Vista Antivirus 2012

Page 3 of 3 Previous  1, 2, 3

View previous topic View next topic Go down

Vista Antivirus 2012

Post by Roon on Mon 20 Jun 2011, 8:51 pm

First topic message reminder :

Hi there ..... have picked up Vista Antivirus 2012 on my laptap and would appreciated some help as the darn thing doesn't seem to want to leave me!! Scanned and removed FakeAlert trojan with Malwarebytes. Many thanks .... Roon
Have scanned with OTL, reports:

OTL Extras logfile created on: 20/06/2011 10:18:02 - Run 1
OTL by OldTimer - Version 3.2.24.1 Folder = C:\Users\roon\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.99 Gb Total Physical Memory | 0.88 Gb Available Physical Memory | 44.37% Memory free
4.21 Gb Paging File | 2.63 Gb Available in Paging File | 62.39% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 55.74 Gb Total Space | 16.88 Gb Free Space | 30.28% Space Free | Partition Type: NTFS
Drive E: | 54.58 Gb Total Space | 45.09 Gb Free Space | 82.61% Space Free | Partition Type: NTFS

Computer Name: ROON-PC | User Name: roon | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{A4955F1D-751A-4E19-9A60-A7163A1AF3F0}" = dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{F86EA421-1D45-43F4-8770-3F5B1810F67D}" = dir=in | app=c:\program files\common files\mcafee\mna\mcnasvc.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{02CA24DD-C8B0-4280-BE53-7862869C2EB1}" = Realtek WiFi Protected Setup Library
"{03B8AA32-F23C-4178-B8E6-09ECD07EAA47}" = Epson Event Manager
"{0F4F4815-76AD-4B26-8763-72F3344041C2}" = TOSHIBA Manuals
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{1BC77CEF-C52F-4092-BF87-0D4E6B86D860}" = Memeo Share
"{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{2290A680-4083-410A-ADCC-7092C67FC052}" = Toshiba Online Product Information
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 13
"{2883F6F5-0509-43F3-868C-D50330DD9DD3}" = TOSHIBA Hardware Setup
"{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}" = EDIMAX Edimax Wireless LAN
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{39F58DDB-B2B8-4B86-AF20-4706A80EB30D}" = Epson Easy Photo Print 2
"{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}" = Google Earth
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module
"{4B1E87C3-00DE-4898-8E39-E390AAEF2391}" = TOSHIBA Supervisor Password
"{5980B928-1C95-4B3E-957B-B02D8147FF9E}" = Desktop SMS
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{75B7F766-7998-44d8-A202-F1EC76A121BA}" = Memeo AutoSync
"{7694EC32-CB0E-4B35-9088-7B320CB1F4FE}" = Nokia PC Suite
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TRDCReminder
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{78C6A78A-8B03-48C8-A47C-78BA1FCA2307}" = TOSHIBA ConfigFree
"{81784157-3D4D-4bc1-B988-B24C32A26DA8}" = Memeo Send
"{82427977-8776-4087-90CA-9F65174D3C4D}" = Nokia Connectivity Cable Driver
"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169, 8168, 8101E and 8102E Ethernet Network Card Driver for Windows Vista
"{895722FE-25FE-4854-95AC-B0C42F9DBEDA}" = REALTEK RTL8187B Wireless LAN Driver
"{8E666407-AC41-46a2-9692-6C7BFCBFDD37}" = Memeo Instant Backup
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{9FF3EBAE-5E24-4968-A5D3-CF20D746F943}" = Motorola Phone Tools
"{A0673E9E-4510-4AA0-B860-58FD5A7212A1}" = Motorola Driver Installation 4.5.0
"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B2D55EB8-32C5-4B43-9006-9E97DECBA178}" = Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser)
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Disc Creator
"{B7CB0BF3-791E-44D3-9F04-786E36D51C9D}" = PC Connectivity Solution
"{BAD8CA9C-77C0-4663-B00B-A8D3B13C341B}" = Motorola Phone Tools
"{C3A11907-930D-41AC-A135-CC3B12F92011}" = Seagate Dashboard
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{E304E05B-A86B-4B3C-BB57-9D0197442B09}" = Nokia PC Suite 4.81
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORDCLauncher
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}" = DVD MovieFactory for TOSHIBA
"{F49FEF83-45CA-4CE8-8304-A7372BA07AA9}" = Motorola Phone Tools
"{F9000000-0018-0000-0000-074957833700}" = ABBYY FineReader 9.0 Sprint
"{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"504244733D18C8F63FF584AEB290E3904E791693" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"ABBYY FineReader 9.0 Sprint" = ABBYY FineReader 9.0 Sprint
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"CameraWindowDC" = Canon Utilities CameraWindow DC
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"CNXT_MODEM_PCI_VEN_14F1&DEV_2C06&SUBSYS_14F10000" = HDAUDIO Soft Data Fax Modem with SmartCP
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"EPSON Scanner" = EPSON Scan
"EPSON SX125 Series" = EPSON SX125 Series Printer Uninstall
"EPSON SX125 Series Manual" = EPSON SX125 Series Manual
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TRDCReminder
"InstallShield_{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORDCLauncher
"InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.0.1200
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox (3.0.3)" = Mozilla Firefox (3.0.3)
"MSC" = McAfee Internet Security
"MyCamera" = Canon Utilities MyCamera
"MyCameraDC" = Canon Utilities MyCamera DC
"Nokia PC Suite" = Nokia PC Suite
"PhotoStitch" = Canon Utilities PhotoStitch
"Picasa2" = Picasa 2
"Rapport_msi" = Rapport
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RemoteCaptureDC" = Canon Utilities RemoteCapture DC
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"Spotify" = Spotify
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 27/05/2011 12:12:42 | Computer Name = roon-PC | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.19048, time stamp
0x4d633f27, faulting module Flash10e.ocx, version 10.0.45.2, time stamp 0x4b5f8faa,
exception code 0xc0000005, fault offset 0x001582b2, process id 0x138, application
start time 0x01cc1925d44f7820.

Error - 27/05/2011 12:13:06 | Computer Name = roon-PC | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 8.0.6001.19048 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 23c Start Time: 01cc1925b0137fb0 Termination Time: 0

Error - 13/06/2011 04:51:08 | Computer Name = roon-PC | Source = ESENT | ID = 488
Description = WinMail (6052) WindowsMail0: An attempt to create the file "C:\Users\roon\AppData\Local\Microsoft\Windows
Mail\WindowsMail.pat" failed with system error 5 (0x00000005): "Access is denied.
". The create file operation will fail with error -1032 (0xfffffbf8).

Error - 13/06/2011 04:51:08 | Computer Name = roon-PC | Source = ESENT | ID = 217
Description = WinMail (6052) WindowsMail0: Error (-1032) during backup of a database
(file C:\Users\roon\AppData\Local\Microsoft\Windows Mail\WindowsMail.MSMessageStore).
The database will be unable to restore.

Error - 13/06/2011 04:51:08 | Computer Name = roon-PC | Source = ESENT | ID = 215
Description = WinMail (6052) WindowsMail0: The backup has been stopped because it
was halted by the client or the connection with the client failed.

Error - 13/06/2011 08:30:43 | Computer Name = roon-PC | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 8.0.6001.19048 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: e28 Start Time: 01cc29a5db1bca60 Termination Time: 0

Error - 13/06/2011 08:35:10 | Computer Name = roon-PC | Source = WinMgmt | ID = 10
Description =

Error - 13/06/2011 08:35:30 | Computer Name = roon-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 13/06/2011 16:51:27 | Computer Name = roon-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 13/06/2011 16:51:49 | Computer Name = roon-PC | Source = WinMgmt | ID = 10
Description =

[ Media Center Events ]
Error - 12/08/2010 13:27:07 | Computer Name = roon-PC | Source = MCUpdate | ID = 0
Description = Failed to wait on MCUpdate mutex with exception: 'The wait completed
due to an abandoned mutex.'.

[ System Events ]
Error - 12/12/2009 09:04:29 | Computer Name = roon-PC | Source = HTTP | ID = 15016
Description =


< End of report >


Roon

Newbie Surfer
Newbie Surfer

Posts : 40
Joined : 2011-06-20
Operating System : Windows 7, Vista

View user profile

Back to top Go down


Re: Vista Antivirus 2012

Post by Roon on Sat 13 Aug 2011, 8:10 pm

Hi there ....

Reals problems doing anything on my laptop. Wouldn't let me run aswMBR by double clicking (ran as adminitrator):

aswMBR version 0.9.8.978 Copyright(c) 2011 AVAST Software
Run date: 2011-08-12 16:11:02
-----------------------------
16:11:02.758 OS Version: Windows 6.0.6002 Service Pack 2
16:11:02.758 Number of processors: 2 586 0xF0D
16:11:02.758 ComputerName: ROON-PC UserName: roon
16:11:03.694 Initialize success
16:11:36.179 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
16:11:36.179 Disk 0 Vendor: Hitachi_ BB2O Size: 114473MB BusType: 3
16:11:36.195 Disk 0 MBR read successfully
16:11:36.195 Disk 0 MBR scan
16:11:36.210 Disk 0 Windows VISTA default MBR code
16:11:36.210 Disk 0 scanning sectors +234438656
16:11:36.273 Disk 0 scanning C:\Windows\system32\drivers
16:11:43.901 Service scanning
16:11:45.508 Modules scanning
16:11:54.337 Disk 0 trace - called modules:
16:11:54.369 ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
16:11:54.369 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x860e5138]
16:11:54.369 3 CLASSPNP.SYS[82bb18b3] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x855f8028]
16:11:54.384 Scan finished successfully
16:14:39.177 Disk 0 MBR has been saved successfully to "D:\MBR.dat"
16:14:39.193 The log file has been saved successfully to "D:\aswMBR.txt"


Thankks R

I'm living life in the library ... at least it wasn't burnt down !!!!

Roon

Newbie Surfer
Newbie Surfer

Posts : 40
Joined : 2011-06-20
Operating System : Windows 7, Vista

View user profile

Back to top Go down

Re: Vista Antivirus 2012

Post by Sneakyone on Sun 14 Aug 2011, 3:19 pm

Hi,

Please download Malwarebytes Anti-Malware from Here.


Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.


I'm livin' life in the fast lane.


Sneakyone

Tech Officer
Tech Officer

Posts : 2707
Joined : 2010-01-10
Operating System : Windows 7 Ultimate 64-bit

View user profile http://twitter.com/AVerySneakyone

Back to top Go down

Re: Vista Antivirus 2012

Post by Roon on Wed 17 Aug 2011, 8:14 pm

Hi there .... followed instructions tried to run Malware Bytes from usb, received error missage: ' An error has ocurred. Please report this error code to support team. PROGRAM_ERROR_UPDATING (11004,0, No address found). The requested name is valid, but no data of the requested type was found'.

So l followed guides/link to download manual instructions to update, saved mbam-rules.exe to usb.

When I tried to run this - error message: 'The set up files are corrupted. Please obtain a new copy of the program'.

Thanks ... Roon




Roon

Newbie Surfer
Newbie Surfer

Posts : 40
Joined : 2011-06-20
Operating System : Windows 7, Vista

View user profile

Back to top Go down

Re: Vista Antivirus 2012

Post by Sneakyone on Thu 18 Aug 2011, 9:12 am

Hi,

Could you please re-run ComboFix?


I'm livin' life in the fast lane.


Sneakyone

Tech Officer
Tech Officer

Posts : 2707
Joined : 2010-01-10
Operating System : Windows 7 Ultimate 64-bit

View user profile http://twitter.com/AVerySneakyone

Back to top Go down

Re: Vista Antivirus 2012

Post by Roon on Sat 20 Aug 2011, 8:13 pm

Hi there ... re-ran ComboFix:

ComboFix 11-08-18.03 - roon 19/08/2011 15:27:25.4.2 - x86 NETWORK
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.2037.1571 [GMT 1:00]
Running from: D:\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2011-07-19 to 2011-08-19 )))))))))))))))))))))))))))))))
.
.
2011-08-07 21:32 . 2011-06-20 07:57 7074640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{522A7A5F-6E56-44EE-BA7B-B592D8599B93}\mpengine.dll
2011-08-07 21:30 . 2011-08-07 21:30 -------- d-----w- c:\users\Default\AppData\Roaming\Trusteer
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-06 18:52 . 2011-03-04 18:45 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-06 18:52 . 2011-03-04 18:45 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-22 19:46 . 2011-06-22 19:46 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-22 17:01 . 2011-06-22 17:01 53816 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
2011-05-28 06:08 . 2011-06-15 16:02 916480 ----a-w- c:\windows\system32\wininet.dll
2011-05-28 06:04 . 2011-06-15 16:02 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-05-28 06:04 . 2011-06-15 16:02 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-05-28 06:04 . 2011-06-15 16:02 71680 ----a-w- c:\windows\system32\iesetup.dll
2011-05-28 06:04 . 2011-06-15 16:02 109056 ----a-w- c:\windows\system32\iesysprep.dll
2011-05-28 05:10 . 2011-06-15 16:02 385024 ----a-w- c:\windows\system32\html.iec
2011-05-28 04:33 . 2011-06-15 16:02 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2011-05-28 04:31 . 2011-06-15 16:02 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-05-24 18:14 . 2009-10-03 15:33 222080 ----a-w- c:\windows\system32\MpSigStub.exe
2011-04-14 13:01 . 2010-09-07 19:28 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-05 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-05 154136]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-05 129560]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-29 4911104]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 1029416]
"topi"="c:\program files\TOSHIBA\Toshiba Online Product Information\topi.exe" [2007-07-10 581632]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2008-01-17 431456]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2008-01-25 509816]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2008-01-22 712704]
"Toshiba Registration"="c:\program files\Toshiba\Registration\ToshibaRegistration.exe" [2007-05-04 571024]
"Nokia Tray Application"="c:\program files\Common Files\Nokia\NCLTools\NclTray.exe" [2002-04-29 401408]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"Skytel"="Skytel.exe" [2007-11-20 1826816]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-04-05 1195408]
"EEventManager"="c:\program files\Epson Software\Event Manager\EEventManager.exe" [2009-12-03 976320]
"Memeo Instant Backup"="c:\program files\Memeo\AutoBackup\MemeoLauncher2.exe" [2010-04-23 136416]
"Memeo AutoSync"="c:\program files\Memeo\AutoSync\MemeoLauncher2.exe" [2010-04-16 144608]
"Memeo Send"="c:\program files\Memeo\Memeo Send\MemeoLauncher.exe" [2009-11-05 236816]
"Seagate Dashboard"="c:\program files\Seagate\Seagate Dashboard\MemeoLauncher.exe" [2010-04-30 79112]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2008-02-26 443968]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Wireless Utility.lnk - c:\program files\EDIMAX\Common\RaUI.exe [2009-7-11 1794048]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files\TOSHIBA\TRDCReminder\TRDCReminder.exe [2007-7-27 389120]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
R0 RapportKELL;RapportKELL;c:\windows\System32\Drivers\RapportKELL.sys [2011-06-22 53816]
R1 RapportCerberus_26762;RapportCerberus_26762;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\26762\RapportCerberus_26762.sys [2011-06-13 57144]
R1 RapportEI;RapportEI;c:\program files\Trusteer\Rapport\bin\RapportEI.sys [2011-06-22 66360]
R1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [2011-06-22 158904]
R2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [2009-05-14 759048]
R2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [2007-12-25 40960]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2011-02-16 88176]
R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 271480]
R2 MemeoBackgroundService;MemeoBackgroundService;c:\program files\Memeo\AutoBackup\MemeoBackgroundService.exe [2010-04-23 25824]
R2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [2011-06-22 870200]
R2 SeagateDashboardService;Seagate Dashboard Service;c:\program files\Seagate\Seagate Dashboard\SeagateDashboardService.exe [2010-04-30 14088]
R2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [2007-12-03 126976]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2011-04-14 56064]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2011-04-14 84488]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [2011-04-14 64584]
S1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2011-04-14 165032]
S1 RtlProt;Realtke RtlProt WLAN Utility Protocol Driver;c:\windows\system32\DRIVERS\rtlprot.sys [2007-04-23 25896]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2010-03-10 271480]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2011-04-14 188136]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [2011-04-14 141792]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [2006-11-20 7168]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2011-04-14 314088]
S3 netr28u;RT2870 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr28u.sys [2008-07-30 641024]
S3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187B.sys [2007-12-26 290304]
.
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
TCP: Interfaces\{1CB90ED6-9F01-4B35-9367-09DE3F16DB74}: NameServer = 192.168.0.1
FF - ProfilePath - c:\users\roon\AppData\Roaming\Mozilla\Firefox\Profiles\mh3jwz4q.default\
FF - prefs.js: browser.search.selectedEngine - Secure Search
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - prefs.js: keyword.URL - [You must be registered and logged in to see this link.]
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: PC Sync 2 Synchronisation Extension: [You must be registered and logged in to see this link.] - c:\program files\Nokia\Nokia PC Suite 7\bkmrksync
FF - Ext: McAfee SiteAdvisor: {B7082FAA-CB62-4872-9106-E42DD88EDE45} - c:\program files\McAfee\SiteAdvisor
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - user.js: yahoo.homepage.dontask - true
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2011-08-19 15:33
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(1736)
c:\windows\system32\igfxsrvc.dll
c:\progra~1\Nokia\NOKIAP~2\Lang\ConnectionManager_eng.nlr
.
Completion time: 2011-08-19 15:36:13
ComboFix-quarantined-files.txt 2011-08-19 14:36
ComboFix2.txt 2011-08-09 18:05
.
Pre-Run: 19,773,104,128 bytes free
Post-Run: 19,683,491,840 bytes free
.
- - End Of File - - A090D676778D5CD1F5304282CA45B8D5

Tried mbam-setup.exe and mbam-rules.exe and received error message "illegal operation attempted on a registry key that has been marked for deletion".

Thanks ... Roon

Roon

Newbie Surfer
Newbie Surfer

Posts : 40
Joined : 2011-06-20
Operating System : Windows 7, Vista

View user profile

Back to top Go down

Re: Vista Antivirus 2012

Post by DragonMaster Jay on Sun 21 Aug 2011, 4:29 am

Any more issues?

We need to know any other issues that are plaguing your computer. Kindly give a summary so we know how to continue from here.

Many of the things to note for us would be:

  • Slow computer
  • Error messages
  • Fake antivirus alerts or the icon in the system tray
  • svchost.exe running at 100%
  • System crashes or blue screen of death


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: Vista Antivirus 2012

Post by Roon on Tue 23 Aug 2011, 10:52 pm

Hi, Basically (as per message 8 Augu) I noticed that MaAfee scan taking a long time and laptop V slow. MacAfee was trying to update and unable to run or scan, with warning message. Tried to update Malware Bytes in safe mode and would not - Error - unable to update. Unable to access internet. Ran ComboFix as instructed via usb. But after it ran received error warning "Illegal operation attempted on a registry key that has been marked for deletion" for any file, program, internet etc that I attempted to open or run.

Advised to run Malware Bytes, followed instructions tried to run from usb, received error missage: ' An error has ocurred. Please report this error code to support team. PROGRAM_ERROR_UPDATING (11004,0, No address found). The requested name is valid, but no data of the requested type was found'. So l followed guides/link to download manual instructions to update, saved mbam-rules.exe to usb. When I tried to run this - error message: 'The set up files are corrupted. Please obtain a new copy of the program'.

At the moment I receive the error message"Illegal operation attempted on a registry key that has been marked for deletion" for every file, program, internet etc that I attempted to open or run. MacAfee still defunct and windows defence down. Unable to do anything.

Thanks ... Roon

Roon

Newbie Surfer
Newbie Surfer

Posts : 40
Joined : 2011-06-20
Operating System : Windows 7, Vista

View user profile

Back to top Go down

Re: Vista Antivirus 2012

Post by DragonMaster Jay on Wed 24 Aug 2011, 7:40 am

Download the OTLPE Standard REATOGO Windows Recovery Environment.
  • Place a blank CD-R disc in to your CD burning drive.
  • Download OTLPEStd.exe and double-click on it to burn to a CD using ISO Burner.
  • Reboot your system using the boot CD you just created.

    Note : If you do not know how to set your computer to boot from CD follow the steps here
  • Your system should now display a REATOGO-X-PE desktop.
  • Double-click on the OTLPE icon.
  • When asked "Do you wish to load the remote registry", select Yes
  • When asked "Do you wish to load remote user profile(s) for scanning", select Yes
  • Ensure the box "Automatically Load All Remaining Users" is checked and press OK
  • OTL should now start. Change the following settings
    • Change Drivers to Non-Microsoft
    • Press Run Scan to start the scan.
    • When finished, the file will be saved in drive C:\_OTL\MovedFiles
    • Copy this file to your USB drive if you do not have internet connection on this system
    • Please post the contents of the OTL.txt file in your reply.


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: Vista Antivirus 2012

Post by Sponsored content Today at 9:38 pm


Sponsored content


Back to top Go down

Page 3 of 3 Previous  1, 2, 3

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum