Need Help-ERROR-Starting on Demand Scanner

View previous topic View next topic Go down

Need Help-ERROR-Starting on Demand Scanner

Post by wooowooo on Fri Oct 02, 2009 11:43 am

Had the same prob as a similar thread. Mcaffe gave me an error that said ERROR-Starting on Demand Scanner, and windows defender, ad aware and mal bites would not run. I ran combo fix and I was able to get these to run, but they have not fȋxed the prob. I uninstalled Mcaffe antiviris. Cannot reinstall it, it says failed every time. When I search goggle in IE7, it redirects me to other sites. Windows xp, service pack 3. Ran system look and this is the results:

SystemLook v1.0 by jpshortstuff (29.08.09)
Log created at 16:31 on 30/09/2009 by Compaq_Owner (Administrator - Elevation successful)

========== filefind ==========

Searching for "scecli.dll"
C:\WINDOWS\$NtServicePackUninstall$\scecli.dll -----c 180224 bytes [06:45 20/12/2008] [12:00 04/08/2004] 0F78E27F563F2AAF74B91A49E2ABF19A
C:\WINDOWS\ServicePackFiles\i386\scecli.dll ------ 181248 bytes [10:20 27/08/2008] [00:12 14/04/2008] A86BB5E61BF3E39B62AB4C7E7085A084
C:\WINDOWS\system32\scecli.dll --a--- 181248 bytes [12:00 04/08/2004] [00:12 14/04/2008] A86BB5E61BF3E39B62AB4C7E7085A084

Searching for "netlogon.dll"
C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll -----c 407040 bytes [06:45 20/12/2008] [12:00 04/08/2004] 96353FCECBA774BB8DA74A1C6507015A
C:\WINDOWS\ServicePackFiles\i386\netlogon.dll ------ 407040 bytes [10:20 27/08/2008] [00:12 14/04/2008] 1B7F071C51B77C272875C3A23E1E4550
C:\WINDOWS\system32\netlogon.dll --a--- 407040 bytes [12:00 04/08/2004] [00:12 14/04/2008] 1B7F071C51B77C272875C3A23E1E4550

-=End Of File=-


Please help.

wooowooo
Intermediate
Intermediate

Status :
Online
Offline

Posts : 80
Joined : 2009-09-30
OS : xp

View user profile

Back to top Go down

Re: Need Help-ERROR-Starting on Demand Scanner

Post by wooowooo on Fri Oct 02, 2009 4:34 pm

Here is the combo fix log: please help this is a work computer. Thank you.


ComboFix 09-09-30.01 - Compaq_Owner 09/30/2009 17:13.1.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.958.506 [GMT -5:00]
Running from: c:\documents and settings\Compaq_Owner\Desktop\Combo-Fix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Start Menu\HP Image Zone .lnk
C:\LOG6D0.tmp
C:\LOGC76.tmp
C:\setup.exe
c:\windows\a3kebook.ini
c:\windows\akebook.ini
c:\windows\ANS2000.INI
c:\windows\desktop
c:\windows\Fonts\services.exe
c:\windows\Installer\15b40.msi
c:\windows\Installer\360df.msp
c:\windows\Installer\360f4.msp
c:\windows\Installer\36196.msp
c:\windows\Installer\3ca350.msp
c:\windows\run.log
c:\windows\system32\comsa32.sys
c:\windows\system32\geyekrdksnsvwr.dat
c:\windows\system32\net.net
c:\windows\system32\ps2.bat
c:\windows\system32\uacinit.dll
c:\windows\system32\UACjpiwejyhmqdabqref.dat
c:\windows\system32\UACmimkcwchcwondqdgg.db
D:\Autorun.inf

Infected copy of c:\windows\system32\eventlog.dll was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\eventlog.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED}


((((((((((((((((((((((((( Files Created from 2009-08-28 to 2009-09-30 )))))))))))))))))))))))))))))))
.

2009-09-30 21:58 . 2009-09-30 21:58 0 ----a-r- c:\windows\win32k.sys
2009-09-30 21:57 . 2009-09-30 21:57 -------- d-----w- c:\program files\McAfee.com
2009-09-30 21:57 . 2009-09-30 21:57 -------- d-----w- c:\program files\Common Files\McAfee
2009-09-30 21:57 . 2009-09-30 21:57 -------- d-----w- c:\program files\McAfee
2009-09-30 21:23 . 2009-09-30 21:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-09-30 21:23 . 2009-09-30 21:57 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-13 02:59 . 2009-09-13 02:59 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\ICS

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-30 21:43 . 2006-11-11 00:56 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-09-30 09:57 . 2007-10-10 21:04 -------- d-----w- c:\program files\LogMeIn
2009-09-29 17:57 . 2006-12-20 04:46 -------- d-----w- c:\program files\Lexmark 1200 Series
2009-09-18 12:50 . 2006-07-22 22:48 -------- d-----w- c:\program files\Lx_cats
2009-09-08 01:41 . 2007-10-10 21:05 83288 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2009-09-08 01:40 . 2007-10-10 21:05 28984 ----a-w- c:\windows\system32\LMIport.dll
2009-09-08 01:40 . 2007-10-02 21:51 11552 ----a-w- c:\windows\system32\lmimirr2.dll
2009-09-08 01:40 . 2007-10-02 21:51 25248 ----a-w- c:\windows\system32\lmimirr.dll
2009-09-08 01:40 . 2007-10-10 21:05 87352 ----a-w- c:\windows\system32\LMIinit.dll
2009-08-11 19:52 . 2008-08-29 11:48 -------- d-----w- c:\documents and settings\LocalService\Application Data\SACore
2009-08-05 15:07 . 2009-08-05 15:07 -------- d-----w- c:\program files\AVG
2009-08-05 09:01 . 2004-08-04 12:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-17 19:01 . 2004-08-04 12:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-16 17:32 . 2009-08-15 14:57 120136 ----a-w- c:\windows\system32\drivers\Mpfp.sys
2009-07-15 02:31 . 2006-02-12 21:46 55632 -c--a-w- c:\documents and settings\Compaq_Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-08 18:44 . 2006-11-30 05:07 40552 ----a-w- c:\windows\system32\drivers\mfesmfk.sys
2009-07-08 18:44 . 2006-11-30 05:07 35272 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2009-07-08 18:44 . 2006-11-30 05:07 214024 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2009-07-08 18:44 . 2006-11-30 05:07 79816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2009-07-08 18:43 . 2006-11-30 05:07 34248 ----a-w- c:\windows\system32\drivers\mferkdk.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-20 68856]
"cdloader"="c:\documents and settings\Compaq_Owner\Application Data\mjusbsp\cdloader2.exe" [2008-07-22 50520]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LXCFCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXCFtime.dll" [2005-07-20 73728]
"Lexmark 1200 Series"="c:\program files\Lexmark 1200 Series\lxczbmgr.exe" [2006-03-16 57344]
"HostManager"="c:\program files\Common Files\AOL\1153956942\ee\AOLSoftware.exe" [2008-06-24 41824]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2007-09-12 63048]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-04-27 282624]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-09-21 520024]
"PCDrSmartMonitor"="c:\program files\PC-Doctor 5 for Windows\PcdSmartMonitor.exe" [2005-09-08 299008]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]

c:\documents and settings\Default User\Start Menu\Programs\Startup\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2005-11-12 27136]

c:\documents and settings\LogMeInRemoteUser\Start Menu\Programs\Startup\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2005-11-12 27136]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2006-7-24 122880]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2009-09-08 01:40 87352 ----a-w- c:\windows\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Compaq Connections.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Compaq Connections.lnk
backup=c:\windows\pss\Compaq Connections.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Compaq Connections\\5577497\\Program\\Compaq Connections.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"=
"c:\\Program Files\\Common Files\\AOL\\1153956942\\EE\\AOLServiceHost.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\America Online 9.0\\aol.exe"=
"c:\\Program Files\\Logitech\\Video\\Launcher.exe"=
"c:\\Program Files\\RockWare\\LogPlot2005\\LP2005.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\Mudlogging Systems\\MControl\\ver2-6-3\\mcontrol.exe"=
"c:\\Program Files\\Common Files\\AOL\\1153956942\\EE\\aolsoftware.exe"=
"c:\\WINDOWS\\system32\\fxsclnt.exe"=
"c:\\Program Files\\Safeworld PC Surveillance\\SafeWorld.exe"=
"c:\\Program Files\\RockWare\\LogPlot7\\LogPlot7.exe"=
"c:\\Program Files\\PC-Linq\\Mdi.exe"=
"c:\\Program Files\\Windows Defender\\MSASCui.exe"=
"c:\\Program Files\\ABBYY FineReader 5.0 Sprint\\Sprint.exe"=
"c:\\Program Files\\Mudlogging Systems\\MControl\\ver2-6-3\\putty.exe"=
"c:\\Documents and Settings\\Compaq_Owner\\Application Data\\mjusbsp\\magicJack.exe"=
"c:\\Program Files\\Mudlogging Systems\\MControl\\ver2-6-3\\gzip32.exe"=
"c:\\Program Files\\Mudlogging Systems\\MControl\\ver2-6-3\\pkzip25.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2/6/2009 10:58 AM 64160]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [1/18/2009 4:34 PM 1028432]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [9/12/2007 10:21 AM 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [10/10/2007 4:05 PM 47640]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
R3 PCD5SRVC{085326CB-51A3560A-05010003};PCD5SRVC{085326CB-51A3560A-05010003} - PCDR Kernel Mode Service Helper Driver;c:\progra~1\PC-DOC~1\PCD5SRVC.pkms [9/8/2005 2:23 AM 21120]
S3 DPCNET5U;Satellite USB Driver;c:\windows\system32\DRIVERS\dpcnet5u.sys --> c:\windows\system32\DRIVERS\dpcnet5u.sys [?]
S3 SWNC8U56;Sierra reƖ MUX NDIS Driver (UMTS56);c:\windows\system32\drivers\swnc8u56.sys [6/27/2007 10:41 AM 101248]
S3 SWUMX56;Sierra reƖ USB MUX Driver (UMTS56);c:\windows\system32\drivers\swumx56.sys [6/27/2007 10:42 AM 73856]
S3 Wdm1;USB Bridge Cable Driver;c:\windows\system32\drivers\usbbc.sys [3/21/2007 11:27 PM 15576]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]
.
Contents of the 'Scheduled Tasks' folder

2009-09-28 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 15:00]

2009-09-29 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-01-10 20:42]

2006-02-12 c:\windows\Tasks\Easy Internet Sign-up.job
- c:\program files\Hewlett-Packard\SDP\HPSdpApp.exe [2005-09-09 03:23]

2009-09-30 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 00:20]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uDefault_Search_URL = [You must be registered and logged in to see this link.]
uSearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
mSearch Bar = [You must be registered and logged in to see this link.]
uInternet Connection Wizard,ShellNext = [You must be registered and logged in to see this link.]
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
IE: &AOL Toolbar search - c:\program files\AOL Toolbar\toolbar.dll/SEARCH.HTML
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
Trusted Zone: internet
Trusted Zone: mcafee.com
Trusted Zone: sd61.bc.ca\[You must be registered and logged in to see this link.]
.
- - - - ORPHANS REMOVED - - - -

SafeBoot-mcmscsvc
SafeBoot-MCODS
AddRemove-AOLAntivirus - c:\program files\mcafee.com\antivirus\uninst.exe
AddRemove-Malwarebytes' Anti-Malware_is1 - c:\program files\Malwarebytes' Anti-Malware\unins000.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2009-09-30 17:33
Windows 5.1.2600 Service Pack 3 NTFS

scanning hȋdden processes ...

scanning hȋdden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXCFCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXCFtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hȋdden files ...

scan completed successfully
hȋdden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\PCD5SRVC{085326CB-51A3560A-05010003}]
"ImagePath"="\??\c:\progra~1\PC-DOC~1\PCD5SRVC.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(732)
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\LMIinit.dll
c:\windows\system32\LMIRfsClientNP.dll

- - - - - - - > 'lsass.exe'(796)
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(2968)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\LMIRfsClientNP.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\program files\Common Files\AOL\ACS\AOLacsd.exe
c:\program files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
c:\program files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\LogMeIn\x86\ramaint.exe
c:\program files\LogMeIn\x86\LogMeIn.exe
c:\program files\LogMeIn\x86\LMIGuardian.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\progra~1\WinZip\WZQKPICK.EXE
c:\program files\Lexmark 1200 Series\lxczbmon.exe
c:\windows\system32\wdfmgr.exe
c:\program files\LogMeIn\x86\LMIGuardian.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-09-30 17:45 - machine was rebooted
ComboFix-quarantined-files.txt 2009-09-30 22:44

Pre-Run: 124,340,019,200 bytes free
Post-Run: 129,619,247,104 bytes free

257 --- E O F --- 2009-08-14 03:25

wooowooo
Intermediate
Intermediate

Status :
Online
Offline

Posts : 80
Joined : 2009-09-30
OS : xp

View user profile

Back to top Go down

Re: Need Help-ERROR-Starting on Demand Scanner

Post by wooowooo on Sat Oct 03, 2009 1:46 am

Can anyone help me with this, Please? Thank you in advance!

wooowooo
Intermediate
Intermediate

Status :
Online
Offline

Posts : 80
Joined : 2009-09-30
OS : xp

View user profile

Back to top Go down

Re: Need Help-ERROR-Starting on Demand Scanner

Post by Belahzur on Sat Oct 03, 2009 5:02 pm

Please download and run this tool.

Download Malwarebytes' Anti-Malware from [You must be registered and logged in to see this link.]

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Need Help-ERROR-Starting on Demand Scanner

Post by wooowooo on Sat Oct 03, 2009 9:05 pm

Thank you for helping, I was hoping you would notice this post. I will be at work tomarrow morning and can post the log. Thank you so much!

wooowooo
Intermediate
Intermediate

Status :
Online
Offline

Posts : 80
Joined : 2009-09-30
OS : xp

View user profile

Back to top Go down

Re: Need Help-ERROR-Starting on Demand Scanner

Post by wooowooo on Sun Oct 04, 2009 9:34 pm

Malwarebytes' Anti-Malware 1.41
Database version: 2892
Windows 5.1.2600 Service Pack 3

10/2/2009 8:43:57 PM
mbam-log-2009-10-02 (20-43-57).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 212822
Time elapsed: 4 hour(s), 43 minute(s), 15 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP1119\A0132404.sys (Worm.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP1119\A0132517.sys (Worm.Agent) -> Quarantined and deleted successfully.

wooowooo
Intermediate
Intermediate

Status :
Online
Offline

Posts : 80
Joined : 2009-09-30
OS : xp

View user profile

Back to top Go down

Re: Need Help-ERROR-Starting on Demand Scanner

Post by Belahzur on Sun Oct 04, 2009 10:58 pm

You aren't running Anti Virus Software

Please install Avira antivirus otherwise you won't be protected.

1) [You must be registered and logged in to see this link.]
-Free anti-virus software for Windows.
-Detects and removes more than 50,000 viruses. Free support.

It is strongly recommended that you run only one antivirus program at a time. Having more than one antivirus program active in memory uses additional resources and can result in program conflicts and false virus alerts.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Need Help-ERROR-Starting on Demand Scanner

Post by wooowooo on Sun Oct 04, 2009 11:52 pm

At the time I ran the Malbyte software the virus would not let me install the Mcaffe back on the computer, since then I have installed avg.

wooowooo
Intermediate
Intermediate

Status :
Online
Offline

Posts : 80
Joined : 2009-09-30
OS : xp

View user profile

Back to top Go down

Re: Need Help-ERROR-Starting on Demand Scanner

Post by wooowooo on Sun Oct 04, 2009 11:55 pm

It is still redirecting my search results from google. Thanks.

wooowooo
Intermediate
Intermediate

Status :
Online
Offline

Posts : 80
Joined : 2009-09-30
OS : xp

View user profile

Back to top Go down

Re: Need Help-ERROR-Starting on Demand Scanner

Post by Belahzur on Mon Oct 05, 2009 12:10 am

Hello.
Please re-run Combofix so we have a new updated log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Need Help-ERROR-Starting on Demand Scanner

Post by wooowooo on Mon Oct 05, 2009 12:45 am

ComboFix 09-10-04.01 - Compaq_Owner 10/04/2009 19:32.3.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.958.442 [GMT -5:00]
Running from: c:\documents and settings\Compaq_Owner\Desktop\David D. Womack\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

Infected copy of c:\windows\system32\drivers\atapi.sys was found and disinfected
Kitty ate it Smile
.
((((((((((((((((((((((((( Files Created from 2009-09-05 to 2009-10-05 )))))))))))))))))))))))))))))))
.

2009-10-01 12:13 . 2009-10-04 18:17 -------- d-----w- C:\$AVG8.VAULT$
2009-10-01 11:10 . 2009-10-01 11:10 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-10-01 11:10 . 2009-10-01 11:10 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-10-01 11:09 . 2009-10-01 11:09 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-10-01 11:09 . 2009-10-01 11:09 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-10-01 11:07 . 2009-10-04 23:42 -------- d-----w- c:\windows\system32\drivers\Avg
2009-10-01 11:07 . 2009-10-01 11:17 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2009-10-01 11:05 . 2009-10-01 11:05 -------- d-----w- c:\program files\AVG
2009-10-01 11:05 . 2009-10-02 14:42 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-10-01 02:18 . 2009-10-01 02:18 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\AVG8
2009-09-30 22:56 . 2009-09-30 22:56 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\Malwarebytes
2009-09-30 22:56 . 2009-09-10 19:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-30 22:56 . 2009-09-10 19:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-30 21:57 . 2009-09-30 21:57 -------- d-----w- c:\program files\McAfee.com
2009-09-30 21:57 . 2009-09-30 21:57 -------- d-----w- c:\program files\Common Files\McAfee
2009-09-30 21:57 . 2009-10-01 03:43 -------- d-----w- c:\program files\McAfee
2009-09-30 21:23 . 2009-09-30 21:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-09-30 21:23 . 2009-09-30 22:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-13 02:59 . 2009-09-13 02:59 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\ICS

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-04 05:00 . 2007-10-10 21:04 -------- d-----w- c:\program files\LogMeIn
2009-10-03 09:59 . 2007-10-10 21:05 83288 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2009-10-03 09:59 . 2007-10-10 21:05 28984 ----a-w- c:\windows\system32\LMIport.dll
2009-10-03 09:59 . 2007-10-10 21:05 87352 ----a-w- c:\windows\system32\LMIinit.dll
2009-09-30 21:43 . 2006-11-11 00:56 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-09-29 17:57 . 2006-12-20 04:46 -------- d-----w- c:\program files\Lexmark 1200 Series
2009-09-21 15:02 . 2009-02-06 16:51 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-09-18 12:50 . 2006-07-22 22:48 -------- d-----w- c:\program files\Lx_cats
2009-09-08 01:40 . 2007-10-02 21:51 11552 ----a-w- c:\windows\system32\lmimirr2.dll
2009-09-08 01:40 . 2007-10-02 21:51 25248 ----a-w- c:\windows\system32\lmimirr.dll
2009-08-11 19:52 . 2008-08-29 11:48 -------- d-----w- c:\documents and settings\LocalService\Application Data\SACore
2009-08-05 09:01 . 2004-08-04 12:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-17 19:01 . 2004-08-04 12:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-16 17:32 . 2009-08-15 14:57 120136 ----a-w- c:\windows\system32\drivers\Mpfp.sys
2009-07-15 02:31 . 2006-02-12 21:46 55632 -c--a-w- c:\documents and settings\Compaq_Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-08 18:44 . 2009-07-08 18:44 214024 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2009-07-08 18:44 . 2006-11-30 05:07 40552 ----a-w- c:\windows\system32\drivers\mfesmfk.sys
2009-07-08 18:44 . 2006-11-30 05:07 35272 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2009-07-08 18:44 . 2006-11-30 05:07 79816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2009-07-08 18:43 . 2006-11-30 05:07 34248 ----a-w- c:\windows\system32\drivers\mferkdk.sys
.

((((((((((((((((((((((((((((( [You must be registered and logged in to see this link.] )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-10-10 21:05 . 2009-10-03 09:59 47416 c:\windows\system32\spool\prtprocs\w32x86\LMIproc.dll
- 2007-10-10 21:05 . 2009-09-08 01:41 47416 c:\windows\system32\spool\prtprocs\w32x86\LMIproc.dll
+ 2007-10-10 21:05 . 2009-10-03 09:59 52536 c:\windows\system32\spool\drivers\w32x86\LMIprinterui.dll
- 2007-10-10 21:05 . 2009-09-08 01:40 52536 c:\windows\system32\spool\drivers\w32x86\LMIprinterui.dll
- 2007-10-10 21:05 . 2009-09-08 01:40 52536 c:\windows\system32\spool\drivers\w32x86\LMIprinterdat.dll
+ 2007-10-10 21:05 . 2009-10-03 09:59 52536 c:\windows\system32\spool\drivers\w32x86\LMIprinterdat.dll
- 2007-10-10 21:05 . 2009-09-08 01:40 40248 c:\windows\system32\spool\drivers\w32x86\LMIprinter.dll
+ 2007-10-10 21:05 . 2009-10-03 09:59 40248 c:\windows\system32\spool\drivers\w32x86\LMIprinter.dll
+ 2007-10-10 21:05 . 2009-10-03 09:59 52536 c:\windows\system32\spool\drivers\w32x86\3\LMIprinterui.dll
- 2007-10-10 21:05 . 2009-09-08 01:40 52536 c:\windows\system32\spool\drivers\w32x86\3\LMIprinterui.dll
+ 2007-10-10 21:05 . 2009-10-03 09:59 52536 c:\windows\system32\spool\drivers\w32x86\3\LMIprinterdat.dll
- 2007-10-10 21:05 . 2009-09-08 01:40 52536 c:\windows\system32\spool\drivers\w32x86\3\LMIprinterdat.dll
- 2007-10-10 21:05 . 2009-09-08 01:40 40248 c:\windows\system32\spool\drivers\w32x86\3\LMIprinter.dll
+ 2007-10-10 21:05 . 2009-10-03 09:59 40248 c:\windows\system32\spool\drivers\w32x86\3\LMIprinter.dll
+ 2004-08-04 12:00 . 2008-04-13 18:40 96512 c:\windows\system32\dllcache\atapi.sys
+ 2005-06-25 05:32 . 2009-10-04 21:45 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2005-06-25 05:32 . 2009-09-30 22:32 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2005-06-24 22:25 . 2009-10-04 21:45 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2005-06-24 22:25 . 2009-09-30 22:32 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2005-06-24 22:25 . 2009-09-30 22:32 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2005-06-24 22:25 . 2009-10-04 21:45 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2006-07-21 21:06 . 2009-08-28 19:38 24689600 c:\windows\system32\MRT.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1090816]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-07-24 14:55 1090816 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1090816]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1090816]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AOL Fast Start"="c:\program files\America Online 9.0\AOL.EXE" [2005-07-12 50776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LXCFCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXCFtime.dll" [2005-07-20 73728]
"Lexmark 1200 Series"="c:\program files\Lexmark 1200 Series\lxczbmgr.exe" [2006-03-16 57344]
"HostManager"="c:\program files\Common Files\AOL\1153956942\ee\AOLSoftware.exe" [2008-06-24 41824]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2007-09-12 63048]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-09-21 520024]
"PCDrSmartMonitor"="c:\program files\PC-Doctor 5 for Windows\PcdSmartMonitor.exe" [2005-09-08 299008]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-10-01 2007832]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]

c:\documents and settings\Default User\Start Menu\Programs\Startup\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2005-11-12 27136]

c:\documents and settings\LogMeInRemoteUser\Start Menu\Programs\Startup\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2005-11-12 27136]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2006-7-24 122880]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-10-01 11:10 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2009-10-03 09:59 87352 ----a-w- c:\windows\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Compaq Connections.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Compaq Connections.lnk
backup=c:\windows\pss\Compaq Connections.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Compaq Connections\\5577497\\Program\\Compaq Connections.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"=
"c:\\Program Files\\Common Files\\AOL\\1153956942\\EE\\AOLServiceHost.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\America Online 9.0\\aol.exe"=
"c:\\Program Files\\Logitech\\Video\\Launcher.exe"=
"c:\\Program Files\\RockWare\\LogPlot2005\\LP2005.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\Mudlogging Systems\\MControl\\ver2-6-3\\mcontrol.exe"=
"c:\\Program Files\\Common Files\\AOL\\1153956942\\EE\\aolsoftware.exe"=
"c:\\WINDOWS\\system32\\fxsclnt.exe"=
"c:\\Program Files\\Safeworld PC Surveillance\\SafeWorld.exe"=
"c:\\Program Files\\RockWare\\LogPlot7\\LogPlot7.exe"=
"c:\\Program Files\\PC-Linq\\Mdi.exe"=
"c:\\Program Files\\Windows Defender\\MSASCui.exe"=
"c:\\Program Files\\ABBYY FineReader 5.0 Sprint\\Sprint.exe"=
"c:\\Program Files\\Mudlogging Systems\\MControl\\ver2-6-3\\putty.exe"=
"c:\\Documents and Settings\\Compaq_Owner\\Application Data\\mjusbsp\\magicJack.exe"=
"c:\\Program Files\\Mudlogging Systems\\MControl\\ver2-6-3\\gzip32.exe"=
"c:\\Program Files\\Mudlogging Systems\\MControl\\ver2-6-3\\pkzip25.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2/6/2009 10:58 AM 64160]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [10/1/2009 6:09 AM 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [10/1/2009 6:10 AM 108552]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [10/1/2009 6:05 AM 297752]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [1/18/2009 4:34 PM 1028432]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [9/12/2007 10:21 AM 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [10/10/2007 4:05 PM 47640]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
S3 DPCNET5U;Satellite USB Driver;c:\windows\system32\DRIVERS\dpcnet5u.sys --> c:\windows\system32\DRIVERS\dpcnet5u.sys [?]
S3 PCD5SRVC{085326CB-51A3560A-05010003};PCD5SRVC{085326CB-51A3560A-05010003} - PCDR Kernel Mode Service Helper Driver;c:\progra~1\PC-DOC~1\PCD5SRVC.pkms [9/8/2005 2:23 AM 21120]
S3 SWNC8U56;Sierra Wireless MUX NDIS Driver (UMTS56);c:\windows\system32\drivers\swnc8u56.sys [6/27/2007 10:41 AM 101248]
S3 SWUMX56;Sierra Wireless USB MUX Driver (UMTS56);c:\windows\system32\drivers\swumx56.sys [6/27/2007 10:42 AM 73856]
S3 Wdm1;USB Bridge Cable Driver;c:\windows\system32\drivers\usbbc.sys [3/21/2007 11:27 PM 15576]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]
.
Contents of the 'Scheduled Tasks' folder

2009-10-02 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 15:00]

2009-09-29 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-01-10 20:42]

2006-02-12 c:\windows\Tasks\Easy Internet Sign-up.job
- c:\program files\Hewlett-Packard\SDP\HPSdpApp.exe [2005-09-09 03:23]

2009-10-05 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 00:20]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uDefault_Search_URL = [You must be registered and logged in to see this link.]
uSearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
mSearch Bar = [You must be registered and logged in to see this link.]
uInternet Connection Wizard,ShellNext = [You must be registered and logged in to see this link.]
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
IE: &AOL Toolbar search - c:\program files\AOL Toolbar\toolbar.dll/SEARCH.HTML
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
Trusted Zone: internet
Trusted Zone: mcafee.com
Trusted Zone: sd61.bc.ca\[You must be registered and logged in to see this link.]
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2009-10-04 19:40
Windows 5.1.2600 Service Pack 3 NTFS

scanning hȋdden processes ...

scanning hȋdden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXCFCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXCFtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hȋdden files ...

scan completed successfully
hȋdden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\PCD5SRVC{085326CB-51A3560A-05010003}]
"ImagePath"="\??\c:\progra~1\PC-DOC~1\PCD5SRVC.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(756)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\LMIinit.dll
c:\windows\system32\LMIRfsClientNP.dll
.
Completion time: 2009-10-05 19:42
ComboFix-quarantined-files.txt 2009-10-05 00:42
ComboFix2.txt 2009-10-03 02:33
ComboFix3.txt 2009-09-30 22:45

Pre-Run: 129,032,429,568 bytes free
Post-Run: 129,024,135,168 bytes free

254 --- E O F --- 2009-08-14 03:25

wooowooo
Intermediate
Intermediate

Status :
Online
Offline

Posts : 80
Joined : 2009-09-30
OS : xp

View user profile

Back to top Go down

Re: Need Help-ERROR-Starting on Demand Scanner

Post by wooowooo on Mon Oct 05, 2009 1:14 am

Things seem better now with internet explorer, how does the log look? Would you recommend me use Mcaffe or Antivir PersonalEditionClassic?
Thanks!

wooowooo
Intermediate
Intermediate

Status :
Online
Offline

Posts : 80
Joined : 2009-09-30
OS : xp

View user profile

Back to top Go down

Re: Need Help-ERROR-Starting on Demand Scanner

Post by Belahzur on Mon Oct 05, 2009 4:57 pm

Hello.
A patched file was causing the problem, which has been fȋxed now.

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /u



This will also reset your restore points.

How is the machine running now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Need Help-ERROR-Starting on Demand Scanner

Post by wooowooo on Mon Oct 05, 2009 7:53 pm

Much better, thank you so much!

wooowooo
Intermediate
Intermediate

Status :
Online
Offline

Posts : 80
Joined : 2009-09-30
OS : xp

View user profile

Back to top Go down

Re: Need Help-ERROR-Starting on Demand Scanner

Post by wooowooo on Mon Oct 05, 2009 11:07 pm

Would you recommend me use Mcaffe or Antivir PersonalEditionClassic?

wooowooo
Intermediate
Intermediate

Status :
Online
Offline

Posts : 80
Joined : 2009-09-30
OS : xp

View user profile

Back to top Go down

Re: Need Help-ERROR-Starting on Demand Scanner

Post by Belahzur on Tue Oct 06, 2009 9:00 pm

Avira. Smile


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum