2009-09-09 11:32 -------- d-----w- c:\documents and settings\Administrator.DB2B3L51.000\Local Settings\Application Data\Mozilla
2009-09-08 19:37 . 2009-09-08 19:37 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-09-08 11:22 . 2009-09-10 18:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-08 11:22 . 2009-09-14 19:46 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-08 11:22 . 2009-09-10 18:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-08 11:15 . 2009-09-08 11:15 -------- d-----w- C:\sh4ldr
2009-09-07 19:54 . 2009-09-07 19:54 -------- d-----w- c:\windows\system32\wbem\Repository
2009-09-07 10:58 . 2009-09-07 10:58 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Yahoo!
2009-09-06 13:04 . 2009-09-06 13:04 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2009-09-04 22:17 . 2009-09-04 22:17 -------- d-----w- c:\documents and settings\clark boys\Application Data\Malwarebytes
2009-09-04 02:31 . 2009-09-04 02:31 -------- d-----w- c:\documents and settings\clark boys\Local Settings\Application Data\Mozilla
2009-09-03 11:45 . 2009-09-03 11:45 -------- d-----w- c:\documents and settings\All Users\Application Data\TomTom
2009-09-03 11:36 . 2009-09-03 11:36 -------- d-----w- c:\program files\TomTom DesktopSuite
2009-09-01 15:46 . 2009-09-01 15:46 -------- d-----w- C:\Cache

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-24 13:59 . 2009-04-10 01:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-09-22 05:29 . 2007-08-29 11:54 -------- d-----w- c:\program files\LimeWire
2009-09-22 05:29 . 2009-05-07 03:10 -------- d-----w- c:\program files\VVSN
2009-09-14 16:16 . 2009-04-23 12:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2009-09-14 03:11 . 2009-08-21 19:48 46312 ----a-w- c:\documents and settings\Administrator.DB2B3L51.000\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-07 11:29 . 2008-03-12 04:22 -------- d-----w- c:\documents and settings\clark boys\Application Data\PreCast
2009-09-07 11:01 . 2009-07-12 20:23 -------- d-----w- c:\documents and settings\clark boys\Application Data\iolo
2009-09-03 13:30 . 2008-09-08 16:56 -------- d-----w- c:\program files\TomTom HOME 2
2009-08-24 04:31 . 2009-08-24 04:31 -------- d-----w- c:\documents and settings\Administrator.DB2B3L51.000\Application Data\Malwarebytes
2009-08-24 04:31 . 2009-08-24 04:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-08-24 03:28 . 2009-08-24 03:28 -------- d-----w- c:\documents and settings\Administrator.DB2B3L51.000\Application Data\vlc
2009-08-24 03:23 . 2009-08-24 03:23 680960 ----a-w- c:\windows\is-CSKTN.exe
2009-08-22 11:42 . 2009-08-22 11:42 -------- d-----w- c:\documents and settings\Administrator.DB2B3L51.000\Application Data\iolo
2009-08-21 16:48 . 2009-08-21 16:46 0 ----a-w- c:\windows\system32\cmpwrap.dat
2009-08-02 23:00 . 2009-08-02 23:00 -------- d-----w- c:\program files\ICQ6Toolbar
2009-08-02 23:00 . 2009-08-02 22:59 -------- d-----w- c:\documents and settings\All Users\Application Data\ICQ
2009-08-02 22:59 . 2004-08-25 18:57 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-27 16:56 . 2008-03-12 04:25 -------- d-----w- c:\documents and settings\clark boys\Application Data\Yahoo!
2008-08-22 19:36 . 2008-11-18 03:32 163840 ----a-w- c:\program files\mozilla firefox\components\nsgkff20_meter2.dll
2007-08-21 01:47 . 2007-08-21 01:46 848 --sha-w- c:\windows\SYSTEM32\KGyGaAvL.sys
.

------- Sigcheck -------

[7] 2008-04-14 . 2DC5A8019E2387987905F77C664E4BE2 . 19968 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\linkinfo.dll
[-] 2005-09-01 . 648BF0B4DDE4F7A1156DAE7174D36EFA . 19968 . . [5.1.2600.2751] . . c:\windows\$hf_mig$\KB900725\SP2QFE\linkinfo.dll
[-] 2005-09-01 . A1A688EE56CF3BBD24EDEB815D48E9BA . 19968 . . [5.1.2600.2751] . . c:\windows\$hf_mig$\KB900725\SP2GDR\linkinfo.dll
[-] 2005-09-01 . A1A688EE56CF3BBD24EDEB815D48E9BA . 19968 . . [5.1.2600.2751] . . c:\windows\$NtServicePackUninstall$\linkinfo.dll
[-] 2005-09-01 . A1A688EE56CF3BBD24EDEB815D48E9BA . 19968 . . [5.1.2600.2751] . . c:\windows\SYSTEM32\linkinfo.dll
[7] 2004-08-04 . C2BBD044C741EA4292016C36F718D2E4 . 18944 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB900725$\linkinfo.dll
[-] 2002-08-29 . 7D8C58C0CBB7331E9296A7357827CA8E . 15360 . . [5.1.2600.0] . . c:\windows\$NtUninstallKB900725_0$\linkinfo.dll
[-] 2002-08-29 . 7D8C58C0CBB7331E9296A7357827CA8E . 15360 . . [5.1.2600.0] . . c:\windows\SoftwareDistribution\Download\b3ba2a040ecf3ac2cd2da399851bda00\backup\sp1qfe\linkinfo.dll
[-] 2002-08-29 . 7D8C58C0CBB7331E9296A7357827CA8E . 15360 . . [5.1.2600.0] . . c:\windows\SoftwareDistribution\Download\b3ba2a040ecf3ac2cd2da399851bda00\backup\sp2gdr\linkinfo.dll
[-] 2002-08-29 . 7D8C58C0CBB7331E9296A7357827CA8E . 15360 . . [5.1.2600.0] . . c:\windows\SoftwareDistribution\Download\b3ba2a040ecf3ac2cd2da399851bda00\backup\sp2qfe\linkinfo.dll

[7] 2008-04-14 . 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE . 198144 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\netman.dll
[-] 2005-08-22 . 36739B39267914BA69AD0610A0299732 . 197632 . . [5.1.2600.2743] . . c:\windows\$hf_mig$\KB905414\SP2GDR\netman.dll
[-] 2005-08-22 . 36739B39267914BA69AD0610A0299732 . 197632 . . [5.1.2600.2743] . . c:\windows\$NtServicePackUninstall$\netman.dll
[-] 2005-08-22 . 36739B39267914BA69AD0610A0299732 . 197632 . . [5.1.2600.2743] . . c:\windows\SYSTEM32\netman.dll
[-] 2005-08-22 . 3516D8A18B36784B1005B950B84232E1 . 197632 . . [5.1.2600.2743] . . c:\windows\$hf_mig$\KB905414\SP2QFE\netman.dll
[7] 2004-08-04 . DAB9E6C7105D2EF49876FE92C524F565 . 198144 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB905414$\netman.dll
[-] 2002-08-29 . E7FF9267BBEB1386975278A27378526F . 154112 . . [5.1.2600.1106] . . c:\windows\$NtUninstallKB905414_0$\netman.dll

[7] 2008-04-14 . D8E14A61ACC1D4A6CD0D38AEBAC7FA3B . 57856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\spoolsv.exe
[-] 2005-06-11 . AD3D9D191AEA7B5445FE1D82FFBB4788 . 57856 . . [5.1.2600.2696] . . c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
[-] 2005-06-10 . DA81EC57ACD4CDC3D4C51CF3D409AF9F . 57856 . . [5.1.2600.2696] . . c:\windows\$hf_mig$\KB896423\SP2GDR\spoolsv.exe
[-] 2005-06-10 . DA81EC57ACD4CDC3D4C51CF3D409AF9F . 57856 . . [5.1.2600.2696] . . c:\windows\$NtServicePackUninstall$\spoolsv.exe
[-] 2005-06-10 . DA81EC57ACD4CDC3D4C51CF3D409AF9F . 57856 . . [5.1.2600.2696] . . c:\windows\SYSTEM32\spoolsv.exe
[7] 2004-08-04 . 7435B108B935E42EA92CA94F59C8E717 . 57856 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB896423$\spoolsv.exe
[-] 2002-08-29 . 9B4155BA58192D4073082B8FC5D42612 . 51200 . . [5.1.2600.0] . . c:\windows\$NtUninstallKB896423_0$\spoolsv.exe

[7] 2008-04-14 . 3CB78C17BB664637787C9A1C98F79C38 . 249856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tapisrv.dll
[-] 2005-07-08 . 1418A3A6E76E5A2E3F5E43866E793A8B . 249344 . . [5.1.2600.2716] . . c:\windows\$hf_mig$\KB893756\SP2QFE\tapisrv.dll
[-] 2005-07-08 . FB78839B36025AA286A51289ED28B73E . 249344 . . [5.1.2600.2716] . . c:\windows\$hf_mig$\KB893756\SP2GDR\tapisrv.dll
[-] 2005-07-08 . FB78839B36025AA286A51289ED28B73E . 249344 . . [5.1.2600.2716] . . c:\windows\$NtServicePackUninstall$\tapisrv.dll
[-] 2005-07-08 . FB78839B36025AA286A51289ED28B73E . 249344 . . [5.1.2600.2716] . . c:\windows\SYSTEM32\tapisrv.dll
[7] 2004-08-04 . EB4A4187D74A8EFDCBEA3EA2CB1BDFBD . 246272 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB893756$\tapisrv.dll
[-] 2002-08-29 . 9B3A213B6591A79EBABBFB4E4EA0A23E . 233984 . . [5.1.2600.1106] . . c:\windows\$NtUninstallKB893756_0$\tapisrv.dll

[7] 2008-04-14 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\user32.dll
[-] 2007-03-08 . 7AA4F6C00405DFC4B70ED4214E7D687B . 578048 . . [5.1.2600.3099] . . c:\windows\$hf_mig$\KB925902\SP2QFE\user32.dll
[-] 2007-03-08 . B409909F6E2E8A7067076ED748ABF1E7 . 577536 . . [5.1.2600.3099] . . c:\windows\$NtServicePackUninstall$\user32.dll
[-] 2007-03-08 . B409909F6E2E8A7067076ED748ABF1E7 . 577536 . . [5.1.2600.3099] . . c:\windows\SYSTEM32\user32.dll
[-] 2005-03-02 . 1800F293BCCC8EDE8A70E12B88D80036 . 577024 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\user32.dll
[-] 2005-03-02 . DE2DB164BBB35DB061AF0997E4499054 . 577024 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2GDR\user32.dll
[-] 2005-03-02 . DE2DB164BBB35DB061AF0997E4499054 . 577024 . . [5.1.2600.2622] . . c:\windows\$NtUninstallKB925902$\user32.dll
[7] 2004-08-04 . C72661F8552ACE7C5C85E16A3CF505C4 . 577024 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB890859$\user32.dll
[-] 2002-11-01 . 68E1F4EF02DF52CA9C5E157045D23582 . 528896 . . [5.1.2600.1134] . . c:\windows\$NtUninstallKB890859_0$\user32.dll
[-] 2002-11-01 . 68E1F4EF02DF52CA9C5E157045D23582 . 528896 . . [5.1.2600.1134] . . c:\windows\SoftwareDistribution\Download\5652d934eec8bfa4dc68c4e256a23d5e\backup\sp1qfe\user32.dll
[-] 2002-11-01 . 68E1F4EF02DF52CA9C5E157045D23582 . 528896 . . [5.1.2600.1134] . . c:\windows\SoftwareDistribution\Download\5652d934eec8bfa4dc68c4e256a23d5e\backup\sp2gdr\user32.dll
[-] 2002-11-01 . 68E1F4EF02DF52CA9C5E157045D23582 . 528896 . . [5.1.2600.1134] . . c:\windows\SoftwareDistribution\Download\5652d934eec8bfa4dc68c4e256a23d5e\backup\sp2qfe\user32.dll

[7] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\explorer.exe
[-] 2007-06-13 . 7712DF0CDDE3A5AC89843E61CD5B3658 . 1033216 . . [6.00.2900.3156] . . c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
[-] 2007-06-13 . 97BD6515465659FF8F3B7BE375B2EA87 . 1033216 . . [6.00.2900.3156] . . c:\windows\explorer.exe
[-] 2007-06-13 . 97BD6515465659FF8F3B7BE375B2EA87 . 1033216 . . [6.00.2900.3156] . . c:\windows\$NtServicePackUninstall$\explorer.exe
[7] 2004-08-04 . A0732187050030AE399B241436565E64 . 1032192 . . [6.00.2900.2180] . . c:\windows\$NtUninstallKB938828$\explorer.exe

[7] 2008-04-14 . 1926899BF9FFE2602B63074971700412 . 135168 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\shsvcs.dll
[-] 2006-12-19 . 6815DEF9B810AEFAC107EEAF72DA6F82 . 134656 . . [6.00.2900.3051] . . c:\windows\$NtServicePackUninstall$\shsvcs.dll
[-] 2006-12-19 . 6815DEF9B810AEFAC107EEAF72DA6F82 . 134656 . . [6.00.2900.3051] . . c:\windows\SYSTEM32\shsvcs.dll
[-] 2006-12-19 . 53D9184A21C5CBF600D918E51EF3A7E5 . 135168 . . [6.00.2900.3051] . . c:\windows\$hf_mig$\KB928255\SP2QFE\shsvcs.dll
[7] 2004-08-04 . E7518DC542D3EBDCB80EDD98462C7821 . 134656 . . [6.00.2900.2180] . . c:\windows\$NtUninstallKB928255$\shsvcs.dll
[-] 2002-08-29 . 61684089A54936E40F65DA02D47A28AE . 116224 . . [6.00.2800.1106] . . c:\windows\$NtUninstallKB885835_0$\shsvcs.dll
[-] 2002-08-29 . 61684089A54936E40F65DA02D47A28AE . 116224 . . [6.00.2800.1106] . . c:\windows\SoftwareDistribution\Download\080070f6461c8001578e5e4cd4bb024b\backup\sp1qfe\shsvcs.dll
.
((((((((((((((((((((((((((((( [You must be registered and logged in to see this link.] )))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-21 39408]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-02-19 120320]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Shockwave Updater"="c:\windows\system32\Adobe\Shockwave 11\SwHelper_1150595.exe" [2009-03-19 460216]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-06-07 77824]
"PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [2004-04-12 290816]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2008-06-10 1442888]
"IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-04 221184]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2008-06-10 1406024]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2004-02-10 118784]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-04-11 53248]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-03-15 122933]
"Dell Photo AIO Printer 922"="c:\program files\Dell Photo AIO Printer 922\dlbtbmgr.exe" [2004-06-18 290816]
"Dell AIO Printer A920"="c:\program files\Dell AIO Printer A920\dlbkbmgr.exe" [2003-05-02 270336]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2008-11-20 178688]
"iolo AntiVirus"="c:\program files\iolo\System Mechanic Professional\AntiVirus\ioloAV.exe" [2009-05-13 1109856]
"Malwarebytes Anti-Malware (reboot)"="c:\new folder\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"ShOsPostRemover"="c:\sh4ldr\shospostremover.exe" [2009-04-03 80384]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2009-09-10 420176]
"*Restore"="c:\windows\system32\restore\rstrui.exe" [2008-04-14 380416]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
PreCast Monitor.lnk - c:\program files\Ocucom\PreCast\tmon.exe [2008-2-12 1811120]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\WINDOWS\\SYSTEM32\\[You must be registered and logged in to see this link.]
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\WINDOWS\\SYSTEM32\\mmc.exe"=
"c:\\Program Files\\iolo\\System Mechanic Professional\\AntiVirus\\ioloAV.exe"=
"c:\\Program Files\\iolo\\System Mechanic Professional\\AntiVirus\\iAVEmailScanner.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017

S2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [2009-06-02 222968]
S2 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2009-05-21 600944]
S2 ioloSystemService;iolo System Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2009-05-21 600944]


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,LaunchINFSectionEx c:\program files\Internet Explorer\clrtour.inf,DefaultInstall.ResetTour,,12
.
Contents of the 'Scheduled Tasks' folder

2009-09-24 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 22:39]

2009-09-24 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-02-21 01:03]

2009-09-24 c:\windows\Tasks\User_Feed_Synchronization-{25D65CB4-9ADE-4ED7-AE46-1F1762C8E39F}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 22:36]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultUrl = [You must be registered and logged in to see this link.]
uStart Page = [You must be registered and logged in to see this link.]
mStart Page = [You must be registered and logged in to see this link.]
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = 127.0.0.1
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
IE: &Search
LSP: c:\windows\system32\iavlsp.dll
LSP: c:\program files\Google\Google Desktop Search\GoogleDesktopNetwork1.dll
TCP: {76AC16A1-8A80-4DE2-83BA-DCD922C1D4CA} = 166.102.165.11,207.91.5.20
DPF: Microsoft XML Parser for Java - [You must be registered and logged in to see this link.]
DPF: {3713F92E-2252-4A87-868E-C5F17704D4C6} - [You must be registered and logged in to see this link.]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-SpyHunter Security Suite - c:\program files\Enigma Software Group\SpyHunter\SpyHunter3.exe
AddRemove-{03CE1BCB-03F5-4C6A-B37E-69799AA3C544} - c:\program files\Enigma Software Group\SpyHunter\Uninstall.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2009-09-24 15:16
Windows 5.1.2600 Service Pack 3 NTFS

scanning hȋdden processes ...

scanning hȋdden autostart entries ...

scanning hȋdden files ...

scan completed successfully
hȋdden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2220035878-3111292644-2104965004-1007\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(760)
c:\windows\system32\iavlsp.dll
.
Completion time: 2009-09-24 15:19
ComboFix-quarantined-files.txt 2009-09-24 19:18
ComboFix2.txt 2009-09-24 04:29
ComboFix3.txt 2009-09-20 14:07
ComboFix4.txt 2009-09-20 04:53

Pre-Run: 116,250,562,560 bytes free
Post-Run: 116,206,739,456 bytes free

Current=6 Default=6 Failed=5 LastKnownGood=7 Sets=1,2,3,4,5,6,7
238 --- E O F --- 2009-09-24 07:00

James101
Novice
Novice

Posts Posts : 34
Joined Joined : 2009-09-15
Gender Gender : Male
OS OS : XP
Points Points : 26438
# Likes # Likes : 0

View user profile

Back to top Go down

Re: antivirs 2010 removal, no desktop cannot d/l and use hijk or malware bytes

Post by Dr Jay on 29th September 2009, 1:31 am

Hi

Please re-open Malwarebytes, click the Update tab, and click Check for Updates. Then, click the Scanner tab, select Perform Quick Scan, and press Scan. Remove selected, and post the log in your next reply.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13760
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302265
# Likes # Likes : 10

View user profile

Back to top Go down

Re: antivirs 2010 removal, no desktop cannot d/l and use hijk or malware bytes

Post by James101 on 29th September 2009, 2:44 am

Malwarebytes' Anti-Malware 1.41
Database version: 2869
Windows 5.1.2600 Service Pack 3

9/28/2009 10:39:00 PM
mbam-log-2009-09-28 (22-39-00).txt

Scan type: Quick Scan
Objects scanned: 128182
Time elapsed: 56 minute(s), 14 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\Jim\My Documents\downloads\winlogon.scr (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.

James101
Novice
Novice

Posts Posts : 34
Joined Joined : 2009-09-15
Gender Gender : Male
OS OS : XP
Points Points : 26438
# Likes # Likes : 0

View user profile

Back to top Go down

Re: antivirs 2010 removal, no desktop cannot d/l and use hijk or malware bytes

Post by Dr Jay on 29th September 2009, 3:14 am

Hi

Download Security Check by screen317 from [You must be registered and logged in to see this link.] or [You must be registered and logged in to see this link.].
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13760
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302265
# Likes # Likes : 10

View user profile

Back to top Go down

Re: antivirs 2010 removal, no desktop cannot d/l and use hijk or malware bytes

Post by James101 on 29th September 2009, 3:25 am

Results of screen317's Security Check version 0.99.0
Windows XP Service Pack 3
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Disabled!
OneCare Advisor (Windows Live Toolbar)
Authentium AntiVirus SDK - 2
iolo Antivirus
iolo technologies' System Mechanic Professional
``````````````````````````````
Anti-malware/Other Utilities Check:

Scholastic's I SPY Mystery
Java(TM) 6 Update 2
Java 2 Runtime Environment, SE v1.4.2_03
Out of date Java installed!
Adobe Flash Player 10
Adobe Reader 8.1.2
Adobe Reader 8.1.2 Security Update 1 (KB403742)
Out of date Adobe Reader installed!
``````````````````````````````
Process Check:
objlist.exe by Laurent

``````````````````````````````
DNS Vulnerability Check:

GREAT! (Not vulnerable to DNS cache poisoning)

`````````End of Log```````````

James101
Novice
Novice

Posts Posts : 34
Joined Joined : 2009-09-15
Gender Gender : Male
OS OS : XP
Points Points : 26438
# Likes # Likes : 0

View user profile

Back to top Go down

Re: antivirs 2010 removal, no desktop cannot d/l and use hijk or malware bytes

Post by Dr Jay on 29th September 2009, 3:45 am

Hi

Please download the newest version of Java from [You must be registered and logged in to see this link.].

Before installing: it is important to remove older versions of Java since it does not do so automatically and old versions still leave you vulnerable.
Go to the Control Panel and enter Add or Remove Programs.
Search in the list for all previous installed versions of Java. (J2SE Runtime Environment). Please uninstall/remove each of them.

Once old versions are gone, please install the newest version.

==

Please download the newest version of Adobe Acrobat Reader from [You must be registered and logged in to see this link.]

Before installing: it is important to remove older versions of Acrobat Reader since it does not do so automatically and old versions still leave you vulnerable.
Go to the Control Panel and enter Add or Remove Programs.
Search in the list for all previous installed versions of Adobe Acrobat Reader. Uninstall/Remove each of them.

Once old versions are gone, please install the newest version.

==

Are you having any more issues? It seems the malware is gone from your computer.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13760
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302265
# Likes # Likes : 10

View user profile

Back to top Go down

Re: antivirs 2010 removal, no desktop cannot d/l and use hijk or malware bytes

Post by James101 on 29th September 2009, 3:55 am

Hey,
Yes, I'm sorry to say but I cannot access add/remove programs. You have been great helping me rid antivirus 2010! Remarkable!
Anyway, here's what I get "C:\windows\system32\rundll32.exe
windows cannot access the specified device, path, or file. You may not have the appropriate permission to access the item."

James101
Novice
Novice

Posts Posts : 34
Joined Joined : 2009-09-15
Gender Gender : Male
OS OS : XP
Points Points : 26438
# Likes # Likes : 0

View user profile

Back to top Go down

Re: antivirs 2010 removal, no desktop cannot d/l and use hijk or malware bytes

Post by Dr Jay on 29th September 2009, 4:25 am

Hi

Please reboot to Safe Mode (tap the F8 key just before Windows starts to load and select the Safe Mode option from the menu).

Please navigate to rundll32.exe which is located in C:\Windows\System32

and take ownership of it: [You must be registered and logged in to see this link.]

Once you have taken ownership, please boot back in to Normal Mode and see if you can access Add or Remove Programs.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13760
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302265
# Likes # Likes : 10

View user profile

Back to top Go down

Re: antivirs 2010 removal, no desktop cannot d/l and use hijk or malware bytes

Post by James101 on 29th September 2009, 9:42 pm

Hello,

Everything in the security tab was checked that I and all users have full permission. I also cannot access many other things in control panel, I get the same message "cannot access the file......" Thanks!

James101
Novice
Novice

Posts Posts : 34
Joined Joined : 2009-09-15
Gender Gender : Male
OS OS : XP
Points Points : 26438
# Likes # Likes : 0

View user profile

Back to top Go down

Re: antivirs 2010 removal, no desktop cannot d/l and use hijk or malware bytes

Post by Belahzur on 29th September 2009, 10:32 pm

Hello.
We'll need to unlock more files. Can you run junction.exe like I asked here?
[You must be registered and logged in to see this link.]


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34917
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245080
# Likes # Likes : 1

View user profile

Back to top Go down

Re: antivirs 2010 removal, no desktop cannot d/l and use hijk or malware bytes

Post by James101 on 30th September 2009, 9:41 am

Junction v1.05 - Windows junction creator and reparse point viewer
Copyright (C) 2000-2007 Mark Russinovich
Systems Internals - [You must be registered and logged in to see this link.]


Failed to open \\?\c:\\hiberfil.sys: The process cannot access the file because it is being used by another process.



Failed to open \\?\c:\\pagefile.sys: The process cannot access the file because it is being used by another process.


...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...


Failed to open \\?\c:\\New Folder\mwbe\mbam.exe: Access is denied.


...

...

...

...

..
Failed to open \\?\c:\\Program Files\iolo\System Mechanic Professional\SMSystemAnalyzer.exe: Access is denied.



Failed to open \\?\c:\\Program Files\iolo\System Mechanic Professional\SysMech.exe: Access is denied.


.

...

...

...

...

.
Failed to open \\?\c:\\Program Files\Malwarebytes' Anti-Malware\mbam.exe: Access is denied.


..

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...
Failed to open \\?\c:\\WINDOWS\PCHealth\HelpCtr\Binaries\helpsvc.exe: Access is denied.




...

...

...
Failed to open \\?\c:\\WINDOWS\SYSTEM32\dumprep.exe: Access is denied.



Failed to open \\?\c:\\WINDOWS\SYSTEM32\hkcmd.exe: Access is denied.




.
Failed to open \\?\c:\\WINDOWS\SYSTEM32\rundll32.exe: Access is denied.


..

...

.
Failed to open \\?\c:\\WINDOWS\SYSTEM32\WBEM\wmiprvse.exe: Access is denied.


.No reparse points found.

James101
Novice
Novice

Posts Posts : 34
Joined Joined : 2009-09-15
Gender Gender : Male
OS OS : XP
Points Points : 26438
# Likes # Likes : 0

View user profile

Back to top Go down

Re: antivirs 2010 removal, no desktop cannot d/l and use hijk or malware bytes

Post by Belahzur on 30th September 2009, 10:04 pm

Hello.

Please download [You must be registered and logged in to see this link.] file.

Like you did with juntion.exe, place inherit.exe into windows folder.

Now open a new notepad file.
Input this into the notepad file:

@echo off
"inherit.exe" "c:\New Folder\mwbe\mbam.exe"
"inherit.exe" "c:\Program Files\iolo\System Mechanic Professional\SMSystemAnalyzer.exe"
"inherit.exe" "c:\Program Files\iolo\System Mechanic Professional\SysMech.ex"
"inherit.exe" "c:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"
"inherit.exe" "c:\WINDOWS\SYSTEM32\dumprep.exe"
"inherit.exe" "c:\WINDOWS\SYSTEM32\hkcmd.exe"
"inherit.exe" "c:\WINDOWS\SYSTEM32\rundll32.exe"
"inherit.exe" "c:\WINDOWS\SYSTEM32\WBEM\wmiprvse.exe"
exit

Save this as fix.bat, save it to your desktop.
Double click fix.bat and the black cmd window will open and close, this is normal.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34917
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245080
# Likes # Likes : 1

View user profile

Back to top Go down

Re: antivirs 2010 removal, no desktop cannot d/l and use hijk or malware bytes

Post by James101 on 30th September 2009, 10:40 pm

Hello,

You guy's are the bomb!! I can access Add/Remove now and the other things I couldn't before! I'm ganna go and see if I can now remove some of the things suggested before. Thank you so much!

James101
Novice
Novice

Posts Posts : 34
Joined Joined : 2009-09-15
Gender Gender : Male
OS OS : XP
Points Points : 26438
# Likes # Likes : 0

View user profile

Back to top Go down

Re: antivirs 2010 removal, no desktop cannot d/l and use hijk or malware bytes

Post by James101 on 30th September 2009, 10:49 pm

hey again,

I tried to remove the older version of java but I couldn't. " windows installer is not correctly installed" Thanks!!

James101
Novice
Novice

Posts Posts : 34
Joined Joined : 2009-09-15
Gender Gender : Male
OS OS : XP
Points Points : 26438
# Likes # Likes : 0

View user profile

Back to top Go down

Re: antivirs 2010 removal, no desktop cannot d/l and use hijk or malware bytes

Post by Belahzur on 1st October 2009, 12:17 am

Hello.
Don't worry about that for now. Smile Update and run MBAM please.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34917
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245080
# Likes # Likes : 1

View user profile

Back to top Go down

Re: antivirs 2010 removal, no desktop cannot d/l and use hijk or malware bytes

Post by James101 on 1st October 2009, 2:54 am

Malwarebytes' Anti-Malware 1.41
Database version: 2879
Windows 5.1.2600 Service Pack 3

9/30/2009 10:26:08 PM
mbam-log-2009-09-30 (22-26-08).txt

Scan type: Quick Scan
Objects scanned: 131428
Time elapsed: 56 minute(s), 16 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

James101
Novice
Novice

Posts Posts : 34
Joined Joined : 2009-09-15
Gender Gender : Male
OS OS : XP
Points Points : 26438
# Likes # Likes : 0

View user profile

Back to top Go down

Re: antivirs 2010 removal, no desktop cannot d/l and use hijk or malware bytes

Post by Belahzur on 1st October 2009, 10:10 am

Hello.
Lets get this scan going.

  • Please download DDS by sUBs to your Desktop (Important!!) from one of these locations:
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]
  • Double click DDS.scr to run.
  • When complete, two logs will open. Save both of the report to your Desktop.
  • Copy and paste DDS.txt back here, I don't need to see attach.txt just yet.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34917
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245080
# Likes # Likes : 1

View user profile

Back to top Go down

Re: antivirs 2010 removal, no desktop cannot d/l and use hijk or malware bytes

Post by James101 on 2nd October 2009, 12:10 am

DDS (Ver_09-09-29.01) - NTFSx86
Run by Jim at 20:07:39.84 on Thu 10/01/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_16

============== Running Processes ===============


============== Pseudo HJT Report ===============

uSearchMigratedDefaultUrl = [You must be registered and logged in to see this link.]
uStart Page = [You must be registered and logged in to see this link.]
mStart Page = [You must be registered and logged in to see this link.]
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = 127.0.0.1
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
uURLSearchHooks: H - No File
uURLSearchHooks: ICQToolBar: {855f3b16-6d32-4fe6-8a56-bbb695989046} - c:\program files\icq6toolbar\ICQToolBar.dll
mURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Windows Live Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
BHO: 1 (0x1) - No File
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
TB: ICQToolBar: {855f3b16-6d32-4fe6-8a56-bbb695989046} - c:\program files\icq6toolbar\ICQToolBar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRunOnce: [Shockwave Updater] c:\windows\system32\adobe\shockwave 11\SwHelper_1150595.exe -Update -1150595 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; GTB6; FunWebProducts; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 1.0.3705; yie8; yie8)" -"http://www.maidmarian.com/ClubMarian.htm"
mRun: [UpdateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [PCMService] "c:\program files\dell\media experience\PCMService.exe"
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"
mRun: [IntelMeM] c:\program files\intel\modem event monitor\IntelMEM.exe
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [Dell Photo AIO Printer 922] "c:\program files\dell photo aio printer 922\dlbtbmgr.exe"
mRun: [Dell AIO Printer A920] "c:\program files\dell aio printer a920\dlbkbmgr.exe"
mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
mRun: [iolo AntiVirus] "c:\program files\iolo\system mechanic professional\antivirus\ioloAV.exe"
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\new folder\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRunOnce: [Uninstall Adobe Download Manager] "c:\windows\system32\rundll32.exe" "c:\program files\nos\bin\getPlus_Helper.dll",Uninstall /IE2883E8F-472F-4fb0-9522-AC9BF37916A7 /Get1noarp
StartupFolder: c:\documents and settings\jim\start menu\programs\startup\PowerReg Scheduler V3.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\1.0.150\SSScheduler.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\precas~1.lnk - c:\program files\ocucom\precast\tmon.exe
IE: &Search
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - [You must be registered and logged in to see this link.]
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
LSP: c:\windows\system32\iavlsp.dll
LSP: c:\program files\google\google desktop search\GoogleDesktopNetwork1.dll
DPF: Microsoft XML Parser for Java - [You must be registered and logged in to see this link.]
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - [You must be registered and logged in to see this link.]
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - [You must be registered and logged in to see this link.]
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - [You must be registered and logged in to see this link.]
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - [You must be registered and logged in to see this link.]
DPF: {1E3F1348-4370-4BBE-A67A-CC7ED824CA85} - [You must be registered and logged in to see this link.]
DPF: {3713F92E-2252-4A87-868E-C5F17704D4C6} - [You must be registered and logged in to see this link.]
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - [You must be registered and logged in to see this link.]
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - [You must be registered and logged in to see this link.]
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
TCP: {76AC16A1-8A80-4DE2-83BA-DCD922C1D4CA} = 166.102.165.11,207.91.5.20
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============


============== File Associations ===============

JSEFile=NOTEPAD.EXE %1

=============== Created Last 30 ================

2009-10-01 19:35 --d----- c:\program files\McAfee Security Scan
2009-10-01 19:35 --d----- c:\docume~1\alluse~1\applic~1\McAfee Security Scan
2009-09-30 23:28 411,368 a------- c:\windows\system32\deploytk.dll
2009-09-30 23:28 73,728 a------- c:\windows\system32\javacpl.cpl
2009-09-26 16:10 54,156 a---h--- c:\windows\QTFont.qfn
2009-09-26 16:10 1,409 a------- c:\windows\QTFont.for
2009-09-24 15:10 --d----- C:\ComboFix
2009-09-24 15:03 85,504 a------- c:\windows\inherit.exe
2009-09-23 21:39 491,248 a------- C:\WindowsXP-KB897327-x86-ENU.exe
2009-09-23 21:39 55,536 a------- C:\WindowsXP-KB897327-x86-Symbols-ENU.exe
2009-09-23 20:10 --d----- c:\program files\ACW
2009-09-22 01:39 2,855 a------- c:\windows\explorer.PIF
2009-09-22 00:26 --d----- c:\documents and settings\jim\.housecall6.6
2009-09-20 00:45 a-dshr-- C:\cmdcons
2009-09-20 00:26 229,888 a------- c:\windows\PEV.exe
2009-09-20 00:26 161,792 a------- c:\windows\SWREG.exe
2009-09-20 00:26 98,816 a------- c:\windows\sed.exe
2009-09-13 22:46 --d-h--- c:\windows\PIF
2009-09-08 15:37 664 a------- c:\windows\system32\d3d9caps.dat
2009-09-08 07:22 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-08 07:22 19,160 a------- c:\windows\system32\drivers\mbam.sys
2009-09-08 07:22 --d----- c:\program files\Malwarebytes' Anti-Malware
2009-09-08 07:15 414 a------- C:\spyhunter.fix
2009-09-07 15:54 --d----- c:\windows\system32\wbem\Repository
2009-09-07 06:58 12,537 a------- c:\windows\opybu._sy
2009-09-03 07:45 --d----- c:\docume~1\alluse~1\applic~1\TomTom
2009-09-03 07:36 --d----- c:\program files\TomTom DesktopSuite

==================== Find3M ====================

2009-09-30 05:29 95,616 a------- c:\windows\junction.exe
2009-08-23 23:23 680,960 a------- c:\windows\is-CSKTN.exe
2007-08-20 21:47 848 a--sh--- c:\windows\system32\KGyGaAvL.sys
2009-05-18 18:59 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009051820090519\index.dat

============= FINISH: 20:08:08.70 ===============

James101
Novice
Novice

Posts Posts : 34
Joined Joined : 2009-09-15
Gender Gender : Male
OS OS : XP
Points Points : 26438
# Likes # Likes : 0

View user profile

Back to top Go down

Re: antivirs 2010 removal, no desktop cannot d/l and use hijk or malware bytes

Post by Dr Jay on 3rd October 2009, 10:43 pm

How is your computer running? Are you still having trouble?


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13760
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302265
# Likes # Likes : 10

View user profile

Back to top Go down

Re: antivirs 2010 removal, no desktop cannot d/l and use hijk or malware bytes

Post by James101 on 4th October 2009, 10:56 am

Hello,

Everything seems to be doing good except I cannot turn my computer off from the start menu or task manager. You guy's have been awesome! Thanks!

James101
Novice
Novice

Posts Posts : 34
Joined Joined : 2009-09-15
Gender Gender : Male
OS OS : XP
Points Points : 26438
# Likes # Likes : 0

View user profile

Back to top Go down

Re: antivirs 2010 removal, no desktop cannot d/l and use hijk or malware bytes

Post by Dr Jay on 4th October 2009, 8:53 pm

Hi

Please tell me if this works:

It is time to fix the damages due to malware, and to secure your computer to help prevent re-infection.
Please download [You must be registered and logged in to see this link.] by DragonMaster Jay, and save it to your Desktop. Right click and Extract All, and save the files to your Desktop.
  • Please disable realtime protection. (If any)
  • Double-click RunFirst.vbs. Follow the prompts and make sure it completes. It will confirm the Restore Point was added.
  • Double-click DragonFix.reg, and follow the prompt(s).
  • Please reboot your computer. In your case, do the following: open Command Prompt (Start > Run - Type in CMD and hit enter). In the Command Prompt Window, enter in the following and hit enter: shutdown /r


Make sure there is a space between the shutdown and /r


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13760
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302265
# Likes # Likes : 10

View user profile

Back to top Go down

Re: antivirs 2010 removal, no desktop cannot d/l and use hijk or malware bytes

Post by James101 on 4th October 2009, 10:43 pm

Hello,

I tried the run first and got "Activex component can't create object: Get Object" Thanks!

James101
Novice
Novice

Posts Posts : 34
Joined Joined : 2009-09-15
Gender Gender : Male
OS OS : XP
Points Points : 26438
# Likes # Likes : 0

View user profile

Back to top Go down

Re: antivirs 2010 removal, no desktop cannot d/l and use hijk or malware bytes

Post by Dr Jay on 5th October 2009, 1:03 am

Hi

Please create a Restore Point yourself, by going to Start > All Programs > Accessories > System Restore

==

Then, try DragonFix and do the Restart command. Don't worry about RunFirst.vbs.

Then, let me know if that fȋxed it.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13760
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302265
# Likes # Likes : 10

View user profile

Back to top Go down

Re: antivirs 2010 removal, no desktop cannot d/l and use hijk or malware bytes

Post by James101 on 5th October 2009, 11:11 am

Hey,

Everything seems to be doing great! I will be watching this site very often to try and learn more about computers. You have already taught me a great deal. I just wished I were as good as you guys. Would you have any suggestions as per learning what you guys do? I have found this to be very interesting and would love to learn more. Thanks!!

James101
Novice
Novice

Posts Posts : 34
Joined Joined : 2009-09-15
Gender Gender : Male
OS OS : XP
Points Points : 26438
# Likes # Likes : 0

View user profile

Back to top Go down

Re: antivirs 2010 removal, no desktop cannot d/l and use hijk or malware bytes

Post by Dr Jay on 5th October 2009, 10:50 pm

The following links will be helpful to find free malware removal training:

[You must be registered and logged in to see this link.]


[You must be registered and logged in to see this link.]


[You must be registered and logged in to see this link.]


[You must be registered and logged in to see this link.]


[You must be registered and logged in to see this link.]


[You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13760
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302265
# Likes # Likes : 10

View user profile

Back to top Go down

Page 1 of 2 1, 2  Next

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum