Malwarebytes' Anti-Malware wont' run after system guard 2009

View previous topic View next topic Go down

Malwarebytes' Anti-Malware wont' run after system guard 2009 detected

Post by ginzu97 on 27th May 2009, 12:22 am

I installed Malwarebytes' Anti-Malware and when i try to run it, the process starts up in task manager but the app never fires off and then eventually the process stops. The PC i am attempting to run it on is infected with the system guard 2009 virus. any help would be much appreciated!! thanks

ginzu97

ginzu97
Novice
Novice

Posts Posts : 13
Joined Joined : 2009-05-26
OS OS : XP
Points Points : 27555
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Malwarebytes' Anti-Malware wont' run after system guard 2009

Post by Belahzur on 29th May 2009, 7:34 pm

Hello.
Sorry for the delay, we've been extremely busy.

If you still need help, post back.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Malwarebytes' Anti-Malware wont' run after system guard 2009

Post by ginzu97 on 30th May 2009, 4:26 pm

yes, thanks..i still need help.

ginzu97
Novice
Novice

Posts Posts : 13
Joined Joined : 2009-05-26
OS OS : XP
Points Points : 27555
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Malwarebytes' Anti-Malware wont' run after system guard 2009

Post by Belahzur on 30th May 2009, 4:36 pm

Hello.
Okay, lets use this.

  • Please download DDS by sUBs to your Desktop (Important!!) from one of these locations:
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]
  • Double click DDS.scr to run.
  • When complete, two logs will open. Save both of the report to your Desktop.
  • Copy and paste DDS.txt back here, I don't need to see attach.txt.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Malwarebytes' Anti-Malware wont' run after system guard 2009

Post by ginzu97 on 30th May 2009, 7:06 pm

here is the dds file info:

DDS (Ver_09-05-14.01) - NTFSx86
Run by Owner at 15:01:51.29 on Sat 05/30/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.447.82 [GMT -4:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\Iexplore.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb11.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe
C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Owner\Application Data\winav.exe
svchost
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Internet Explorer\Iexplore.exe
c:\program files\aol toolbar\AolTbServer.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\AOL\1101359750\EE\aolsoftware.exe
C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe
C:\Documents and Settings\Owner\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = [You must be registered and logged in to see this link.]
uSearch Page = [You must be registered and logged in to see this link.]
uDefault_Page_URL = [You must be registered and logged in to see this link.]
uDefault_Search_URL = [You must be registered and logged in to see this link.]
uWindow Title = Windows Internet Explorer provided by Comcast
mSearch Bar = [You must be registered and logged in to see this link.]
mWindow Title = Windows Internet Explorer provided by Comcast
uInternet Connection Wizard,ShellNext = iexplore
uURLSearchHooks: IAOLTBSearch Class: {ea756889-2338-43db-8f07-d1ca6fb9c90d} - c:\program files\aol toolbar\aoltb.dll
uURLSearchHooks: N/A: {00a6faf6-072e-44cf-8957-5838f569a31d} - c:\program files\mywebsearch\srchastt\1.bin\MWSSRCAS.DLL
mURLSearchHooks: IAOLTBSearch Class: {ea756889-2338-43db-8f07-d1ca6fb9c90d} - c:\program files\aol toolbar\aoltb.dll
BHO: MyWebSearch Search Assistant BHO: {00a6faf1-072e-44cf-8957-5838f569a31d} - c:\program files\mywebsearch\srchastt\1.bin\MWSSRCAS.DLL
BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: mwsBar BHO: {07b18ea1-a523-4961-b6bb-170de4475cca} - c:\program files\mywebsearch\bar\1.bin\MWSBAR.DLL
BHO: : {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
BHO: AOL Toolbar Loader: {7c554162-8cb7-45a4-b8f4-8ea1c75885f9} - c:\program files\aol toolbar\aoltb.dll
TB: HP View: {b2847e28-5d7d-4deb-8b67-05d28bcf79f5} - c:\program files\hp\digital imaging\bin\HPDTLK02.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: My Web Search: {07b18ea9-a523-4961-b6bb-170de4475cca} - c:\program files\mywebsearch\bar\1.bin\MWSBAR.DLL
TB: AOL Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} - c:\program files\aol toolbar\aoltb.dll
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: AIM Search: {40d41a8b-d79b-43d7-99a7-9ee0f344c385} - c:\program files\aim toolbar\AIMBar.dll
TB: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No File
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
EB: &Yahoo! Messenger: {4528bbe0-4e08-11d5-ad55-00010333d0ad} - c:\progra~1\yahoo!\common\yhexbmesus.dll
EB: hp view: {8f4902b6-6c04-4ade-8052-aa58578a21bd} - c:\windows\system32\Shdocvw.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [Yahoo! Pager] c:\program files\yahoo!\messenger\ypager.exe -quiet
uRun: [updateMgr] "c:\program files\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Aim6]
uRun: [MyWebSearch Email Plugin] c:\progra~1\mywebs~1\bar\1.bin\mwsoemon.exe
uRun: [RecordNow!]
uRun: [AVScan] c:\documents and settings\owner\application data\winav.exe
uRun: [system tool] c:\windows\sysguard.exe
mRun: [KBD] c:\hp\kbd\KBD.EXE
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [VTTimer] VTTimer.exe
mRun: [PS2] c:\windows\system32\ps2.exe
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb11.exe
mRun: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
mRun: [HostManager] c:\program files\common files\aol\1101359750\ee\AOLSoftware.exe
mRun: [ctfmon] c:\windows\system32\dlg\ctfmon.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_07\bin\jusched.exe"
mRun: [AOLDialer] c:\program files\common files\aol\acs\AOLDial.exe
mRun: [vptray] c:\progra~1\symant~1\symant~1\vptray.exe
mRun: [ddoctorv2] "c:\program files\comcast\desktop doctor\bin\sprtcmd.exe" /P ddoctorv2
mRun: [MyWebSearch Plugin] rundll32 c:\progra~1\mywebs~1\bar\1.bin\M3PLUGIN.DLL,UPF
mRun: [My Web Search Bar Search Scope Monitor] "c:\progra~1\mywebs~1\bar\1.bin\m3SrchMn.exe" /m=0
mRun: [MyWebSearch Email Plugin] c:\progra~1\mywebs~1\bar\1.bin\mwsoemon.exe
mRun: [UpdateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r
mRun: []
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
uPolicies-system: EnableProfileQuota = 1 (0x1)
IE: &AOL Toolbar Search - c:\documents and settings\all users\application data\aol\ietoolbar\resources\en-us\local\search.html
IE: &Search - [You must be registered and logged in to see this link.]
IE: &Yahoo! Search - [You must be registered and logged in to see this link.] files\yahoo!\Common/ycsrch.htm
IE: Add To HP Organize... - c:\progra~1\hewlet~1\hporga~1\bin\core.hp.main\SendTo.html
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000
IE: Yahoo! &Dictionary - [You must be registered and logged in to see this link.] files\yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - [You must be registered and logged in to see this link.] files\yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - [You must be registered and logged in to see this link.] files\yahoo!\Common/ycsms.htm
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL
DPF: Microsoft XML Parser for Java - [You must be registered and logged in to see this link.]
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - [You must be registered and logged in to see this link.]
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - [You must be registered and logged in to see this link.]
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\yinsthelper.dll
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - [You must be registered and logged in to see this link.]
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - [You must be registered and logged in to see this link.]
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - [You must be registered and logged in to see this link.]
DPF: {9E17A5F9-2B9C-4C66-A592-199A4BA1FBC8} - [You must be registered and logged in to see this link.]
DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - [You must be registered and logged in to see this link.]
DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} - [You must be registered and logged in to see this link.]
DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - [You must be registered and logged in to see this link.]
DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45}
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - [You must be registered and logged in to see this link.]
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - [You must be registered and logged in to see this link.]
Filter: text/html - {93292afb-986b-4fdc-909c-80e9587e4f16} -
Notify: igfxcui - igfxsrvc.dll
Notify: NavLogon - c:\windows\system32\NavLogon.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R2 NAVAPEL;NAVAPEL;c:\program files\symantec_client_security\symantec antivirus\Navapel.sys [2003-5-2 30208]
R2 Norton AntiVirus Server;Symantec AntiVirus Client;c:\progra~1\symant~1\symant~1\Rtvscan.exe [2003-5-21 610304]
R3 NAVAP;NAVAP;c:\progra~1\symant~1\symant~1\NAVAP.sys [2003-5-2 224256]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20090524.003\NAVENG.sys [2009-5-24 89104]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20090524.003\NAVEX15.sys [2009-5-24 876144]
S2 mrtRate;mrtRate; [x]
S2 MyWebSearchService;My Web Search Service;c:\progra~1\mywebs~1\bar\1.bin\mwssvc.exe [2008-6-22 28739]
S2 navapsvc;Norton AntiVirus Auto-Protect Service;"c:\program files\norton internet security\norton antivirus\navapsvc.exe" --> c:\program files\norton internet security\norton antivirus\navapsvc.exe [?]
S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-2-17 24652]
S3 DetectAC2000;DetectAC2000;c:\windows\system32\finepointlib\DetectAC2000.sys [2004-12-7 79029]

=============== Created Last 30 ================

2009-05-25 21:15 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-05-25 21:15 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-25 21:15 --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-05-25 19:27 --d----- c:\program files\Malwarebytes' Anti-Malware
2009-05-25 00:59 13,824 a------- c:\windows\system32\iehelper.dll
2009-05-25 00:49 307,216 a------- c:\windows\sysguard.exe
2009-05-24 23:03 180 a------- c:\docume~1\owner\applic~1\asd.bat
2009-05-24 23:01 28,672 a------- c:\windows\ieocx.dll
2009-05-22 21:04 1,096,704 a------- c:\docume~1\owner\applic~1\winav.exe

==================== Find3M ====================

2009-03-08 04:34 914,944 a------- c:\windows\system32\wininet.dll
2009-03-08 04:34 43,008 a------- c:\windows\system32\licmgr10.dll
2009-03-08 04:33 18,944 a------- c:\windows\system32\corpol.dll
2009-03-08 04:33 420,352 a------- c:\windows\system32\vbscript.dll
2009-03-08 04:32 72,704 a------- c:\windows\system32\admparse.dll
2009-03-08 04:32 71,680 a------- c:\windows\system32\iesetup.dll
2009-03-08 04:31 34,816 a------- c:\windows\system32\imgutil.dll
2009-03-08 04:31 48,128 a------- c:\windows\system32\mshtmler.dll
2009-03-08 04:31 45,568 a------- c:\windows\system32\mshta.exe
2009-03-08 04:22 156,160 a------- c:\windows\system32\msls31.dll
2009-03-06 10:22 284,160 a------- c:\windows\system32\pdh.dll
2005-04-04 21:39 8 ac------ c:\docume~1\owner\applic~1\usb.dat.bin
2008-09-27 00:14 32,768 ac-sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008092720080928\index.dat

============= FINISH: 15:03:44.82 ===============

ginzu97
Novice
Novice

Posts Posts : 13
Joined Joined : 2009-05-26
OS OS : XP
Points Points : 27555
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Malwarebytes' Anti-Malware wont' run after system guard 2009

Post by Origin on 30th May 2009, 7:16 pm

1. If you are using Firefox, make sure that your download settings are as follows:

* Tools->Options->Main tab
* Set to "Always ask me where to Save the files".

2. During the download, rename Combofix to Combo-Fix as follows:





3. It is important you rename Combofix during the download, but not after.
4. Please do not rename Combofix to other names, but only to the one indicated.
5. Close any open browsers.
6. We need to disable your local AV (Anti-virus) before running Combofix.
See [You must be registered and logged in to see this link.] for how to disable your AV..

  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***
  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


While my help is always free, please consider donating to keep this site alive: [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Origin
Master
Master

Posts Posts : 2685
Joined Joined : 2009-05-05
Gender Gender : Male
OS OS : Windows Xp Sp3
Points Points : 31513
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Malwarebytes' Anti-Malware wont' run after system guard 2009

Post by ginzu97 on 30th May 2009, 11:22 pm

here is the first half of the log as the website tells me it's too big to post at once:

ComboFix 09-05-30.03 - Owner 05/30/2009 19:03.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.447.196 [GMT -4:00]
Running from: c:\documents and settings\Owner\Desktop\Combo-Fix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Owner\Application Data\FunWebProducts
c:\program files\FunWebProducts
c:\program files\FunWebProducts\ScreenSaver\Images\06F9EDEF.urr
c:\program files\FunWebProducts\Shared\Cache\AvatarSmallBtn.html
c:\program files\FunWebProducts\Shared\Cache\CursorManiaBtn.html
c:\program files\FunWebProducts\Shared\Cache\FunBuddyIconBtn.html
c:\program files\FunWebProducts\Shared\Cache\MailStampBtn.html
c:\program files\FunWebProducts\Shared\Cache\MyFunCardsIMBtn.html
c:\program files\FunWebProducts\Shared\Cache\MyStationeryBtn.html
c:\program files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html
c:\program files\Internet Explorer\msimg32.dll
c:\program files\MyWebSearch
c:\program files\MyWebSearch\bar\1.bin\F3BKGERR.JPG
c:\program files\MyWebSearch\bar\1.bin\F3CJPEG.DLL
c:\program files\MyWebSearch\bar\1.bin\F3DTACTL.DLL
c:\program files\MyWebSearch\bar\1.bin\F3HISTSW.DLL
c:\program files\MyWebSearch\bar\1.bin\F3HTMLMU.DLL
c:\program files\MyWebSearch\bar\1.bin\F3HTTPCT.DLL
c:\program files\MyWebSearch\bar\1.bin\F3IMSTUB.DLL
c:\program files\MyWebSearch\bar\1.bin\F3POPSWT.DLL
c:\program files\MyWebSearch\bar\1.bin\F3PSSAVR.SCR
c:\program files\MyWebSearch\bar\1.bin\F3REPROX.DLL
c:\program files\MyWebSearch\bar\1.bin\F3RESTUB.DLL
c:\program files\MyWebSearch\bar\1.bin\F3SCHMON.EXE
c:\program files\MyWebSearch\bar\1.bin\F3SCRCTR.DLL
c:\program files\MyWebSearch\bar\1.bin\F3SPACER.WMV
c:\program files\MyWebSearch\bar\1.bin\F3WALLPP.DAT
c:\program files\MyWebSearch\bar\1.bin\F3WPHOOK.DLL
c:\program files\MyWebSearch\bar\1.bin\FWPBUDDY.PNG
c:\program files\MyWebSearch\bar\1.bin\M3FFXTBR.JAR
c:\program files\MyWebSearch\bar\1.bin\M3FFXTBR.MANIFEST
c:\program files\MyWebSearch\bar\1.bin\M3HIGHIN.EXE
c:\program files\MyWebSearch\bar\1.bin\M3HTML.DLL
c:\program files\MyWebSearch\bar\1.bin\M3IDLE.DLL
c:\program files\MyWebSearch\bar\1.bin\M3IMPIPE.EXE
c:\program files\MyWebSearch\bar\1.bin\M3MEDINT.EXE
c:\program files\MyWebSearch\bar\1.bin\M3MSG.DLL
c:\program files\MyWebSearch\bar\1.bin\M3NTSTBR.JAR
c:\program files\MyWebSearch\bar\1.bin\M3NTSTBR.MANIFEST
c:\program files\MyWebSearch\bar\1.bin\M3OUTLCN.DLL
c:\program files\MyWebSearch\bar\1.bin\M3PLUGIN.DLL
c:\program files\MyWebSearch\bar\1.bin\M3SKIN.DLL
c:\program files\MyWebSearch\bar\1.bin\M3SKPLAY.EXE
c:\program files\MyWebSearch\bar\1.bin\M3SLSRCH.EXE
c:\program files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE
c:\program files\MyWebSearch\bar\1.bin\MWSBAR.DLL
c:\program files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
c:\program files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL
c:\program files\MyWebSearch\bar\1.bin\MWSOESTB.DLL
c:\program files\MyWebSearch\bar\1.bin\MWSSVC.EXE
c:\program files\MyWebSearch\bar\1.bin\NPMYWEBS.DLL
c:\program files\MyWebSearch\bar\Avatar\COMMON.F3S
c:\program files\MyWebSearch\bar\Cache\06F9B1C1
c:\program files\MyWebSearch\bar\Cache\06F9B461
c:\program files\MyWebSearch\bar\Cache\06F9B54B.bin
c:\program files\MyWebSearch\bar\Cache\06F9B626.bin
c:\program files\MyWebSearch\bar\Cache\06F9B720.bin
c:\program files\MyWebSearch\bar\Cache\06F9B878.bin
c:\program files\MyWebSearch\bar\Cache\06F9B9EF.bin
c:\program files\MyWebSearch\bar\Cache\06F9D5B4.bin
c:\program files\MyWebSearch\bar\Cache\06F9D7A8.bin
c:\program files\MyWebSearch\bar\Cache\06F9D92F.bin
c:\program files\MyWebSearch\bar\Cache\06F9E6DB.bin
c:\program files\MyWebSearch\bar\Cache\06F9E823.bin
c:\program files\MyWebSearch\bar\Cache\06F9F4C5
c:\program files\MyWebSearch\bar\Cache\083F858F.bin
c:\program files\MyWebSearch\bar\Cache\083F8716.bin
c:\program files\MyWebSearch\bar\Cache\083F888D.bin
c:\program files\MyWebSearch\bar\Cache\083F8B5B
c:\program files\MyWebSearch\bar\Cache\08A9DEF6
c:\program files\MyWebSearch\bar\Cache\0B1256B2.bin
c:\program files\MyWebSearch\bar\Cache\0B1257BC.bin
c:\program files\MyWebSearch\bar\Cache\0B125971.bin
c:\program files\MyWebSearch\bar\Cache\files.ini
c:\program files\MyWebSearch\bar\Game\CHECKERS.F3S
c:\program files\MyWebSearch\bar\Game\CHESS.F3S
c:\program files\MyWebSearch\bar\Game\REVERSI.F3S
c:\program files\MyWebSearch\bar\History\search3
c:\program files\MyWebSearch\bar\icons\CM.ICO
c:\program files\MyWebSearch\bar\icons\MFC.ICO
c:\program files\MyWebSearch\bar\icons\PSS.ICO
c:\program files\MyWebSearch\bar\icons\SMILEY.ICO
c:\program files\MyWebSearch\bar\icons\WB.ICO
c:\program files\MyWebSearch\bar\icons\ZWINKY.ICO
c:\program files\MyWebSearch\bar\Message\COMMON.F3S
c:\program files\MyWebSearch\bar\Notifier\COMMON.F3S
c:\program files\MyWebSearch\bar\Notifier\DOG.F3S
c:\program files\MyWebSearch\bar\Notifier\FISH.F3S
c:\program files\MyWebSearch\bar\Notifier\KUNGFU.F3S
c:\program files\MyWebSearch\bar\Notifier\LIFEGARD.F3S
c:\program files\MyWebSearch\bar\Notifier\MAID.F3S
c:\program files\MyWebSearch\bar\Notifier\MAILBOX.F3S
c:\program files\MyWebSearch\bar\Notifier\OPERA.F3S
c:\program files\MyWebSearch\bar\Notifier\ROBOT.F3S
c:\program files\MyWebSearch\bar\Notifier\SEDUCT.F3S
c:\program files\MyWebSearch\bar\Notifier\SURFER.F3S
c:\program files\MyWebSearch\bar\Settings\prevcfg2.htm
c:\program files\MyWebSearch\bar\Settings\s_pid.dat
c:\program files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
c:\windows\ieocx.dll
c:\windows\sysguard.exe
c:\windows\system32\drivers\UACtfndenpavmdyuyy.sys
c:\windows\system32\f3PSSavr.scr
c:\windows\system32\iehelper.dll
c:\windows\system32\installer.exe
c:\windows\system32\UACcdxdomkapvptskc.dat
c:\windows\system32\UACdakunncttoafyfo.dll
c:\windows\system32\UACgwyjkswseohhybd.log
c:\windows\system32\uacinit.dll
c:\windows\system32\UACjrwrijutmlvkxsk.log
c:\windows\system32\UACnogjdcjdtpqnkly.dll
c:\windows\system32\UACukbirtgjnfhdpsx.dll
c:\windows\system32\UACvblprqjeebeqtng.dll
c:\windows\system32\UACyxflhtsbrpjtvro.dll
c:\windows\system32\UACyyoycwnedarehmq.log
c:\windows\system32\wbem\proquota.exe
D:\Autorun.inf
D:\Desktop.ini

ginzu97
Novice
Novice

Posts Posts : 13
Joined Joined : 2009-05-26
OS OS : XP
Points Points : 27555
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Malwarebytes' Anti-Malware wont' run after system guard 2009

Post by ginzu97 on 30th May 2009, 11:23 pm

here is the second part of the log:

c:\windows\system32\proquota.exe was missing
Restored copy from - c:\windows\$NtServicePackUninstall$\proquota.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_UACd.sys
-------\Legacy_MYWEBSEARCHSERVICE
-------\Service_MyWebSearchService


((((((((((((((((((((((((( Files Created from 2009-04-28 to 2009-05-30 )))))))))))))))))))))))))))))))
.

2009-05-30 23:07 . 2004-08-04 07:56 50176 -c--a-w c:\windows\system32\dllcache\proquota.exe
2009-05-30 23:07 . 2004-08-04 07:56 50176 ----a-w c:\windows\system32\proquota.exe
2009-05-26 01:15 . 2009-04-06 19:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-05-26 01:15 . 2009-04-06 19:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-26 01:15 . 2009-05-26 01:15 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-05-25 23:27 . 2009-05-26 01:15 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-05-25 03:03 . 2009-05-25 03:03 -------- d-sh--w c:\windows\system32\config\systemprofile\IETldCache
2009-05-25 03:03 . 2009-05-25 03:03 180 ----a-w c:\documents and settings\Owner\Application Data\asd.bat
2009-05-23 01:04 . 2009-05-23 01:04 1096704 ----a-w c:\documents and settings\Owner\Application Data\winav.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-27 01:03 . 2004-08-15 03:56 -------- d-----w c:\documents and settings\All Users\Application Data\AOL
2009-03-08 08:34 . 2004-08-24 00:32 914944 ----a-w c:\windows\system32\wininet.dll
2009-03-08 08:34 . 2004-05-20 17:52 43008 ----a-w c:\windows\system32\licmgr10.dll
2009-03-08 08:33 . 2004-05-20 17:51 18944 ----a-w c:\windows\system32\corpol.dll
2009-03-08 08:33 . 2004-05-20 17:33 420352 ----a-w c:\windows\system32\vbscript.dll
2009-03-08 08:32 . 2004-05-20 17:50 72704 ----a-w c:\windows\system32\admparse.dll
2009-03-08 08:32 . 2004-05-20 17:52 71680 ----a-w c:\windows\system32\iesetup.dll
2009-03-08 08:31 . 2004-05-20 17:52 34816 ----a-w c:\windows\system32\imgutil.dll
2009-03-08 08:31 . 2004-05-20 17:52 48128 ----a-w c:\windows\system32\mshtmler.dll
2009-03-08 08:31 . 2004-05-20 17:52 45568 ----a-w c:\windows\system32\mshta.exe
2009-03-08 08:22 . 2004-05-20 17:52 156160 ----a-w c:\windows\system32\msls31.dll
2009-03-06 14:22 . 2004-05-20 17:32 284160 ----a-w c:\windows\system32\pdh.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\ypager.exe" [2005-12-08 3096576]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2005-10-24 307200]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"AVScan"="c:\documents and settings\Owner\Application Data\winav.exe" [2009-05-23 1096704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X]
"KBD"="c:\hp\KBD\KBD.EXE" [2003-02-12 61440]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2004-04-14 233472]
"PS2"="c:\windows\system32\ps2.exe" [2002-10-16 81920]
"HPDJ Taskbar Utility"="c:\windows\System32\spool\drivers\w32x86\3\hpztsb11.exe" [2004-04-06 172032]
"HostManager"="c:\program files\Common Files\AOL\1101359750\ee\AOLSoftware.exe" [2008-11-06 41264]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"AOLDialer"="c:\program files\Common Files\AOL\ACS\AOLDial.exe" [2006-10-23 71216]
"vptray"="c:\progra~1\SYMANT~1\SYMANT~1\vptray.exe" [2003-05-21 90112]
"ddoctorv2"="c:\program files\Comcast\Desktop Doctor\bin\sprtcmd.exe" [2008-04-24 202560]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592]
"VTTimer"="VTTimer.exe" - c:\windows\system32\VTTimer.exe [2004-10-22 53248]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-24 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"HostManager"=c:\program files\Common Files\AOL\1101359750\EE\AOLHostManager.exe
"AOLDialer"=c:\program files\Common Files\AOL\ACS\AOLDial.exe
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\America Online 9.0a\\waol.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Common Files\\AOL\\1101359750\\EE\\AOLServiceHost.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\AOL\\1101359750\\EE\\aolsoftware.exe"=
"c:\\Program Files\\Common Files\\AOL\\1101359750\\EE\\aim6.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"=
"c:\\Program Files\\AOL 9.5\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=

R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2/17/2008 9:13 PM 24652]
S2 mrtRate;mrtRate; [x]
S3 DetectAC2000;DetectAC2000;c:\windows\system32\FinePointLib\DetectAC2000.sys [12/7/2004 7:25 PM 79029]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - ATWPKT2
*Deregistered* - ATWPKT2

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-05-30 c:\windows\Tasks\HP Usg Daily FY04.job
- c:\program files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\pexpress\hphped06.exe [2004-06-07 04:53]
.
- - - - ORPHANS REMOVED - - - -

BHO-{00A6FAF1-072E-44cf-8957-5838F569A31D} - c:\program files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
BHO-{07B18EA1-A523-4961-B6BB-170DE4475CCA} - c:\program files\MyWebSearch\bar\1.bin\MWSBAR.DLL
HKCU-Run-Aim6 - (no file)
HKCU-Run-RecordNow! - (no file)
HKLM-Run-MyWebSearch Plugin - c:\progra~1\MYWEBS~1\bar\1.bin\M3PLUGIN.DLL
HKLM-Run-My Web Search Bar Search Scope Monitor - c:\progra~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe
SafeBoot-procexp90.Sys


.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uDefault_Search_URL = [You must be registered and logged in to see this link.]
mSearch Bar = [You must be registered and logged in to see this link.]
mWindow Title = Windows Internet Explorer provided by Comcast
uInternet Connection Wizard,ShellNext = iexplore
IE: &AOL Toolbar Search - c:\documents and settings\All Users\Application Data\AOL\ieToolbar\resources\en-US\local\search.html
IE: &Search - [You must be registered and logged in to see this link.]
IE: &Yahoo! Search - [You must be registered and logged in to see this link.] files\Yahoo!\Common/ycsrch.htm
IE: Add To HP Organize... - c:\progra~1\HEWLET~1\HPORGA~1\bin\core.hp.main\SendTo.html
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
IE: Yahoo! &Dictionary - [You must be registered and logged in to see this link.] files\Yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - [You must be registered and logged in to see this link.] files\Yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - [You must be registered and logged in to see this link.] files\Yahoo!\Common/ycsms.htm
DPF: Microsoft XML Parser for Java - [You must be registered and logged in to see this link.]
DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45}
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - [You must be registered and logged in to see this link.]
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2009-05-30 19:11
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2376)
c:\windows\system32\ieframe.dll
c:\windows\system32\OneX.DLL
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Common Files\aolshare\aolshcpy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\AOL\ACS\AOLacsd.exe
c:\program files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
c:\progra~1\SYMANT~1\SYMANT~1\DefWatch.exe
c:\program files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
c:\progra~1\SYMANT~1\SYMANT~1\Rtvscan.exe
c:\program files\Comcast\Desktop Doctor\bin\sprtsvc.exe
c:\program files\Yahoo!\Messenger\Ymsgr_tray.exe
c:\windows\wanmpsvc.exe
c:\program files\Java\jre1.6.0_07\bin\jucheck.exe
.
**************************************************************************
.
Completion time: 2009-05-30 19:16 - machine was rebooted
ComboFix-quarantined-files.txt 2009-05-30 23:16

Pre-Run: 106,948,726,784 bytes free
Post-Run: 106,994,704,384 bytes free

293 --- E O F --- 2009-05-13 07:02

ginzu97
Novice
Novice

Posts Posts : 13
Joined Joined : 2009-05-26
OS OS : XP
Points Points : 27555
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Malwarebytes' Anti-Malware wont' run after system guard 2009

Post by Belahzur on 30th May 2009, 11:28 pm

Hello.

I see that you are running Limewire.
P2P(Peer to peer) applications are designed to help you easily share and distribute files between you and a group of people. But they can also be used to distribute malware, and thus are not considered safe.
The removal of these programs is optional, but highly recommended.

If Limewire is not removed, then I won't help you.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs if present.

  • Limewire
  • Java 6 Update 7
  • Viewpoint Manager (remove only)
  • Viewpoint Media Player
  • Viewpoint Toolbar

Now open a new notepad file.
Input this into the notepad file:

KILLALL::

Driver::
mrtRate

File::
c:\documents and settings\Owner\Application Data\winav.exe
c:\documents and settings\Owner\Application Data\asd.bat

Folder::
c:\program files\Viewpoint
c:\Program Files\LimeWire

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVScan"=-
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=-
"UpdatesDisableNotify"=-
"AntiVirusOverride"=-
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\LimeWire\\LimeWire.exe"=-

Save this as CFScript.txt, save it to your desktop also.
Then drag and drop CFScript.txt into combofix as seen below:


This will open combofix again, agree to it's terms and allow it to run.
It may want to reboot after it's done. (It will warn you if it wants to)
Post the resulting log back here.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Malwarebytes' Anti-Malware wont' run after system guard 2009

Post by ginzu97 on 31st May 2009, 12:31 am

here is the log...did this fix it? the malware seems to be gone i think?

ComboFix 09-05-30.03 - Owner 05/30/2009 20:16.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.447.148 [GMT -4:00]
Running from: c:\documents and settings\Owner\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt

FILE ::
"c:\documents and settings\Owner\Application Data\asd.bat"
"c:\documents and settings\Owner\Application Data\winav.exe"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Owner\Application Data\asd.bat
c:\documents and settings\Owner\Application Data\winav.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_mrtRate


((((((((((((((((((((((((( Files Created from 2009-04-28 to 2009-05-31 )))))))))))))))))))))))))))))))
.

2009-05-30 23:07 . 2004-08-04 07:56 50176 -c--a-w c:\windows\system32\dllcache\proquota.exe
2009-05-30 23:07 . 2004-08-04 07:56 50176 ----a-w c:\windows\system32\proquota.exe
2009-05-26 01:15 . 2009-04-06 19:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-05-26 01:15 . 2009-04-06 19:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-26 01:15 . 2009-05-26 01:15 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-05-25 23:27 . 2009-05-26 01:15 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-05-25 03:03 . 2009-05-25 03:03 -------- d-sh--w c:\windows\system32\config\systemprofile\IETldCache

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-31 00:12 . 2004-08-15 03:57 -------- d-----w c:\documents and settings\All Users\Application Data\Viewpoint
2009-05-31 00:10 . 2004-04-01 07:28 -------- d-----w c:\program files\Java
2009-04-27 01:03 . 2004-08-15 03:56 -------- d-----w c:\documents and settings\All Users\Application Data\AOL
2009-03-08 08:34 . 2004-08-24 00:32 914944 ----a-w c:\windows\system32\wininet.dll
2009-03-08 08:34 . 2004-05-20 17:52 43008 ----a-w c:\windows\system32\licmgr10.dll
2009-03-08 08:33 . 2004-05-20 17:51 18944 ----a-w c:\windows\system32\corpol.dll
2009-03-08 08:33 . 2004-05-20 17:33 420352 ----a-w c:\windows\system32\vbscript.dll
2009-03-08 08:32 . 2004-05-20 17:50 72704 ----a-w c:\windows\system32\admparse.dll
2009-03-08 08:32 . 2004-05-20 17:52 71680 ----a-w c:\windows\system32\iesetup.dll
2009-03-08 08:31 . 2004-05-20 17:52 34816 ----a-w c:\windows\system32\imgutil.dll
2009-03-08 08:31 . 2004-05-20 17:52 48128 ----a-w c:\windows\system32\mshtmler.dll
2009-03-08 08:31 . 2004-05-20 17:52 45568 ----a-w c:\windows\system32\mshta.exe
2009-03-08 08:22 . 2004-05-20 17:52 156160 ----a-w c:\windows\system32\msls31.dll
2009-03-06 14:22 . 2004-05-20 17:32 284160 ----a-w c:\windows\system32\pdh.dll
.

((((((((((((((((((((((((((((( [You must be registered and logged in to see this link.] )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-09-26 23:40 . 2007-09-25 04:31 139264 c:\windows\system32\javaws.exe
- 2008-09-26 23:40 . 2008-06-10 06:32 139264 c:\windows\system32\javaws.exe
+ 2008-09-26 23:40 . 2007-09-25 03:30 135168 c:\windows\system32\javaw.exe
- 2008-09-26 23:40 . 2008-06-10 05:21 135168 c:\windows\system32\javaw.exe
+ 2008-09-26 23:40 . 2007-09-25 03:30 135168 c:\windows\system32\java.exe
- 2008-09-26 23:40 . 2008-06-10 05:21 135168 c:\windows\system32\java.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\ypager.exe" [2005-12-08 3096576]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2005-10-24 307200]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X]
"KBD"="c:\hp\KBD\KBD.EXE" [2003-02-12 61440]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2004-04-14 233472]
"PS2"="c:\windows\system32\ps2.exe" [2002-10-16 81920]
"HPDJ Taskbar Utility"="c:\windows\System32\spool\drivers\w32x86\3\hpztsb11.exe" [2004-04-06 172032]
"HostManager"="c:\program files\Common Files\AOL\1101359750\ee\AOLSoftware.exe" [2008-11-06 41264]
"AOLDialer"="c:\program files\Common Files\AOL\ACS\AOLDial.exe" [2006-10-23 71216]
"vptray"="c:\progra~1\SYMANT~1\SYMANT~1\vptray.exe" [2003-05-21 90112]
"ddoctorv2"="c:\program files\Comcast\Desktop Doctor\bin\sprtcmd.exe" [2008-04-24 202560]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 132496]
"VTTimer"="VTTimer.exe" - c:\windows\system32\VTTimer.exe [2004-10-22 53248]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-24 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"HostManager"=c:\program files\Common Files\AOL\1101359750\EE\AOLHostManager.exe
"AOLDialer"=c:\program files\Common Files\AOL\ACS\AOLDial.exe
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\America Online 9.0a\\waol.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Common Files\\AOL\\1101359750\\EE\\AOLServiceHost.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\AOL\\1101359750\\EE\\aolsoftware.exe"=
"c:\\Program Files\\Common Files\\AOL\\1101359750\\EE\\aim6.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"=
"c:\\Program Files\\AOL 9.5\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=

S3 DetectAC2000;DetectAC2000;c:\windows\system32\FinePointLib\DetectAC2000.sys [12/7/2004 7:25 PM 79029]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - ATWPKT2
*Deregistered* - ATWPKT2
*Deregistered* - Netman
*Deregistered* - Nla
*Deregistered* - Norton AntiVirus Server
*Deregistered* - PolicyAgent
*Deregistered* - ProtectedStorage
*Deregistered* - RasAuto
*Deregistered* - RasMan
*Deregistered* - RpcSs
*Deregistered* - SamSs
*Deregistered* - Schedule
*Deregistered* - seclogon
*Deregistered* - SENS
*Deregistered* - SharedAccess
*Deregistered* - ShellHWDetection
*Deregistered* - Spooler
*Deregistered* - sprtsvc_ddoctorv2
*Deregistered* - srservice
*Deregistered* - SSDPSRV
*Deregistered* - stisvc
*Deregistered* - TapiSrv
*Deregistered* - TermService
*Deregistered* - Themes
*Deregistered* - TrkWks
*Deregistered* - W32Time
*Deregistered* - WANMiniportService
*Deregistered* - WebClient
*Deregistered* - winmgmt
*Deregistered* - wscsvc
*Deregistered* - wuauserv
*Deregistered* - WZCSVC

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-05-30 c:\windows\Tasks\HP Usg Daily FY04.job
- c:\program files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\pexpress\hphped06.exe [2004-06-07 04:53]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uDefault_Search_URL = [You must be registered and logged in to see this link.]
mSearch Bar = [You must be registered and logged in to see this link.]
mWindow Title = Windows Internet Explorer provided by Comcast
uInternet Connection Wizard,ShellNext = iexplore
IE: &AOL Toolbar Search - c:\documents and settings\All Users\Application Data\AOL\ieToolbar\resources\en-US\local\search.html
IE: &Search - [You must be registered and logged in to see this link.]
IE: &Yahoo! Search - [You must be registered and logged in to see this link.] files\Yahoo!\Common/ycsrch.htm
IE: Add To HP Organize... - c:\progra~1\HEWLET~1\HPORGA~1\bin\core.hp.main\SendTo.html
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
IE: Yahoo! &Dictionary - [You must be registered and logged in to see this link.] files\Yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - [You must be registered and logged in to see this link.] files\Yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - [You must be registered and logged in to see this link.] files\Yahoo!\Common/ycsms.htm
DPF: Microsoft XML Parser for Java - [You must be registered and logged in to see this link.]
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2009-05-30 20:22
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(380)
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\OneX.DLL
c:\windows\system32\eappprxy.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Common Files\aolshare\aolshcpy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\Microsoft Office\OFFICE11\msohev.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\AOL\ACS\AOLacsd.exe
c:\program files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
c:\progra~1\SYMANT~1\SYMANT~1\DefWatch.exe
c:\program files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
c:\progra~1\SYMANT~1\SYMANT~1\Rtvscan.exe
c:\program files\Comcast\Desktop Doctor\bin\sprtsvc.exe
c:\windows\wanmpsvc.exe
c:\program files\Yahoo!\Messenger\Ymsgr_tray.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-05-31 20:29 - machine was rebooted
ComboFix-quarantined-files.txt 2009-05-31 00:29
ComboFix2.txt 2009-05-30 23:16

Pre-Run: 107,028,312,064 bytes free
Post-Run: 107,022,991,360 bytes free

200 --- E O F --- 2009-05-13 07:02

ginzu97
Novice
Novice

Posts Posts : 13
Joined Joined : 2009-05-26
OS OS : XP
Points Points : 27555
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Malwarebytes' Anti-Malware wont' run after system guard 2009

Post by Belahzur on 31st May 2009, 12:37 am

Hello.
Nearly gone, post a new Hijack This log now.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Malwarebytes' Anti-Malware wont' run after system guard 2009

Post by ginzu97 on 31st May 2009, 12:53 am

how do i post a new Hijack This Log? which part was that?

ginzu97
Novice
Novice

Posts Posts : 13
Joined Joined : 2009-05-26
OS OS : XP
Points Points : 27555
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Malwarebytes' Anti-Malware wont' run after system guard 2009

Post by Belahzur on 31st May 2009, 12:55 am

Hello.
My bad, just realized we didn't use it.

Do you still have attach.txt from DDS? if so, post that.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Malwarebytes' Anti-Malware wont' run after system guard 2009

Post by ginzu97 on 31st May 2009, 12:59 am

should i re-run dds i assume?

ginzu97
Novice
Novice

Posts Posts : 13
Joined Joined : 2009-05-26
OS OS : XP
Points Points : 27555
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Malwarebytes' Anti-Malware wont' run after system guard 2009

Post by Belahzur on 31st May 2009, 12:59 am

If you don't have it, then yes.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Malwarebytes' Anti-Malware wont' run after system guard 2009

Post by ginzu97 on 31st May 2009, 1:05 am

here you go

DDS (Ver_09-05-14.01) - NTFSx86
Run by Owner at 21:04:18.46 on Sat 05/30/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.447.50 [GMT -4:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\wanmpsvc.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb11.exe
C:\Program Files\Common Files\AOL\1101359750\ee\AOLSoftware.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
c:\program files\aol toolbar\AolTbServer.exe
C:\Documents and Settings\Owner\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = [You must be registered and logged in to see this link.]
uDefault_Search_URL = [You must be registered and logged in to see this link.]
mSearch Bar = [You must be registered and logged in to see this link.]
mWindow Title = Windows Internet Explorer provided by Comcast
uInternet Connection Wizard,ShellNext = iexplore
mURLSearchHooks: H - No File
BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: : {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_03\bin\ssv.dll
BHO: AOL Toolbar Loader: {7c554162-8cb7-45a4-b8f4-8ea1c75885f9} - c:\program files\aol toolbar\aoltb.dll
TB: HP View: {b2847e28-5d7d-4deb-8b67-05d28bcf79f5} - c:\program files\hp\digital imaging\bin\HPDTLK02.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: AOL Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} - c:\program files\aol toolbar\aoltb.dll
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: AIM Search: {40d41a8b-d79b-43d7-99a7-9ee0f344c385} - c:\program files\aim toolbar\AIMBar.dll
TB: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No File
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
EB: &Yahoo! Messenger: {4528bbe0-4e08-11d5-ad55-00010333d0ad} - c:\progra~1\yahoo!\common\yhexbmesus.dll
EB: hp view: {8f4902b6-6c04-4ade-8052-aa58578a21bd} - c:\windows\system32\Shdocvw.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [Yahoo! Pager] c:\program files\yahoo!\messenger\ypager.exe -quiet
uRun: [updateMgr] "c:\program files\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [KBD] c:\hp\kbd\KBD.EXE
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [VTTimer] VTTimer.exe
mRun: [PS2] c:\windows\system32\ps2.exe
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb11.exe
mRun: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
mRun: [HostManager] c:\program files\common files\aol\1101359750\ee\AOLSoftware.exe
mRun: [AOLDialer] c:\program files\common files\aol\acs\AOLDial.exe
mRun: [vptray] c:\progra~1\symant~1\symant~1\vptray.exe
mRun: [ddoctorv2] "c:\program files\comcast\desktop doctor\bin\sprtcmd.exe" /P ddoctorv2
mRun: [UpdateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_03\bin\jusched.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
IE: &AOL Toolbar Search - c:\documents and settings\all users\application data\aol\ietoolbar\resources\en-us\local\search.html
IE: &Search - [You must be registered and logged in to see this link.]
IE: &Yahoo! Search - [You must be registered and logged in to see this link.] files\yahoo!\Common/ycsrch.htm
IE: Add To HP Organize... - c:\progra~1\hewlet~1\hporga~1\bin\core.hp.main\SendTo.html
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000
IE: Yahoo! &Dictionary - [You must be registered and logged in to see this link.] files\yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - [You must be registered and logged in to see this link.] files\yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - [You must be registered and logged in to see this link.] files\yahoo!\Common/ycsms.htm
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_03\bin\ssv.dll
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL
DPF: Microsoft XML Parser for Java - [You must be registered and logged in to see this link.]
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - [You must be registered and logged in to see this link.]
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - [You must be registered and logged in to see this link.]
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\yinsthelper.dll
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - [You must be registered and logged in to see this link.]
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - [You must be registered and logged in to see this link.]
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - [You must be registered and logged in to see this link.]
DPF: {9E17A5F9-2B9C-4C66-A592-199A4BA1FBC8} - [You must be registered and logged in to see this link.]
DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - [You must be registered and logged in to see this link.]
DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} - [You must be registered and logged in to see this link.]
DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - [You must be registered and logged in to see this link.]
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - [You must be registered and logged in to see this link.]
Notify: igfxcui - igfxsrvc.dll
Notify: NavLogon - c:\windows\system32\NavLogon.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R2 NAVAPEL;NAVAPEL;c:\program files\symantec_client_security\symantec antivirus\Navapel.sys [2003-5-2 30208]
R2 Norton AntiVirus Server;Symantec AntiVirus Client;c:\progra~1\symant~1\symant~1\Rtvscan.exe [2003-5-21 610304]
R3 NAVAP;NAVAP;c:\progra~1\symant~1\symant~1\NAVAP.sys [2003-5-2 224256]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20090524.003\NAVENG.sys [2009-5-24 89104]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20090524.003\NAVEX15.sys [2009-5-24 876144]
S2 navapsvc;Norton AntiVirus Auto-Protect Service;"c:\program files\norton internet security\norton antivirus\navapsvc.exe" --> c:\program files\norton internet security\norton antivirus\navapsvc.exe [?]
S3 DetectAC2000;DetectAC2000;c:\windows\system32\finepointlib\DetectAC2000.sys [2004-12-7 79029]

=============== Created Last 30 ================

2009-05-30 19:07 50,176 ac------ c:\windows\system32\dllcache\proquota.exe
2009-05-30 19:07 50,176 a------- c:\windows\system32\proquota.exe
2009-05-30 18:41 161,792 a------- c:\windows\SWREG.exe
2009-05-30 18:41 154,624 a------- c:\windows\PEV.exe
2009-05-30 18:41 98,816 a------- c:\windows\sed.exe
2009-05-25 21:15 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-05-25 21:15 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-25 21:15 --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-05-25 19:27 --d----- c:\program files\Malwarebytes' Anti-Malware

==================== Find3M ====================

2009-03-08 04:34 914,944 a------- c:\windows\system32\wininet.dll
2009-03-08 04:34 43,008 a------- c:\windows\system32\licmgr10.dll
2009-03-08 04:33 18,944 a------- c:\windows\system32\corpol.dll
2009-03-08 04:33 420,352 a------- c:\windows\system32\vbscript.dll
2009-03-08 04:32 72,704 a------- c:\windows\system32\admparse.dll
2009-03-08 04:32 71,680 a------- c:\windows\system32\iesetup.dll
2009-03-08 04:31 34,816 a------- c:\windows\system32\imgutil.dll
2009-03-08 04:31 48,128 a------- c:\windows\system32\mshtmler.dll
2009-03-08 04:31 45,568 a------- c:\windows\system32\mshta.exe
2009-03-08 04:22 156,160 a------- c:\windows\system32\msls31.dll
2009-03-06 10:22 284,160 a------- c:\windows\system32\pdh.dll
2005-04-04 21:39 8 ac------ c:\docume~1\owner\applic~1\usb.dat.bin
2008-09-27 00:14 32,768 ac-sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008092720080928\index.dat

============= FINISH: 21:04:47.85 ===============

ginzu97
Novice
Novice

Posts Posts : 13
Joined Joined : 2009-05-26
OS OS : XP
Points Points : 27555
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Malwarebytes' Anti-Malware wont' run after system guard 2009

Post by Belahzur on 31st May 2009, 1:19 am

That's DDS.txt, I want to see attach.txt


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Malwarebytes' Anti-Malware wont' run after system guard 2009

Post by ginzu97 on 31st May 2009, 1:33 am

here is part 1...couldn't figure out how to upload it as an attachment?


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-05-14.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 8/14/2004 11:49:13 PM
System Uptime: 5/30/2009 8:21:58 PM (1 hours ago)

Motherboard: ASUSTek Computer INC. | | Kelut
Processor: AMD Athlon(tm) XP 3200+ | Socket A | 2199/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 144 GiB total, 99.823 GiB free.
D: is FIXED (FAT32) - 5 GiB total, 0.716 GiB free.
E: is CDROM ()
F: is CDROM ()
G: is Removable
H: is Removable
I: is Removable
J: is Removable

==== Disabled Device Manager Items =============

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: MAC Bridge Miniport
Device ID: ROOT\MS_BRIDGEMP\0000
Manufacturer: Microsoft
Name: MAC Bridge Miniport
PNP Device ID: ROOT\MS_BRIDGEMP\0000
Service: BridgeMP

==== System Restore Points ===================

RP1351: 3/2/2009 6:06:37 PM - System Checkpoint
RP1352: 3/3/2009 8:22:00 PM - System Checkpoint
RP1353: 3/4/2009 8:54:13 PM - System Checkpoint
RP1354: 3/5/2009 9:45:27 PM - System Checkpoint
RP1355: 3/6/2009 10:05:40 PM - System Checkpoint
RP1356: 3/7/2009 11:21:13 PM - System Checkpoint
RP1357: 3/8/2009 11:54:13 PM - System Checkpoint
RP1358: 3/9/2009 11:54:45 PM - System Checkpoint
RP1359: 3/11/2009 12:13:49 AM - System Checkpoint
RP1360: 3/11/2009 2:00:16 AM - Software Distribution Service 3.0
RP1361: 3/12/2009 2:20:55 AM - System Checkpoint
RP1362: 3/13/2009 2:42:46 AM - System Checkpoint
RP1363: 3/14/2009 2:52:29 AM - System Checkpoint
RP1364: 3/15/2009 4:52:27 AM - System Checkpoint
RP1365: 3/16/2009 5:20:26 AM - System Checkpoint
RP1366: 3/17/2009 5:40:54 AM - System Checkpoint
RP1367: 3/18/2009 6:09:41 AM - System Checkpoint
RP1368: 3/19/2009 7:04:39 AM - System Checkpoint
RP1369: 3/28/2009 6:59:11 PM - System Checkpoint
RP1370: 3/29/2009 3:00:21 AM - Software Distribution Service 3.0
RP1371: 3/30/2009 3:30:32 AM - System Checkpoint
RP1372: 3/31/2009 4:17:39 AM - System Checkpoint
RP1373: 4/1/2009 12:54:49 PM - System Checkpoint
RP1374: 4/2/2009 1:20:52 PM - System Checkpoint
RP1375: 4/3/2009 1:36:36 PM - System Checkpoint
RP1376: 4/4/2009 2:20:55 PM - System Checkpoint
RP1377: 4/5/2009 3:12:05 PM - System Checkpoint
RP1378: 4/6/2009 6:19:15 PM - System Checkpoint
RP1379: 4/7/2009 6:51:46 PM - System Checkpoint
RP1380: 4/8/2009 7:02:42 PM - System Checkpoint
RP1381: 4/9/2009 7:31:27 PM - System Checkpoint
RP1382: 4/12/2009 11:31:07 PM - System Checkpoint
RP1383: 4/13/2009 11:46:50 PM - System Checkpoint
RP1384: 4/15/2009 12:38:22 AM - System Checkpoint
RP1385: 4/15/2009 3:00:19 AM - Software Distribution Service 3.0
RP1386: 4/15/2009 8:54:54 PM - Software Distribution Service 3.0
RP1387: 4/15/2009 9:04:11 PM - Installed Windows Internet Explorer 8.
RP1388: 4/15/2009 9:05:23 PM - Software Distribution Service 3.0
RP1389: 4/16/2009 3:00:20 AM - Software Distribution Service 3.0
RP1390: 4/17/2009 3:05:11 AM - System Checkpoint
RP1391: 4/18/2009 4:17:24 AM - System Checkpoint
RP1392: 4/19/2009 5:07:28 AM - System Checkpoint
RP1393: 4/20/2009 6:07:13 AM - System Checkpoint
RP1394: 4/21/2009 7:20:30 AM - System Checkpoint
RP1395: 4/22/2009 6:38:40 PM - System Checkpoint
RP1396: 4/23/2009 6:39:37 PM - System Checkpoint
RP1397: 4/24/2009 7:02:32 PM - System Checkpoint
RP1398: 4/25/2009 7:50:31 PM - System Checkpoint
RP1399: 4/26/2009 10:13:52 PM - System Checkpoint
RP1400: 4/27/2009 11:13:55 PM - System Checkpoint
RP1401: 4/28/2009 11:25:22 PM - System Checkpoint
RP1402: 4/29/2009 11:46:22 PM - System Checkpoint
RP1403: 4/30/2009 11:53:10 PM - System Checkpoint
RP1404: 5/2/2009 12:19:53 AM - System Checkpoint
RP1405: 5/3/2009 7:01:06 PM - System Checkpoint
RP1406: 5/4/2009 7:17:59 PM - System Checkpoint
RP1407: 5/5/2009 8:50:02 PM - System Checkpoint
RP1408: 5/6/2009 9:37:34 PM - System Checkpoint
RP1409: 5/7/2009 11:40:46 PM - System Checkpoint
RP1410: 5/9/2009 12:34:02 AM - System Checkpoint
RP1411: 5/10/2009 3:28:57 AM - System Checkpoint
RP1412: 5/11/2009 3:49:23 AM - System Checkpoint
RP1413: 5/12/2009 4:06:17 AM - System Checkpoint
RP1414: 5/13/2009 3:00:22 AM - Software Distribution Service 3.0
RP1415: 5/14/2009 3:59:11 AM - System Checkpoint
RP1416: 5/15/2009 4:43:42 AM - System Checkpoint
RP1417: 5/16/2009 5:40:17 AM - System Checkpoint
RP1418: 5/17/2009 6:52:47 AM - System Checkpoint
RP1419: 5/18/2009 8:46:07 PM - System Checkpoint
RP1420: 5/19/2009 10:30:52 PM - System Checkpoint
RP1421: 5/20/2009 11:51:54 PM - System Checkpoint
RP1422: 5/22/2009 7:48:35 PM - System Checkpoint
RP1423: 5/23/2009 8:56:29 PM - System Checkpoint
RP1424: 5/24/2009 9:17:27 PM - System Checkpoint
RP1425: 5/30/2009 7:43:10 PM - System Checkpoint
RP1426: 5/30/2009 8:10:25 PM - Removed Java(TM) 6 Update 7

ginzu97
Novice
Novice

Posts Posts : 13
Joined Joined : 2009-05-26
OS OS : XP
Points Points : 27555
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Malwarebytes' Anti-Malware wont' run after system guard 2009

Post by ginzu97 on 31st May 2009, 1:33 am

and part 2
==== Installed Programs ======================


Ad-Aware SE Personal
Adobe Flash Player 10 ActiveX
Adobe Reader 7.0.7
Agere Systems PCI Soft Modem
AIM "You've Got Pictures" Picture Finder Plugin v9.5.1.8
AIM 6
Aim Plugin for QQ Games
AIM Toolbar 5.0
AIMTunes
AiO_Scan
AIOMinimal
AiOSoftware
AOL Instant Messenger
AOL Registration
AOL Toolbar
AOL Toolbar for Firefox
AOL Uninstaller (Choose which Products to Remove)
AOL You've Got Pictures Screensaver
AutoUpdate
BufferChm
CameraDrivers
Comcast High-Speed Internet Install Wizard
Copy
CreativeProjects
CreativeProjectsTemplates
Critical Update for Windows Media Player 11 (KB959772)
CueTour
Desktop Doctor
Destinations
Director
DivX
DivX Player
DocProc
Download Updater (AOL LLC)
EphPod
Fax
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
HP Diagnostic Assistant
HP Image Zone 4.0
HP Image Zone Plus 3.5
HP Instant Support
HP Organize
HP Photo & Imaging 3.5 - HP Devices
HP Photosmart 8100 Series
HP PSC & OfficeJet 3.5
HP Software Update
hpg2436
hpg3970
hpg4600
hpg5530
hpg8200
HPHDiscovery
HPIZ350
hpmdtab
HpSdpAppCoreApp
HPSystemDiagnostics
InstantShare
InterVideo WinDVD Creator 2
InterVideo WinDVD Player
iPod for Windows 2005-01-11
iTunes
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 3
Java 2 Runtime Environment, SE v1.4.2_03
Java(TM) 6 Update 3
KBD
LiveUpdate 1.80 (Symantec Corporation)
Macromedia Shockwave Player
Malwarebytes' Anti-Malware
Memorex exPressit Label Design Studio
Memories Disc Creator 2.0
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Data Access Components KB870669
Microsoft Digital Image Library 10
Microsoft Digital Image Library 9 - Blocker
Microsoft Digital Image Pro 10
Microsoft Digital Image Suite 10
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003
Microsoft Plus! Digital Media Edition
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft VC9 runtime libraries
Microsoft Works 7.0
Mozilla Firefox (1.0.2)
MSN
MSN Music Assistant
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
My Web Search (Webfetti)
Nero 6 Ultra Edition
OpenOffice.org Installer 1.0
Overland
PC-Doctor for Windows
PhotoGallery
Photosmart 320,370,7400,8100,8400 Series
PrintScreen
PS2
PS8100
PSPrinters06
Python 2.2 combined Win32 extensions
Python 2.2.1
QFolder
QQ Bubble Arena
QQ Games
QQ Treasure Hunter
QuickProjects
QuickTime
Readme
RealPlayer
RecordNow!
S3 S3Display
S3 S3Gamma2
S3 S3Info2
S3 S3Overlay
Scan
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961373)
SkinsHP1
SkinsHP2
Sonic Update Manager
Spybot - Search & Destroy 1.4
Symantec AntiVirus Client
Toolkit View(HP)
TrayApp
Unload
Update for Windows Internet Explorer 8 (KB968220)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB953356)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Updates from HP
VIA Rhine-Family Fast Ethernet Adapter
VIA/S3G Display Driver
WebEx
WebFldrs XP
WebReg
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
Yahoo! extras
Yahoo! Install Manager
Yahoo! Messenger
Yahoo! Toolbar

==== Event Viewer Messages From Past Week ========

5/30/2009 8:22:32 PM, error: Print [19] - Sharing printer failed + 1722, Printer HP Photosmart 8100 Series share name Printer2.
5/30/2009 8:17:50 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the Norton AntiVirus Server service.
5/30/2009 8:16:45 PM, error: Service Control Manager [7034] - The Windows Installer service terminated unexpectedly. It has done this 1 time(s).
5/30/2009 8:16:45 PM, error: Service Control Manager [7034] - The SupportSoft Sprocket Service (ddoctorv2) service terminated unexpectedly. It has done this 1 time(s).
5/30/2009 8:16:45 PM, error: Service Control Manager [7034] - The DefWatch service terminated unexpectedly. It has done this 1 time(s).
5/30/2009 8:16:45 PM, error: Service Control Manager [7031] - The Print Spooler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
5/30/2009 8:10:46 PM, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.
5/30/2009 6:42:16 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the PEVSystemStart service to connect.
5/30/2009 2:55:34 PM, error: System Error [1003] - Error code 100000d1, parameter1 e1d62000, parameter2 00000002, parameter3 00000000, parameter4 f571bb00.
5/25/2009 8:03:01 PM, error: Service Control Manager [7034] - The AOL Connectivity Service service terminated unexpectedly. It has done this 1 time(s).
5/25/2009 7:58:37 PM, error: Service Control Manager [7031] - The Remote Procedure Call (RPC) service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Reboot the machine.
5/25/2009 7:57:33 PM, error: Service Control Manager [7034] - The AOL TopSpeed Monitor service terminated unexpectedly. It has done this 5 time(s).
5/25/2009 7:56:56 PM, error: Service Control Manager [7034] - The Application Layer Gateway Service service terminated unexpectedly. It has done this 1 time(s).
5/25/2009 7:56:50 PM, error: Service Control Manager [7031] - The AOL TopSpeed Monitor service terminated unexpectedly. It has done this 4 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
5/25/2009 7:56:40 PM, error: Service Control Manager [7031] - The AOL TopSpeed Monitor service terminated unexpectedly. It has done this 3 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
5/25/2009 7:56:26 PM, error: Service Control Manager [7031] - The AOL TopSpeed Monitor service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
5/25/2009 7:56:13 PM, error: Service Control Manager [7031] - The AOL TopSpeed Monitor service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
5/25/2009 7:55:14 PM, error: Service Control Manager [7034] - The Wireless Zero Configuration service terminated unexpectedly. It has done this 1 time(s).
5/25/2009 7:55:14 PM, error: Service Control Manager [7034] - The Distributed Link Tracking Client service terminated unexpectedly. It has done this 1 time(s).
5/25/2009 7:55:14 PM, error: Service Control Manager [7034] - The Automatic Updates service terminated unexpectedly. It has done this 1 time(s).
5/25/2009 7:55:14 PM, error: Service Control Manager [7031] - The Windows Time service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
5/25/2009 7:55:14 PM, error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
5/25/2009 7:55:14 PM, error: Service Control Manager [7031] - The Themes service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
5/25/2009 7:53:05 PM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 1 time(s).
5/25/2009 7:53:01 PM, error: Service Control Manager [7034] - The TCP/IP NetBIOS Helper service terminated unexpectedly. It has done this 1 time(s).
5/25/2009 7:53:01 PM, error: Service Control Manager [7034] - The SSDP Discovery Service service terminated unexpectedly. It has done this 1 time(s).
5/25/2009 7:52:58 PM, error: Service Control Manager [7034] - The WebClient service terminated unexpectedly. It has done this 1 time(s).
5/25/2009 7:52:41 PM, error: Service Control Manager [7034] - The WAN Miniport (ATW) Service service terminated unexpectedly. It has done this 1 time(s).
5/25/2009 7:13:52 PM, error: Dhcp [1002] - The IP address lease 24.91.62.2 for the Network Card with network address 000EA6E0088C has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
5/25/2009 6:53:01 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Viewpoint Manager Service service to connect.
5/25/2009 6:53:01 PM, error: Service Control Manager [7000] - The Viewpoint Manager Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
5/25/2009 6:53:01 PM, error: Service Control Manager [7000] - The Norton AntiVirus Auto-Protect Service service failed to start due to the following error: The system cannot find the path specified.
5/25/2009 6:53:01 PM, error: Service Control Manager [7000] - The mrtRate service failed to start due to the following error: The system cannot find the file specified.
5/25/2009 4:25:54 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
5/25/2009 12:40:03 PM, error: atapi [9] - The device, \Device\Ide\IdePort3, did not respond within the timeout period.

==== End Of File ===========================

ginzu97
Novice
Novice

Posts Posts : 13
Joined Joined : 2009-05-26
OS OS : XP
Points Points : 27555
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Malwarebytes' Anti-Malware wont' run after system guard 2009

Post by Belahzur on 31st May 2009, 12:28 pm

Hello.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

  • Adobe Reader 7.0.7
  • J2SE Runtime Environment 5.0 Update 10
  • J2SE Runtime Environment 5.0 Update 3
  • Java 2 Runtime Environment, SE v1.4.2_03
  • Java(TM) 6 Update 3
  • LiveUpdate 1.80 (Symantec Corporation)

You aren't running Anti Virus Software

Please install Avira antivirus otherwise you won't be protected.

1) [You must be registered and logged in to see this link.]
-Free anti-virus software for Windows.
-Detects and removes more than 50,000 viruses. Free support.

It is strongly recommended that you run only one antivirus program at a time. Having more than one antivirus program active in memory uses additional resources and can result in program conflicts and false virus alerts.

Then download and install [You must be registered and logged in to see this link.]

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /u



This will also reset your restore points.

How is the machine running now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Malwarebytes' Anti-Malware wont' run after system guard 2009

Post by ginzu97 on 31st May 2009, 2:56 pm

couple of questions that I am confused on. There is symantic running on the machine. It's some cheap version I plan on upgrading (this is my friends pc that I am helping her fix) to something better. Also, why do we need to remove adobe 7.0.7?

I understand removing the live update if i am installing new anti-virus software, but am confused as to why i am removing it in the first place?

lastly, what does the last step of running combofix/u do?

thanks

ginzu97
Novice
Novice

Posts Posts : 13
Joined Joined : 2009-05-26
OS OS : XP
Points Points : 27555
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Malwarebytes' Anti-Malware wont' run after system guard 2009

Post by Belahzur on 31st May 2009, 3:33 pm

Hello.
The Symantec you have now, does that include the real time protection? DDS doesn't find it.

The Adobe Reader 7 is old and oudated. A lot of malware is brought on by malware writers abusing holes in old versions, that's why I asked that it's uninstalled, then install the latest version which is 9.1

Combofix /u uninstalls Combofix. Removes all files/folders related to Combofix and resets system restore with a new restore point,.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Malwarebytes' Anti-Malware wont' run after system guard 2009

Post by ginzu97 on 1st June 2009, 1:30 am

thanks so much. its' all fixed now. I followed all your steps and everything looks good. this is my first time using this site and you guys are great. i will definitely be making a donation help out. thanks a ton!

ginzu97
Novice
Novice

Posts Posts : 13
Joined Joined : 2009-05-26
OS OS : XP
Points Points : 27555
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum