Cant run anti-virus

View previous topic View next topic Go down

Cant run anti-virus

Post by bloodshed on 3rd October 2009, 12:33 am

Wifes comp has a program called b.exe that keeps running and trying to access the internet. Has also disabled the task manager and wont let any anti-virus run. I had help before with my comp, so i ran system look to see if anything should be deleted. here it is....

SystemLook v1.0 by jpshortstuff (29.08.09)
Log created at 20:28 on 02/10/2009 by Heather (Administrator - Elevation successful)

========== filefind ==========

Searching for "scecli.dll"
C:\Windows\System32\scecli.dll --a--- 177152 bytes [02:24 21/01/2008] [02:24 21/01/2008] 28B84EB538F7E8A0FE8B9299D591E0B9
C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll --a--- 177152 bytes [02:24 21/01/2008] [02:24 21/01/2008] 28B84EB538F7E8A0FE8B9299D591E0B9

Searching for "netlogon.dll"
C:\Windows\System32\netlogon.dll --a--- 592384 bytes [02:24 21/01/2008] [02:24 21/01/2008] A8EFC0B6E75B789F7FD3BA5025D4E37F
C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll --a--- 592384 bytes [02:24 21/01/2008] [02:24 21/01/2008] A8EFC0B6E75B789F7FD3BA5025D4E37F

Searching for "eventlog.dll"
C:\Program Files\CyberLink\PowerDirector\EventLog.dll ------ 7216 bytes [04:34 18/05/2007] [04:34 18/05/2007] C2A279A458A06DE2C83D842AA042B5A8

-=End Of File=-

bloodshed
Novice
Novice

Posts Posts : 18
Joined Joined : 2009-08-17
OS OS : XPHome
Points Points : 26742
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Cant run anti-virus

Post by Dr Jay on 3rd October 2009, 1:37 am

Hi

Please download ComboFix by sUBs
[You must be registered and logged in to see this link.] or [You must be registered and logged in to see this link.]

Please save the file to your Desktop, but rename it first:




Important information about ComboFix

Before the download:
  • Please copy and paste these instructions to Notepad and save to your Desktop, or print them - for easier access.
  • It is important to rename ComboFix before the download.
  • Please do not rename ComboFix to other names, but only the one indicated.

After the download:
  • Close any open browsers.
  • Very Important: Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". [You must be registered and logged in to see this link.] if you don't know how.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until ComboFix has completely finished.
  • If there is no Internet connection after running ComboFix, then restart your computer to restore back your connection.

Running ComboFix:
  • Double click on svchost.exe & follow the prompts.
  • It will attempt to install the Recovery Console:




  • When ComboFix finishes, it will produce a report for you.
  • Please post the "C:\Combo-Fix.txt" in your next reply.


Troubleshooting ComboFix

Safe Mode:

If you still cannot get ComboFix to run, try booting into Safe Mode, and run it there.

(To boot into Safe Mode, tap F8 after BIOS, and just before the Windows
logo appears. A list of options will appear, select "Safe Mode.")

Re-downloading:

If this doesn't work either, try the same method (above method), but try to download it again, except name
ComboFix.exe to iexplore.exe, explorer.exe, or winlogon.exe.

Malware is known for blocking all "user" processes, except for its whitelist of system important processes such as iexplore.exe, explorer.exe, winlogon.exe.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14310
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302971
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Cant run anti-virus

Post by bloodshed on 3rd October 2009, 2:53 am

ComboFix 09-10-01.05 - whos the b**** now 10/02/2009 22:19.2.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.608 [GMT -4:00]
Running from: c:\documents and settings\whos the b**** now\Desktop\Combo-Fix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.
ADS - system32: deleted 40 bytes in 1 streams.
ADS - WINDOWS: deleted 24 bytes in 1 streams.
/wow section - STAGE 10
Access is denied.


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\-1259416312
c:\documents and settings\whos the b**** now\Application Data\inst.exe
c:\recycler\NPROTECT\00000000.DAT
c:\recycler\NPROTECT\00000001.DAT
c:\recycler\NPROTECT\00000002
c:\recycler\NPROTECT\00000003
c:\recycler\NPROTECT\00000004
c:\recycler\NPROTECT\00000005
c:\recycler\NPROTECT\00000006
c:\recycler\NPROTECT\00000007
c:\recycler\NPROTECT\00000009
c:\recycler\NPROTECT\00000011
c:\recycler\NPROTECT\00000012
c:\recycler\NPROTECT\00000013
c:\recycler\NPROTECT\00000014
c:\recycler\NPROTECT\00000016
c:\recycler\NPROTECT\00000017
c:\recycler\NPROTECT\00000019.DAT
c:\recycler\NPROTECT\00000020
c:\recycler\NPROTECT\00000021
c:\recycler\NPROTECT\00000022
c:\recycler\NPROTECT\00000023
c:\recycler\NPROTECT\00000024
c:\recycler\NPROTECT\00000025
c:\recycler\NPROTECT\00000026
c:\recycler\NPROTECT\00000028
c:\recycler\NPROTECT\00000029.DAT
c:\recycler\NPROTECT\00000030
c:\recycler\NPROTECT\00000031
c:\recycler\NPROTECT\00000032
c:\recycler\NPROTECT\00000033
c:\recycler\NPROTECT\00000034
c:\recycler\NPROTECT\00000035
c:\recycler\NPROTECT\00000036
c:\recycler\NPROTECT\00000037
c:\recycler\NPROTECT\00000038
c:\recycler\NPROTECT\00000039
c:\recycler\NPROTECT\00000040
c:\recycler\NPROTECT\00000041
c:\recycler\NPROTECT\00000042
c:\recycler\NPROTECT\00000043
c:\recycler\NPROTECT\00000044
c:\recycler\NPROTECT\00000045
c:\recycler\NPROTECT\00000047
c:\recycler\NPROTECT\00000048
c:\recycler\NPROTECT\00000049
c:\recycler\NPROTECT\00000052
c:\recycler\NPROTECT\00000053
c:\recycler\NPROTECT\00000054
c:\recycler\NPROTECT\00000055
c:\recycler\NPROTECT\00000056
c:\recycler\NPROTECT\00000057
c:\recycler\NPROTECT\00000058
c:\recycler\NPROTECT\00000059
c:\recycler\NPROTECT\00000060
c:\recycler\NPROTECT\00000062
c:\recycler\NPROTECT\00000063
c:\recycler\NPROTECT\00000064
c:\recycler\NPROTECT\00000065

bloodshed
Novice
Novice

Posts Posts : 18
Joined Joined : 2009-08-17
OS OS : XPHome
Points Points : 26742
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Cant run anti-virus

Post by bloodshed on 3rd October 2009, 2:53 am

c:\recycler\NPROTECT\00000066
c:\recycler\NPROTECT\00000067
c:\recycler\NPROTECT\00000069
c:\recycler\NPROTECT\00000071
c:\recycler\NPROTECT\00000072
c:\recycler\NPROTECT\00000073
c:\recycler\NPROTECT\00000075
c:\recycler\NPROTECT\00000076
c:\recycler\NPROTECT\00000077
c:\recycler\NPROTECT\00000078
c:\recycler\NPROTECT\00000079
c:\recycler\NPROTECT\00000080
c:\recycler\NPROTECT\00000081
c:\recycler\NPROTECT\00000082
c:\recycler\NPROTECT\00000085
c:\recycler\NPROTECT\00000086
c:\recycler\NPROTECT\00000087
c:\recycler\NPROTECT\00000088
c:\recycler\NPROTECT\00000090
c:\recycler\NPROTECT\00000091
c:\recycler\NPROTECT\00000092
c:\recycler\NPROTECT\00000094
c:\recycler\NPROTECT\00000095
c:\recycler\NPROTECT\00000096
c:\recycler\NPROTECT\00000097
c:\recycler\NPROTECT\00000098
c:\recycler\NPROTECT\00000101
c:\recycler\NPROTECT\00000102
c:\recycler\NPROTECT\00000103
c:\recycler\NPROTECT\00000104
c:\recycler\NPROTECT\00000105
c:\recycler\NPROTECT\00000106
c:\recycler\NPROTECT\00000107
c:\recycler\NPROTECT\00000108
c:\recycler\NPROTECT\00000109
c:\recycler\NPROTECT\00000111
c:\recycler\NPROTECT\00000112
c:\recycler\NPROTECT\00000113
c:\recycler\NPROTECT\00000115
c:\recycler\NPROTECT\00000116
c:\recycler\NPROTECT\00000117
c:\recycler\NPROTECT\00000118
c:\recycler\NPROTECT\00000120
c:\recycler\NPROTECT\00000121
c:\recycler\NPROTECT\00000122
c:\recycler\NPROTECT\00000123
c:\recycler\NPROTECT\00000124
c:\recycler\NPROTECT\00000125
c:\recycler\NPROTECT\00000127
c:\recycler\NPROTECT\00000128
c:\recycler\NPROTECT\00000129
c:\recycler\NPROTECT\00000130
c:\recycler\NPROTECT\00000131
c:\recycler\NPROTECT\00000133
c:\recycler\NPROTECT\00000134
c:\recycler\NPROTECT\00000135
c:\recycler\NPROTECT\00000136
c:\recycler\NPROTECT\00000137
c:\recycler\NPROTECT\00000138
c:\recycler\NPROTECT\00000139
c:\recycler\NPROTECT\00000140
c:\recycler\NPROTECT\00000141
c:\recycler\NPROTECT\00000142
c:\recycler\NPROTECT\00000143
c:\recycler\NPROTECT\00000147
c:\recycler\NPROTECT\00000148.dat
c:\recycler\NPROTECT\00000149.dat
c:\recycler\NPROTECT\00000150
c:\recycler\NPROTECT\00000151
c:\recycler\NPROTECT\00000152
c:\recycler\NPROTECT\00000153
c:\recycler\NPROTECT\00000154
c:\recycler\NPROTECT\00000155
c:\recycler\NPROTECT\00000156
c:\recycler\NPROTECT\00000157
c:\recycler\NPROTECT\00000159
c:\recycler\NPROTECT\00000161.dat
c:\recycler\NPROTECT\00000163
c:\recycler\NPROTECT\00000164.bat
c:\recycler\NPROTECT\00000165
c:\recycler\NPROTECT\00000166
c:\recycler\NPROTECT\00000167
c:\recycler\NPROTECT\00000168
c:\recycler\NPROTECT\00000169
c:\recycler\NPROTECT\00000170
c:\recycler\NPROTECT\00000172
c:\recycler\NPROTECT\00000173
c:\recycler\NPROTECT\00000175
c:\recycler\NPROTECT\00000176
c:\recycler\NPROTECT\00000177
c:\recycler\NPROTECT\00000180
c:\recycler\NPROTECT\00000181
c:\recycler\NPROTECT\00000182
c:\recycler\NPROTECT\00000183
c:\recycler\NPROTECT\00000184
c:\recycler\NPROTECT\00000185
c:\recycler\NPROTECT\00000186
c:\recycler\NPROTECT\00000188
c:\recycler\NPROTECT\00000189
c:\recycler\NPROTECT\00000190
c:\recycler\NPROTECT\00000191
c:\recycler\NPROTECT\00000192
c:\recycler\NPROTECT\00000193
c:\recycler\NPROTECT\00000194
c:\recycler\NPROTECT\00000195
c:\recycler\NPROTECT\00000196
c:\recycler\NPROTECT\00000197
c:\recycler\NPROTECT\00000198
c:\recycler\NPROTECT\00000199
c:\recycler\NPROTECT\00000200
c:\recycler\NPROTECT\00000201
c:\recycler\NPROTECT\00000202
c:\recycler\NPROTECT\00000203
c:\recycler\NPROTECT\00000204
c:\recycler\NPROTECT\00000205
c:\recycler\NPROTECT\00000206
c:\recycler\NPROTECT\00000207
c:\recycler\NPROTECT\00000208
c:\recycler\NPROTECT\00000209
c:\recycler\NPROTECT\00000210
c:\recycler\NPROTECT\00000211
c:\recycler\NPROTECT\00000212
c:\recycler\NPROTECT\00000213
c:\recycler\NPROTECT\00000214
c:\recycler\NPROTECT\00000216
c:\recycler\NPROTECT\00000217
c:\recycler\NPROTECT\00000218
c:\recycler\NPROTECT\00000219
c:\recycler\NPROTECT\00000222
c:\recycler\NPROTECT\00000225
c:\recycler\NPROTECT\00000226
c:\recycler\NPROTECT\00000227
c:\recycler\NPROTECT\00000228
c:\recycler\NPROTECT\00000229
c:\recycler\NPROTECT\00000230
c:\recycler\NPROTECT\00000231
c:\recycler\NPROTECT\00000232.dat
c:\recycler\NPROTECT\00000233
c:\recycler\NPROTECT\00000235
c:\recycler\NPROTECT\00000236
c:\recycler\NPROTECT\00000237
c:\recycler\NPROTECT\00000238
c:\recycler\NPROTECT\00000239.bad
c:\recycler\NPROTECT\00000240
c:\recycler\NPROTECT\00000241
c:\recycler\NPROTECT\00000242
c:\recycler\NPROTECT\00000243
c:\recycler\NPROTECT\00000244
c:\recycler\NPROTECT\00000250
c:\recycler\NPROTECT\00000252.md5
c:\windows\system32\_000006_.tmp.dll
c:\windows\system32\_000007_.tmp.dll
c:\windows\system32\_000008_.tmp.dll
c:\windows\system32\_000021_.tmp.dll
c:\windows\system32\_000022_.tmp.dll
c:\windows\system32\_000023_.tmp.dll
c:\windows\system32\_000024_.tmp.dll
c:\windows\system32\11478.exe
c:\windows\system32\15724.exe
c:\windows\system32\16827.exe
c:\windows\system32\18467.exe
c:\windows\system32\19169.exe
c:\windows\system32\23281.exe
c:\windows\system32\24464.exe
c:\windows\system32\26500.exe
c:\windows\system32\26962.exe
c:\windows\system32\28145.exe
c:\windows\system32\29358.exe
c:\windows\system32\41.exe
c:\windows\system32\5705.exe
c:\windows\system32\6334.exe
c:\windows\system32\config\systemprofile\Desktop\Advanced Virus Remover.lnk
c:\windows\system32\config\systemprofile\Start Menu\Advanced Virus Remover.lnk
c:\windows\system32\config\systemprofile\Start Menu\Programs\Windows Antivirus Pro
c:\windows\system32\config\systemprofile\Start Menu\Programs\Windows Antivirus Pro\Windows Antivirus Pro.lnk
c:\windows\system32\images
c:\windows\system32\images\i1.gif
c:\windows\system32\images\i2.gif
c:\windows\system32\images\i3.gif
c:\windows\system32\images\j1.gif
c:\windows\system32\images\j2.gif
c:\windows\system32\images\j3.gif
c:\windows\system32\images\jj1.gif
c:\windows\system32\images\jj2.gif
c:\windows\system32\images\jj3.gif
c:\windows\system32\images\l1.gif
c:\windows\system32\images\l2.gif
c:\windows\system32\images\l3.gif
c:\windows\system32\images\pix.gif
c:\windows\system32\images\t1.gif
c:\windows\system32\images\t2.gif
c:\windows\system32\images\up1.gif
c:\windows\system32\images\up2.gif
c:\windows\system32\images\w1.gif
c:\windows\system32\images\w11.gif
c:\windows\system32\images\w2.gif
c:\windows\system32\images\w3.gif
c:\windows\system32\images\w3.jpg
c:\windows\system32\images\wt1.gif
c:\windows\system32\images\wt2.gif
c:\windows\system32\images\wt3.gif
c:\windows\system32\mndisk.sys
c:\recycler\NPROTECT . . . . failed to delete
c:\recycler\NPROTECT\NPROTECT.LOG . . . . failed to delete

c:\windows\system32\proquota.exe . . . is missing!!

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_kbiwkmgnvwefnf
-------\Legacy_MNDISK
-------\Legacy_MYWEBSEARCHSERVICE
-------\Legacy_ZUMIESEARCH_SERVICE
-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED}
-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226EE}
-------\Service_kbiwkmgnvwefnf
-------\Service_mndisk
-------\Service_MyWebSearchService
-------\Service_ZumieSearch Service

bloodshed
Novice
Novice

Posts Posts : 18
Joined Joined : 2009-08-17
OS OS : XPHome
Points Points : 26742
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Cant run anti-virus

Post by bloodshed on 3rd October 2009, 2:54 am

((((((((((((((((((((((((( Files Created from 2009-09-03 to 2009-10-03 )))))))))))))))))))))))))))))))
.

2009-09-23 02:32 . 2009-09-23 02:32 -------- d-----w- c:\documents and settings\whos the b**** now\WINDOWS
2009-09-15 02:28 . 2009-09-15 02:28 -------- d-sh--w- c:\windows\system32\config\systemprofile\PrivacIE
2009-09-14 19:45 . 2009-09-14 19:45 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2009-09-03 19:07 . 2009-09-03 19:07 30720 ----a-w- c:\windows\system32\7EE983E52D57964A.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-03 00:54 . 2009-08-16 16:23 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-02 20:23 . 2003-12-03 15:57 -------- d-----w- c:\program files\Steam
2009-09-23 03:13 . 2006-12-19 00:31 -------- d-----w- c:\program files\Windows Media Connect 2
2009-09-15 21:37 . 2009-08-21 20:57 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-09-12 03:24 . 2009-06-02 21:58 -------- d-----w- c:\program files\uTorrent
2009-09-10 18:54 . 2009-08-19 01:51 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 01:32 . 2009-08-08 02:00 -------- d-----w- c:\documents and settings\whos the b**** now\Application Data\Vso
2009-09-09 07:20 . 2009-07-15 00:55 -------- d-----w- c:\documents and settings\whos the b**** now\Application Data\uTorrent
2009-09-03 01:38 . 2009-09-03 01:38 -------- d-----w- c:\documents and settings\whos the b**** now\Application Data\AdobeUM
2009-09-02 15:39 . 2009-09-02 15:39 43008 ----a-w- c:\windows\system32\lupgh.dll
2009-08-23 16:43 . 2009-08-23 15:05 53760 ----a-w- c:\windows\system32\drivers\WZSZXserv.sys
2009-08-23 01:06 . 2009-08-23 01:06 -------- d-----w- c:\documents and settings\All Users\Application Data\SlySoft
2009-08-23 01:02 . 2009-08-23 01:02 -------- d-----w- c:\program files\SlySoft
2009-08-23 00:57 . 2009-08-23 00:57 -------- d-----w- c:\program files\Plato DVD to AVI Converter
2009-08-22 20:26 . 2009-08-22 20:26 4212 ---ha-w- c:\windows\system32\zllictbl.dat
2009-08-22 20:26 . 2009-08-22 20:26 -------- d-----w- c:\program files\Zone Labs
2009-08-21 20:57 . 2009-08-21 20:57 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-08-21 20:57 . 2009-08-21 20:57 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-08-21 20:57 . 2009-08-21 20:57 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-08-21 20:57 . 2009-08-21 20:57 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-08-21 20:57 . 2009-08-21 20:57 -------- d-----w- c:\program files\AVG
2009-08-21 20:48 . 2007-04-06 09:41 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-08-21 20:28 . 2009-08-21 20:28 -------- d-----w- c:\documents and settings\whos the b**** now\Application Data\AVG8
2009-08-21 18:52 . 2009-08-15 02:50 -------- d-----w- c:\program files\Common Files\AVSMedia
2009-08-19 20:51 . 2009-08-19 20:52 389120 ----a-w- c:\windows\system32\CF7512.exe
2009-08-19 20:48 . 2009-08-19 20:49 389120 ----a-w- c:\windows\system32\CF6937.exe
2009-08-19 20:45 . 2009-08-19 20:45 389120 ----a-w- c:\windows\system32\CF6238.exe
2009-08-19 20:35 . 2009-08-19 20:36 389120 ----a-w- c:\windows\system32\CF4364.exe
2009-08-19 20:33 . 2009-08-19 20:33 389120 ----a-w- c:\windows\system32\CF3877.exe
2009-08-19 20:32 . 2009-08-19 20:32 389120 ----a-w- c:\windows\system32\CF3655.exe
2009-08-19 20:30 . 2009-08-19 20:31 389120 ----a-w- c:\windows\system32\CF3404.exe
2009-08-19 20:26 . 2009-08-19 20:26 389120 ----a-w- c:\windows\system32\CF2535.exe
2009-08-19 20:13 . 2009-08-19 20:13 389120 ----a-w- c:\windows\system32\CF1.exe
2009-08-19 20:02 . 2009-08-19 20:03 389120 ----a-w- c:\windows\system32\CF30656.exe
2009-08-19 20:01 . 2009-08-19 20:01 389120 ----a-w- c:\windows\system32\CF30310.exe
2009-08-19 19:59 . 2009-08-19 19:59 389120 ----a-w- c:\windows\system32\CF30013.exe
2009-08-19 19:55 . 2009-08-19 19:55 389120 ----a-w- c:\windows\system32\CF29271.exe
2009-08-19 19:54 . 2009-08-19 19:55 389120 ----a-w- c:\windows\system32\CF29124.exe
2009-08-19 19:51 . 2009-08-19 19:52 389120 ----a-w- c:\windows\system32\CF28530.exe
2009-08-19 19:50 . 2009-08-19 19:50 389120 ----a-w- c:\windows\system32\CF28239.exe
2009-08-19 13:52 . 2003-12-03 01:50 -------- d-----w- c:\program files\Trend Micro
2009-08-19 13:49 . 2009-08-19 13:49 389120 ----a-w- c:\windows\system32\CF23033.exe
2009-08-19 13:26 . 2009-08-19 13:26 389120 ----a-w- c:\windows\system32\CF18543.exe
2009-08-19 13:25 . 2009-08-19 13:25 389120 ----a-w- c:\windows\system32\CF18341.exe
2009-08-19 13:23 . 2009-08-19 13:24 389120 ----a-w- c:\windows\system32\CF18037.exe
2009-08-19 12:47 . 2009-08-19 12:47 389120 ----a-w- c:\windows\system32\CF10830.exe
2009-08-19 12:44 . 2009-08-19 12:44 389120 ----a-w- c:\windows\system32\CF10222.exe
2009-08-19 03:54 . 2009-08-19 03:55 389120 ----a-w- c:\windows\system32\CF4805.exe
2009-08-19 03:41 . 2009-08-19 03:41 -------- d-----w- c:\documents and settings\whos the b**** now\Application Data\Malwarebytes
2009-08-19 02:18 . 2009-08-19 02:19 389120 ----a-w- c:\windows\system32\CF18796.exe
2009-08-19 02:18 . 2009-08-19 02:18 389120 ----a-w- c:\windows\system32\CF18662.exe
2009-08-19 02:05 . 2009-08-19 02:05 389120 ----a-w- c:\windows\system32\CF16229.exe
2009-08-19 01:41 . 2009-08-19 01:41 389120 ----a-w- c:\windows\system32\CF11429.exe
2009-08-16 16:23 . 2009-08-16 16:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-08-16 02:35 . 2004-01-28 15:26 -------- d-----w- c:\program files\Yahoo!
2009-08-16 02:20 . 2008-03-14 05:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2009-08-15 02:51 . 2009-08-15 02:51 -------- d-----w- c:\documents and settings\whos the b**** now\Application Data\AVS4YOU
2009-08-13 07:04 . 2007-09-21 03:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-08-11 03:48 . 2009-08-11 03:48 -------- d-----w- c:\documents and settings\whos the b**** now\Application Data\Media Player Classic
2009-08-08 16:31 . 2009-08-08 16:31 -------- d-----w- c:\documents and settings\All Users\Application Data\vsosdk
2009-08-08 02:00 . 2009-08-08 02:00 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2009-08-08 02:00 . 2009-08-08 02:00 47360 ----a-w- c:\documents and settings\whos the b**** now\Application Data\pcouffin.sys
2009-08-08 02:00 . 2009-08-08 02:00 -------- d-----w- c:\program files\VSO
2009-08-08 01:15 . 2009-08-08 01:15 -------- d-----w- c:\documents and settings\whos the b**** now\Application Data\Ahead
2009-08-05 18:01 . 2009-08-05 18:01 104512 ----a-w- c:\windows\system32\drivers\AnyDVD.sys
2009-08-05 16:20 . 2009-06-24 20:53 -------- d-----w- c:\documents and settings\All Users\Application Data\myitlab
2009-08-05 09:01 . 2005-12-30 16:08 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-03 17:36 . 2009-08-19 01:51 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-02 16:04 . 2009-07-11 15:18 78200 ----a-w- c:\documents and settings\whos the b**** now\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-17 19:01 . 2003-03-31 12:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-14 18:54 . 2009-07-24 15:13 2189856 ----a-w- c:\windows\system32\nvcuvid.dll
2009-07-14 18:54 . 2009-07-24 15:13 1706528 ----a-w- c:\windows\system32\nvcuvenc.dll
2009-07-14 18:54 . 2009-07-24 15:13 2002944 ----a-w- c:\windows\system32\nvcuda.dll
2009-07-14 18:54 . 2009-07-24 15:13 1597690 ----a-w- c:\windows\system32\nvdata.bin
2009-07-14 18:54 . 2007-03-28 05:37 485920 -c--a-w- c:\windows\system32\nvudisp.exe
2009-07-14 18:54 . 2006-10-22 16:22 868352 ----a-w- c:\windows\system32\nvapi.dll
2009-07-14 18:54 . 2006-10-22 16:22 7741664 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2009-07-14 18:54 . 2006-10-22 16:22 5842816 ----a-w- c:\windows\system32\nv4_disp.dll
2009-07-14 18:54 . 2006-10-22 16:22 151552 ----a-w- c:\windows\system32\nvcodins.dll
2009-07-14 18:54 . 2006-10-22 16:22 151552 ----a-w- c:\windows\system32\nvcod.dll
2009-07-14 18:54 . 2006-10-22 16:22 10457088 ----a-w- c:\windows\system32\nvoglnt.dll
2009-07-14 17:35 . 2009-07-14 17:35 2173472 ----a-w- c:\windows\system32\nvcplui.exe
2009-07-14 17:35 . 2009-07-14 17:35 81920 ----a-w- c:\windows\system32\nvwddi.dll
2009-07-14 17:35 . 2009-07-14 17:35 4026368 ----a-w- c:\windows\system32\nvvitvs.dll
2009-07-14 17:35 . 2009-07-14 17:35 3170304 ----a-w- c:\windows\system32\nvwss.dll
2009-07-14 17:34 . 2009-07-14 17:34 86016 ----a-w- c:\windows\system32\nvmctray.dll
2009-07-14 17:34 . 2009-07-14 17:34 4923392 ----a-w- c:\windows\system32\nvdisps.dll
2009-07-14 17:34 . 2009-07-14 17:34 3547136 ----a-w- c:\windows\system32\nvgames.dll
2009-07-14 17:34 . 2009-07-14 17:34 188416 ----a-w- c:\windows\system32\nvmccss.dll
2009-07-14 17:34 . 2009-07-14 17:34 168004 ----a-w- c:\windows\system32\nvsvc32.exe
2009-07-14 17:34 . 2009-07-14 17:34 143360 ----a-w- c:\windows\system32\nvcolor.exe
2009-07-14 17:34 . 2009-07-14 17:34 13877248 ----a-w- c:\windows\system32\nvcpl.dll
2009-07-14 17:34 . 2009-07-14 17:34 1286144 ----a-w- c:\windows\system32\nvmobls.dll
2009-07-14 17:34 . 2009-07-14 17:34 229376 ----a-w- c:\windows\system32\nvmccs.dll
2009-07-14 03:43 . 2004-04-06 11:29 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-10 22:18 . 2009-05-08 06:48 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2009-07-10 11:01 . 2007-03-28 05:24 485920 ----a-w- c:\windows\system32\NVUNINST.EXE
2009-06-13 16:27 . 2006-02-09 18:04 5632 -csha-w- c:\program files\Thumbs.db
2000-06-05 21:47 . 2007-09-17 07:05 32768 -c--a-w- c:\program files\mozilla firefox\plugins\AppSub32.dll
.

------- Sigcheck -------

[7] 2008-04-14 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\eventlog.dll
[7] 2008-04-14 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\eventlog.dll
[7] 2004-08-04 . 82B24CB70E5944E6E34662205A2A5B78 . 55808 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\eventlog.dll

[7] 2008-04-14 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ctfmon.exe

c:\windows\system32\eventlog.dll ... is missing !!
c:\windows\system32\ctfmon.exe ... is missing !!
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTStartup"="c:\program files\Creative\Splash Screen\CTEaxSpl.EXE" [2001-12-20 28672]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2009-07-09 1657376]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-07-14 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-14 13877248]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-08-21 2007832]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-02-16 981384]
"7EE983E52D57964A"="c:\windows\system32\7EE983E52D57964A.exe" [2009-09-03 30720]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" - c:\windows\system32\narrator.exe [2008-04-14 53760]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)
"NoActiveDesktopChanges"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-21 20:57 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^OneNote Table Of Contents.onetoc2]
path=c:\documents and settings\Owner\Start Menu\Programs\Startup\OneNote Table Of Contents.onetoc2
backup=c:\windows\pss\OneNote Table Of Contents.onetoc2Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Java\\jre1.5.0_06\\bin\\javaw.exe"=
"c:\\StubInstaller.exe"=
"c:\\Program Files\\Java\\j2re1.4.2_04\\bin\\javaw.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\FrostWire\\FrostWire.exe"=
"c:\\Program Files\\Steam\\SteamApps\\bongreaper\\counter-strike\\hl.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Steam\\SteamApps\\bongreaper\\counter-strike source\\hl2.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\mIRC2\\mirc.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5100:TCP"= 5100:TCP:*:Disabled:webcam.yahoo.com
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [8/21/2009 4:57 PM 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [8/21/2009 4:57 PM 108552]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [8/21/2009 4:57 PM 297752]
R2 NProtectService;Norton Unerase Protection;c:\program files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE [1/19/2006 2:18 PM 135168]
S1 65ef9f3e;65ef9f3e;c:\windows\system32\drivers\65ef9f3e.sys --> c:\windows\system32\drivers\65ef9f3e.sys [?]
S3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\system32\drivers\COMMONFX.sys [7/10/2009 6:12 PM 99352]
S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.sys [7/10/2009 6:12 PM 99352]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [7/10/2009 6:19 PM 79360]
S3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\system32\drivers\CTAUDFX.sys [7/10/2009 6:12 PM 555032]
S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.sys [7/10/2009 6:12 PM 555032]
S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\system32\drivers\CTERFXFX.sys [7/10/2009 6:12 PM 100888]
S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.sys [7/10/2009 6:12 PM 100888]
S3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\system32\drivers\CTSBLFX.sys [7/10/2009 6:12 PM 566296]
S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.sys [7/10/2009 6:12 PM 566296]
S4 ASKService;ASKService;c:\program files\AskBarDis\bar\bin\AskService.exe --> c:\program files\AskBarDis\bar\bin\AskService.exe [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
DPF: Microsoft XML Parser for Java - [You must be registered and logged in to see this link.]
DPF: {5445BE81-B796-11D2-B931-002018654E2E} - [You must be registered and logged in to see this link.]
FF - ProfilePath - c:\documents and settings\whos the b**** now\Application Data\Mozilla\Firefox\Profiles\t38hce12.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - prefs.js: keyword.URL - [You must be registered and logged in to see this link.]
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPAdbESD.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NpIpx32.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npOGAPlugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npracplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\Real\RealArcade\Plugins\Mozilla\npracplug.dll
FF - hȋdden: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

bloodshed
Novice
Novice

Posts Posts : 18
Joined Joined : 2009-08-17
OS OS : XPHome
Points Points : 26742
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Cant run anti-virus

Post by bloodshed on 3rd October 2009, 2:54 am

---- FIREFOX POLICIES ----
.
- - - - ORPHANS REMOVED - - - -

BHO-{BA603215-23F2-42AD-F4E4-00AAC39CAA53} - (no file)
Toolbar-{3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\AskBarDis\bar\bin\askBar.dll
HKU-Default-Run-autochk - c:\docume~1\LOCALS~1\protect.dll
AddRemove-Ask Toolbar_is1 - c:\program files\AskBarDis\unins000.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2009-10-02 22:31
Windows 5.1.2600 Service Pack 3 NTFS

scanning hȋdden processes ...

scanning hȋdden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTStartup = c:\program files\Creative\Splash Screen\CTEaxSpl.EXE /run???h??????s?????\?w? ?w???????w???w4???????.??w4???????4???TA?s4????????&??????\??? ??? ???\???\???????????5?B~e?B~\???\???????P?`??????C@?\???\??????s????\??????s\????&??A??s?&???C@?x???`|?w\?????@

scanning hȋdden files ...

scan completed successfully
hȋdden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1715567821-746137067-1343024091-1010\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(896)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\windows\system32\ZoneLabs\vsmon.exe
c:\program files\Creative\Shared Files\CTAudSvc.exe
c:\windows\system32\MsPMSPSv.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\rundll32.exe
.
**************************************************************************
.
Completion time: 2009-10-03 22:39 - machine was rebooted
ComboFix-quarantined-files.txt 2009-10-03 02:39

Pre-Run: 10,223,755,264 bytes free
Post-Run: 10,235,547,648 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect

561 --- E O F --- 2009-10-03 02:36

bloodshed
Novice
Novice

Posts Posts : 18
Joined Joined : 2009-08-17
OS OS : XPHome
Points Points : 26742
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Cant run anti-virus

Post by Dr Jay on 3rd October 2009, 8:40 am

Hi

Re-running ComboFix to remove infections:

  1. Close any open browsers.
  2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  3. Open notepad and copy/paste the text in the quotebox below into it:

    File::
    c:\windows\system32\lupgh.dll
    c:\windows\system32\7EE983E52D57964A.exe

    Folder::
    c:\documents and settings\All Users\Application Data\vsosdk

    FCopy::
    c:\windows\ServicePackFiles\i386\eventlog.dll | C:\WINDOWS\system32\eventlog.dll
    c:\windows\ServicePackFiles\i386\ctfmon.exe | c:\windows\system32\ctfmon.exe
  4. Save this as CFScript.txt, in the same location as ComboFix.exe



  5. Referring to the picture above, drag CFScript into ComboFix.exe
  6. When finished, it shall produce a log for you at C:\ComboFix.txt
  7. Please post the contents of the log in your next reply.


==

Please download [You must be registered and logged in to see this link.] and save it to your Desktop.
  • Right-click on SpiderKill.zip and click Extract All. Follow the prompts and read carefully, to save it to your Desktop.
  • Double-click on the SpiderKill folder, and then double-click on SpiderKill.bat and follow all the prompts in the program.
  • Within a minute, it will save its log titled SpiderKill.txt. Please post that in your next reply. You may have to use two or three posts to be able to fit the information in.


==

Please include the SpiderKill and ComboFix log in your next reply.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14310
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302971
# Likes # Likes : 10

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum