GeekPolice
Welcome to GeekPolice.net!

From "wow" to "whoa" - we're teaching practical technology and helping others with tech support. Join our family here!

You are viewing the forum as a "Guest" which doesn't give you member privileges to ask questions or post comments.

Take 30 seconds to register or log in below and unlock the limitations of this website to discover new computer knowledge!

MBAM won't open and false warnings...

View previous topic View next topic Go down

MBAM won't open and false warnings...

Post by Lickumz on Thu Jan 28, 2010 7:21 pm

I keep getting this notification:

"Attention! System detected a potential hazard (TrojanSPM/LX) on your computer that may infect executable files. Your private information and PC safety is at risk. To get rid of unwanted spyware and keep your computer safe you need update your current security software. Click OK to download official intrusion system. (IDS software)"

The desktop turns white. Once it turned blue but changed back to white when I restarted the computer. I am restricted from sites such as Twitter and get this message:

"This web site is restricted based on your security preferences. (Even though I don't even know how to set my security preferences...) Your system is infected. Please activate your antivirus software."

The computer is slower. When I try to open the control panel or something like notepad I get this warning:

"Application cannot be executed. The file is infected. Please activate your antivirus sofware."

I can not open Malwarebytes so I uninstalled/reinstalled it but it doesn't work. Idk if this has anything to do with the problem but I remember getting two..files(?) One was mbam-setup and another was winlogon(?) but when I was trying to reinstall Malwarebytes I only got mbam-setup.

This all I can remember for now.

And here is the log file.

Thank you in advance. <3~

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:57:26 PM, on 1/28/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\ESTsoft\ALYac\AYServiceNt.aye
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBAgent.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\WINDOWS\system32\npkcmsvc.exe
C:\Program Files\Microsoft Dynamics - Point of Sale\Possum.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\stsystra.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\WINDOWS\system32\smss32.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Linksys\Network Storage\Network Drive Mapping Utility.exe
C:\WINDOWS\system32\drivers\svchost.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\ESTsoft\ALYac\AYAgent.aye
C:\Program Files\SoftRun\NoPhishing\NoPhishing.exe
C:\WINDOWS\system32\ctfmonnpe.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\kristin\Desktop\winlogon.scr

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\winlogon32.exe
O1 - Hosts: ::1 localhost
O1 - Hosts: 209.44.111.62 aviremover-2009.com
O1 - Hosts: 209.44.111.62 [You must be registered and logged in to see this link.]
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: SSVHelper Class - {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Network Drive Mapping Utility] "C:\Program Files\Linksys\Network Storage\Network Drive Mapping Utility.exe" Z
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [NoPhishing] C:\Program Files\SoftRun\NoPhishing\NPUpdate.exe -s
O4 - HKLM\..\Run: [ALYac] "C:\Program Files\ESTsoft\ALYac\AYUpdate.exe" /run
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [ISUSPM Startup] c:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [jahajujud] Rundll32.exe "c:\windows\system32\pebapehe.dll",a
O4 - HKLM\..\Run: [smss32.exe] C:\WINDOWS\system32\smss32.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EPSON Stylus CX7400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICDA.EXE /FU "C:\WINDOWS\TEMP\E_SE1.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [Network Drive Mapping Utility] "C:\Program Files\Linksys\Network Storage\Network Drive Mapping Utility.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [] C:\DOCUME~1\kristin\LOCALS~1\Temp\koh5te3a.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [SVCHOST.EXE] C:\WINDOWS\system32\drivers\svchost.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [LabelMaker2.0] regsvr32 C:\Program Files\Common Files\MySoftware\regdll.dll /s (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [LabelMaker2.0] regsvr32 C:\Program Files\Common Files\MySoftware\regdll.dll /s (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - [You must be registered and logged in to see this link.]
O8 - Extra context menu item: Google Sidewiki... - [You must be registered and logged in to see this link.] Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O9 - Extra button: (no name) - {08b0e5c0-4fcb-11cf-aaa5-00401c608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08b0e5c0-4fcb-11cf-aaa5-00401c608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\helper32.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\helper32.dll
O11 - Options group: [java_sun] Java (Sun)
O15 - Trusted Zone: *.hometax.go.kr
O15 - Trusted Zone: [You must be registered and logged in to see this link.]
O15 - ESC Trusted Zone: [You must be registered and logged in to see this link.]
O16 - DPF: {044123B5-35DF-4C4E-BAED-26B8ED964342} (HLiveRobotWeb Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {1A29905C-C082-11D4-9376-00AA00BFFB71} (checkVerX Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {286A75C3-11FB-4FB4-AC4A-4DD1B0750050} (INISAFEWeb6 V6 Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {39461460-2552-4D51-A062-3AB6A7B902E9} (INISAFE Updater Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {39FC0CF9-86F3-4502-B773-D16706EDEC83} (SCSK Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {53EED863-B547-40F8-B24A-2D6DE807CFE8} (Printmade Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {66413DC2-F891-40BC-822D-B7EEC8ADC281} (ProWorksGrid Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - [You must be registered and logged in to see this link.]
O16 - DPF: {6FE760D3-7851-4879-8838-62D9881D7177} (IniMasHandler Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {861EAB1D-F1FD-45FA-BA28-52595ED4B628} (axWEIK2592 Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {8FA8D5F7-7CBA-46D4-9568-68D70C5280E8} (NoPhishingX Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {95A57FEB-0909-4FEA-B819-63DA7C4D9E1E} (Printmade S 1.5.6) - [You must be registered and logged in to see this link.]
O16 - DPF: {99C709C7-4F58-46C1-855B-90213C760395} (V3D Client Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {A1D886C6-4039-4451-97A9-515F5BE5D4C2} (mkdplusCtrl Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {B0A75875-3622-48BA-B5FF-45AD77AC2D0E} (BankPayEFTCtrl Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {B9B38E70-EEF6-4E3A-AE84-DDE59A053B7C} (Daum ActiveX manager Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {CF392830-663F-11D5-89EE-000086551DF6} (PS_NTSATL Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {CFCB7308-782F-11D4-BE27-000102598CE4} (NPX Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - [You must be registered and logged in to see this link.]
O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} (NPKCX Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {D923AE0C-190D-4EDF-B07A-76AC571FBFD4} (SCSKEx Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {DC4207CE-C03E-4449-ACB1-032CA4137053} (Npz Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {e2883e8f-472f-4fb0-9522-ac9bf37916a7} - [You must be registered and logged in to see this link.]
O16 - DPF: {E78928A6-3D2A-4BF7-A100-F3FBAA351B49} (KvpIspCtlD Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {EA0995BF-45DD-4DB0-ADD5-A39C37397841} (ShbAutoTrustSite Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - [You must be registered and logged in to see this link.]
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O18 - Protocol: s-http - {D37E6C5F-1C0F-47C0-A3B6-403EEC555402} - C:\Program Files\INITECH\SHTTP\InitechSHTTPInterface.10111.dll
O20 - AppInit_DLLs: c:\windows\system32\degipeme.dll c:\windows\system32\fohavato.dll wenunuve.dll c:\windows\system32\tahisepi.dll fohomugu.dll c:\windows\system32\powenewe.dll c:\windows\system32\dibiyowa.dll c:\windows\system32\nelufuyu.dll lijohoyo.dll c:\windows\system32\zoyegetu.dll c:\windows\system32\pebapehe.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O21 - SSODL: teyekuwen - {eb55e953-626b-44ae-af2b-db244230eb1b} - c:\windows\system32\fohavato.dll (file missing)
O21 - SSODL: ravikijed - {d5f972b6-6596-4bf6-a8af-13f35fa5f54d} - c:\windows\system32\tahisepi.dll (file missing)
O21 - SSODL: buhabusow - {0d8b8726-39f7-4f48-a1c1-acae3842fb8d} - c:\windows\system32\tahisepi.dll (file missing)
O21 - SSODL: kuvewenan - {07247711-05c3-4b30-a5ac-ebb558386ce1} - c:\windows\system32\degipeme.dll (file missing)
O21 - SSODL: hukezusoh - {5db4f3b1-d4e7-45da-9b78-d25bcb6f1221} - c:\windows\system32\powenewe.dll (file missing)
O21 - SSODL: sabiyozam - {4ffddf62-5285-4cdb-bd1a-6775c06721f9} - c:\windows\system32\nelufuyu.dll (file missing)
O21 - SSODL: buziwiluh - {edd83229-7df4-4678-ae9b-e99c38466da4} - c:\windows\system32\dibiyowa.dll (file missing)
O21 - SSODL: vutebudal - {c15e99b9-5344-4776-9a81-4ad7a5702333} - c:\windows\system32\zoyegetu.dll (file missing)
O21 - SSODL: nufajewun - {de9d3477-7d40-426d-8f3f-dc79f527348e} - c:\windows\system32\pebapehe.dll
O22 - SharedTaskScheduler: mujuzedij - {eb55e953-626b-44ae-af2b-db244230eb1b} - c:\windows\system32\fohavato.dll (file missing)
O22 - SharedTaskScheduler: tokatiluy - {d5f972b6-6596-4bf6-a8af-13f35fa5f54d} - c:\windows\system32\tahisepi.dll (file missing)
O22 - SharedTaskScheduler: kupuhivus - {0d8b8726-39f7-4f48-a1c1-acae3842fb8d} - c:\windows\system32\tahisepi.dll (file missing)
O22 - SharedTaskScheduler: kupuhivus - {07247711-05c3-4b30-a5ac-ebb558386ce1} - c:\windows\system32\degipeme.dll (file missing)
O22 - SharedTaskScheduler: kupuhivus - {5db4f3b1-d4e7-45da-9b78-d25bcb6f1221} - c:\windows\system32\powenewe.dll (file missing)
O22 - SharedTaskScheduler: tokatiluy - {4ffddf62-5285-4cdb-bd1a-6775c06721f9} - c:\windows\system32\nelufuyu.dll (file missing)
O22 - SharedTaskScheduler: kupuhivus - {edd83229-7df4-4678-ae9b-e99c38466da4} - c:\windows\system32\dibiyowa.dll (file missing)
O22 - SharedTaskScheduler: kupuhivus - {c15e99b9-5344-4776-9a81-4ad7a5702333} - c:\windows\system32\zoyegetu.dll (file missing)
O22 - SharedTaskScheduler: kupuhivus - {de9d3477-7d40-426d-8f3f-dc79f527348e} - c:\windows\system32\pebapehe.dll
O23 - Service: ALYac_PZSrv - Unknown owner - C:\Program.exe (file missing)
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - C:\WINDOWS\
O23 - Service: EpsonBidirectionalAgent - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\eEBAgent.exe
O23 - Service: EpsonBidirectionalService - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: npkcmsvc - INCA Internet Co., Ltd. - C:\WINDOWS\system32\npkcmsvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Automatic Updates (wuauserv) - Unknown owner - C:\WINDOWS\
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 15880 bytes


Last edited by Lickumz on Thu Jan 28, 2010 8:26 pm; edited 1 time in total

Lickumz
Beginner
Beginner

Status :
Online
Offline

Posts : 3
Joined : 2010-01-28
OS : Windows XP
Points : 25043
# Likes : 0

View user profile

Back to top Go down

Re: MBAM won't open and false warnings...

Post by Belahzur on Thu Jan 28, 2010 7:31 pm

Hello.

  • Open HijackThis
  • Choose "Do a system scan only"
  • Check the boxes in front of these lines:


    F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\winlogon32.exe
    O1 - Hosts: ::1 localhost
    O1 - Hosts: 209.44.111.62 aviremover-2009.com
    O1 - Hosts: 209.44.111.62 [You must be registered and logged in to see this link.]
    O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
    O4 - HKLM\..\Run: [jahajujud] Rundll32.exe "c:\windows\system32\pebapehe.dll",a
    O4 - HKLM\..\Run: [smss32.exe] C:\WINDOWS\system32\smss32.exe
    O4 - HKCU\..\Run: [] C:\DOCUME~1\kristin\LOCALS~1\Temp\koh5te3a.exe
    O4 - HKCU\..\Run: [SVCHOST.EXE] C:\WINDOWS\system32\drivers\svchost.exe
    O4 - HKUS\S-1-5-18\..\RunOnce: [LabelMaker2.0] regsvr32 C:\Program Files\Common Files\MySoftware\regdll.dll /s (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\RunOnce: [LabelMaker2.0] regsvr32 C:\Program Files\Common Files\MySoftware\regdll.dll /s (User 'Default user')
    O20 - AppInit_DLLs: c:\windows\system32\degipeme.dll c:\windows\system32\fohavato.dll wenunuve.dll c:\windows\system32\tahisepi.dll fohomugu.dll c:\windows\system32\powenewe.dll c:\windows\system32\dibiyowa.dll c:\windows\system32\nelufuyu.dll lijohoyo.dll c:\windows\system32\zoyegetu.dll c:\windows\system32\pebapehe.dll
    O21 - SSODL: teyekuwen - {eb55e953-626b-44ae-af2b-db244230eb1b} - c:\windows\system32\fohavato.dll (file missing)
    O21 - SSODL: ravikijed - {d5f972b6-6596-4bf6-a8af-13f35fa5f54d} - c:\windows\system32\tahisepi.dll (file missing)
    O21 - SSODL: buhabusow - {0d8b8726-39f7-4f48-a1c1-acae3842fb8d} - c:\windows\system32\tahisepi.dll (file missing)
    O21 - SSODL: kuvewenan - {07247711-05c3-4b30-a5ac-ebb558386ce1} - c:\windows\system32\degipeme.dll (file missing)
    O21 - SSODL: hukezusoh - {5db4f3b1-d4e7-45da-9b78-d25bcb6f1221} - c:\windows\system32\powenewe.dll (file missing)
    O21 - SSODL: sabiyozam - {4ffddf62-5285-4cdb-bd1a-6775c06721f9} - c:\windows\system32\nelufuyu.dll (file missing)
    O21 - SSODL: buziwiluh - {edd83229-7df4-4678-ae9b-e99c38466da4} - c:\windows\system32\dibiyowa.dll (file missing)
    O21 - SSODL: vutebudal - {c15e99b9-5344-4776-9a81-4ad7a5702333} - c:\windows\system32\zoyegetu.dll (file missing)
    O21 - SSODL: nufajewun - {de9d3477-7d40-426d-8f3f-dc79f527348e} - c:\windows\system32\pebapehe.dll
    O22 - SharedTaskScheduler: mujuzedij - {eb55e953-626b-44ae-af2b-db244230eb1b} - c:\windows\system32\fohavato.dll (file missing)
    O22 - SharedTaskScheduler: tokatiluy - {d5f972b6-6596-4bf6-a8af-13f35fa5f54d} - c:\windows\system32\tahisepi.dll (file missing)
    O22 - SharedTaskScheduler: kupuhivus - {0d8b8726-39f7-4f48-a1c1-acae3842fb8d} - c:\windows\system32\tahisepi.dll (file missing)
    O22 - SharedTaskScheduler: kupuhivus - {07247711-05c3-4b30-a5ac-ebb558386ce1} - c:\windows\system32\degipeme.dll (file missing)
    O22 - SharedTaskScheduler: kupuhivus - {5db4f3b1-d4e7-45da-9b78-d25bcb6f1221} - c:\windows\system32\powenewe.dll (file missing)
    O22 - SharedTaskScheduler: tokatiluy - {4ffddf62-5285-4cdb-bd1a-6775c06721f9} - c:\windows\system32\nelufuyu.dll (file missing)
    O22 - SharedTaskScheduler: kupuhivus - {edd83229-7df4-4678-ae9b-e99c38466da4} - c:\windows\system32\dibiyowa.dll (file missing)
    O22 - SharedTaskScheduler: kupuhivus - {c15e99b9-5344-4776-9a81-4ad7a5702333} - c:\windows\system32\zoyegetu.dll (file missing)
    O22 - SharedTaskScheduler: kupuhivus - {de9d3477-7d40-426d-8f3f-dc79f527348e} - c:\windows\system32\pebapehe.dll
    O23 - Service: ALYac_PZSrv - Unknown owner - C:\Program.exe (file missing)



  • Press "Fix Checked"
  • Close Hijack This.

Please download and run this tool.

Download Malwarebytes' Anti-Malware from [You must be registered and logged in to see this link.]

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245039
# Likes : 1

View user profile

Back to top Go down

Re: MBAM won't open and false warnings...

Post by Lickumz on Thu Jan 28, 2010 8:21 pm

The weird warning notifications are gone. 8D I can open notepad without a problem. Thank you so much for your help! <3 ^^
But MBAM isn't opening. If I try to open it using the icon on the start menu it says that something is wrong with the shortcut and gives me the option of deleting it or fixing it. I chose to fix it but it's not doing anything. Now I don't get anything at all no matter how I try to open it. I right clicked on the icon and, went to the program file, and the start menu. I still can't go to twitter either. It gives me the same warning. =( Is it a technical problem?

Lickumz
Beginner
Beginner

Status :
Online
Offline

Posts : 3
Joined : 2010-01-28
OS : Windows XP
Points : 25043
# Likes : 0

View user profile

Back to top Go down

Re: MBAM won't open and false warnings...

Post by Belahzur on Thu Jan 28, 2010 9:11 pm

Hello.

  • Download combofix from here
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]

    1. If you are using Firefox, make sure that your download settings are as follows:

    * Tools->Options->Main tab
    * Set to "Always ask me where to Save the files".

    2. During the download, rename Combofix to Combo-Fix as follows:





    3. It is important you rename Combofix during the download, but not after.
    4. Please do not rename Combofix to other names, but only to the one indicated.
    5. Close any open browsers.
    6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

  • We need to disable your local AV (Anti-virus) before running Combofix.
  • See [You must be registered and logged in to see this link.] for how to disable your AV.
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.


  • The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.



  • Allow ComboFix to download the Recovery Console.
  • Accept the End-User License Agreement.
  • The Recovery Console will be installed.
  • You will then get this next prompt that asks if you want to continue the malware scan, select yes



  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245039
# Likes : 1

View user profile

Back to top Go down

Re: MBAM won't open and false warnings...

Post by Lickumz on Fri Jan 29, 2010 2:26 pm

I have this Korean anitivirus on my computer so I couldn't disable that. I tried to look it up on the net but I'm not all that fluent in the language so I just ended up with a headache. -_- But the Combo-fix ran anyway and my desktop is back to normal! Yay!! Thank you so much for your help!! ^^ <3~ This computer is used for business purposes so this much is a relief.
I still can't open MBAM nor can I access regular sites such as twitter or youtube. =T

And here is the thingy you asked me to post. =)

ComboFix 10-01-29.02 - kristin 9/2010 Fri 10:47:34.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.949.82.1033.18.2038.1492 [GMT -8:00]
Running from: c:\documents and settings\kristin\Desktop\Combo-Fix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: 알약 *On-access scanning enabled* (Updated) {B9431E5A-E196-4B6F-843A-10E01DB25461}
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
.
Error: Cfiles.dat
PEV Error: ProgramsFolder

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\92034056.ini
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\program files\sFX
C:\temp_hts.tmp
c:\windows\system32\11478.exe
c:\windows\system32\15724.exe
c:\windows\system32\18467.exe
c:\windows\system32\19169.exe
c:\windows\system32\26500.exe
c:\windows\system32\41.exe
c:\windows\system32\6334.exe
c:\windows\system32\ctfmon .exe
c:\windows\system32\geyekrtfotvyvc.dat
c:\windows\system32\hkcmd .exe
c:\windows\system32\igfxpers .exe
c:\windows\system32\igfxtray .exe
c:\windows\system32\IS15.exe
c:\windows\Tasks\htndeioe.job
c:\windows\Tasks\qbboflix.job
c:\windows\Tasks\tjkwfjel.job
c:\windows\Tasks\zccggpko.job

----- BITS: Possible infected sites -----

[You must be registered and logged in to see this link.]
Infected copy of c:\windows\system32\srsvc.dll was found and disinfected
Restored copy from - c:\i386\srsvc.dll

c:\windows\system32\proquota.exe was missing
Restored copy from - c:\i386\proquota.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_6to4
-------\Legacy_msncache
-------\Legacy_pcmstub
-------\Legacy_sfx
-------\Legacy_sfxdrv
-------\Legacy_sopidkc
-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED}
-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226EE}
-------\Service_6to4


((((((((((((((((((((((((( Files Created from 2009-12-28 to 2010-01-29 )))))))))))))))))))))))))))))))
.

2010-01-29 18:53 . 2004-08-04 10:00 50176 ----a-w- c:\windows\system32\proquota.exe
2010-01-29 18:53 . 2004-08-04 10:00 170496 ----a-w- c:\windows\system32\srsvc.dll
2010-01-29 01:05 . 2010-01-08 00:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-29 01:05 . 2010-01-29 01:12 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-29 01:05 . 2010-01-08 00:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-28 20:35 . 2010-01-28 20:35 18944 ----a-w- c:\windows\system32\helper32.dll
2010-01-28 20:35 . 2010-01-28 20:35 20480 ----a-w- c:\windows\system32\winlogon32.exe
2010-01-28 20:35 . 2010-01-28 20:35 20480 ----a-w- c:\windows\system32\smss32.exe
2010-01-26 17:32 . 2010-01-18 17:07 1260800 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgfrw.exe
2010-01-26 17:32 . 2010-01-18 17:07 3777280 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\setup.exe
2010-01-19 21:27 . 2010-01-29 00:22 26457 ----a-w- c:\windows\Sysvxd.exe
2010-01-19 19:46 . 2010-01-19 19:46 54956 ----a-w- c:\windows\system32\drivers\svchost.exe
2010-01-19 17:08 . 2010-01-19 17:08 -------- d-sh--w- c:\windows\system32\config\systemprofile\PrivacIE
2010-01-08 18:46 . 2010-01-08 18:46 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2010-01-08 18:46 . 2010-01-08 18:46 50180 ----a-w- c:\windows\system32\logon.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-29 18:08 . 2009-10-16 20:35 0 ----a-w- c:\documents and settings\kristin\Local Settings\Application Data\prvlcl.dat
2010-01-29 17:14 . 2009-10-10 17:35 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-01-23 00:58 . 2007-07-16 22:19 20424 ----a-w- c:\documents and settings\kristin\Application Data\wklnhst.dat
2010-01-04 16:42 . 2009-12-22 17:43 3966744 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcorex.dll
2009-12-21 23:15 . 2009-12-21 23:01 1924744 ----a-w- c:\documents and settings\kristin\Application Data\Macromedia\Flash Player\[You must be registered and logged in to see this link.]
2008-11-14 22:10 . 2007-07-05 22:29 168 --sh--r- c:\windows\system32\3D95FB3368.sys
1601-01-01 00:03 . 1601-01-01 00:03 54784 --sha-w- c:\windows\system32\doyifari.dll
2008-11-14 22:10 . 2007-07-05 22:29 7514 --sha-w- c:\windows\system32\KGyGaAvL.sys
.
Code:
<pre>
c:\program files\AVG\AVG8\avgtray .exe
c:\program files\Dell\Media Experience\dmxlauncher .exe
c:\windows\system32\DLA\dlactrlw .exe
</pre>

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4e26f8b1-1c3f-4ccd-82f6-ba04b7615a2d}]
1601-01-01 00:03 54784 --sha-w- c:\windows\system32\doyifari.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Network Drive Mapping Utility"="c:\program files\Linksys\Network Storage\Network Drive Mapping Utility.exe" [2007-06-08 278144]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [N/A]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-07-13 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [N/A]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [N/A]
"Persistence"="c:\windows\system32\igfxpers.exe" [N/A]
"SigmatelSysTrayApp"="stsystra.exe" [2006-07-24 282624]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [N/A]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [N/A]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [N/A]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"Network Drive Mapping Utility"="c:\program files\Linksys\Network Storage\Network Drive Mapping Utility.exe" [2007-06-08 278144]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2008-07-25 63048]
"NoPhishing"="c:\program files\SoftRun\NoPhishing\NPUpdate.exe" [2008-11-11 131072]
"ALYac"="c:\program files\ESTsoft\ALYac\AYUpdate.exe" [2008-10-23 79304]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-01-04 2033432]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-07-27 221184]
"jahajujud"="c:\windows\system32\pebapehe.dll" [N/A]
"niwizesane"="bivemufi.dll" [N/A]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2004-08-04 53760]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
Service Manager.lnk - c:\program files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2002-12-17 74308]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-10-10 17:36 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2008-09-25 20:28 87352 ----a-w- c:\windows\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Linksys\\Network Storage\\Network Drive Mapping Utility.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\TeamViewer\\Version4\\TeamViewer.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\Viewpoint\\Common\\ViewpointService.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\ESTsoft\\ALYac\\AYAgent.aye"=
"c:\\Program Files\\Microsoft SQL Server\\80\\Tools\\Binn\\sqlmangr.exe"=
"c:\\WINDOWS\\system32\\mshta.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4

R1 AMonTDnt;AMonTDnt;c:\windows\system32\drivers\AmonTDNt.sys [12/19/2008 2:17 PM 93016]
R1 avgldx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [7/13/2009 9:30 AM 333192]
R1 avgtdix;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [7/13/2009 9:30 AM 360584]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [10/10/2009 9:35 AM 285392]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [7/24/2008 5:46 PM 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [9/29/2008 11:22 PM 47640]
R2 MSSQL$MSPOSINSTANCE;SQL Server (MSPOSINSTANCE);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [11/24/2008 9:31 PM 29263712]
R2 Possum;Microsoft Dynamics - Point of Sale Service;c:\program files\Microsoft Dynamics - Point of Sale\Possum.exe [10/26/2006 10:09 PM 19808]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [11/23/2007 11:35 AM 24652]
S2 kgnvhb;kgnvhb;\??\c:\windows\system32\drivers\sufygaifwk.sys --> c:\windows\system32\drivers\sufygaifwk.sys [?]
S2 yqjvvecx;Monitor Helper;c:\windows\system32\svchost.exe -k netsvcs [8/10/2004 9:51 AM 14336]
S3 AYDrvSP_ALYAC;AYDrvSP_ALYAC;c:\program files\ESTsoft\ALYac\AYDrvSP.sys [12/18/2008 7:57 PM 24312]
S3 CdmDrvNt;CdmDrvNt;c:\windows\system32\drivers\CdmDrvNt.sys [12/19/2008 2:17 PM 19632]
S3 MfFWEnt;MfFWEnt;c:\program files\AhnLab\ASP\MyFirewall 4.0\mffwent.sys [12/19/2008 2:17 PM 101296]
S3 MfIPSEnt;MfIPSEnt;c:\program files\AhnLab\ASP\MyFirewall 4.0\mfipsent.sys [12/19/2008 2:17 PM 121464]
S3 NPFWFLT;NPFWFLT;c:\windows\system32\npfwflt.sys [10/29/2008 8:34 AM 31488]
S3 SBBroker;SBBroker;c:\program files\Microsoft Dynamics - Point of Sale\SbBroker.exe [10/26/2006 10:10 PM 88928]
S3 scskusbf;USB SCSK Filter Driver Service;c:\windows\system32\drivers\scskusbf.sys [10/8/2008 1:01 PM 18184]
S3 scskusbs;USB SCSK Driver Service;c:\windows\system32\drivers\scskusbs.sys [10/8/2008 1:01 PM 175872]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2009-03-08 11:32 128512 ----a-w- c:\windows\system32\advpack.dll
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uSearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
mStart Page = [You must be registered and logged in to see this link.]
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
LSP: c:\windows\system32\helper32.dll
Trusted Zone: hometax.go.kr
Trusted Zone: shinhan.com
Handler: s-http - {D37E6C5F-1C0F-47C0-A3B6-403EEC555402} - c:\program files\INITECH\SHTTP\InitechSHTTPInterface.10111.dll
Name-Space Handler: http\s-http - {D37E6C5F-1C0F-47C0-A3B6-403EEC555402} - c:\program files\INITECH\SHTTP\InitechSHTTPInterface.10111.dll
DPF: {044123B5-35DF-4C4E-BAED-26B8ED964342} - [You must be registered and logged in to see this link.]
DPF: {1A29905C-C082-11D4-9376-00AA00BFFB71} - [You must be registered and logged in to see this link.]
DPF: {286A75C3-11FB-4FB4-AC4A-4DD1B0750050} - [You must be registered and logged in to see this link.]
DPF: {53EED863-B547-40F8-B24A-2D6DE807CFE8} - [You must be registered and logged in to see this link.]
DPF: {66413DC2-F891-40BC-822D-B7EEC8ADC281} - [You must be registered and logged in to see this link.]
DPF: {6FE760D3-7851-4879-8838-62D9881D7177} - [You must be registered and logged in to see this link.]
DPF: {861EAB1D-F1FD-45FA-BA28-52595ED4B628} - [You must be registered and logged in to see this link.]
DPF: {8FA8D5F7-7CBA-46D4-9568-68D70C5280E8} - [You must be registered and logged in to see this link.]
DPF: {95A57FEB-0909-4FEA-B819-63DA7C4D9E1E} - [You must be registered and logged in to see this link.]
DPF: {99C709C7-4F58-46C1-855B-90213C760395} - [You must be registered and logged in to see this link.]
DPF: {A1D886C6-4039-4451-97A9-515F5BE5D4C2} - [You must be registered and logged in to see this link.]
DPF: {B0A75875-3622-48BA-B5FF-45AD77AC2D0E} - [You must be registered and logged in to see this link.]
DPF: {B9B38E70-EEF6-4E3A-AE84-DDE59A053B7C} - [You must be registered and logged in to see this link.]
DPF: {CF392830-663F-11D5-89EE-000086551DF6} - [You must be registered and logged in to see this link.]
DPF: {CFCB7308-782F-11D4-BE27-000102598CE4} - [You must be registered and logged in to see this link.]
DPF: {DC4207CE-C03E-4449-ACB1-032CA4137053} - [You must be registered and logged in to see this link.]
DPF: {E78928A6-3D2A-4BF7-A100-F3FBAA351B49} - [You must be registered and logged in to see this link.]
DPF: {EA0995BF-45DD-4DB0-ADD5-A39C37397841} - [You must be registered and logged in to see this link.]
FF - ProfilePath - c:\documents and settings\kristin\Application Data\Mozilla\Firefox\Profiles\tjj68z8h.default\
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\kristin\Local Settings\Application Data\Yahoo!\BrowserPlus\2.4.21\Plugins\npybrowserplus_2.4.21.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
SharedTaskScheduler-{de9d3477-7d40-426d-8f3f-dc79f527348e} - c:\windows\system32\pebapehe.dll
SSODL-nufajewun-{de9d3477-7d40-426d-8f3f-dc79f527348e} - c:\windows\system32\pebapehe.dll
SafeBoot-AVG Anti-Spyware Driver
SafeBoot-AVG Anti-Spyware Guard
AddRemove-HijackThis - c:\documents and settings\kristin\Desktop\HijackThis.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-01-29 10:59
Windows 5.1.2600 Service Pack 2 NTFS

scanning hȋdden processes ...

scanning hȋdden autostart entries ...

scanning hȋdden files ...


c:\windows\TEMP\OLDA.tmp 51224 bytes executable
c:\windows\system32\wuapi.dll.wusetup.209703.bak 561688 bytes executable
c:\windows\system32\wuauclt.exe.wusetup.211906.bak 51224 bytes executable
c:\windows\system32\wuaueng.dll.wusetup.213468.bak 1809944 bytes executable

scan completed successfully
hȋdden files: 4

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ALYac_PZSrv]
"ImagePath"="c:\program files\ESTsoft\ALYac\AYServiceNt.aye"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,7c,fd,93,c6,a4,41,43,45,8f,bb,b7,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,7c,fd,93,c6,a4,41,43,45,8f,bb,b7,\

[HKEY_USERS\S-1-5-21-503786190-2344988469-3294133235-1006\Software\Microsoft\MessengerService\GroupStateCacheU\*촴?
"Name"=hex:00,ac,71,c8,00,00
"Collapsed"=hex:00,00,00,00
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(688)
c:\windows\system32\LMIinit.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
c:\windows\system32\LMIRfsClientNP.dll

- - - - - - - > 'explorer.exe'(2344)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\helper32.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\program files\Common Files\EPSON\EBAPI\eEBSVC.exe
c:\program files\Common Files\EPSON\EBAPI\eEBAgent.exe
c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\windows\system32\npkcmsvc.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\windows\system32\conime.exe
c:\windows\stsystra.exe
c:\program files\LogMeIn\x86\LMIGuardian.exe
c:\program files\ESTsoft\ALYac\AYAgent.aye
c:\program files\SoftRun\NoPhishing\NoPhishing.exe
c:\windows\system32\ctfmonnpe.exe
.
**************************************************************************
.
Completion time: 2010-01-29 11:11:41 - machine was rebooted
ComboFix-quarantined-files.txt 2010-01-29 19:11

Pre-Run: 41,141,366,784 bytes free
Post-Run: 41,879,793,664 bytes free

- - End Of File - - CB040474F49A731B43F561016003ED0C

Lickumz
Beginner
Beginner

Status :
Online
Offline

Posts : 3
Joined : 2010-01-28
OS : Windows XP
Points : 25043
# Likes : 0

View user profile

Back to top Go down

Re: MBAM won't open and false warnings...

Post by Belahzur on Sat Jan 30, 2010 11:47 am

Hello.

  1. Close any open browsers.
  2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  3. Open notepad and copy/paste the text in the quotebox below into it:

    File::
    c:\windows\Sysvxd.exe
    c:\windows\system32\drivers\svchost.exe
    c:\windows\system32\doyifari.dll
    c:\program files\AVG\AVG8\avgtray .exe
    c:\program files\Dell\Media Experience\dmxlauncher .exe
    c:\windows\system32\DLA\dlactrlw .exe

    Driver::
    fkwkeh

    Registry::
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4e26f8b1-1c3f-4ccd-82f6-ba04b7615a2d}]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "jahajujud"=-
    "niwizesane"=-

    Driver::
    kgnvhb
    yqjvvecx
  4. Save this as CFScript.txt, in the same location as ComboFix.exe



  5. Referring to the picture above, drag CFScript into ComboFix.exe
  6. When finished, it shall produce a log for you at C:\ComboFix.txt
  7. Please post the contents of the log in your next reply.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245039
# Likes : 1

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum