AntiVirus Soft Infection - Can Not Run Programs!

View previous topic View next topic Go down

Re: AntiVirus Soft Infection - Can Not Run Programs!

Post by KyleNeedsHelp! on Tue Mar 16, 2010 4:28 am

ComboFix 10-03-15.04 - K Dawg 03/15/2010 21:10:35.4.1 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1150.723 [GMT -7:00]
Running from: c:\documents and settings\K Dawg\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\K Dawg\Desktop\CFScript.txt
AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Outdated) {FB06448E-52B8-493A-90F3-E43226D3305C}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_d42cb0d9.sys
-------\Service_hko2fc6


((((((((((((((((((((((((( Files Created from 2010-02-16 to 2010-03-16 )))))))))))))))))))))))))))))))
.

2010-03-16 03:56 . 2010-03-16 03:56 -------- d-----w- C:\Combo-Fix1125C
2010-03-16 03:49 . 2010-03-16 03:49 -------- d-----w- C:\FOUND.011
2010-03-15 02:05 . 2010-03-15 02:05 -------- d-----w- C:\Combo-Fix
2010-03-14 21:54 . 2010-03-14 21:54 -------- d-----w- C:\_OTL
2010-03-14 03:23 . 2010-03-14 03:23 -------- d-----w- c:\documents and settings\K Dawg\Local Settings\Application Data\Temp
2010-03-14 03:23 . 2010-03-14 03:23 -------- d-----w- c:\documents and settings\K Dawg\Local Settings\Application Data\Google
2010-03-14 03:22 . 2010-03-14 03:22 -------- d-----w- c:\documents and settings\K Dawg\Local Settings\Application Data\Deployment

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-24 09:39 . 2009-11-22 10:03 5115824 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-01-19 22:46 . 2010-01-19 22:46 59056 ----a-w- c:\documents and settings\NEWACCT\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-07 23:07 . 2009-08-16 06:14 38224 ----a-w- c:\winnt\system32\drivers\mbamswissarmy.sys
2010-01-07 23:07 . 2009-08-16 06:14 19160 ----a-w- c:\winnt\system32\drivers\mbam.sys
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((( [You must be registered and logged in to see this link.] )))))))))))))))))))))))))))))))))))))))))
.
- 1980-01-01 07:00 . 2010-03-15 02:06 65494 c:\winnt\system32\perfc009.dat
+ 1980-01-01 07:00 . 2010-03-16 03:54 65494 c:\winnt\system32\perfc009.dat
+ 1980-01-01 07:00 . 2010-03-16 03:54 409874 c:\winnt\system32\perfh009.dat
- 1980-01-01 07:00 . 2010-03-15 02:06 409874 c:\winnt\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\K Dawg\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-03-14 135664]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="c:\program files\MySpace\IM\MySpaceIM.exe" [2008-12-12 9555968]
"ctfmon.exe"="c:\winnt\system32\ctfmon.exe" [2004-08-04 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Wireless Network Monitor.lnk - c:\program files\Linksys\WUSB600N\WUSB600N.exe [2008-1-9 6922240]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\winnt\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk.disabled]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk.disabled
backup=c:\winnt\pss\Adobe Reader Speed Launch.lnk.disabledCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
backup=c:\winnt\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk.disabled]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk.disabled
backup=c:\winnt\pss\Kodak EasyShare software.lnk.disabledCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak software updater.lnk.disabled]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak software updater.lnk.disabled
backup=c:\winnt\pss\Kodak software updater.lnk.disabledCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^K Dawg^Start Menu^Programs^Startup^ChkDisk.dll]
path=c:\documents and settings\K Dawg\Start Menu\Programs\Startup\ChkDisk.dll
backup=c:\winnt\pss\ChkDisk.dllStartup

[HKLM\~\startupfolder\C:^Documents and Settings^K Dawg^Start Menu^Programs^Startup^ChkDisk.lnk]
path=c:\documents and settings\K Dawg\Start Menu\Programs\Startup\ChkDisk.lnk
backup=c:\winnt\pss\ChkDisk.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
2004-07-11 04:10 339968 ----a-w- c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
2004-12-11 01:02 67184 ----a-w- c:\program files\Common Files\Symantec Shared\ccApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GWMDMMSG]
2002-01-03 22:00 100913 ----a-w- c:\winnt\GWMDMMSG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GWMDMpi]
2002-01-03 22:00 40960 ----a-w- c:\winnt\GWMDMpi.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2003-11-18 07:11 118784 ----a-w- c:\winnt\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
2001-10-22 16:05 196608 ----a-w- c:\winnt\system32\spool\drivers\w32x86\3\hpztsb04.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint]
2007-02-05 23:52 849280 ----a-w- c:\program files\Microsoft IntelliPoint\ipoint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-10-29 03:21 141600 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\itype]
2006-07-07 23:14 576320 ----a-w- c:\program files\Microsoft IntelliType Pro\itype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-09-05 08:54 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2008-09-16 19:16 1833296 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vptray]
2004-12-30 21:19 120640 ----a-w- c:\progra~1\SYMANT~1\VPTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2006-11-21 16:38 35328 ----a-w- c:\program files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WUSB54GSCSVC"=2 (0x2)
"PictureTaker"=3 (0x3)
"iPod Service"=3 (0x3)
"Apple Mobile Device"=2 (0x2)
"Symantec AntiVirus"=2 (0x2)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Steam"=
"Aim6"="c:\program files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US [You must be registered and logged in to see this link.]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"MCUpdateExe"=c:\progra~1\mcafee.com\agent\mcupdate.exe
"MCAgentExe"=c:\progra~1\mcafee.com\agent\mcagent.exe
"IPHSend"=c:\program files\Common Files\AOL\IPHSend\IPHSend.exe
"IgfxTray"=c:\winnt\System32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\1145426670\\ee\\aolsoftware.exe"=
"c:\\Program Files\\Common Files\\AOL\\1145426670\\ee\\aim6.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8602:TCP"= 8602:TCP:XBC
"8602:UDP"= 8602:UDP:XBCPORT2
"88:TCP"= 88:TCP:XboxLive2
"3074:TCP"= 3074:TCP:XboxLive
"3074:UDP"= 3074:UDP:XboxLiveUDP
"88:UDP"= 88:UDP:XboxLive2UDP

R2 SVKP;SVKP;c:\winnt\system32\SVKP.sys [10/10/2004 2:53 AM 2368]
S2 DVC150;DVC 150B;c:\winnt\system32\drivers\DVC150B.sys [1/20/2007 6:14 PM 31924]
S3 NPF;NetGroup Packet Filter Driver;c:\winnt\system32\drivers\npf.sys [8/2/2005 2:10 PM 32512]
S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [12/30/2004 2:19 PM 153416]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder

2010-03-09 c:\winnt\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 19:34]

2010-03-16 c:\winnt\Tasks\GoogleUpdateTaskUserS-1-5-21-2212413462-1417066420-3376078148-1005Core.job
- c:\documents and settings\K Dawg\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-03-14 03:23]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
DPF: Microsoft XML Parser for Java - [You must be registered and logged in to see this link.]
DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - [You must be registered and logged in to see this link.]
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-03-15 21:17
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\PSSdk23]
"ImagePath"="\??\c:\winnt\system32\Drivers\PsSdk23.drv"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(1620)
c:\winnt\system32\ieframe.dll
c:\winnt\system32\webcheck.dll
c:\winnt\system32\WPDShServiceObj.dll
c:\winnt\system32\PortableDeviceTypes.dll
c:\winnt\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\winnt\System32\Ati2evxx.exe
c:\program files\Common Files\Symantec Shared\ccSetMgr.exe
c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Symantec AntiVirus\DefWatch.exe
.
**************************************************************************
.
Completion time: 2010-03-15 21:22:03 - machine was rebooted
ComboFix-quarantined-files.txt 2010-03-16 04:22
ComboFix2.txt 2010-03-16 04:07
ComboFix3.txt 2010-03-15 02:29

Pre-Run: 7,565,508,608 bytes free
Post-Run: 7,509,016,576 bytes free

- - End Of File - - DFDE11A10792D6D9630102C28BCF6228

KyleNeedsHelp!
Novice
Novice

Posts Posts : 22
Joined Joined : 2010-03-09
OS OS : Windows XP
Points Points : 24938
# Likes # Likes : 0

View user profile

Back to top Go down

Re: AntiVirus Soft Infection - Can Not Run Programs!

Post by Belahzur on Tue Mar 16, 2010 5:10 pm

Hello.

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /uninstall

This will also reset your restore points.

Run ESET Online Scan
Please do an online scan with [You must be registered and logged in to see this link.]. Please use Internet Explorer as it uses ActiveX.

  • Check (tick) this box: YES, I accept the Terms of Use.
  • Click on the Start button next to it.
  • When prompted to run ActiveX. click Yes.
  • You will be asked to install an ActiveX. Click Install.
  • Once installed, the scanner will be initialized.
  • After the scanner is initialized, click Start.
  • Check (tick) Remove found threats box.
  • Check (tick) Scan unwanted applications.
  • Click on Scan.
  • It will start scanning. Please be patient.
  • Once the scan is done, the log will be saved here: C:\Program Files\esetonlinescanner\log.txt.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245049
# Likes # Likes : 1

View user profile

Back to top Go down

Re: AntiVirus Soft Infection - Can Not Run Programs!

Post by KyleNeedsHelp! on Wed Mar 17, 2010 1:34 am

Wow... its taking foreverrrrr. Oh well i'll just leave it on not rly bothering anything else... It found 2 things and is only 10% on the C drive. Smile

KyleNeedsHelp!
Novice
Novice

Posts Posts : 22
Joined Joined : 2010-03-09
OS OS : Windows XP
Points Points : 24938
# Likes # Likes : 0

View user profile

Back to top Go down

Re: AntiVirus Soft Infection - Can Not Run Programs!

Post by KyleNeedsHelp! on Wed Mar 17, 2010 2:17 am

WTF! Limewire won't run cuz that Java stuff I deleted. What would you recommend?

Says DL their software at java.com


... Can I ask why you had me delete that stuff before?

KyleNeedsHelp!
Novice
Novice

Posts Posts : 22
Joined Joined : 2010-03-09
OS OS : Windows XP
Points Points : 24938
# Likes # Likes : 0

View user profile

Back to top Go down

Re: AntiVirus Soft Infection - Can Not Run Programs!

Post by KyleNeedsHelp! on Wed Mar 17, 2010 3:38 am

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=f2e038b43278f440bcc2f93910d514c3
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-03-17 03:23:26
# local_time=2010-03-16 08:23:26 (-0800, Pacific Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=89848
# found=3
# cleaned=3
# scan_time=17042
C:\WINNT\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\K98DC123\crypt_install[1].exe a variant of Win32/Kryptik.ADP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\K Dawg\Desktop\iTunes APPROVED\Lil Wayne - The Carter 3 -09- Shoot Me Down.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan (cleaned - quarantined) 00000000000000000000000000000000 C
F:\iTunes APPROVED\Lil Wayne - The Carter 3 -09- Shoot Me Down.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan (cleaned - quarantined) 00000000000000000000000000000000 C


Lil Wayne FTL. LMAO

KyleNeedsHelp!
Novice
Novice

Posts Posts : 22
Joined Joined : 2010-03-09
OS OS : Windows XP
Points Points : 24938
# Likes # Likes : 0

View user profile

Back to top Go down

Re: AntiVirus Soft Infection - Can Not Run Programs!

Post by KyleNeedsHelp! on Thu Apr 01, 2010 4:13 am

Bump. Wondering why Limewire STILL won't work.?

KyleNeedsHelp!
Novice
Novice

Posts Posts : 22
Joined Joined : 2010-03-09
OS OS : Windows XP
Points Points : 24938
# Likes # Likes : 0

View user profile

Back to top Go down

Re: AntiVirus Soft Infection - Can Not Run Programs!

Post by Belahzur on Thu Apr 01, 2010 11:35 pm

Hello.

Updating Java:

  • Download the latest version of [You must be registered and logged in to see this link.].
  • Click the "Download JRE" button to the right.
  • In the Window that opens, select your platform, check the "agree" box, and click Continue.
  • Click on the link to download Windows Offline Installation and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Then from your desktop double-click on jre-6u18-windows-i586.exe that you downloaded to install the newest version.

Please uninstall Limewire, it's un-safe. Smile


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245049
# Likes # Likes : 1

View user profile

Back to top Go down

Re: AntiVirus Soft Infection - Can Not Run Programs!

Post by KyleNeedsHelp! on Fri Apr 02, 2010 1:16 am

[You must be registered and logged in to see this link.] wrote:Hello.

Updating Java:

  • Download the latest version of [You must be registered and logged in to see this link.].
  • Click the "Download JRE" button to the right.
  • In the Window that opens, select your platform, check the "agree" box, and click Continue.
  • Click on the link to download Windows Offline Installation and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Then from your desktop double-click on jre-6u18-windows-i586.exe that you downloaded to install the newest version.

Please uninstall Limewire, it's un-safe. Smile

That's true. Especially if you download .avi or .wav or .wma it can be some serious stuff and i've come across that stuff and found out firsthand what it can do... however I need a program w/ at least that good of a P2P network for finding individual, mostly rare, single songs... any suggestions?

KyleNeedsHelp!
Novice
Novice

Posts Posts : 22
Joined Joined : 2010-03-09
OS OS : Windows XP
Points Points : 24938
# Likes # Likes : 0

View user profile

Back to top Go down

Re: AntiVirus Soft Infection - Can Not Run Programs!

Post by Belahzur on Fri Apr 02, 2010 1:55 pm

Nope, no method of P2P is safe from risk.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245049
# Likes # Likes : 1

View user profile

Back to top Go down

Re: AntiVirus Soft Infection - Can Not Run Programs!

Post by KyleNeedsHelp! on Fri Apr 02, 2010 1:59 pm

[You must be registered and logged in to see this link.] wrote:Nope, no method of P2P is safe from risk.

My Limewire def didnt start working after the DL... hmmm... prolly just reinstall altogether. Thanks again man.

KyleNeedsHelp!
Novice
Novice

Posts Posts : 22
Joined Joined : 2010-03-09
OS OS : Windows XP
Points Points : 24938
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum