Help! Malcious Removal programs won't open!!

View previous topic View next topic Go down

Help! Malcious Removal programs won't open!!

Post by Tami19 on Fri May 01, 2009 12:15 am

Ok I am a newbie at this thing so please be patient with me. Here's my problem:

For many days now my computer has been acting up. It freezes at some times and then like today I get a message on start up that states that it couldn't find the 'C:\Program'. I have run Symantec and Outpost Firewall full virus scans on and off for days. They find the usual common virus that are easily removed, but it hasn't cured this bizarre problem.

Now here's the thing, I have downloaded Malware-bytes' virus removal program and even the one from Microsoft itself but when they download and I click on them to run them... nothing happens. It does not matter how many times I click on them it refuses to load.

Can someone please help me. I am at a total loss at what to do.

Tami19
Novice
Novice

Posts Posts : 24
Joined Joined : 2008-12-30
OS OS : Windows XP
Points Points : 28998
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Help! Malcious Removal programs won't open!!

Post by Belahzur on Fri May 01, 2009 12:16 am

Please download the current version of HijackThis from [You must be registered and logged in to see this link.]

  • Double click and run the installer.
  • It will install to C:\Program Files\Trend Micro\HijackThis\hijackthis.exe
  • After installing, you should get the user agreement, press accept and Hijack This will run.
  • Select Do a system scan and save a log file. This will open a notepad file of everything Hijack This found, copy and paste it back here.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Help! Malcious Removal programs won't open!!

Post by Tami19 on Fri May 01, 2009 1:29 am

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:26:54 AM, on 1/05/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\Wacom_Tablet.exe
C:\WINDOWS\system32\WTablet\Wacom_TabletUser.exe
C:\WINDOWS\system32\Wacom_Tablet.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

[You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

[You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

[You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

[You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

[You must be registered and logged in to see this link.]
O2 - BHO: Java(tm) Plug-In SSV Helper -

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program

Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper -

{9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common

Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205}

- C:\Program Files\Free Download Manager\iefdmcks.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper -

{DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program

Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C}

- C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE

C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec

Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [OutpostMonitor]

C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe /tray /noservice
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE

C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Corel File Shell Monitor] C:\Program Files\Corel\Corel

Paint Shop Pro Photo X2\CorelIOMonitor.exe
O4 - HKLM\..\RunOnce: [NoIE4StubProcessing] C:\WINDOWS\system32\reg.exe

DELETE "HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components" /v

"NoIE4StubProcessing" /f
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall]

%systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default

user')
O8 - Extra context menu item: Download all with Free Download Manager -

[You must be registered and logged in to see this link.] Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download

Manager - [You must be registered and logged in to see this link.] Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download with Free Download Manager -

[You must be registered and logged in to see this link.] Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel -

[You must be registered and logged in to see this link.]
O9 - Extra button: Outpost Firewall Pro Quick Tune -

{44627E97-789B-40d4-B5C2-58BD171129A1} - C:\Program Files\Agnitum\Outpost

Firewall Pro\ie_bar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -

C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} -

C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 -

{e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network

Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -

C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -

{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash

Object) -

[You must be registered and logged in to see this link.]
O17 -

HKLM\System\CCS\Services\Tcpip\..\{9889F1BB-4C46-46D1-85E0-140F6CD0518A}:

NameServer = 192.168.1.1
O23 - Service: Agnitum Client Security Service (acssrv) - Agnitum Ltd. -

C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation -

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec

Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) -

Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun

Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation -

C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common

Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation

- C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH -

C:\WINDOWS\system32\oodag.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ProtexisLicensing - Unknown owner -

C:\WINDOWS\system32\PSIService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown

owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec

AntiVirus\SavRoam.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity

Solution\ServiceLayer.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec

Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation -

C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division

Software - C:\Program Files\Alcohol Soft\Alcohol

120\StarWind\StarWindServiceAE.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program

Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: TabletServiceWacom - Wacom Technology, Corp. -

C:\WINDOWS\system32\Wacom_Tablet.exe

Tami19
Novice
Novice

Posts Posts : 24
Joined Joined : 2008-12-30
OS OS : Windows XP
Points Points : 28998
# Likes # Likes : 0

View user profile

Back to top Go down

Help! Malcious Removal programs won't open!!

Post by Tami19 on Fri May 01, 2009 1:41 am

I also don't know if it is worth mentioning but something that I noticed that happened as well was that Dvd Decrypter no longer registers my DVD drive. I put in a post in the software forum but I thought I would mention it here too. I did read on the net that some virus's do affect your dvd burning programs. I uninstalled it and re-installed it and still i have the same problem.

Is this a part of it?

Tami19
Novice
Novice

Posts Posts : 24
Joined Joined : 2008-12-30
OS OS : Windows XP
Points Points : 28998
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Help! Malcious Removal programs won't open!!

Post by Belahzur on Fri May 01, 2009 2:33 pm

Hello.
Hijack This looks fine, lets do a deeper scan.

  • Please download DDS by sUBs to your Desktop (Important!!) from one of these locations:
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]
  • Double click DDS.scr to run
  • When complete, DDS.txt will open.
  • Save the report to your Desktop.
  • Copy and paste DDS.txt back here, I don't need to see attach.txt.


Note: Make sure Word Wrap is off in Notepad. Look in the "Function" menu and untick "Word Wrap"


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Help! Malcious Removal programs won't open!!

Post by jersey on Fri May 01, 2009 6:52 pm

This fix solved my issue of malware not running even though I uninstalled and reinstalled it, after running SDFix.exe I could once again run Malware...hope it helps you


Once you get SDFix downloaded go offline and turn of your antivirus and any antispyware that you have, run SDFix from safe mode and restart the Antivirus before you get back on line to post the log.

Download SDFix.exe and save it to your Desktop.
Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with SDFix or remove some of its embedded files which may cause "unpredictable results".
Click on This Link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
Remember to re-enable the protection again afterwards before connecting to the Internet.

1.Double click SDFix.exe and choose Install to extract it to its own folder on the Desktop. Please then reboot your computer in Safe Mode by doing the following :
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, a menu with options should appear;
Select the first option, to run Windows in Safe Mode, then press "Enter".
Choose your usual account.
2. Open the c:\SDFix folder and double click RunThis.cmd to start the script.
Type Y to begin the script.
It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot.
Press any Key and it will restart the PC.
3. Your system will take longer that normal to restart as the fixtool will be running and removing files.
When the desktop loads the Fixtool will complete the removal and display Finished, then press any key to end the script and load your desktop icons.
4. Finally open the SDFix folder on your desktop and copy and paste the contents of the results file Report.txt


Please download and install the latest version of HijackThis v2.0.2:


Download the "HijackThis" Installer from this link:
Hijack This


1. Save " HJTInstall.exe" to your desktop.
2. Double click on HJTInstall.exe to run the program.
3. By default it will install to C:\Program Files\Trend Micro\HijackThis.
4. Accept the license agreement by clicking the "I Accept" button.
5.Click on the "Do a system scan and save a log file" button. It will scan and then ask you to save the log.
6. Click "Save log" to save the log file and then the log will open in Notepad.
7. Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
8. Paste the log in your next reply.
9. Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.

jersey
Beginner
Beginner

Posts Posts : 1
Joined Joined : 2009-05-01
OS OS : XP
Points Points : 27761
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Help! Malcious Removal programs won't open!!

Post by Belahzur on Fri May 01, 2009 8:09 pm

Hello.
jersey - We ask that normal members do not help in malware removal.
SDFix hasn't been updated in awhile and hasn't gotten the updates to keep up with the latest TDSS rootkit varaint, SDFix only targets the TDSSserv.sys varaint of it.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Help! Malcious Removal programs won't open!!

Post by Tami19 on Sat May 02, 2009 2:24 am

DDS (Ver_09-03-16.01) - NTFSx86
Run by Tami at 12:22:35.28 on Sat 02/05/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1502.752 [GMT 10:00]

AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated)
FW: Outpost Firewall Pro *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\Wacom_Tablet.exe
C:\WINDOWS\system32\WTablet\Wacom_TabletUser.exe
C:\WINDOWS\system32\Wacom_Tablet.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Tami\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = [You must be registered and logged in to see this link.]
uInternet Connection Wizard,ShellNext = iexplore
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft

shared\windows live\WindowsLiveLogin.dll
BHO: FDMIECookiesBHO Class: {cc59e0f9-7e43-44fa-9faa-8377850bf205} - c:\program files\free download manager\iefdmcks.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program

files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [vptray] c:\progra~1\symant~1\VPTray.exe
mRun: [OutpostMonitor] c:\progra~1\agnitum\outpos~1\op_mon.exe /tray /noservice
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [Corel File Shell Monitor] c:\program files\corel\corel paint shop pro photo x2\CorelIOMonitor.exe
dRunOnce: [RunNarrator] Narrator.exe
dRunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe
IE: Download all with Free Download Manager - [You must be registered and logged in to see this link.] files\free download manager\dlall.htm
IE: Download selected with Free Download Manager - [You must be registered and logged in to see this link.] files\free download manager\dlselected.htm
IE: Download with Free Download Manager - [You must be registered and logged in to see this link.] files\free download manager\dllink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {44627E97-789B-40d4-B5C2-58BD171129A1} - {A1A7E22D-1587-4230-8F16-081C68D21448} - c:\program files\agnitum\outpost

firewall pro\ie_bar.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} -

c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - [You must be registered and logged in to see this link.]
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - [You must be registered and logged in to see this link.]
TCP: {9889F1BB-4C46-46D1-85E0-140F6CD0518A} = 192.168.1.1
Notify: NavLogon - c:\windows\system32\NavLogon.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\tami\applic~1\mozilla\firefox\profiles\2xfudmpu.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage -
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npmusicn.dll

============= SERVICES / DRIVERS ===============

R1 SandBox;SandBox;c:\windows\system32\drivers\SandBox.sys [2008-2-23 673920]
R1 SAVRT;SAVRT;c:\program files\symantec antivirus\savrt.sys [2006-9-6 337592]
R1 SAVRTPEL;SAVRTPEL;c:\program files\symantec antivirus\Savrtpel.sys [2006-9-6 54968]
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};c:\program files\cyberlink\powerdvd8\000.fcl

[2008-10-7 61424]
R2 acssrv;Agnitum Client Security Service;c:\progra~1\agnitum\outpos~1\acs.exe [2008-2-23 390984]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2007-5-29 192104]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2007-5-29 169576]
R2 Symantec AntiVirus;Symantec AntiVirus;c:\program files\symantec antivirus\Rtvscan.exe [2007-10-7 1822648]
R2 TabletServiceWacom;TabletServiceWacom;c:\windows\system32\Wacom_Tablet.exe [2009-1-13 3406120]
R3 afw;Agnitum firewall driver;c:\windows\system32\drivers\afw.sys [2008-2-23 30864]
R3 afwcore;afwcore;c:\windows\system32\drivers\afwcore.sys [2008-7-2 234640]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys

[2009-2-26 101936]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20090501.017\naveng.sys [2009-5-2 89104]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20090501.017\navex15.sys [2009-5-2 876144]
S3 7653985d-6789-4a67-8429-fda2724624ac;7653985d-6789-4a67-8429-fda2724624ac;\??\e:\player\cds300.dll -->

e:\player\cds300.dll [?]
S3 ASWFilt;ASWFilt;c:\windows\system32\filt\ASWFilt.dll [2008-2-23 33408]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys -->

c:\windows\system32\drivers\motccgp.sys [?]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2007-9-30 7680]
S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys --> c:\windows\system32\drivers\motodrv.sys [?]
S3 SavRoam;SAVRoam;c:\program files\symantec antivirus\SavRoam.exe [2007-10-7 116664]
S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [2009-1-13 15656]

=============== Created Last 30 ================

2009-05-01 11:58 --dsh--- c:\documents and settings\tami\IETldCache
2009-05-01 11:25 --d----- c:\program files\Trend Micro
2009-05-01 11:16 --d----- c:\windows\ie8updates
2009-05-01 11:16 105,984 -c------ c:\windows\system32\dllcache\iecompat.dll
2009-05-01 11:13 -cd-h--- c:\windows\ie8
2009-04-26 18:43 371 ---shr-- C:\autorun.inf
2009-04-21 22:37 --d----- c:\program files\K-Lite Codec Pack
2009-04-18 10:38 401,408 -c------ c:\windows\system32\dllcache\rpcss.dll
2009-04-18 10:38 110,592 -c------ c:\windows\system32\dllcache\services.exe
2009-04-18 10:38 729,088 -c------ c:\windows\system32\dllcache\lsasrv.dll
2009-04-18 10:38 473,600 -c------ c:\windows\system32\dllcache\fastprox.dll
2009-04-18 10:38 453,120 -c------ c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-18 10:38 714,752 -c------ c:\windows\system32\dllcache\ntdll.dll
2009-04-18 10:38 617,472 -c------ c:\windows\system32\dllcache\advapi32.dll
2009-04-17 14:37 2,560 -------- c:\windows\system32\xpsp4res.dll
2009-04-15 18:08 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
2009-04-15 18:08 0 a---h--- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2009-04-15 18:07 14,640 -------- c:\windows\system32\spmsgXP_2k3.dll
2009-04-14 12:43 88 ---shr-- c:\windows\system32\02C24D1E4E.sys
2009-04-14 12:39 --d----- c:\program files\common files\Corel
2009-04-11 09:14 8,064 a------- c:\windows\system32\drivers\usbser_lowerfltj.sys
2009-04-11 09:14 8,064 a------- c:\windows\system32\drivers\usbser_lowerflt.sys
2009-04-11 09:14 22,016 a------- c:\windows\system32\drivers\ccdcmbo.sys
2009-04-11 09:14 1,112,288 a------- c:\windows\system32\wdfcoinstaller01007.dll
2009-04-11 09:14 659,968 a------- c:\windows\system32\nmwcdcocls.dll
2009-04-11 09:14 17,664 a------- c:\windows\system32\drivers\ccdcmb.sys

==================== Find3M ====================

2009-05-01 11:45 5,330 ac-sh--- c:\windows\system32\KGyGaAvL.sys
2009-03-19 03:08 103,744 a------- c:\windows\system32\drivers\AnyDVD.sys
2009-03-08 04:34 914,944 a------- c:\windows\system32\wininet.dll
2009-03-08 04:34 43,008 a------- c:\windows\system32\licmgr10.dll
2009-03-08 04:33 18,944 a------- c:\windows\system32\corpol.dll
2009-03-08 04:33 420,352 a------- c:\windows\system32\vbscript.dll
2009-03-08 04:32 72,704 a------- c:\windows\system32\admparse.dll
2009-03-08 04:32 71,680 a------- c:\windows\system32\iesetup.dll
2009-03-08 04:31 34,816 a------- c:\windows\system32\imgutil.dll
2009-03-08 04:31 48,128 a------- c:\windows\system32\mshtmler.dll
2009-03-08 04:31 45,568 a------- c:\windows\system32\mshta.exe
2009-03-08 04:22 156,160 a------- c:\windows\system32\msls31.dll
2009-03-07 00:22 284,160 a------- c:\windows\system32\pdh.dll
2009-03-03 04:10 67,584 a------- c:\windows\system32\ff_vfw.dll
2009-02-25 20:59 730,368 ac------ c:\windows\system32\oodsvct.exe
2009-02-25 20:59 1,352,960 a------- c:\windows\system32\oodag.exe
2009-02-25 20:58 2,553,088 ac------ c:\windows\system32\oodtray.exe
2009-02-25 20:57 194,816 ac------ c:\windows\system32\oodbs.exe
2009-02-25 20:53 951,552 ac------ c:\windows\system32\oodtrrs.dll
2009-02-25 20:53 9,984 ac------ c:\windows\system32\oodbsrs.dll
2009-02-25 20:53 8,448 a------- c:\windows\system32\OODAGRS.DLL
2009-02-25 20:52 15,616 ac------ c:\windows\system32\OODAGMG.DLL
2009-02-23 19:03 15,104 ac------ c:\windows\system32\ootmapi.dll
2009-02-17 23:33 89,256 a------- c:\windows\system32\ElbyCDIO.dll
2009-02-09 22:10 729,088 a------- c:\windows\system32\lsasrv.dll
2009-02-09 22:10 714,752 a------- c:\windows\system32\ntdll.dll
2009-02-09 22:10 617,472 a------- c:\windows\system32\advapi32.dll
2009-02-09 22:10 401,408 a------- c:\windows\system32\rpcss.dll
2009-02-09 21:13 1,846,784 a------- c:\windows\system32\win32k.sys
2009-02-06 21:11 110,592 a------- c:\windows\system32\services.exe
2009-02-06 21:06 2,145,280 a------- c:\windows\system32\ntoskrnl.exe
2009-02-06 20:39 35,328 a------- c:\windows\system32\sc.exe
2009-02-06 20:32 2,023,936 a------- c:\windows\system32\ntkrnlpa.exe
2009-02-06 17:52 49,504 a------- c:\windows\system32\sirenacm.dll
2009-02-04 05:59 56,832 a------- c:\windows\system32\secur32.dll
2008-03-23 13:31 47,360 ac------ c:\docume~1\tami\applic~1\pcouffin.sys
2007-07-30 19:51 476,752 ac------ c:\docume~1\alluse~1\applic~1\pswi_preloaded.exe
2007-07-30 19:52 88 -c-shr-- c:\windows\system32\A051BC7CAB.sys
2008-04-24 17:04 32,768 ac-sh--- c:\windows\system32\config\systemprofile\local

settings\history\history.ie5\mshist012008042420080425\index.dat

============= FINISH: 12:23:22.40 ===============

Tami19
Novice
Novice

Posts Posts : 24
Joined Joined : 2008-12-30
OS OS : Windows XP
Points Points : 28998
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Help! Malcious Removal programs won't open!!

Post by Belahzur on Sat May 02, 2009 1:47 pm

1. Please download The Avenger by Swandog46 to your Desktop
Link: [You must be registered and logged in to see this link.] or [You must be registered and logged in to see this link.].

  • Click on Avenger.zip to open the file
  • Extract avenger.exe to your desktop

Note: This tool was posted specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.


2. Now, start The Avenger program by clicking on its icon on your desktop.

  • Leave the script box empty.
  • Leave the ticked box "Scan for rootkit" ticked.
  • Then tick "Disable any rootkits found"
  • Now click on the Execute to begin execution of the script.
  • Answer "Yes" twice when prompted.

    The Avenger will automatically do the following:

  • It will Restart your computer.
  • On reboot, it will briefly open a black command window on your desktop, this is normal.
  • After the restart, it creates a log file that should open with the results of Avengerís actions. This log file will be located at C:\avenger.txt
  • The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
3. Please copy/paste the content of c:\avenger.txt into your reply.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Help! Malcious Removal programs won't open!!

Post by Tami19 on Sun May 03, 2009 3:32 am

I thank you for your help, but I did I full XP clean and run m-bam.exe and followed up with combofix.exe. Everything is fine now. It solved my problem.

Cheers guys

Tami19
Novice
Novice

Posts Posts : 24
Joined Joined : 2008-12-30
OS OS : Windows XP
Points Points : 28998
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum