TechSpot

Possible Virus with Internet Browser Messing Up

Inactive
By pascaleledumbo
Oct 29, 2010
Topic Status:
Not open for further replies.
  1. Hi there!

    I am trying to fix my sister computer, as I am pretty sure it is full of malware and virus.

    The first noticeable problem is I can't open the Anti-Virus program. It kept crashing out everytime I click the anti-virus.

    The second problem is I wanted to download mbam and everytime I key-in 'malwarebytes' on any of the internet browser (ie,ffox) and click search it crashes out the browsers.

    Therefore am strongly believe that this laptop is probably full of 'unwanted' items in it.

    I would appreciate any advices on what I could do with this problems.

    I thought I would be able to run the anti-virus from safe mode, but turns out it still crashing out as well. Tried to google this problem up, but nothing came up.

    Thanks in advance guys/gals!

    Cheers!
  2. pascaleledumbo

    pascaleledumbo Newcomer, in training Topic Starter Posts: 25

    I think it's PAV problem. I got rid of PAV once through the safe-mode. But this time even in safe mode I can't seems to install mbam.

    Any other idea how to install mbam on this machine?

    Any advices would be highly appreciated. Thank you!
  3. crunchie

    crunchie Malware Helper Posts: 761

    Please read the directions given here and when done, post the requested logs.
    Please paste the logs, do not attach them.
  4. pascaleledumbo

    pascaleledumbo Newcomer, in training Topic Starter Posts: 25

    As I've previously mentioned, I am unable to open Avira anti-virus that is already installed in the system. I've managed to download mbam into the system, but the trojan/malware always successful in shutting down the installation setup.

    So there are no logs that I could post in here at the moment.

    Is there anyway for me to install mbam to that system? I know most probably that mbam would manage to get rid of the problem.

    Thanks again!
  5. crunchie

    crunchie Malware Helper Posts: 761

    Please try this version of malwarebytes: Click the link here.
    Save it on your desktop. You'll see it will have a random name, and will look similar like this:
    Doubleclick on it, so it will extract the files and will start Malwarebytes automatically.
    In case the installer (random named file) won't run either, rename it to EXPLORER.EXE and try again.

    When Malwarebytes opens, click the "Update" tab FIRST and select to check for updates in order to get the latest updates.
    In case Malwarebytes doesn't open, search for the folder mbam-installer on your desktop, open it and doubleclick the file winlogon.exe which will be present in there. This should launch Malwarebytes.

    Then perform a scan and let it remove what it found. Reboot afterwards (important).
    After reboot, post the malwarebytes log together with a new HijackThislog.
  6. pascaleledumbo

    pascaleledumbo Newcomer, in training Topic Starter Posts: 25

    I will try it down and let you know how it goes. Thank you very much crunchie!!
  7. pascaleledumbo

    pascaleledumbo Newcomer, in training Topic Starter Posts: 25

    Hi crunchie!!

    I've tried to rename the file to EXPLORER.EXE but it still get shuts down by the trojan. I only managed to get to the first step of installation (Choosing the language) and then when I click ok it crashes all the time.

    I'm pretty much has ran out of idea on how to load mbam to this machine..>_<

    Anymore help will be highly appreciated. Thanks a lot guys!! :D
  8. crunchie

    crunchie Malware Helper Posts: 761

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    * Rkill.com
    * Rkill.scr
    * Rkill.pif
    * Rkill.exe


    • * Double-click on the Rkill desktop icon to run the tool.
      * If using Vista or Windows 7 right-click on it and choose Run As Administrator.
      * A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
      * If not, delete the file, then download and use the one provided in Link 2.
      * If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
      * Do not reboot until instructed.
      * If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run then try to immediately run the following.

    Now download and run exeHelper.


    • * Please download exeHelper from Raktor to your desktop.
      * Double-click on exeHelper.com to run the fix.
      * A black window should pop up, press any key to close once the fix is completed.
      * A log file named log.txt will be created in the directory where you ran exeHelper.com
      * Attach the log.txt file to your next message.

    Note: If the window shows a message that says "Error deleting file", please re-run the program before posting a log - and post the two logs together (they will both be in the one file).

    =================================================================

    Now try again immediately to do MBA-M.
  9. pascaleledumbo

    pascaleledumbo Newcomer, in training Topic Starter Posts: 25

    I'll try it this weekend and give u update.. Thanks a lot!!:)
  10. crunchie

    crunchie Malware Helper Posts: 761

    Ok. Try not to leave it for a week every time you reply though :)
  11. pascaleledumbo

    pascaleledumbo Newcomer, in training Topic Starter Posts: 25

    crunchie

    Here's the logs!

    It didn't really delete anything..Does this seems right to you?

    It doesn't even asked me to reboot..:(

    Attached Files:

     
  12. crunchie

    crunchie Malware Helper Posts: 761

    You need to paste the logs into your reply please instead of attaching them.
    Did you try and run MBA-M immediately after?
  13. pascaleledumbo

    pascaleledumbo Newcomer, in training Topic Starter Posts: 25

    This log file is located at C:\rkill.log.
    Please post this only if requested to by the person helping you.
    Otherwise you can close this log when you wish.
    Ran as Kamilia on 11/30/2010 at 21:27:19.


    Services Stopped:


    Processes terminated by Rkill or while it was running:


    C:\Documents and Settings\Kamilia\My Documents\Downloads\rkill.com
    C:\Program Files\Avira\AntiVir Desktop\avwsc.exe


    Rkill completed on 11/30/2010 at 21:27:24.
  14. pascaleledumbo

    pascaleledumbo Newcomer, in training Topic Starter Posts: 25

    exeHelper by Raktor
    Build 20100414
    Run at 19:25:04 on 11/30/10
    Now searching...
    Checking for numerical processes...
    Checking for sysguard processes...
    Checking for bad processes...
    Checking for bad files...
    Deleting file C:\WINDOWS\system32\uacinit.dll
    Checking for bad registry entries...
    Resetting filetype association for .exe
    Resetting filetype association for .com
    Resetting userinit and shell values...
    Resetting policies...
    --Finished--

    exeHelper by Raktor
    Build 20100414
    Run at 21:28:27 on 11/30/10
    Now searching...
    Checking for numerical processes...
    Checking for sysguard processes...
    Checking for bad processes...
    Checking for bad files...
    Checking for bad registry entries...
    Resetting filetype association for .exe
    Resetting filetype association for .com
    Resetting userinit and shell values...
    Resetting policies...
    --Finished--
  15. pascaleledumbo

    pascaleledumbo Newcomer, in training Topic Starter Posts: 25

    And no crunchie I can't install the mbam still..The anti-virus still doesn't work..I still can't searches things with keyword malwarebytes or anti virus..
  16. crunchie

    crunchie Malware Helper Posts: 761

    Please download ComboFix by sUBs from HERE or HERE
    • You must download it to and run it from your Desktop
    • Physically disconnect from the internet.
    • Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
    • Double click combofix.exe & follow the prompts.
    • When finished, it will produce a log. Please save that log to post in your next reply.
    • Re-enable all the programs that were disabled during the running of ComboFix..

    Note:
    Do not mouse-click combofix's window while it is running. That may cause it to stall.

    CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

    Run Combofix ONCE only!!
  17. pascaleledumbo

    pascaleledumbo Newcomer, in training Topic Starter Posts: 25

    crunchie I can't deactivate the anti virus, as the virus prevented me to even click on the avira icon. The anti-virus would just closed up on its own. It's just flashes and gone.

    And the combofix still detected it to be active. Should I just run the combofix?
  18. crunchie

    crunchie Malware Helper Posts: 761

    Yes, but if you have problems, just run it in safe mode instead.
  19. pascaleledumbo

    pascaleledumbo Newcomer, in training Topic Starter Posts: 25

    ComboFix 10-11-30.02 - Kamilia 12/01/2010 13:53:52.1.1 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.502.126 [GMT 11:00]
    Running from: c:\documents and settings\Kamilia\Desktop\ComboFix.exe
    AV: AntiVir Desktop *On-access scanning enabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
    FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\documents and settings\Kamilia\Application Data\ShoppingReport
    c:\documents and settings\Kamilia\Application Data\ShoppingReport\cs\Config.xml
    c:\documents and settings\Kamilia\Application Data\ShoppingReport\cs\db\Aliases.dbs
    c:\documents and settings\Kamilia\Application Data\ShoppingReport\cs\db\Sites.dbs
    c:\documents and settings\Kamilia\Application Data\ShoppingReport\cs\dwld\WhiteList.xip
    c:\documents and settings\Kamilia\Application Data\ShoppingReport\cs\report\aggr_storage.xml
    c:\documents and settings\Kamilia\Application Data\ShoppingReport\cs\report\send_storage.xml
    c:\documents and settings\Kamilia\Application Data\ShoppingReport\cs\res1\WhiteList.dbs
    c:\program files\Common Files\Uninstall
    c:\program files\Common Files\Uninstall\PAV\Uninstall.lnk
    c:\program files\PAV
    c:\program files\ShoppingReport
    c:\windows\system32\drivers\UACdaebltoqhhhfski.sys
    c:\windows\system32\drivers\UACotoirqpchylqbbp.sys
    c:\windows\system32\drivers\UACrnmxxuwntjxbrqh.sys
    c:\windows\system32\drivers\UACtrfqjovrowpbijk.sys
    c:\windows\system32\UACltlyxsnoeofqdwy.dat
    c:\windows\system32\UACxjsfuavrxrrxryi.log

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_UACd.sys
    -------\Service_UACd.sys


    ((((((((((((((((((((((((( Files Created from 2010-11-01 to 2010-12-01 )))))))))))))))))))))))))))))))
    .

    2010-11-11 00:02 . 2010-11-11 00:02 75264 ----a-w- c:\windows\system32\aefe.sys
    2010-11-08 13:56 . 2010-11-08 13:56 75264 ----a-w- c:\windows\system32\ffad.sys
    2010-11-06 00:37 . 2010-11-06 00:37 103864 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
    2010-11-06 00:37 . 2010-11-06 00:37 103864 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll
    2010-11-02 04:17 . 2010-09-18 06:53 954368 -c----w- c:\windows\system32\dllcache\mfc40.dll
    2010-11-02 04:17 . 2010-09-18 06:53 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
    2010-11-02 04:17 . 2010-09-18 06:53 974848 -c----w- c:\windows\system32\dllcache\mfc42.dll
    2010-11-02 04:16 . 2010-08-23 16:12 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
    2010-11-01 07:10 . 2010-11-01 07:10 -------- d-----w- c:\documents and settings\Kamilia\Application Data\Office Genuine Advantage

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-10-29 16:13 . 2010-10-29 16:14 472808 ----a-w- c:\windows\system32\deployJava1.dll
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-07-26 3883856]
    "ares destiny"="c:\program files\Ares Destiny\Ares.exe" [2007-08-27 2973184]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Apoint"="c:\program files\Apoint\Apoint.exe" [2004-11-17 118784]
    "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
    "MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
    "PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
    "PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
    "igfxtray"="c:\windows\system32\igfxtray.exe" [2005-08-05 94208]
    "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-08-05 77824]
    "igfxpers"="c:\windows\system32\igfxpers.exe" [2005-08-05 114688]
    "RTHDCPL"="RTHDCPL.EXE" [2005-08-09 14743552]
    "AzMixerSel"="c:\program files\Realtek\InstallShield\AzMixerSel.exe" [2005-06-11 53248]
    "Mouse Suite 98 Daemon"="ICO.EXE" [2002-03-14 45056]
    "SonyPowerCfg"="c:\program files\Sony\VAIO Power Management\SPMgr.exe" [2005-10-20 184320]
    "ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2004-02-20 32768]
    "VAIOCameraUtility"="c:\program files\Sony\VAIO Camera Utility\VCUServe.exe" [2005-12-27 69632]
    "VAIO Update 2"="c:\program files\Sony\VAIO Update 2\VAIOUpdt.exe" [2005-10-12 151552]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2007-12-11 286720]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2007-12-11 267048]
    "WHITNEY_S2P"="c:\program files\Samsung\Samsung SCX-4x21 Series\PSU\Scan2pc.exe" [2006-03-27 229376]
    "mxomssmenu"="c:\program files\Maxtor\OneTouch Status\maxmenumgr.exe" [2007-09-06 169264]
    "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
    "ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-22 35760]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]

    c:\documents and settings\Default User\Start Menu\Programs\Startup\
    E-Flyer.lnk - c:\program files\Sony\E-Flyer\E-Flyer.exe [2006-4-4 491520]
    VAIO Launcher.lnk - c:\program files\Sony\VAIO Launcher\Launcher.exe [2006-5-19 778240]

    c:\documents and settings\Administrator\Start Menu\Programs\Startup\
    E-Flyer.lnk - c:\program files\Sony\E-Flyer\E-Flyer.exe [2006-4-4 491520]

    c:\documents and settings\Kamilia\Start Menu\Programs\Startup\
    VAIO Launcher.lnk - c:\program files\Sony\VAIO Launcher\Launcher.exe [2006-5-19 778240]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\bdeedffceafb]
    2010-10-19 11:25 116224 ----a-w- c:\windows\system32\bdeedffceafb.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
    2005-05-21 00:42 73728 ----a-w- c:\windows\system32\VESWinlogon.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
    "c:\\Program Files\\Sony\\VAIO Media 5.0\\Vc.exe"=
    "c:\\Program Files\\Ares Destiny\\Ares.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=

    R1 aefe;aefe;c:\windows\system32\aefe.sys [11/11/2010 11:02 AM 75264]
    R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [6/6/2009 9:55 PM 108289]
    R2 CVCompressionService;CVision Compression Service;c:\program files\CVision\Services\CVCompressionService.exe [9/14/2009 2:53 PM 495616]
    S0 0e623b2e7af6fd0620165d52b149c6e9;0e623b2e7af6fd0620165d52b149c6e9;c:\windows\system32\0e623b2e7af6fd0620165d52b149c6e9.sys --> c:\windows\system32\0e623b2e7af6fd0620165d52b149c6e9.sys [?]
    S1 ffad;ffad; [x]
    S2 SSPORT;SSPORT;\??\c:\windows\system32\Drivers\SSPORT.sys --> c:\windows\system32\Drivers\SSPORT.sys [?]
    S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [1/15/2010 11:49 PM 227232]
    S3 SonyImgF;Sony Image Conversion Filter Driver;c:\windows\system32\drivers\SonyImgF.sys [4/3/2006 1:32 PM 29184]
    .
    Contents of the 'Scheduled Tasks' folder

    2010-12-01 c:\windows\Tasks\OGALogon.job
    - c:\windows\system32\OGAEXEC.exe [2009-08-03 04:07]

    2010-10-02 c:\windows\Tasks\Rescue Reminder for 2HASD52J.job
    - c:\program files\Maxtor\ManagerApp\MaxUtilities.exe [2007-09-06 06:52]

    2010-12-01 c:\windows\Tasks\User_Feed_Synchronization-{2DAED915-7066-46A9-A30D-A1A8DAE31A99}.job
    - c:\windows\system32\msfeedssync.exe [2009-03-07 17:31]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://au.yahoo.com
    uSearchURL,(Default) = hxxp://au.rd.yahoo.com/customize/ycomp/defaults/su/*http://au.yahoo.com
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    IE: Open in new background tab - c:\program files\Windows Live Toolbar\Components\en-my\msntabres.dll.mui/229?db8c425394904854956b0c49706c1c01
    IE: Open in new foreground tab - c:\program files\Windows Live Toolbar\Components\en-my\msntabres.dll.mui/230?db8c425394904854956b0c49706c1c01
    IE: Transfer by Image Converter 2 Plus - c:\program files\Sony\Image Converter 2\menu.htm
    FF - ProfilePath - c:\documents and settings\Kamilia\Application Data\Mozilla\Firefox\Profiles\qwj01kau.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://au.search.yahoo.com/search?fr=ffsp1&p=
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://au.yahoo.com
    FF - prefs.js: keyword.URL - hxxp://au.search.yahoo.com/search?fr=ffds1&p=
    FF - component: c:\program files\Mozilla Firefox\extensions\browserhighlighter@ebay.com\components\Shim.dll
    FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
    FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
    FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Extension: The Browser Highlighter: browserhighlighter@ebay.com - c:\program files\Mozilla Firefox\extensions\browserhighlighter@ebay.com
    FF - Extension: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    FF - Extension: Forecastfox Weather: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3} - c:\documents and settings\Kamilia\Application Data\Mozilla\Firefox\Profiles\qwj01kau.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
    FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\documents and settings\Kamilia\Application Data\Mozilla\Firefox\Profiles\qwj01kau.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    FF - Extension: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - c:\documents and settings\Kamilia\Application Data\Mozilla\Firefox\Profiles\qwj01kau.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
    FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    FF - Extension: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff

    ---- FIREFOX POLICIES ----
    FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
    .
    - - - - ORPHANS REMOVED - - - -

    HKCU-Run-Search Protection - c:\program files\Yahoo!\Search Protection\SearchProtection.exe
    HKLM-Run-PAV - c:\program files\PAV\pav.exe
    Notify-ccbaff - c:\windows\system32\ccbaff.dll
    AddRemove-MSNINST - c:\program files\MSN\MsnInstaller\msninst.exe



    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-12-01 14:07
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(752)
    c:\windows\system32\bdeedffceafb.dll
    c:\windows\system32\VESWinlogon.dll
    c:\windows\system32\Wininet.dll

    - - - - - - - > 'explorer.exe'(2904)
    c:\windows\system32\WININET.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\webcheck.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\Intel\Wireless\Bin\EvtEng.exe
    c:\program files\Intel\Wireless\Bin\S24EvMon.exe
    c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    c:\program files\Avira\AntiVir Desktop\avguard.exe
    c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\program files\Maxtor\Sync\SyncServices.exe
    c:\program files\Intel\Wireless\Bin\RegSrvc.exe
    c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    c:\windows\system32\wdfmgr.exe
    c:\program files\Sony\VAIO Event Service\VESMgr.exe
    c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
    c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
    c:\windows\RTHDCPL.EXE
    c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
    c:\windows\system32\ICO.EXE
    c:\program files\Apoint\Apntex.exe
    c:\windows\system32\igfxext.exe
    c:\windows\system32\igfxsrvc.exe
    c:\program files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
    c:\windows\system32\wscntfy.exe
    c:\program files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
    c:\program files\iPod\bin\iPodService.exe
    .
    **************************************************************************
    .
    Completion time: 2010-12-01 15:04:48 - machine was rebooted
    ComboFix-quarantined-files.txt 2010-12-01 04:04

    Pre-Run: 5,723,152,384 bytes free
    Post-Run: 5,867,597,824 bytes free

    WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    UnsupportedDebug="do not select this" /debug
    multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

    - - End Of File - - C98EAD59667C3B38D1A396A3406386D5
  20. crunchie

    crunchie Malware Helper Posts: 761

    Are you able to install MBA-M now?
  21. pascaleledumbo

    pascaleledumbo Newcomer, in training Topic Starter Posts: 25

    Nup..It still refusing to install mbam and same goes with the anti-virus and the internet browser crashes with certain keywords..I am so bummed!! Gah!

    This seems weird eh crunchie
  22. crunchie

    crunchie Malware Helper Posts: 761

    Do you have your operating system CD/ We might have to do a system repair.
  23. pascaleledumbo

    pascaleledumbo Newcomer, in training Topic Starter Posts: 25

    I don't think so I have it with me. Is there any other options withou the OS CD??
  24. crunchie

    crunchie Malware Helper Posts: 761

    Are you able to borrow one for a short time?
  25. pascaleledumbo

    pascaleledumbo Newcomer, in training Topic Starter Posts: 25

    I'll try to find one crunchie..Sorry for the late reply..
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.