Total Vista Security and Antivirus Plus are killing me!

Page 2 of 2 Previous  1, 2

View previous topic View next topic Go down

Re: Total Vista Security and Antivirus Plus are killing me!

Post by el_duderino04 on Tue Apr 06, 2010 2:51 am

As you can see, it looks like the infections are gone! However, I'm still hesitant to run the computer in normal mode (I've been in safe mode) because of what happened last time I ran it in normal--the infections reinstalled themselves. What do you think, is it safe? Or perhaps should I just upgrade to Win7 right now, without even risking normal mode?

Thanks again for all of your help.

el_duderino04
Novice
Novice

Status :
Online
Offline

Posts : 42
Joined : 2010-03-24
OS : Windows Vista

View user profile

Back to top Go down

Re: Total Vista Security and Antivirus Plus are killing me!

Post by Dr Jay on Tue Apr 06, 2010 3:58 am

They are not gone. Please re-run that CFScript.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Status :
Online
Offline

Posts : 13707
Joined : 2009-09-06
Gender : Male
OS : Windows 10 Home & Pro

View user profile

Back to top Go down

Re: Total Vista Security and Antivirus Plus are killing me!

Post by el_duderino04 on Tue Apr 06, 2010 10:15 am

Here's the Combofix log:

ComboFix 10-04-05.05 - John 04/06/2010 2:57.6.2 - x86 NETWORK
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2519.1667 [GMT -7:00]
Running from: c:\users\John\Desktop\Commy.exe
Command switches used :: c:\users\John\Desktop\CFscript.txt
AV: Symantec Endpoint Protection *On-access scanning disabled* (Outdated) {FB06448E-52B8-493A-90F3-E43226D3305C}
SP: Symantec Endpoint Protection *disabled* (Outdated) {6C85A515-B91D-4D2B-AF18-40984A4A8493}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2010-03-06 to 2010-04-06 )))))))))))))))))))))))))))))))
.

2010-04-06 10:03 . 2010-04-06 10:07 -------- d-----w- c:\users\John\AppData\Local\temp
2010-04-06 10:03 . 2010-04-06 10:03 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-04-06 10:03 . 2010-04-06 10:03 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-04-06 09:49 . 2010-04-06 09:54 -------- d-----w- C:\32788R22FWJFW
2010-04-05 17:35 . 2010-04-05 17:35 -------- d-----w- c:\program files\ESET
2010-04-03 08:51 . 2010-04-03 08:51 -------- d-----w- C:\A
2010-04-02 16:06 . 2010-04-02 16:06 4 ----a-w- c:\program files\2676150.dat
2010-04-02 15:20 . 2010-04-02 15:20 -------- d-----w- c:\program files\WhoCrashed
2010-04-02 15:03 . 2010-04-02 15:03 4 ----a-w- c:\program files\104193.dat
2010-03-25 16:12 . 2010-03-25 16:12 -------- d-----w- C:\_OTL
2010-03-24 17:48 . 2010-03-24 17:57 -------- d-----w- c:\program files\Mbytes
2010-03-24 17:47 . 2010-01-07 23:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-24 17:47 . 2010-03-24 17:47 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-24 17:47 . 2010-01-07 23:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-24 17:45 . 2010-03-24 17:45 -------- d-----w- c:\program files\CCleaner
2010-03-24 10:06 . 2010-04-05 08:55 -------- d-----w- c:\windows\system32\msapps

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-06 10:05 . 2009-07-04 09:17 12 ----a-w- c:\windows\bthservsdp.dat
2010-04-06 03:01 . 2009-07-09 22:30 2032 ----a-w- c:\users\John\AppData\Local\d3d9caps.dat
2010-04-05 17:59 . 2009-07-06 20:34 -------- d-----w- c:\program files\QuickTime
2010-04-05 17:53 . 2009-07-04 09:35 -------- d-----w- c:\program files\Lenovo Fingerprint Software
2010-04-05 17:11 . 2009-08-13 02:47 -------- d-----w- c:\program files\iTunes
2010-04-05 17:11 . 2009-07-14 20:13 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-03-24 14:57 . 2010-01-20 19:40 -------- d-----w- c:\program files\uTorrent
2010-03-24 12:37 . 2010-01-20 19:40 -------- d-----w- c:\users\John\AppData\Roaming\uTorrent
2010-03-16 02:37 . 2009-11-25 09:56 -------- d-----w- c:\program files\PC-Doctor
2010-03-10 21:30 . 2009-07-04 09:41 -------- d-----w- c:\programdata\Roxio
2010-03-10 21:30 . 2009-07-04 09:41 -------- d-----w- c:\program files\Roxio
2010-03-10 21:30 . 2009-07-04 09:41 -------- d-----w- c:\program files\Common Files\Roxio Shared
2010-03-10 21:30 . 2009-07-04 09:41 -------- d-----w- c:\program files\Common Files\Sonic Shared
2010-03-10 21:26 . 2009-07-06 22:01 -------- d-----w- c:\program files\Common Files\Research In Motion
2010-03-10 21:22 . 2009-09-12 01:57 -------- d-----w- c:\program files\Binary News Reaper
2010-03-09 09:11 . 2009-07-06 19:23 135128 ----a-w- c:\users\John\AppData\Local\GDIPFONTCACHEV1.DAT
2010-03-09 09:05 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-02-05 18:39 . 2010-02-05 18:39 251376 ----a-w- c:\users\John\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
2010-02-01 22:44 . 2010-02-01 22:44 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2010-02-01 19:52 . 2010-02-05 10:20 15424 ----a-w- c:\programdata\Lenovo\MessageCenterPlus\LocalRepository\Messages\MCPToLTT2\LTTCheck.exe
2010-01-25 12:48 . 2010-02-24 07:54 472576 ----a-w- c:\windows\system32\secproc_isv.dll
2010-01-25 12:48 . 2010-02-24 07:54 151040 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-01-25 12:48 . 2010-02-24 07:54 151040 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-01-25 12:48 . 2010-02-24 07:54 472064 ----a-w- c:\windows\system32\secproc.dll
2010-01-25 12:45 . 2010-02-24 07:54 329216 ----a-w- c:\windows\system32\msdrm.dll
2010-01-25 08:35 . 2010-02-24 07:54 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-01-25 08:35 . 2010-02-24 07:54 523776 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-01-25 08:34 . 2010-02-24 07:54 511488 ----a-w- c:\windows\system32\RMActivate.exe
2010-01-25 08:34 . 2010-02-24 07:54 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-01-23 09:44 . 2010-02-24 07:55 2048 ----a-w- c:\windows\system32\tzres.dll
2010-01-15 18:13 . 2010-01-15 18:13 218864 ---ha-w- c:\windows\system32\mlfcache.dat
2010-01-15 17:18 . 2010-01-15 17:18 79144 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2010-01-06 11:12 . 2010-01-31 18:59 24304 ------w- c:\windows\system32\drivers\DOZEHDD.SYS
2010-01-06 11:12 . 2009-07-04 09:50 382312 ------w- c:\windows\PWMBTHLV.EXE
2010-01-06 11:12 . 2009-07-04 09:50 11552 ------w- c:\windows\system32\drivers\TPPWR32V.SYS
2010-01-02 15:03 . 2010-01-02 15:03 96256 --sha-w- c:\windows\System32\gahejeyu.dll
2010-01-02 16:03 . 2010-01-02 16:03 42496 --sha-w- c:\windows\System32\hayaheta.dll
2010-01-02 15:03 . 2010-01-02 15:03 42496 --sha-w- c:\windows\System32\hujepaka.dll
2010-01-03 07:46 . 2010-01-03 07:46 42496 --sha-w- c:\windows\System32\kevidobi.dll
1601-01-01 00:03 . 1601-01-01 00:03 46080 --sha-w- c:\windows\System32\nozuzito.dll
2010-01-02 17:03 . 2010-01-02 17:03 42496 --sha-w- c:\windows\System32\pafikiwu.dll
2010-01-03 08:46 . 2010-01-03 08:46 42496 --sha-w- c:\windows\System32\pubinibu.dll
2010-01-02 00:49 . 2010-01-02 00:49 28672 --sha-w- c:\windows\System32\rivesogo.dll
2010-01-02 16:03 . 2010-01-02 16:03 96256 --sha-w- c:\windows\System32\sekoseye.dll
2010-01-01 16:20 . 2010-01-01 16:20 31744 --sha-w- c:\windows\System32\sizesare.dll
2010-01-01 16:20 . 2010-01-01 16:20 42496 --sha-w- c:\windows\System32\toteduba.dll
1601-01-01 00:03 . 1601-01-01 00:03 6144 --sha-w- c:\windows\System32\vohelipe.dll
2009-07-04 08:57 . 2009-07-04 08:55 8192 --sh--w- c:\windows\Users\Default\NTUSER.DAT
.
Code:
<pre>
c:\program files\QuickTime\qttask    .exe
</pre>

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of C:\A ----



((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2009-07-16 307768]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FingerPrintSoftware"="c:\program files\Lenovo Fingerprint Software\fpapp.exe \s" [X]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2008-10-07 256576]
"TPFNF7"="c:\program files\Lenovo\NPDIRECT\TPFNF7SP.exe" [2009-05-28 61728]
"TPHOTKEY"="c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe" [2009-03-13 68976]
"LENOVO.TPFNF6R"="c:\program files\Lenovo\HOTKEY\TPFNF6R.exe" [2009-04-14 15136]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-02-19 1434920]
"TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2008-05-24 487424]
"LPManager"="c:\progra~1\THINKV~1\PrdCtr\LPMGR.exe" [2009-01-28 185688]
"LPMailChecker"="c:\progra~1\THINKV~1\PrdCtr\LPMLCHK.exe" [2009-01-28 124248]
"Message Center Plus"="c:\program files\LENOVO\Message Center Plus\MCPLaunch.exe" [2009-05-28 49976]
"PWMTRV"="c:\progra~1\ThinkPad\UTILIT~1\PWMTR32V.DLL" [2010-01-06 869736]
"BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BTVLogEx.DLL" [2010-01-06 214576]
"CreateLMBCShortCut"="c:\program files\Lenovo\Mobile Broadband Connect\UserShortcutCreator.exe" [2009-05-15 40960]
"ACTray"="c:\program files\ThinkPad\ConnectUtilities\ACTray.exe" [2009-12-11 435560]
"ACWlIcon"="c:\program files\ThinkPad\ConnectUtilities\ACWlIcon.exe" [2009-12-11 181608]
"cssauth"="c:\program files\Lenovo\Client Security Solution\cssauth.exe" [2009-03-05 3093816]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2009-03-20 115560]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-30 61440]
"TPKMAPHELPER"="c:\program files\ThinkPad\Utilities\TpKmapAp.exe" [2007-02-27 992816]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-13 141600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]
""="" [N/A]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2009-7-4 50688]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"DisableCAD"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist Express Customer]
2009-07-14 19:40 75064 ------w- c:\program files\Citrix\GoToAssist Express Customer\177\g2ax_winlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"wave2"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater6]
2009-01-08 15:36 2521464 ----a-w- c:\program files\Common Files\Adobe\Updater6\Adobe_Updater.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelWireless]
2009-02-27 13:40 1202448 ------w- c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-11-13 00:33 141600 ----a-w- c:\program files\iTunes\ituneshelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
c:\program files\QuickTime\QTTask.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WordPerfect Office 1215]
c:\program files\wordperfect office 12\programs\registration .exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiSpywareOverride"=dword:00000001

R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiif32.sys [2008-05-12 13480]
R1 tvtumon;tvtumon;c:\windows\system32\DRIVERS\tvtumon.sys [2008-07-11 48192]
R2 ATService;AuthenTec Fingerprint Service;c:\windows\system32\AtService.exe [2009-03-19 1680632]
R2 DozeSvc;Lenovo Doze Mode Service;c:\program files\ThinkPad\Utilities\DOZESVC.EXE [2010-01-06 132456]
R2 dtsvc;Data Transfer Service;c:\windows\system32\DTS.exe [2009-03-19 98304]
R2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [2009-03-30 45424]
R2 Power Manager DBC Service;Power Manager DBC Service;c:\program files\ThinkPad\Utilities\PWMDBSVC.EXE [2010-01-06 75112]
R2 TPHKSVC;On Screen Display;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [2009-04-02 62320]
R2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\Lenovo\Rescue and Recovery\rrpservice.exe [2008-05-24 520192]
R2 UNS;Intel(R) Active Management Technology User Notification Service;c:\program files\Common Files\Intel\Privacy Icon\UNS\UNS.exe [2009-02-12 2058776]
R3 ADMonitor;AD Monitor;c:\windows\system32\ADMonitor.exe [2009-03-19 106496]
R3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [2009-04-01 4172288]
R3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2009-04-01 88576]
R3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\system32\Drivers\ATSwpWDF.sys [2009-03-20 482176]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-02-27 29736]
R3 COH_Mon;COH_Mon;c:\windows\system32\Drivers\COH_Mon.sys [2009-03-20 23888]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-10-29 102448]
R3 GoToAssist Express Customer;GoToAssist Express Customer;c:\program files\Citrix\GoToAssist Express Customer\177\g2ax_service.exe Start=service [x]
R3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd32.sys [2009-04-01 2473472]
R3 MUXP;My WiFi PAN Mux-IM Protocol Driver;c:\windows\system32\DRIVERS\mux.sys [2009-02-18 30768]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2009-02-27 211216]
R3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2008-04-25 1120752]
R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\DRIVERS\Tvti2c.sys [2008-02-22 37312]
R4 TVT_UpdateMonitor;TVT Windows Update Monitor;c:\program files\Lenovo\Rescue and Recovery\UpdateMonitor.exe [2008-10-09 360448]
S0 DozeHDD;DozeHDD;c:\windows\System32\DRIVERS\DozeHDD.sys [2010-01-06 24304]
S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM86.sys [2009-01-29 20520]
S3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y6032.sys [2009-03-27 221824]
S3 MUXMP;My WiFi PAN MUX-IM Virtual Miniport Driver;c:\windows\system32\DRIVERS\mux.sys [2009-02-18 30768]
S3 NETw5v32;Intel(R) Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit ;c:\windows\system32\DRIVERS\NETw5v32.sys [2009-03-04 4232704]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
.
Contents of the 'Scheduled Tasks' folder

2010-04-02 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-02-12 22:54]

2010-03-19 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\PC-Doctor\pcdlauncher.exe [2009-11-20 10:12]

2010-03-24 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\PC-Doctor\pcdr5cuiw32.exe [2010-02-18 00:15]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride = *.local
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie.htm
FF - ProfilePath - c:\users\John\AppData\Roaming\Mozilla\Firefox\Profiles\gz7jgimt.default\
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\users\John\AppData\Local\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\users\John\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - ORPHANS REMOVED - - - -

AddRemove-ESET Online Scanner - c:\program files\ESET\ESET Online Scanner\OnlineScannerUninstaller.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-04-06 03:08
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\users\John\AppData\Local\Temp\catchme.dll 53248 bytes executable

scan completed successfully
hidden files: 1

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, [You must be registered and logged in to see this link.]

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll iaStor.sys >>UNKNOWN [0x877A18C8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0x891d2322
\Driver\ACPI -> acpi.sys @ 0x8069dd4c
\Driver\atapi -> ataport.SYS @ 0x828eca14
\Driver\iaStor -> iaStor.sys @ 0x8284f0ac
IoDeviceObjectType ->\Device\Harddisk0\DR0 ->user & kernel MBR OK
copy of MBR has been found in sector 1 !

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,93,ee,cb,61,e1,3d,66,49,be,00,b7,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,93,ee,cb,61,e1,3d,66,49,be,00,b7,\

[HKEY_USERS\S-1-5-21-1419061039-1915680080-1251473730-1003\Software\SecuROM\License information*]
"datasecu"=hex:b9,4e,26,92,2e,dd,e7,30,28,1a,24,e4,7a,11,f6,77,22,99,41,3b,32,
c4,ef,d9,e3,6b,0c,0b,a1,e4,f4,82,02,e3,e9,76,9e,cb,82,ec,3a,a0,1d,98,a7,13,\
"rkeysecu"=hex:4e,69,3d,c5,d4,a0,7e,91,01,a3,18,1c,98,7a,04,49

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(836)
c:\program files\ThinkPad\Bluetooth Software\btncopy.dll
c:\program files\Lenovo\Drag-to-Disc\Shellex.dll
c:\windows\system32\DLAAPI_W.DLL
c:\program files\Lenovo\Drag-to-Disc\ShellRes.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Symantec\Symantec Endpoint Protection\Smc.exe
c:\program files\Common Files\Symantec Shared\ccSvcHst.exe
c:\program files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
.
**************************************************************************
.
Completion time: 2010-04-06 03:13:21 - machine was rebooted
ComboFix-quarantined-files.txt 2010-04-06 10:13
ComboFix2.txt 2010-04-05 17:30
ComboFix3.txt 2010-04-05 09:05

Pre-Run: 27,812,536,320 bytes free
Post-Run: 27,801,346,048 bytes free

- - End Of File - - BC84501A5E9C31E6748955D59E1BE5CC

el_duderino04
Novice
Novice

Status :
Online
Offline

Posts : 42
Joined : 2010-03-24
OS : Windows Vista

View user profile

Back to top Go down

Re: Total Vista Security and Antivirus Plus are killing me!

Post by Dr Jay on Tue Apr 06, 2010 4:33 pm

Please run a free online scan with the [You must be registered and logged in to see this link.]
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Status :
Online
Offline

Posts : 13707
Joined : 2009-09-06
Gender : Male
OS : Windows 10 Home & Pro

View user profile

Back to top Go down

Re: Total Vista Security and Antivirus Plus are killing me!

Post by el_duderino04 on Wed Apr 07, 2010 9:35 am

Hi Dragonmaster,
Here's the eset log:

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=2b0294d4d303e54587e499765c21481c
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-04-07 09:29:32
# local_time=2010-04-07 02:29:32 (-0800, Pacific Daylight Time)
# country="United States"
# lang=1033
# osver=6.0.6001 NT Service Pack 1
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=5892 16776638 100 100 22232977 107234579 0 0
# compatibility_mode=8192 67108863 100 0 51703 51703 0 0
# scanned=158322
# found=0
# cleaned=0
# scan_time=5521

el_duderino04
Novice
Novice

Status :
Online
Offline

Posts : 42
Joined : 2010-03-24
OS : Windows Vista

View user profile

Back to top Go down

Re: Total Vista Security and Antivirus Plus are killing me!

Post by Dr Jay on Wed Apr 07, 2010 2:17 pm

Please download Stealth MBR Rootkit Detector by GMER from [You must be registered and logged in to see this link.], and save to your Desktop.
  • Right-click on mbr.exe and click Run as Administrator to start the program.
  • When done scanning, it will save a log on the Desktop called mbr.log.
  • Please post the contents of that log in your next reply.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Status :
Online
Offline

Posts : 13707
Joined : 2009-09-06
Gender : Male
OS : Windows 10 Home & Pro

View user profile

Back to top Go down

Re: Total Vista Security and Antivirus Plus are killing me!

Post by el_duderino04 on Wed Apr 07, 2010 7:01 pm

Here's the log:

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, [You must be registered and logged in to see this link.]

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK
copy of MBR has been found in sector 1 !

el_duderino04
Novice
Novice

Status :
Online
Offline

Posts : 42
Joined : 2010-03-24
OS : Windows Vista

View user profile

Back to top Go down

Re: Total Vista Security and Antivirus Plus are killing me!

Post by Dr Jay on Thu Apr 08, 2010 1:37 am

Please open Command Prompt (Start > Run and type CMD and press OK [Vista/7: Start search: CMD and right-click on the result and click on Run as Administrator.)
Enter the following in to the black box, pressing enter after each line:

Code:
mbr.exe -f

exit

Post a log (MBR.log).


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Status :
Online
Offline

Posts : 13707
Joined : 2009-09-06
Gender : Male
OS : Windows 10 Home & Pro

View user profile

Back to top Go down

Re: Total Vista Security and Antivirus Plus are killing me!

Post by el_duderino04 on Thu Apr 08, 2010 7:03 am

Here's the log:

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, [You must be registered and logged in to see this link.]

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK
copy of MBR has been found in sector 1 !

el_duderino04
Novice
Novice

Status :
Online
Offline

Posts : 42
Joined : 2010-03-24
OS : Windows Vista

View user profile

Back to top Go down

Re: Total Vista Security and Antivirus Plus are killing me!

Post by el_duderino04 on Thu Apr 08, 2010 7:04 am

Do you think that the fact that I'm running this from safe mode has anything to do with this?

el_duderino04
Novice
Novice

Status :
Online
Offline

Posts : 42
Joined : 2010-03-24
OS : Windows Vista

View user profile

Back to top Go down

Re: Total Vista Security and Antivirus Plus are killing me!

Post by Dr Jay on Thu Apr 08, 2010 3:03 pm

Not sure. Can Normal Mode boot now?


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Status :
Online
Offline

Posts : 13707
Joined : 2009-09-06
Gender : Male
OS : Windows 10 Home & Pro

View user profile

Back to top Go down

Re: Total Vista Security and Antivirus Plus are killing me!

Post by el_duderino04 on Mon Apr 12, 2010 5:12 pm

Sorry it took me so long to respond. I assume I can run in normal mode, but the last time I tried, the virus re-installed itself on my system (presumably because it was still alive and well in the registry). Is it safe to take a chance now, or are there some other things we should try first?

el_duderino04
Novice
Novice

Status :
Online
Offline

Posts : 42
Joined : 2010-03-24
OS : Windows Vista

View user profile

Back to top Go down

Re: Total Vista Security and Antivirus Plus are killing me!

Post by Dr Jay on Tue Apr 13, 2010 1:41 am

Go ahead and let me know how it works.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Status :
Online
Offline

Posts : 13707
Joined : 2009-09-06
Gender : Male
OS : Windows 10 Home & Pro

View user profile

Back to top Go down

Re: Total Vista Security and Antivirus Plus are killing me!

Post by el_duderino04 on Tue Apr 13, 2010 7:06 am

Well, I booted in normal mode, and the virus did not reinstall itself! Unfortunately, the mbr log is still the same. Do you think it's safe at this point to either 1) Upgrade to Win7, or 2)Reinstall Vista from the partition on the drive, and then immediately upgrade?

Eiter way, here's the log:

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, [You must be registered and logged in to see this link.]

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK
copy of MBR has been found in sector 1 !

el_duderino04
Novice
Novice

Status :
Online
Offline

Posts : 42
Joined : 2010-03-24
OS : Windows Vista

View user profile

Back to top Go down

Re: Total Vista Security and Antivirus Plus are killing me!

Post by Dr Jay on Tue Apr 13, 2010 7:17 am

Hold on.

Please open Command Prompt (Start > Run and type CMD and press OK [Vista/7: Start search: CMD and press enter])
Enter the following in to the black box, pressing enter after each line:

Code:
mbr.exe -f

exit

Post a log (MBR.log).


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Status :
Online
Offline

Posts : 13707
Joined : 2009-09-06
Gender : Male
OS : Windows 10 Home & Pro

View user profile

Back to top Go down

Re: Total Vista Security and Antivirus Plus are killing me!

Post by el_duderino04 on Tue Apr 13, 2010 7:22 am

Unfortunately, those are exactly the steps I took. I just ran it again, and the log was the same. Is is safe to upgrade?

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, [You must be registered and logged in to see this link.]

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK
copy of MBR has been found in sector 1 !

el_duderino04
Novice
Novice

Status :
Online
Offline

Posts : 42
Joined : 2010-03-24
OS : Windows Vista

View user profile

Back to top Go down

Re: Total Vista Security and Antivirus Plus are killing me!

Post by Dr Jay on Tue Apr 13, 2010 7:27 am

Go ahead.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Status :
Online
Offline

Posts : 13707
Joined : 2009-09-06
Gender : Male
OS : Windows 10 Home & Pro

View user profile

Back to top Go down

Re: Total Vista Security and Antivirus Plus are killing me!

Post by el_duderino04 on Tue Apr 13, 2010 7:28 am

Thanks a lot for your help, Dragonmaster! I really appreciate you taking the time! Thank You!

el_duderino04
Novice
Novice

Status :
Online
Offline

Posts : 42
Joined : 2010-03-24
OS : Windows Vista

View user profile

Back to top Go down

Page 2 of 2 Previous  1, 2

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum