[Closed]Won’t open any files without being....!

Status
Not open for further replies.
C

codone

Posts: 7   +0
Any file, file folder, try to click properties, all the same, invalid win32, invalid file, "open with", it may actually try to load the program, say like a document file, once the program would load, will be severe errors closing the program down.

behavior of this seems very much like a virus, malicious malware to me.

With this problem, I am unable to run programs, open them, run them or install applications. I am using a UBCD to run all the AntiVirus/Spyware, using HBCD.

I ran Avira AntiVir, "deep scan"
"Avira.Scan.log" attached

Running malwarebytes now, log will be up shortly




I should also note, "not ALL the files are infected in the way I described, 90% are, system programs too, MyComputer will error with "rundll32.exe application not found" while recycle bin opens and shows the files inside to delete, and while Firefox brings up "Open With". I felt that was important to note, more of a correction since this is my real verified response to this issue whereas before I posted what the the owner/user of this computer said without verifying the complaint myself.
 

Attachments

  • Avira.Scan.log
    9.2 KB · Views: 0
If you would like us to check the system for malware, please follow the steps in the Preliminary Virus and Malware Removal thread HERE.

NOTE: If you already have any of the scanning programs on the computer, please remove them and download the versions in these links.

When you have finished, leave the logs for review in your next reply .
NOTE: Logs must be pasted in the replies. Attached logs will not be reviewed.

Please do not use any other cleaning programs or scans while I'm helping you, unless I direct you to. Do not use a Registry cleaner or make any changes in the Registry.

I will wait until all the logs are up. It's possible that malware has corrupted the file extensions. Please not the line about logs being pasted.
 
Sorry for not getting back to you, You may or may not want to help me. I was able to fix this machine, well the main problem at least where it made the system unable to function having all file extensions corrupt. I will list what I did so in case you can help me, and if so, of course I will not run other applications while working with you since it will just waste your time.

I started doing the routine, the 7-step with logs.. I decided to run some more programs and try fixing this myself..
I have all the logs from 5/17/11, I am rerunning the programs now to produce new logs. for the current state it is in.
History what happened so far on 5/17/11.

on 5/17, I had ran
  • Avira - AntiVir (off of a UBCD)
  • Malwarebytes
  • dds
  • GMER
  • TDSSKILLER
  • ComboFix

The rest of the programs I was able to run through safemode

Avira / Windows Version 1.9.150.0
Copyright (c) 2010 by Avira GmbH
All rights reserved.

engine set: 8.2.4.236
VDF Version: 7.11.8.37

key file: B:\Temp\HBCD\Avira\hbedv.key
registered user: Avira AntiVir Personal - FREE Antivirus
serial number: 0000149996
key expires: Sep 01 2011

Scan start time: 2011-05-16 13:47:52
Command line: scancl.exe --logformat=singleline --logappend --log=scan.log --colors --heurlevel=2 --defaultaction=ask --suspiciousaction=ask /z /a C:\ D:

configuration file: B:\Temp\HBCD\Avira\scancl.conf
WARNING: [Invalid path] C:\ D:
Avira / Windows Version 1.9.150.0
Copyright (c) 2010 by Avira GmbH
All rights reserved.

engine set: 8.2.4.236
VDF Version: 7.11.8.37

key file: B:\Temp\HBCD\Avira\hbedv.key
registered user: Avira AntiVir Personal - FREE Antivirus
serial number: 0000149996
key expires: Sep 01 2011

Scan start time: 2011-05-16 13:48:25
Command line: scancl.exe --logformat=singleline --logappend --log=scan.log --colors --heurlevel=2 --defaultaction=ask --suspiciousaction=ask /z /a c:\ d:\

configuration file: B:\Temp\HBCD\Avira\scancl.conf
WARNING: [Invalid path] c:\ d:\
Avira / Windows Version 1.9.150.0
Copyright (c) 2010 by Avira GmbH
All rights reserved.

engine set: 8.2.4.236
VDF Version: 7.11.8.37

key file: B:\Temp\HBCD\Avira\hbedv.key
registered user: Avira AntiVir Personal - FREE Antivirus
serial number: 0000149996
key expires: Sep 01 2011

Scan start time: 2011-05-16 13:48:55
Command line: scancl.exe --logformat=singleline --logappend --log=scan.log --colors --heurlevel=2 --defaultaction=ask --suspiciousaction=ask /z /a c:

configuration file: B:\Temp\HBCD\Avira\scancl.conf
WARNING: [File is encrypted] c:\Documents and Settings\All Users\Application Data\AVG10\IDS\config\BehavioralEventProcessors.dat
WARNING: [File is encrypted] c:\Documents and Settings\All Users\Application Data\AVG10\IDS\config\BehavioralEvents.dat
WARNING: [File is encrypted] c:\Documents and Settings\All Users\Application Data\AVG10\IDS\config\Characteristics.dat
WARNING: [File is encrypted] c:\Documents and Settings\All Users\Application Data\AVG10\IDS\config\internalList.zip
WARNING: [File is encrypted] c:\Documents and Settings\All Users\Application Data\AVG10\IDS\config\internalList.zip.bak
WARNING: [File is encrypted] c:\Documents and Settings\All Users\Application Data\AVG10\IDS\config\md5Cache.dat
WARNING: [File is encrypted] c:\Documents and Setti
Click to expand...
 
You have gone way past where you should have if you want me to help you! The only programs I wanted run first were DDS, Mbam, then GMER. You've posted Avira twice. I didn't request that. Combofix should only be run if instructed and with assistance. TDSSKiller should only be run if it is the appropriate program.

Something corrupted the file extensions. I have not idea what it was. If you still need help, go back to my original instructions.

Malware cleaning is a very organized process. It must be done in order with only the most appropriate cleaning scans run. Going to the internet and running programs you hope will fix the problem usually does more harm than good.
 
Sorry for the communication mix-up, I just wanted to state that I did do some of my own doings on 5.17.11, as is the Avira Scan. I didn't rescan, I just pasted it on my original post instead of having it as a attached file. The programs I listed, I did not run again, I was just giving you a update on what recently has happened to the machine. For today, May 18th, I have launched the programs as requested and was going to paste them.

Unfortunately, the client is coming in and picking the machine up very soon so I will not be able to do the whole process, I am out of time.

I am currently running a whole computer scan with AVG for a final AV scan. The only problem I am having now would be I get an error when I attempt to do a Windows Update, I believe this is also malware. The problem I have which sucks is that my lead manager basically sees what the ticket says which is "won't open any files without being prompted for what program to access it." Now that this problem has been eliminated, it is done. I still have it on the bench until the customer comes, trying to solve the windows update problem.

The error code is 0x80070424 with the source being windowsupdate

I did some research searching, apparently it is associated with boot.ini for various malicious reasons.

I didn't change much, changed settings in msconfig>boot.ini>restored it to the default setting instead of modified, cleaned up desktop, add/remove programs(heavy removal) and also tried regedit looking for "autoupdate" to delete under windowsupdate but nothing. I am still unable to get it to update windows.

Anyway with the information here, that I can try at least a couple methods, 1 method just to try, I am just out of time and working on 3 other projects, this source of outside help has always been great. I have a different name today, but you have helped me many, many times in the past, thanks.

Attach

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.a
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 12/29/2008 9:15:45 AM
System Uptime: 5/17/2011 11:23:04 AM (2 hours ago)
.
Motherboard: Dell Inc. | | 0GC068
Processor: Intel(R) Pentium(R) 4 CPU 3.20GHz | Microprocessor | 3199/800mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 699 GiB total, 549.051 GiB free.
D: is FIXED (NTFS) - 112 GiB total, 40.292 GiB free.
E: is CDROM ()
F: is Removable
I: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Ethernet Controller
Device ID: PCI\VEN_10EC&DEV_8169&SUBSYS_311A1385&REV_10\4&5855BE9&0&28F0
Manufacturer:
Name: Ethernet Controller
PNP Device ID: PCI\VEN_10EC&DEV_8169&SUBSYS_311A1385&REV_10\4&5855BE9&0&28F0
Service:
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
Acrobat.com
Adobe Acrobat 9 Standard
Adobe Acrobat 9.4.1 - CPSID_83708
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.3
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ATI - Software Uninstall Utility
ATI Control Panel
ATI Display Driver
AVG 2011
Bonjour
Broadcom Gigabit Integrated Controller
Cobian Backup 9
Creative Audio Console
Critical Update for Windows Media Player 11 (KB959772)
DivX Codec
DivX Version Checker
DriverAgent Plugin for Netscape by eSupport.com
Facebook Plug-In
Google Chrome
Google Update Helper
GoToMeeting 4.0.0.320
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
hp LaserJet 1150 / 1300
iTunes
Java(TM) 6 Update 11
Juniper Networks Network Connect 6.0.0
Malwarebytes' Anti-Malware
MECA
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2003 Primary Interop Assemblies
Microsoft Office Excel Viewer
Microsoft Office Professional Edition 2003
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual Studio 2005 Tools for Office Runtime
MobileMe Control Panel
Move Media Player
Mozilla Firefox (3.6.17)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
MSXML 6 Service Pack 2 (KB954459)
MyPublisher
MySpaceIM
Octoshape add-in for Adobe Flash Player
QuickBooks
QuickBooks Premier: Accountant Edition 2010
QuickBooks Product Listing Service
QuickTime
RealPlayer
REALTEK GbE & FE Ethernet PCI-E NIC Driver
RingCentral Call Controller
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Segoe UI
Skype™ 4.0
Spybot - Search & Destroy
SupportSoft Assisted Service
Update for Microsoft Windows (KB971513)
Update for Windows Internet Explorer 8 (KB2362765)
Update for Windows Internet Explorer 8 (KB2447568)
Update for Windows Internet Explorer 8 (KB975364)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB978506)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows Internet Explorer 8 (KB980302)
Update for Windows Internet Explorer 8 (KB982632)
Update for Windows Internet Explorer 8 (KB982664)
Update for Windows XP (KB2467659)
Update for Windows XP (KB943729)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
WD Diagnostics
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Management Framework Core
Windows Media Format 11 runtime
Windows Media Format SDK Hotfix - KB891122
Windows Media Player 11
Windows XP Service Pack 3
WinRAR archiver
.
==== Event Viewer Messages From Past Week ========
.
5/17/2011 11:28:18 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
5/17/2011 11:25:06 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Avgldx86 Avgmfx86 Fips intelppm
5/17/2011 11:24:52 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
5/16/2011 1:09:46 PM, error: Dhcp [1002] - The IP address lease 192.168.0.198 for the Network Card with network address 00123F6C2AFB has been denied by the DHCP server 192.168.0.254 (The DHCP Server sent a DHCPNACK message).
.
==== End Of File ===========================
Click to expand...



.
DDS (Ver_11-03-05.01) - NTFSx86 NETWORK
Run by bblack at 13:12:29.42 on Tue 05/17/2011
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1715 [GMT -7:00]
.
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\bblack\Desktop\Spyware\dds.scr
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.cnn.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = <local>;*.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
EB: {182EC0BE-5110-49C8-A062-BEB1D02A220B} - No File
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [MECA] c:\program files\meca\MECA.EXE
uRun: [RCUI] "c:\progra~1\ringce~1\ringce~1\RCUI.exe"
uRun: [RCHotKey] "c:\progra~1\ringce~1\ringce~1\RCHotKey.exe"
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [MySpaceIM] c:\program files\myspace\im\MySpaceIM.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe"
mRun: [CTxfiHlp] CTXFIHLP.EXE
mRun: [StatusClient] c:\program files\hewlett-packard\toolbox2.0\apache tomcat 4.0\webapps\toolbox\statusclient\StatusClient.exe /auto
mRun: [TomcatStartup] c:\program files\hewlett-packard\toolbox2.0\hpbpsttp.exe
mRun: [HPLJ Config] c:\program files\hewlett-packard\hp laserjet 1150_1300\SetConfig.exe -c Network -p -pn "" -n 0 -l -sl 120000
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Cobian Backup 9 interface] "c:\program files\cobian backup 9\cbInterface.exe" -service
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe"
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [Intuit SyncManager] c:\program files\common files\intuit\sync\IntuitSyncManager.exe startup
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto
dRun: [MySpaceIM] c:\program files\myspace\im\MySpaceIM.exe
dRunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert link target to existing PDF
IE: Convert selected links to Adobe PDF
IE: Convert selected links to existing PDF
IE: Convert selection to Adobe PDF
IE: Convert selection to existing PDF
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
Handler: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - c:\program files\intuit\quickbooks 2010\HelpAsyncPluggableProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\docume~1\bblack\applic~1\mozilla\firefox\profiles\vzbc86c0.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.cnn.com
FF - component: c:\program files\mozilla firefox\extensions\browserhighlighter@ebay.com\components\Shim.dll
FF - plugin: c:\documents and settings\bblack\application data\facebook\npfbplugin_1_0_1.dll
FF - plugin: c:\documents and settings\bblack\application data\move networks\plugins\npqmp071500000347.dll
FF - plugin: c:\documents and settings\bblack\application data\move networks\plugins\npqmp071503000010.dll
FF - plugin: c:\documents and settings\bblack\application data\move networks\plugins\npqmp071701000002.dll
FF - plugin: c:\program files\google\update\1.3.21.53\npGoogleUpdate3.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 25680]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 26064]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-11-12 299984]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-12-8 251728]
S1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34384]
S1 bhh597a;bhh597a;c:\windows\system32\drivers\bhh597a.sys --> c:\windows\system32\drivers\bhh597a.sys [?]
S1 dab776c;dab776c;c:\windows\system32\drivers\dab776c.sys --> c:\windows\system32\drivers\dab776c.sys [?]
S1 ndj0550;ndj0550;c:\windows\system32\drivers\ndj0550.sys --> c:\windows\system32\drivers\ndj0550.sys [?]
S1 qfce274;qfce274;c:\windows\system32\drivers\qfce274.sys --> c:\windows\system32\drivers\qfce274.sys [?]
S1 spq3996;spq3996;c:\windows\system32\drivers\spq3996.sys --> c:\windows\system32\drivers\spq3996.sys [?]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-1-6 6128720]
S2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2010-10-22 265400]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 CobianBackupAmanita;Cobian Backup 9 service;c:\program files\cobian backup 9\cbService.exe [2009-2-13 583168]
S2 gupdate1c9ec59efdfd33c;Google Update Service (gupdate1c9ec59efdfd33c);c:\program files\google\update\GoogleUpdate.exe [2009-6-13 133104]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-3 123472]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-3 30288]
S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-3 26192]
S3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\system32\drivers\COMMONFX.sys [2008-6-27 99352]
S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.sys [2008-6-27 99352]
S3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\system32\drivers\CTAUDFX.sys [2008-6-27 555032]
S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.sys [2008-6-27 555032]
S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\system32\drivers\CTERFXFX.sys [2008-6-27 100888]
S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.sys [2008-6-27 100888]
S3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\system32\drivers\CTSBLFX.sys [2008-6-27 566296]
S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.sys [2008-6-27 566296]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-6-13 133104]
S3 USBTINSP;TI-Nspire(TM) Handheld or TI Network Bridge Device Driver;c:\windows\system32\drivers\tinspusb.sys [2010-3-29 122752]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2004-8-12 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
.
==================== Find3M ====================
.
2011-02-18 23:36:58 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
.
============= FINISH: 13:13:41.56 ===============
Click to expand...
 
More Logs

These logs BTW are from 5/17/11, maybe they can help and only the logs you requested.

GMER

GMER 1.0.15.15627 - http://www.gmer.net
Rootkit scan 2011-05-17 13:11:47
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 ST375064 rev.3.AA
Running: rf6h5lr7.exe; Driver: C:\DOCUME~1\bblack\LOCALS~1\Temp\kxtcypob.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
Click to expand...

Malwarebytes

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6610

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

5/18/2011 11:50:23 AM
mbam-log-2011-05-18 (11-50-16).txt

Scan type: Quick scan
Objects scanned: 165208
Time elapsed: 5 minute(s), 48 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\bblack\Local Settings\Application Data\rbr.exe" -a "C:\Program Files\Internet Explorer\iexplore.exe") Good: (iexplore.exe) -> No action taken.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
Click to expand...

Ok, thats it, my problem seems to be "unable to use windowsupdate, using ie8, ninite.com for all the runtime apps..
 
I'm sorry, but I am withdrawing my support. You have a client who left a computer with you to fix. That implies that the client will pay you for this services when the computer is picked up. You come to a forum staffed only with volunteers who offer free help.

You may or may not want to help me. I was able to fix this machine, well the main problem at least where it made the system unable to function having all file extensions corrupt. I will list what I did so in case you can help me
Click to expand...

Had you made this situation clear when you made the statement above, I would have withdrawn then.
 
Status
Not open for further replies.

Similar threads

AnilD
Instagram is not loading on any desktop browser - here's a fix
Replies
0
Views
2K
AnilD
AnilD
A
Infected: Antivirus says it's Trojan:Script/Wacatac.H!ml
Replies
12
Views
2K
adidaman27
A
E
Open Source Initiative co-founder imagines a post-open-source world
Replies
17
Views
400
trparky
T

Latest posts

Back