TechSpot

Malwarebytes Access Denied Error

Inactive
By Sgt_Koolaid
Jun 21, 2013
  1. Googled this problem this morning and found a previous locked discussion. I have followed the instructions from that discussion as far as I could. I have run both MBRCheck, here is the log it produced

    MBRCheck, version 1.2.3
    (c) 2010, AD

    Command-line:
    Windows Version: Windows Vista Home Premium Edition
    Windows Information: Service Pack 2 (build 6002), 32-bit
    Base Board Manufacturer: Wistron
    BIOS Manufacturer: Hewlett-Packard
    System Manufacturer: Hewlett-Packard
    System Product Name: HP G60 Notebook PC
    Logical Drives Mask: 0x0000005c

    Kernel Drivers (total 199):
    0x82237000 \SystemRoot\system32\ntkrnlpa.exe
    0x82204000 \SystemRoot\system32\hal.dll
    0x8040A000 \SystemRoot\system32\kdcom.dll
    0x80411000 \SystemRoot\system32\PSHED.dll
    0x80422000 \SystemRoot\system32\BOOTVID.dll
    0x8042A000 \SystemRoot\system32\CLFS.SYS
    0x8046B000 \SystemRoot\system32\CI.dll
    0x8054B000 \SystemRoot\system32\drivers\Wdf01000.sys
    0x805C7000 \SystemRoot\system32\drivers\WDFLDR.SYS
    0x8060F000 \SystemRoot\system32\drivers\acpi.sys
    0x80655000 \SystemRoot\system32\drivers\WMILIB.SYS
    0x8065E000 \SystemRoot\system32\drivers\msisadrv.sys
    0x80666000 \SystemRoot\system32\drivers\pci.sys
    0x8068D000 \SystemRoot\system32\drivers\isapnp.sys
    0x8069C000 \SystemRoot\system32\drivers\mpio.sys
    0x806B8000 \SystemRoot\System32\drivers\partmgr.sys
    0x806C7000 \SystemRoot\system32\DRIVERS\compbatt.sys
    0x806CA000 \SystemRoot\system32\DRIVERS\BATTC.SYS
    0x806D4000 \SystemRoot\system32\drivers\volmgr.sys
    0x806E3000 \SystemRoot\System32\drivers\volmgrx.sys
    0x8072D000 \SystemRoot\system32\drivers\intelide.sys
    0x80734000 \SystemRoot\system32\drivers\PCIIDEX.SYS
    0x80742000 \SystemRoot\system32\drivers\pciide.sys
    0x80749000 \SystemRoot\system32\drivers\aliide.sys
    0x80750000 \SystemRoot\system32\drivers\amdide.sys
    0x80757000 \SystemRoot\system32\drivers\cmdide.sys
    0x8075F000 \SystemRoot\System32\drivers\mountmgr.sys
    0x8076F000 \SystemRoot\system32\drivers\msdsm.sys
    0x80789000 \SystemRoot\system32\drivers\nvraid.sys
    0x807A4000 \SystemRoot\system32\drivers\CLASSPNP.SYS
    0x807C5000 \SystemRoot\system32\drivers\viaide.sys
    0x8A004000 \SystemRoot\system32\drivers\iastorv.sys
    0x8A0A5000 \SystemRoot\system32\drivers\atapi.sys
    0x8A0AD000 \SystemRoot\system32\drivers\ataport.SYS
    0x8A0CB000 \SystemRoot\system32\drivers\lsi_scsi.sys
    0x8A0E5000 \SystemRoot\system32\drivers\storport.sys
    0x8A126000 \SystemRoot\system32\drivers\msahci.sys
    0x8A130000 \SystemRoot\system32\drivers\hpcisss.sys
    0x8A13B000 \SystemRoot\system32\drivers\adp94xx.sys
    0x8A1A5000 \SystemRoot\system32\drivers\adpahci.sys
    0x807CD000 \SystemRoot\system32\drivers\adpu160m.sys
    0x805D4000 \SystemRoot\system32\drivers\SCSIPORT.SYS
    0x8A209000 \SystemRoot\system32\drivers\adpu320.sys
    0x8A22F000 \SystemRoot\system32\drivers\djsvs.sys
    0x8A243000 \SystemRoot\system32\drivers\arc.sys
    0x8A259000 \SystemRoot\system32\drivers\arcsas.sys
    0x8A26F000 \SystemRoot\system32\drivers\elxstor.sys
    0x8A303000 \SystemRoot\system32\drivers\i2omp.sys
    0x8A30D000 \SystemRoot\system32\drivers\iirsp.sys
    0x8A31D000 \SystemRoot\system32\drivers\iteatapi.sys
    0x8A329000 \SystemRoot\system32\drivers\iteraid.sys
    0x8A335000 \SystemRoot\system32\drivers\lsi_fc.sys
    0x8A34F000 \SystemRoot\system32\drivers\lsi_sas.sys
    0x8A367000 \SystemRoot\system32\drivers\megasas.sys
    0x8A409000 \SystemRoot\system32\drivers\megasr.sys
    0x8A4C0000 \SystemRoot\system32\drivers\mraid35x.sys
    0x8A4CB000 \SystemRoot\system32\drivers\nfrd960.sys
    0x8A4D9000 \SystemRoot\system32\drivers\nvstor.sys
    0x8A60A000 \SystemRoot\system32\drivers\ql2300.sys
    0x8A742000 \SystemRoot\system32\drivers\ql40xx.sys
    0x8A797000 \SystemRoot\system32\drivers\sisraid2.sys
    0x8A7A4000 \SystemRoot\system32\drivers\sisraid4.sys
    0x8A7B9000 \SystemRoot\system32\drivers\symc8xx.sys
    0x8A7C5000 \SystemRoot\system32\drivers\sym_hi.sys
    0x8A7D0000 \SystemRoot\system32\drivers\sym_u3.sys
    0x8A4E6000 \SystemRoot\system32\drivers\uliahci.sys
    0x8A7DB000 \SystemRoot\system32\drivers\ulsata.sys
    0x8A522000 \SystemRoot\system32\drivers\ulsata2.sys
    0x8A54E000 \SystemRoot\system32\drivers\vsmraid.sys
    0x8A56F000 \SystemRoot\system32\drivers\fltmgr.sys
    0x8A5A1000 \SystemRoot\system32\drivers\fileinfo.sys
    0x8A5B1000 \SystemRoot\System32\Drivers\TPkd.sys
    0x8A371000 \SystemRoot\System32\Drivers\ksecdd.sys
    0x8A80C000 \SystemRoot\system32\drivers\ndis.sys
    0x8A917000 \SystemRoot\system32\drivers\msrpc.sys
    0x8A942000 \SystemRoot\system32\drivers\NETIO.SYS
    0x8AA08000 \SystemRoot\System32\drivers\tcpip.sys
    0x8AAF2000 \SystemRoot\System32\drivers\fwpkclnt.sys
    0x8AC05000 \SystemRoot\System32\Drivers\Ntfs.sys
    0x8AD15000 \SystemRoot\system32\drivers\wd.sys
    0x8AD1D000 \SystemRoot\system32\drivers\volsnap.sys
    0x8AD56000 \SystemRoot\System32\Drivers\spldr.sys
    0x8AD5E000 \SystemRoot\system32\drivers\sbp2port.sys
    0x8AD73000 \SystemRoot\System32\Drivers\mup.sys
    0x8AD82000 \SystemRoot\System32\drivers\ecache.sys
    0x8ADA9000 \SystemRoot\system32\drivers\disk.sys
    0x8ADBA000 \SystemRoot\system32\drivers\crcdisk.sys
    0x8ADE3000 \SystemRoot\system32\DRIVERS\tunnel.sys
    0x8ADEE000 \SystemRoot\system32\DRIVERS\tunmp.sys
    0x8AB0D000 \SystemRoot\system32\DRIVERS\processr.sys
    0x8ADF7000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
    0x8AB1C000 \SystemRoot\system32\DRIVERS\i8042prt.sys
    0x8AC00000 \SystemRoot\system32\DRIVERS\HpqKbFiltr.sys
    0x8AB2F000 \SystemRoot\system32\DRIVERS\kbdclass.sys
    0x8AB3A000 \SystemRoot\system32\DRIVERS\SynTP.sys
    0x8AB6A000 \SystemRoot\system32\DRIVERS\USBD.SYS
    0x8AB6C000 \SystemRoot\system32\DRIVERS\mouclass.sys
    0x8AB77000 \SystemRoot\system32\DRIVERS\CmBatt.sys
    0x8AB7B000 \SystemRoot\system32\DRIVERS\nvsmu.sys
    0x8AB83000 \SystemRoot\system32\DRIVERS\usbohci.sys
    0x8AB8D000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
    0x8ABCB000 \SystemRoot\system32\DRIVERS\usbehci.sys
    0x8EA0A000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
    0x8EA97000 \SystemRoot\system32\DRIVERS\cdrom.sys
    0x8EAAF000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
    0x8EAB5000 \SystemRoot\system32\DRIVERS\nvmfdx32.sys
    0x8EC01000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
    0x8F68A000 \SystemRoot\System32\drivers\dxgkrnl.sys
    0x8F72B000 \SystemRoot\System32\drivers\watchdog.sys
    0x8FC0A000 \SystemRoot\system32\DRIVERS\athr.sys
    0x8FD18000 \SystemRoot\system32\DRIVERS\msiscsi.sys
    0x8FD47000 \SystemRoot\system32\DRIVERS\TDI.SYS
    0x8FD52000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
    0x8FD69000 \SystemRoot\system32\DRIVERS\ndistapi.sys
    0x8FD74000 \SystemRoot\system32\DRIVERS\ndiswan.sys
    0x8FD97000 \SystemRoot\system32\DRIVERS\raspppoe.sys
    0x8FDA6000 \SystemRoot\system32\DRIVERS\raspptp.sys
    0x8FDBA000 \SystemRoot\system32\DRIVERS\rassstp.sys
    0x8FDCF000 \SystemRoot\system32\DRIVERS\termdd.sys
    0x8FDDF000 \SystemRoot\system32\DRIVERS\VClone.sys
    0x8FDEA000 \SystemRoot\system32\DRIVERS\swenum.sys
    0x8F737000 \SystemRoot\system32\DRIVERS\ks.sys
    0x8FDEC000 \SystemRoot\system32\DRIVERS\AmdLLD.sys
    0x8FC00000 \SystemRoot\system32\DRIVERS\mssmbios.sys
    0x8F761000 \SystemRoot\system32\DRIVERS\umbus.sys
    0x8F76E000 \SystemRoot\system32\DRIVERS\usbhub.sys
    0x8F7A3000 \SystemRoot\System32\Drivers\NDProxy.SYS
    0x8F7B4000 \SystemRoot\system32\drivers\CHDRT32.sys
    0x8EBB2000 \SystemRoot\system32\drivers\portcls.sys
    0x8ABDA000 \SystemRoot\system32\drivers\drmk.sys
    0x8A97D000 \SystemRoot\system32\DRIVERS\HSXHWAZL.sys
    0x90009000 \SystemRoot\system32\DRIVERS\HSX_DPV.sys
    0x9010C000 \SystemRoot\system32\DRIVERS\HSX_CNXT.sys
    0x901C1000 \SystemRoot\system32\drivers\modem.sys
    0x901CE000 \SystemRoot\system32\drivers\nvhda32v.sys
    0x8EBDF000 \SystemRoot\system32\drivers\RTSTOR.SYS
    0x8A9BB000 \SystemRoot\system32\DRIVERS\usbccgp.sys
    0x901F6000 \SystemRoot\system32\DRIVERS\hidusb.sys
    0x8F7EF000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    0x90000000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    0x8A9D2000 \SystemRoot\System32\Drivers\usbvideo.sys
    0x8EBF2000 \SystemRoot\system32\DRIVERS\kbdhid.sys
    0x8EA00000 \SystemRoot\system32\DRIVERS\mouhid.sys
    0x8A9F3000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
    0x8AA00000 \SystemRoot\System32\Drivers\Null.SYS
    0x8A800000 \SystemRoot\System32\Drivers\Beep.SYS
    0x8A5CF000 \SystemRoot\System32\drivers\vga.sys
    0x8A5DB000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
    0x8A600000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
    0x8A400000 \SystemRoot\system32\drivers\rdpencdd.sys
    0x8A3E2000 \SystemRoot\System32\Drivers\Msfs.SYS
    0x8A3ED000 \SystemRoot\System32\Drivers\Npfs.SYS
    0x8A200000 \SystemRoot\System32\DRIVERS\rasacd.sys
    0x807E8000 \SystemRoot\system32\DRIVERS\tdx.sys
    0x90203000 \SystemRoot\system32\DRIVERS\smb.sys
    0x90217000 \SystemRoot\system32\drivers\afd.sys
    0x9025F000 \SystemRoot\System32\DRIVERS\netbt.sys
    0x90291000 \SystemRoot\system32\DRIVERS\pacer.sys
    0x902A7000 \SystemRoot\system32\DRIVERS\netbios.sys
    0x902B5000 \SystemRoot\system32\DRIVERS\wanarp.sys
    0x902C8000 \SystemRoot\system32\DRIVERS\rdbss.sys
    0x90304000 \SystemRoot\system32\drivers\nsiproxy.sys
    0x9030E000 \SystemRoot\System32\Drivers\ElbyCDIO.sys
    0x90313000 \SystemRoot\System32\Drivers\dfsc.sys
    0x9032A000 \SystemRoot\system32\DRIVERS\cdfs.sys
    0x90340000 \SystemRoot\System32\Drivers\crashdmp.sys
    0x9034D000 \SystemRoot\System32\Drivers\dump_dumpata.sys
    0x90358000 \SystemRoot\System32\Drivers\dump_atapi.sys
    0x96620000 \SystemRoot\System32\win32k.sys
    0x90360000 \SystemRoot\System32\drivers\Dxapi.sys
    0x9036A000 \SystemRoot\system32\DRIVERS\monitor.sys
    0x96840000 \SystemRoot\System32\TSDDD.dll
    0x96860000 \SystemRoot\System32\cdd.dll
    0x96870000 \SystemRoot\System32\ATMFD.DLL
    0x90379000 \SystemRoot\system32\drivers\luafv.sys
    0x9D403000 \SystemRoot\system32\drivers\spsys.sys
    0x9D4B3000 \SystemRoot\system32\DRIVERS\diginet.sys
    0x9D4BB000 \SystemRoot\system32\DRIVERS\lltdio.sys
    0x9D4CB000 \SystemRoot\system32\DRIVERS\nwifi.sys
    0x9D4F5000 \SystemRoot\system32\DRIVERS\ndisuio.sys
    0x9D4FF000 \SystemRoot\system32\DRIVERS\rspndr.sys
    0x9D512000 \SystemRoot\system32\drivers\HTTP.sys
    0x9D57F000 \SystemRoot\System32\DRIVERS\srvnet.sys
    0x9D59C000 \SystemRoot\system32\DRIVERS\bowser.sys
    0x9D5B5000 \SystemRoot\System32\drivers\mpsdrv.sys
    0x9D5CA000 \SystemRoot\system32\drivers\mrxdav.sys
    0x90394000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
    0x903B3000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
    0x8ADC3000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
    0x9E60C000 \SystemRoot\System32\DRIVERS\srv2.sys
    0x9E633000 \SystemRoot\System32\DRIVERS\srv.sys
    0x9E699000 \SystemRoot\system32\DRIVERS\atksgt.sys
    0x9E6DC000 \SystemRoot\system32\DRIVERS\lirsgt.sys
    0x9E6E1000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
    0x9E6E5000 \SystemRoot\system32\drivers\peauth.sys
    0x9E7C3000 \SystemRoot\System32\Drivers\secdrv.SYS
    0x9E7CD000 \SystemRoot\System32\drivers\tcpipreg.sys
    0x9E7D9000 \SystemRoot\system32\DRIVERS\xaudio.sys
    0x77C60000 \Windows\System32\ntdll.dll

    Processes (total 59):
    0 System Idle Process
    4 System
    472 C:\Windows\System32\smss.exe
    576 csrss.exe
    628 C:\Windows\System32\wininit.exe
    636 csrss.exe
    672 C:\Windows\System32\services.exe
    684 C:\Windows\System32\lsass.exe
    692 C:\Windows\System32\lsm.exe
    812 C:\Windows\System32\winlogon.exe
    880 C:\Windows\System32\svchost.exe
    928 C:\Windows\System32\nvvsvc.exe
    960 C:\Windows\System32\svchost.exe
    1036 C:\Windows\System32\svchost.exe
    1108 C:\Windows\System32\svchost.exe
    1128 C:\Windows\System32\svchost.exe
    1236 C:\Windows\System32\audiodg.exe
    1260 C:\Windows\System32\svchost.exe
    1276 C:\Windows\System32\SLsvc.exe
    1316 C:\Windows\System32\svchost.exe
    1380 C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    1392 C:\Windows\System32\nvvsvc.exe
    1636 C:\Windows\System32\svchost.exe
    1888 C:\Windows\System32\spoolsv.exe
    1912 C:\Windows\System32\svchost.exe
    264 C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    304 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    544 C:\Program Files\Hi-Rez Studios\HiPatchService.exe
    1224 C:\ProgramData\IBUpdaterService\ibsvc.exe
    1684 C:\Windows\System32\svchost.exe
    1784 C:\Windows\System32\svchost.exe
    284 C:\Windows\System32\svchost.exe
    1796 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
    2084 C:\Windows\System32\SearchIndexer.exe
    2148 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
    2668 C:\Windows\System32\dwm.exe
    2708 C:\Windows\System32\taskeng.exe
    2756 C:\Windows\explorer.exe
    2976 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    2988 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    3000 C:\Windows\System32\taskeng.exe
    3096 C:\Program Files\iTunes\iTunesHelper.exe
    3232 C:\Users\owner\AppData\Local\Apps\2.0\40DK16PO.603\RNC6X9NT.3G8\curs..tion_9e9e83ddf3ed3ead_0005.0001_181b5e0542e9eb6c\CurseClient.exe
    3320 C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    3404 WmiPrvSE.exe
    3480 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
    3552 C:\Program Files\iPod\bin\iPodService.exe
    3840 C:\Windows\System32\wbem\unsecapp.exe
    3972 C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
    1116 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    1324 C:\Windows\System32\svchost.exe
    2476 C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    2452 C:\Program Files\Mozilla Firefox\firefox.exe
    1408 C:\Program Files\Mozilla Firefox\plugin-container.exe
    2136 C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
    280 C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
    2704 C:\Windows\System32\SearchProtocolHost.exe
    2640 C:\Windows\System32\SearchFilterHost.exe
    2564 C:\Users\owner\Downloads\MBRCheck.exe

    \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00100000 (NTFS)
    \\.\D: --> \\.\PhysicalDrive0 at offset 0x00000047`cac00000 (NTFS)

    PhysicalDrive0 Model Number: ST9320325AS, Rev: 0005HPM1

    Size Device Name MBR Status
    --------------------------------------------
    298 GB \\.\PhysicalDrive0 Unknown MBR code
    SHA1: E6CCDBFD8F5B3DAA80CE1AA64C67955A606A347D


    Found non-standard or infected MBR.
    Enter 'Y' and hit ENTER for more options, or 'N' to exit:

    Done!

    I have also ran combofix.exe and here is the logfile it produced.

    ComboFix 13-06-21.02 - owner 06/21/2013 5:02.1.2 - x86
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2814.1886 [GMT -5:00]
    Running from: c:\users\owner\Desktop\ComboFix.exe
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\program files\smartdl
    c:\program files\smartdl\gunzip.exe
    c:\program files\smartdl\status-o
    c:\program files\smartdl\status
    c:\program files\smartdl\TorrentSearch.exe
    c:\program files\TSearch
    c:\program files\TSearch\client.py
    c:\program files\TSearch\easydownload.exe
    c:\program files\TSearch\libtorrent.pyd
    c:\program files\TSearch\python25.dll
    c:\program files\TSearch\results
    c:\users\Public\dcunlock.exe
    c:\users\Public\SetupVirtualCloneDrive5440.exe
    .
    .
    ((((((((((((((((((((((((( Files Created from 2013-05-21 to 2013-06-21 )))))))))))))))))))))))))))))))
    .
    .
    2013-06-21 10:15 . 2013-06-21 10:15 -------- d-----w- c:\users\owner\AppData\Local\temp
    2013-06-21 10:15 . 2013-06-21 10:15 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
    2013-06-21 10:15 . 2013-06-21 10:15 -------- d-----w- c:\users\Default\AppData\Local\temp
    2013-06-09 19:10 . 2013-06-09 19:10 -------- d-----w- c:\users\owner\AppData\Roaming\NVIDIA
    2013-06-01 23:47 . 2013-06-01 23:47 -------- d-----w- c:\windows\8A809006C25A4A3A9DAB94659BCDB107.TMP
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2013-06-14 11:03 . 2012-04-18 20:00 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2013-06-14 11:03 . 2011-08-19 21:05 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2013-05-21 05:36 . 2013-05-21 05:36 715038 ----a-w- c:\windows\unins000.exe
    2013-05-08 23:16 . 2009-08-18 17:24 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
    2013-04-04 19:50 . 2010-01-02 22:45 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files\DVDVideoSoftTB\tbDVDV.dll" [2010-04-27 2393184]
    .
    [HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
    2010-04-27 16:08 2393184 ----a-w- c:\program files\DVDVideoSoftTB\tbDVDV.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files\DVDVideoSoftTB\tbDVDV.dll" [2010-04-27 2393184]
    .
    [HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{872B5B88-9DB5-4310-BDD0-AC189557E5F5}"= "c:\program files\DVDVideoSoftTB\tbDVDV.dll" [2010-04-27 2393184]
    .
    [HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-17 1049896]
    "hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
    "amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
    "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-12-12 152544]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
    .
    c:\users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    CurseClientStartup.ccip [2013-4-5 0]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "wave2"=Digi32.dll
    "MIDI2"=diomidi.dll
    "mixer"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
    2013-04-04 21:06 958576 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
    2012-11-28 20:13 59280 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
    2006-11-02 09:45 8704 ----a-w- c:\windows\System32\ctfmon.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DigidesignMMERefresh]
    2008-12-04 05:12 77824 ----a-w- c:\program files\Digidesign\Drivers\MMERefresh.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLCJCATS]
    2006-10-20 23:45 73728 ----a-w- c:\windows\System32\spool\drivers\w32x86\3\dlcjtime.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
    2010-03-12 19:08 49208 ----a-w- c:\program files\HP\HP Software Update\hpwuschd2.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2012-12-12 19:57 152544 ----a-w- c:\program files\iTunes\iTunesHelper.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl.exe]
    2008-08-01 23:14 202032 ----a-w- c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService]
    2008-09-24 00:21 468264 ----a-w- c:\program files\HP\QuickPlay\QPService.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2011-10-24 19:28 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
    2013-06-06 22:06 1641896 ----a-w- c:\program files\Steam\Steam.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2012-01-18 19:02 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UCam_Menu]
    2008-11-15 05:02 218408 ----a-w- c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateLBPShortCut]
    2008-06-14 01:11 210216 ----a-w- c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateP2GoShortCut]
    2008-06-14 01:11 210216 ----a-w- c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdatePDIRShortCut]
    2008-06-14 01:11 210216 ----a-w- c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdatePSTShortCut]
    2008-10-07 03:42 210216 ----a-w- c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirtualCloneDrive]
    2009-06-17 11:44 85160 ----a-w- c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
    2008-01-21 02:23 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "IDriverT"=3 (0x3)
    "HP Health Check Service"=2 (0x2)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
    "AntiVirusOverride"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
    2008-06-09 17:14 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2013-06-21 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-18 11:03]
    .
    2013-06-15 c:\windows\Tasks\HPCeeScheduleForowner.job
    - c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2009-04-20 18:34]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://search.babylon.com/?affID=119351&tt=gc_190513_215&babsrc=HP_ss_gin2g&mntrId=045E001F16E496BB
    uDefault_Search_URL = hxxp://www.google.com/ie
    mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
    uInternet Settings,ProxyOverride = *.local
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
    IE: Free YouTube Download - c:\users\owner\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
    IE: Free YouTube to Mp3 Converter - c:\users\owner\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
    IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
    Trusted Zone: clonewarsadventures.com
    Trusted Zone: freerealms.com
    Trusted Zone: soe.com
    Trusted Zone: sony.com
    TCP: DhcpNameServer = 192.168.1.1
    FF - ProfilePath - c:\users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\3ucpl49t.default-1350359240915\
    FF - ExtSQL: !HIDDEN! 2013-01-02 19:59; {ACAA314B-EEBA-48e4-AD47-84E31C44796C}; c:\program files\Common Files\DVDVideoSoft\plugins\ff
    FF - user.js: extensions.delta.tlbrSrchUrl -
    FF - user.js: extensions.delta.id - 045e96cf000000000000001f16e496bb
    FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
    FF - user.js: extensions.delta.instlDay - 15846
    FF - user.js: extensions.delta.vrsn - 1.8.21.5
    FF - user.js: extensions.delta.vrsni - 1.8.21.5
    FF - user.js: extensions.delta.vrsnTs - 1.8.21.50:33
    FF - user.js: extensions.delta.prtnrId - delta
    FF - user.js: extensions.delta.prdct - delta
    FF - user.js: extensions.delta.aflt - babsst
    FF - user.js: extensions.delta.smplGrp - none
    FF - user.js: extensions.delta.tlbrId - base
    FF - user.js: extensions.delta.instlRef - sst
    FF - user.js: extensions.delta.dfltLng - en
    FF - user.js: extensions.delta.excTlbr - false
    FF - user.js: extensions.delta.ffxUnstlRst - true
    FF - user.js: extensions.delta.admin - false
    FF - user.js: extensions.delta_i.babTrack - affID=119351&tt=gc_190513_215
    FF - user.js: extensions.delta_i.babExt -
    FF - user.js: extensions.delta_i.srcExt - ss
    FF - user.js: extensions.delta.autoRvrt - false
    FF - user.js: extensions.delta.rvrt - false
    FF - user.js: extensions.delta.newTab - false
    .
    - - - - ORPHANS REMOVED - - - -
    .
    URLSearchHooks-{7473b6bd-4691-4744-a82b-7854eb3d70b6} - (no file)
    HKLM-Run-DivXMediaServer - c:\program files\DivX\DivX Media Server\DivXMediaServer.exe
    MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe
    MSConfigStartUp-HP Health Check Scheduler - c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
    AddRemove-1ClickDownload - c:\program files\1ClickDownload\uninst.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2013-06-21 05:15
    Windows 6.0.6002 Service Pack 2 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Norton Internet Security]
    "ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.0.0.125\diMaster.dll\" /prefetch:1"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-2339960037-1297432260-1102244838-1000\Software\SecuROM\License information*]
    "datasecu"=hex:e6,3b,bb,f6,d7,e8,ff,5e,f5,6b,24,c7,89,be,52,9f,cf,13,fe,65,41,
    17,30,14,40,34,5b,fc,c0,c8,d2,7f,33,e8,6a,1c,7d,aa,f8,7b,53,26,92,7a,02,9a,\
    "rkeysecu"=hex:81,15,8d,79,eb,62,44,bb,33,a0,8e,13,c8,4d,81,93
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    Completion time: 2013-06-21 05:19:08
    ComboFix-quarantined-files.txt 2013-06-21 10:18
    .
    Pre-Run: 52,941,402,112 bytes free
    Post-Run: 53,162,700,800 bytes free
    .
    - - End Of File - - FA2E70DF47151DEDAEB07AE2B17D9B56
    588AE8F0C685C02BA11F30D9CD7E61A0
    Given any further instructions looked like they depended largely on the logs produced I stopped there and decided to ask for help.
     
  2. Sgt_Koolaid

    Sgt_Koolaid TS Rookie Topic Starter

    So, 8 hours. No response. Don't know why, but rather than complain, I'm going to post more information and see if that helps.

    When I attempt to install MWBAM (malwarebytes anti malware) an error occurs near the end of the installation. A window pops up that says Error, Access Denied. And then the installer removes all files it just installed and closes.

    The other instance of this problem, along with the instructions I followed which produced the two log files above can be found here. http://www.techspot.com/community/topics/virus-cant-install-malwarebytes-access-is-denied.163660/

    Would really appreciate some help here.
     
  3. Broni

    Broni Malware Annihilator Posts: 47,630   +267

    Welcome aboard [​IMG]

    Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
    Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
    Attached logs won't be reviewed.
    Skip MBAM for now.

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
     
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.