TechSpot

Cannot access Windows 2000 task manager

By skopalb
Jul 17, 2010
  1. My aunts computer is odd. I cannot access msconfig nor task manager. Attached is the hijack this log.

    Any help would be greatly appreciated.
     

    Attached Files:

  2. Broni

    Broni Malware Annihilator Posts: 52,904   +344

  3. skopalb

    skopalb TS Rookie Topic Starter

    As requested. :)

    I ran a virus scan with AVG free edition. It did not discover anything.

    The guide was conflicted on the attach report. I have left it off just in case.


    Malwarebytes' Anti-Malware 1.46
    www.malwarebytes.org

    Database version: 4322

    Windows 5.0.2195 Service Pack 4
    Internet Explorer 6.0.2800.1106

    7/17/2010 6:36:07 AM
    mbam-log-2010-07-17 (06-36-07).txt

    Scan type: Quick scan
    Objects scanned: 113561
    Time elapsed: 18 minute(s), 22 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)

    -------------------------------------------------------------------------------------------------

    GMER 1.0.15.15281 - http://www.gmer.net
    Rootkit scan 2010-07-18 03:14:04
    Windows 5.0.2195 Service Pack 4
    Running: gmer.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ugtdifow.sys


    ---- User IAT/EAT - GMER 1.0.15 ----

    IAT C:\WINNT\Explorer.EXE[340] @ C:\WINNT\Explorer.EXE [KERNEL32.DLL!CreateProcessW] [4AD84C9A] C:\WINNT\AppPatch\AcLayers.DLL (Windows 2000 Shim Accessory DLL/Microsoft Corporation)
    IAT C:\WINNT\Explorer.EXE[340] @ C:\WINNT\Explorer.EXE [KERNEL32.DLL!LoadLibraryW] [732E786F] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
    IAT C:\WINNT\Explorer.EXE[340] @ C:\WINNT\Explorer.EXE [KERNEL32.DLL!GetProcAddress] [732E771E] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
    IAT C:\WINNT\Explorer.EXE[340] @ C:\WINNT\Explorer.EXE [KERNEL32.DLL!FreeLibrary] [732E7A04] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
    IAT C:\WINNT\Explorer.EXE[340] @ C:\WINNT\Explorer.EXE [KERNEL32.DLL!LoadLibraryA] [732E7800] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
    IAT C:\WINNT\Explorer.EXE[340] @ C:\WINNT\system32\ADVAPI32.DLL [KERNEL32.dll!LoadLibraryExW] [732E7955] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
    IAT C:\WINNT\Explorer.EXE[340] @ C:\WINNT\system32\ADVAPI32.DLL [KERNEL32.dll!CreateProcessA] [4AD84AE3] C:\WINNT\AppPatch\AcLayers.DLL (Windows 2000 Shim Accessory DLL/Microsoft Corporation)
    IAT C:\WINNT\Explorer.EXE[340] @ C:\WINNT\system32\ADVAPI32.DLL [KERNEL32.dll!CreateProcessW] [4AD84C9A] C:\WINNT\AppPatch\AcLayers.DLL (Windows 2000 Shim Accessory DLL/Microsoft Corporation)
    IAT C:\WINNT\Explorer.EXE[340] @ C:\WINNT\system32\ADVAPI32.DLL [KERNEL32.dll!LoadLibraryW] [732E786F] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
    IAT C:\WINNT\Explorer.EXE[340] @ C:\WINNT\system32\ADVAPI32.DLL [KERNEL32.dll!FreeLibrary] [732E7A04] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
    IAT C:\WINNT\Explorer.EXE[340] @ C:\WINNT\system32\ADVAPI32.DLL [KERNEL32.dll!LoadLibraryA] [732E7800] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
    IAT C:\WINNT\Explorer.EXE[340] @ C:\WINNT\system32\ADVAPI32.DLL [KERNEL32.dll!GetProcAddress] [732E771E] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
    IAT C:\WINNT\Explorer.EXE[340] @ C:\WINNT\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [732E786F] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
    IAT C:\WINNT\Explorer.EXE[340] @ C:\WINNT\system32\RPCRT4.dll [KERNEL32.dll!FreeLibrary] [732E7A04] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
    IAT C:\WINNT\Explorer.EXE[340] @ C:\WINNT\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [732E771E] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
    IAT C:\WINNT\Explorer.EXE[340] @ C:\WINNT\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [732E7800] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
    IAT C:\WINNT\Explorer.EXE[340] @ C:\WINNT\system32\GDI32.DLL [KERNEL32.dll!LoadLibraryExW] [732E7955] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
    IAT C:\WINNT\Explorer.EXE[340] @ C:\WINNT\system32\GDI32.DLL [KERNEL32.dll!LoadLibraryA] [732E7800] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
    IAT C:\WINNT\Explorer.EXE[340] @ C:\WINNT\system32\GDI32.DLL [KERNEL32.dll!FreeLibrary] [732E7A04] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
    IAT C:\WINNT\Explorer.EXE[340] @ C:\WINNT\system32\GDI32.DLL [KERNEL32.dll!GetProcAddress] [732E771E] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
    IAT C:\WINNT\Explorer.EXE[340] @ C:\WINNT\system32\GDI32.DLL [KERNEL32.dll!LoadLibraryW] [732E786F] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
    IAT C:\WINNT\Explorer.EXE[340] @ C:\WINNT\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [732E7955] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
    IAT C:\WINNT\Explorer.EXE[340] @ C:\WINNT\system32\USER32.dll [KERNEL32.dll!CreateProcessW] [4AD84C9A] C:\WINNT\AppPatch\AcLayers.DLL (Windows 2000 Shim Accessory DLL/Microsoft Corporation)
    IAT C:\WINNT\Explorer.EXE[340] @ C:\WINNT\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [732E7800] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
    IAT C:\WINNT\Explorer.EXE[340] @ C:\WINNT\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [732E786F] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
    IAT C:\WINNT\Explorer.EXE[340] @ C:\WINNT\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [732E771E] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
    IAT C:\WINNT\Explorer.EXE[340] @ C:\WINNT\system32\USER32.dll [KERNEL32.dll!FreeLibrary] [732E7A04] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
    IAT C:\WINNT\Explorer.EXE[340] @ C:\WINNT\system32\SHLWAPI.DLL [KERNEL32.dll!LoadLibraryExA] [732E78DE] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
    IAT C:\WINNT\Explorer.EXE[340] @ C:\WINNT\system32\SHLWAPI.DLL [KERNEL32.dll!LoadLibraryExW] [732E7955] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
    IAT C:\WINNT\Explorer.EXE[340] @ C:\WINNT\system32\SHLWAPI.DLL [KERNEL32.dll!LoadLibraryW] [732E786F] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
    IAT C:\WINNT\Explorer.EXE[340] @ C:\WINNT\system32\SHLWAPI.DLL [KERNEL32.dll!CreateProcessA] [4AD84AE3] C:\WINNT\AppPatch\AcLayers.DLL (Windows 2000 Shim Accessory DLL/Microsoft Corporation)
    IAT C:\WINNT\Explorer.EXE[340] @ C:\WINNT\system32\SHLWAPI.DLL [KERNEL32.dll!CreateProcessW] [4AD84C9A] C:\WINNT\AppPatch\AcLayers.DLL (Windows 2000 Shim Accessory DLL/Microsoft Corporation)
    IAT C:\WINNT\Explorer.EXE[340] @ C:\WINNT\system32\SHLWAPI.DLL [KERNEL32.dll!FreeLibrary] [732E7A04] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
    IAT C:\WINNT\Explorer.EXE[340] @ C:\WINNT\system32\SHLWAPI.DLL [KERNEL32.dll!LoadLibraryA] [732E7800] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
    IAT C:\WINNT\Explorer.EXE[340] @ C:\WINNT\system32\SHLWAPI.DLL [KERNEL32.dll!GetProcAddress] [732E771E] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
    IAT C:\WINNT\Explorer.EXE[340] @ C:\WINNT\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] [732E771E] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
    IAT C:\WINNT\Explorer.EXE[340] @ C:\WINNT\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] [732E7800] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
    IAT C:\WINNT\Explorer.EXE[340] @ C:\WINNT\system32\msvcrt.dll [KERNEL32.dll!FreeLibrary] [732E7A04] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
    IAT C:\WINNT\Explorer.EXE[340] @ C:\WINNT\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA] [4AD84AE3] C:\WINNT\AppPatch\AcLayers.DLL (Windows 2000 Shim Accessory DLL/Microsoft Corporation)
    IAT C:\WINNT\Explorer.EXE[340] @ C:\WINNT\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW] [4AD84C9A] C:\WINNT\AppPatch\AcLayers.DLL (Windows 2000 Shim Accessory DLL/Microsoft Corporation)
    IAT C:\WINNT\Explorer.EXE[340] @ C:\WINNT\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [732E7955] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
    IAT C:\WINNT\Explorer.EXE[340] @ C:\WINNT\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] [4AD84C9A] C:\WINNT\AppPatch\AcLayers.DLL (Windows 2000 Shim Accessory DLL/Microsoft Corporation)
    IAT C:\WINNT\Explorer.EXE[340] @ C:\WINNT\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [732E7800] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
    IAT C:\WINNT\Explorer.EXE[340] @ C:\WINNT\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [732E771E] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
    IAT C:\WINNT\Explorer.EXE[340] @ C:\WINNT\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [732E786F] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
    IAT C:\WINNT\Explorer.EXE[340] @ C:\WINNT\system32\SHELL32.dll [KERNEL32.dll!FreeLibrary] [732E7A04] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
    IAT C:\WINNT\Explorer.EXE[340] @ C:\WINNT\system32\OLE32.DLL [KERNEL32.dll!GetProcAddress] [732E771E] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
    IAT C:\WINNT\Explorer.EXE[340] @ C:\WINNT\system32\OLE32.DLL [KERNEL32.dll!LoadLibraryA] [732E7800] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
    IAT C:\WINNT\Explorer.EXE[340] @ C:\WINNT\system32\OLE32.DLL [KERNEL32.dll!FreeLibrary] [732E7A04] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
    IAT C:\WINNT\Explorer.EXE[340] @ C:\WINNT\system32\OLE32.DLL [KERNEL32.dll!LoadLibraryW] [732E786F] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
    IAT C:\WINNT\Explorer.EXE[340] @ C:\WINNT\system32\OLE32.DLL [KERNEL32.dll!LoadLibraryExW] [732E7955] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
    IAT C:\WINNT\Explorer.EXE[340] @ C:\WINNT\system32\OLE32.DLL [KERNEL32.dll!CreateProcessW] [4AD84C9A] C:\WINNT\AppPatch\AcLayers.DLL (Windows 2000 Shim Accessory DLL/Microsoft Corporation)
    IAT C:\WINNT\Explorer.EXE[340] @ C:\WINNT\system32\NETAPI32.DLL [KERNEL32.dll!LoadLibraryW] [732E786F] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
    IAT C:\WINNT\Explorer.EXE[340] @ C:\WINNT\system32\NETAPI32.DLL [KERNEL32.dll!GetProcAddress] [732E771E] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
    IAT C:\WINNT\Explorer.EXE[340] @ C:\WINNT\system32\NETAPI32.DLL [KERNEL32.dll!FreeLibrary] [732E7A04] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
    IAT C:\WINNT\Explorer.EXE[340] @ C:\WINNT\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [732E7800] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
    IAT C:\WINNT\Explorer.EXE[340] @ C:\WINNT\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [732E786F] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
    IAT C:\WINNT\Explorer.EXE[340] @ C:\WINNT\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [732E771E] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
    IAT C:\WINNT\Explorer.EXE[340] @ C:\WINNT\system32\Secur32.dll [KERNEL32.dll!FreeLibrary] [732E7A04] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
    IAT C:\WINNT\Explorer.EXE[340] @ C:\WINNT\system32\WS2_32.DLL [KERNEL32.DLL!FreeLibrary] [732E7A04] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
    IAT C:\WINNT\Explorer.EXE[340] @ C:\WINNT\system32\WS2_32.DLL [KERNEL32.DLL!LoadLibraryA] [732E7800] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
    IAT C:\WINNT\Explorer.EXE[340] @ C:\WINNT\system32\WS2_32.DLL [KERNEL32.DLL!GetProcAddress] [732E771E] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
    IAT C:\WINNT\Explorer.EXE[340] @ C:\WINNT\system32\WS2HELP.DLL [KERNEL32.DLL!FreeLibrary] [732E7A04] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
    IAT C:\WINNT\Explorer.EXE[340] @ C:\WINNT\system32\WS2HELP.DLL [KERNEL32.DLL!LoadLibraryA] [732E7800] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
    IAT C:\WINNT\Explorer.EXE[340] @ C:\WINNT\system32\WS2HELP.DLL [KERNEL32.DLL!GetProcAddress] [732E771E] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
    IAT C:\WINNT\Explorer.EXE[340] @ C:\WINNT\system32\USERENV.DLL [KERNEL32.dll!LoadLibraryW] [732E786F] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
    IAT C:\WINNT\Explorer.EXE[340] @ C:\WINNT\system32\USERENV.DLL [KERNEL32.dll!FreeLibrary] [732E7A04] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
    IAT C:\WINNT\Explorer.EXE[340] @ C:\WINNT\system32\USERENV.DLL [KERNEL32.dll!LoadLibraryExW] [732E7955] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
    IAT C:\WINNT\Explorer.EXE[340] @ C:\WINNT\system32\USERENV.DLL [KERNEL32.dll!LoadLibraryA] [732E7800] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
    IAT C:\WINNT\Explorer.EXE[340] @ C:\WINNT\system32\USERENV.DLL [KERNEL32.dll!CreateProcessW] [4AD84C9A] C:\WINNT\AppPatch\AcLayers.DLL (Windows 2000 Shim Accessory DLL/Microsoft Corporation)
    IAT C:\WINNT\Explorer.EXE[340] @ C:\WINNT\system32\USERENV.DLL [KERNEL32.dll!GetProcAddress] [732E771E] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
    IAT C:\WINNT\Explorer.EXE[340] @ C:\WINNT\system32\WININET.DLL [KERNEL32.dll!LoadLibraryW] [732E786F] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
    IAT C:\WINNT\Explorer.EXE[340] @ C:\WINNT\system32\WININET.DLL [KERNEL32.dll!GetProcAddress] [732E771E] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
    IAT C:\WINNT\Explorer.EXE[340] @ C:\WINNT\system32\WININET.DLL [KERNEL32.dll!LoadLibraryA] [732E7800] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
    IAT C:\WINNT\Explorer.EXE[340] @ C:\WINNT\system32\WININET.DLL [KERNEL32.dll!FreeLibrary] [732E7A04] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
    IAT C:\WINNT\Explorer.EXE[340] @ C:\WINNT\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [732E771E] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
    IAT C:\WINNT\Explorer.EXE[340] @ C:\WINNT\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [732E7800] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
    IAT C:\WINNT\Explorer.EXE[340] @ C:\WINNT\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] [732E7955] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
    IAT C:\WINNT\Explorer.EXE[340] @ C:\WINNT\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExA] [732E78DE] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
    IAT C:\WINNT\Explorer.EXE[340] @ C:\WINNT\system32\CRYPT32.dll [KERNEL32.dll!FreeLibrary] [732E7A04] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)

    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

    ---- EOF - GMER 1.0.15 ----


    -------------------------------------------------------------------------------------

    I hit the post size limit so I took a log off.
     

    Attached Files:

  4. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

    Make sure, you re-enable your security programs, when you're done with Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  5. skopalb

    skopalb TS Rookie Topic Starter

    Task manager is now accessable.

    Does this report below specify what kind of bug it was?

    ComboFix 10-07-16.02 - Administrator 07/18/2010 4:35.1.1 - x86
    Microsoft Windows 2000 Professional 5.0.2195.4.1252.1.1033.18.511.264 [GMT -7:00]
    Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\program files\Common Files\Uninstall
    c:\winnt\Web\default.htt

    .
    ((((((((((((((((((((((((( Files Created from 2010-06-18 to 2010-07-18 )))))))))))))))))))))))))))))))
    .

    2010-07-18 10:27 . 2010-07-18 10:27 16384 ----atw- c:\winnt\system32\Perflib_Perfdata_348.dat
    2010-07-17 13:24 . 2010-07-17 13:24 3951968 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avguires.dll
    2010-07-17 13:24 . 2010-07-17 13:24 2448224 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avguiadv.dll
    2010-07-17 13:24 . 2010-07-17 13:24 4093792 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgui.exe
    2010-07-17 13:24 . 2010-07-17 13:24 2065760 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtray.exe
    2010-07-17 13:24 . 2010-07-17 13:24 1278304 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgfrw.exe
    2010-07-17 13:24 . 2010-07-17 13:24 1247584 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgabout.dll
    2010-07-17 13:10 . 2010-07-17 13:10 29512 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgmfx86.sys
    2010-07-17 13:10 . 2010-07-17 13:10 242896 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtdix.sys
    2010-07-17 13:10 . 2010-07-17 13:10 216200 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgldx86.sys
    2010-07-17 13:09 . 2010-07-17 13:09 12536 ----a-w- c:\winnt\system32\avgrsstx.dll
    2010-07-17 13:04 . 2010-07-17 13:04 1038688 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.exe
    2010-07-17 13:04 . 2010-07-17 13:04 813336 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avginet.dll
    2010-07-17 13:04 . 2010-07-17 13:04 624920 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgiproxy.exe
    2010-07-17 13:04 . 2010-07-17 13:04 1690464 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.dll
    2010-07-17 12:18 . 2010-07-17 12:18 -------- d-----w- c:\program files\Trend Micro

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-07-18 11:39 . 2009-06-09 21:49 -------- d-----w- c:\documents and settings\Administrator\Application Data\DNA
    2010-07-18 10:19 . 2009-06-09 21:49 -------- d-----w- c:\program files\DNA
    2010-07-17 13:10 . 2010-04-26 16:53 243024 ----a-w- c:\winnt\system32\drivers\avgtdix.sys
    2010-07-17 13:09 . 2010-04-26 16:53 29584 ----a-w- c:\winnt\system32\drivers\avgmfx86.sys
    2010-07-17 13:06 . 2010-04-26 16:53 216400 ----a-w- c:\winnt\system32\drivers\avgldx86.sys
    2010-07-17 13:04 . 2010-04-26 19:18 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-07-17 13:01 . 2009-12-19 03:51 -------- d---a-w- c:\documents and settings\All Users\Application Data\avg9
    2010-06-12 20:02 . 2010-06-12 20:02 664 ----a-w- c:\winnt\system32\d3d9caps.dat
    2010-05-03 08:17 . 2001-05-08 12:00 1650448 ----a-w- c:\winnt\system32\WIN32K.SYS
    2010-04-29 22:39 . 2010-04-26 19:18 38224 ----a-w- c:\winnt\system32\drivers\mbamswissarmy.sys
    2010-04-29 22:39 . 2010-04-26 19:18 19288 ----a-w- c:\winnt\system32\drivers\mbam.sys
    2010-04-26 16:53 . 2010-04-26 16:53 52872 ----a-w- c:\winnt\system32\drivers\avgrkx86.sys
    2010-04-26 16:48 . 2010-04-26 16:48 50968 ----a-w- c:\winnt\system32\avgfwdx.dll
    2010-04-26 16:48 . 2010-04-26 16:48 30104 ----a-w- c:\winnt\system32\drivers\avgfwdx.sys
    2007-03-21 22:28 . 2007-03-21 22:28 21952 ---h--w- c:\program files\folder.htt
    .

    ------- Sigcheck -------

    [-] 2002-11-27 03:03 . 36678803A8030EE9A771935CFC1848BD . 52224 . . [ERROR: 0x0] . . c:\winnt\system32\mspmsnsv.dll

    [-] 2004-07-09 12:27 . 3120F6D2AB10CDF242EDE54052A8BE47 . 1689600 . . [ERROR: 0x0] . . c:\winnt\system32\d3d9.dll
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-22 68856]
    "BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-11-12 323392]
    "ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Synchronization Manager"="mobsync.exe" [2003-06-19 111376]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2005-10-18 278528]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-06-25 155648]
    "AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-07-17 2065760]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "^SetupICWDesktop"="c:\program files\Internet Explorer\Connection Wizard\icwconn1.exe" [2003-06-19 186640]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]
    Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
    2010-07-17 13:09 12536 ----a-w- c:\winnt\system32\avgrsstx.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusOverride"=""
    "FirewallOverride"=""

    R0 AvgRkx86;avgrkx86.sys;c:\winnt\system32\drivers\avgrkx86.sys [4/26/2010 9:53 AM 52872]
    R1 AvgLdx86;AVG AVI Loader Driver x86;c:\winnt\system32\drivers\avgldx86.sys [4/26/2010 9:53 AM 216400]
    R1 AvgTdiX;AVG Network Redirector;c:\winnt\system32\drivers\avgtdix.sys [4/26/2010 9:53 AM 243024]
    R2 avg9emc;AVG E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [7/17/2010 6:06 AM 921440]
    R2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [7/17/2010 6:09 AM 308136]
    R2 avgfws9;AVG Firewall;c:\program files\AVG\AVG9\avgfws9.exe [7/17/2010 6:06 AM 2331032]
    R3 Avgfwdx;Avgfwdx;c:\winnt\system32\drivers\avgfwdx.sys [4/26/2010 9:48 AM 30104]
    R3 EL90BC;3Com EtherLink XL B/C Adapter Driver;c:\winnt\system32\drivers\el90xbc5.sys [3/21/2007 7:16 AM 61712]
    S3 Avgfwfd;AVG network filter service;c:\winnt\system32\drivers\avgfwdx.sys [4/26/2010 9:48 AM 30104]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com/
    uSearch Page = hxxp://www.google.com
    uSearch Bar = hxxp://www.google.com/ie
    mStart Page = hxxp://www.yahoo.com
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: {{c95fe080-8f5d-11d2-a20b-00aa003c157a} - %SystemRoot%\web\related.htm
    LSP: %SystemRoot%\system32\msafd.dll
    DPF: DirectAnimation Java Classes - file://c:\winnt\Java\classes\dajava.cab
    DPF: Microsoft XML Parser for Java - file://c:\winnt\Java\classes\xmldso.cab
    FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\t4albw7z.default\
    FF - prefs.js: browser.search.selectedEngine - Inbox Search
    FF - prefs.js: browser.startup.homepage - hxxp://www.inbox.com/homepage.aspx?tbid=80229
    FF - prefs.js: keyword.URL - hxxp://toolbar.inbox.com/search/dispatcher.aspx?tp=sf&tbid=80229&language=en&qkw=
    FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
    .
    - - - - ORPHANS REMOVED - - - -

    HKLM-Run-NNTray - c:\program files\Net Nanny\nnstart.exe



    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-07-18 04:42
    Windows 5.0.2195 Service Pack 4 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    HKLM\Software\Microsoft\Windows\CurrentVersion\Run
    NNTray = c:\program files\Net Nanny\nnstart.exe?????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(196)
    c:\winnt\system32\wzcdlg.dll
    c:\winnt\system32\WZCSAPI.DLL
    .
    Completion time: 2010-07-18 04:44:19
    ComboFix-quarantined-files.txt 2010-07-18 11:44

    Pre-Run: 13,867,048,960 bytes free
    Post-Run: 13,855,838,208 bytes free

    - - End Of File - - A240CEB996231642D4F26D865376C7D2
     
  6. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    Cool :)
    I can't clearly see from Combofix log, what was the culprit.
    Net Nanny leftovers maybe?


    1. Please open Notepad
    • Click Start , then Run
    • Type notepad .exe in the Run Box.

    2. Now copy/paste the entire content of the codebox below into the Notepad window:

    Code:
    Registry::
    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusOverride"=-
    "FirewallOverride"=-
    
    

    3. Save the above as CFScript.txt

    4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

    [​IMG]


    5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
    • Combofix.txt
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...