Inactive Possible Virus with Internet Browser Messing Up

[pascaleledumbo]

Hi there!

I am trying to fix my sister computer, as I am pretty sure it is full of malware and virus.

The first noticeable problem is I can't open the Anti-Virus program. It kept crashing out everytime I click the anti-virus.

The second problem is I wanted to download mbam and everytime I key-in 'malwarebytes' on any of the internet browser (ie,ffox) and click search it crashes out the browsers.

Therefore am strongly believe that this laptop is probably full of 'unwanted' items in it.

I would appreciate any advices on what I could do with this problems.

I thought I would be able to run the anti-virus from safe mode, but turns out it still crashing out as well. Tried to google this problem up, but nothing came up.

Thanks in advance guys/gals!

Cheers!

 

[pascaleledumbo]

I think it's PAV problem. I got rid of PAV once through the safe-mode. But this time even in safe mode I can't seems to install mbam.

Any other idea how to install mbam on this machine?

Any advices would be highly appreciated. Thank you!

 

[crunchie]

Please read the directions given here and when done, post the requested logs.
Please paste the logs, do not attach them.

 

[pascaleledumbo]

As I've previously mentioned, I am unable to open Avira anti-virus that is already installed in the system. I've managed to download mbam into the system, but the trojan/malware always successful in shutting down the installation setup.

So there are no logs that I could post in here at the moment.

Is there anyway for me to install mbam to that system? I know most probably that mbam would manage to get rid of the problem.

Thanks again!

 

[crunchie]

Please try this version of malwarebytes: Click the link here.
Save it on your desktop. You'll see it will have a random name, and will look similar like this:
Doubleclick on it, so it will extract the files and will start Malwarebytes automatically.
In case the installer (random named file) won't run either, rename it to EXPLORER.EXE and try again.

When Malwarebytes opens, click the "Update" tab FIRST and select to check for updates in order to get the latest updates.
In case Malwarebytes doesn't open, search for the folder mbam-installer on your desktop, open it and doubleclick the file winlogon.exe which will be present in there. This should launch Malwarebytes.

Then perform a scan and let it remove what it found. Reboot afterwards (important).
After reboot, post the malwarebytes log together with a new HijackThislog.

 

[pascaleledumbo]

I will try it down and let you know how it goes. Thank you very much crunchie!!

 

[pascaleledumbo]

Hi crunchie!!

I've tried to rename the file to EXPLORER.EXE but it still get shuts down by the trojan. I only managed to get to the first step of installation (Choosing the language) and then when I click ok it crashes all the time.

I'm pretty much has ran out of idea on how to load mbam to this machine..>_<

Anymore help will be highly appreciated. Thanks a lot guys!!

 

[crunchie]

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

* Rkill.com
* Rkill.scr
* Rkill.pif
* Rkill.exe

• 
  * Double-click on the Rkill desktop icon to run the tool.
  * If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  * A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  * If not, delete the file, then download and use the one provided in Link 2.
  * If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  * Do not reboot until instructed.
  * If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run then try to immediately run the following.

Now download and run exeHelper.

• 
  * Please download exeHelper from Raktor to your desktop.
  * Double-click on exeHelper.com to run the fix.
  * A black window should pop up, press any key to close once the fix is completed.
  * A log file named log.txt will be created in the directory where you ran exeHelper.com
  * Attach the log.txt file to your next message.

Note: If the window shows a message that says "Error deleting file", please re-run the program before posting a log - and post the two logs together (they will both be in the one file).

=================================================================

Now try again immediately to do MBA-M.

 

[pascaleledumbo]

I'll try it this weekend and give u update.. Thanks a lot!!

 

[crunchie]

Ok. Try not to leave it for a week every time you reply though

 

[pascaleledumbo]

crunchie

Here's the logs!

It didn't really delete anything..Does this seems right to you?

It doesn't even asked me to reboot..

 

[crunchie]

You need to paste the logs into your reply please instead of attaching them.
Did you try and run MBA-M immediately after?

 

[pascaleledumbo]

This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.
Ran as Kamilia on 11/30/2010 at 21:27:19.


Services Stopped:


Processes terminated by Rkill or while it was running:


C:\Documents and Settings\Kamilia\My Documents\Downloads\rkill.com
C:\Program Files\Avira\AntiVir Desktop\avwsc.exe


Rkill completed on 11/30/2010 at 21:27:24.

 

[pascaleledumbo]

exeHelper by Raktor
Build 20100414
Run at 19:25:04 on 11/30/10
Now searching...
Checking for numerical processes...
Checking for sysguard processes...
Checking for bad processes...
Checking for bad files...
Deleting file C:\WINDOWS\system32\uacinit.dll
Checking for bad registry entries...
Resetting filetype association for .exe
Resetting filetype association for .com
Resetting userinit and shell values...
Resetting policies...
--Finished--

exeHelper by Raktor
Build 20100414
Run at 21:28:27 on 11/30/10
Now searching...
Checking for numerical processes...
Checking for sysguard processes...
Checking for bad processes...
Checking for bad files...
Checking for bad registry entries...
Resetting filetype association for .exe
Resetting filetype association for .com
Resetting userinit and shell values...
Resetting policies...
--Finished--

 

[pascaleledumbo]

And no crunchie I can't install the mbam still..The anti-virus still doesn't work..I still can't searches things with keyword malwarebytes or anti virus..

 

[crunchie]

Please download ComboFix by sUBs from HERE or HERE

• You must download it to and run it from your Desktop
• Physically disconnect from the internet.
• Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
• Double click combofix.exe & follow the prompts.
• When finished, it will produce a log. Please save that log to post in your next reply.
• Re-enable all the programs that were disabled during the running of ComboFix..

Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.

CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Run Combofix ONCE only!!

 

[pascaleledumbo]

crunchie I can't deactivate the anti virus, as the virus prevented me to even click on the avira icon. The anti-virus would just closed up on its own. It's just flashes and gone.

And the combofix still detected it to be active. Should I just run the combofix?

 

[crunchie]

Yes, but if you have problems, just run it in safe mode instead.

 

[pascaleledumbo]

ComboFix 10-11-30.02 - Kamilia 12/01/2010 13:53:52.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.502.126 [GMT 11:00]
Running from: c:\documents and settings\Kamilia\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning enabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Kamilia\Application Data\ShoppingReport
c:\documents and settings\Kamilia\Application Data\ShoppingReport\cs\Config.xml
c:\documents and settings\Kamilia\Application Data\ShoppingReport\cs\db\Aliases.dbs
c:\documents and settings\Kamilia\Application Data\ShoppingReport\cs\db\Sites.dbs
c:\documents and settings\Kamilia\Application Data\ShoppingReport\cs\dwld\WhiteList.xip
c:\documents and settings\Kamilia\Application Data\ShoppingReport\cs\report\aggr_storage.xml
c:\documents and settings\Kamilia\Application Data\ShoppingReport\cs\report\send_storage.xml
c:\documents and settings\Kamilia\Application Data\ShoppingReport\cs\res1\WhiteList.dbs
c:\program files\Common Files\Uninstall
c:\program files\Common Files\Uninstall\PAV\Uninstall.lnk
c:\program files\PAV
c:\program files\ShoppingReport
c:\windows\system32\drivers\UACdaebltoqhhhfski.sys
c:\windows\system32\drivers\UACotoirqpchylqbbp.sys
c:\windows\system32\drivers\UACrnmxxuwntjxbrqh.sys
c:\windows\system32\drivers\UACtrfqjovrowpbijk.sys
c:\windows\system32\UACltlyxsnoeofqdwy.dat
c:\windows\system32\UACxjsfuavrxrrxryi.log

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_UACd.sys
-------\Service_UACd.sys


((((((((((((((((((((((((( Files Created from 2010-11-01 to 2010-12-01 )))))))))))))))))))))))))))))))
.

2010-11-11 00:02 . 2010-11-11 00:02 75264 ----a-w- c:\windows\system32\aefe.sys
2010-11-08 13:56 . 2010-11-08 13:56 75264 ----a-w- c:\windows\system32\ffad.sys
2010-11-06 00:37 . 2010-11-06 00:37 103864 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2010-11-06 00:37 . 2010-11-06 00:37 103864 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll
2010-11-02 04:17 . 2010-09-18 06:53 954368 -c----w- c:\windows\system32\dllcache\mfc40.dll
2010-11-02 04:17 . 2010-09-18 06:53 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
2010-11-02 04:17 . 2010-09-18 06:53 974848 -c----w- c:\windows\system32\dllcache\mfc42.dll
2010-11-02 04:16 . 2010-08-23 16:12 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
2010-11-01 07:10 . 2010-11-01 07:10 -------- d-----w- c:\documents and settings\Kamilia\Application Data\Office Genuine Advantage

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-29 16:13 . 2010-10-29 16:14 472808 ----a-w- c:\windows\system32\deployJava1.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-07-26 3883856]
"ares destiny"="c:\program files\Ares Destiny\Ares.exe" [2007-08-27 2973184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2004-11-17 118784]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-08-05 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-08-05 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-08-05 114688]
"RTHDCPL"="RTHDCPL.EXE" [2005-08-09 14743552]
"AzMixerSel"="c:\program files\Realtek\InstallShield\AzMixerSel.exe" [2005-06-11 53248]
"Mouse Suite 98 Daemon"="ICO.EXE" [2002-03-14 45056]
"SonyPowerCfg"="c:\program files\Sony\VAIO Power Management\SPMgr.exe" [2005-10-20 184320]
"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2004-02-20 32768]
"VAIOCameraUtility"="c:\program files\Sony\VAIO Camera Utility\VCUServe.exe" [2005-12-27 69632]
"VAIO Update 2"="c:\program files\Sony\VAIO Update 2\VAIOUpdt.exe" [2005-10-12 151552]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2007-12-11 286720]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2007-12-11 267048]
"WHITNEY_S2P"="c:\program files\Samsung\Samsung SCX-4x21 Series\PSU\Scan2pc.exe" [2006-03-27 229376]
"mxomssmenu"="c:\program files\Maxtor\OneTouch Status\maxmenumgr.exe" [2007-09-06 169264]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]

c:\documents and settings\Default User\Start Menu\Programs\Startup\
E-Flyer.lnk - c:\program files\Sony\E-Flyer\E-Flyer.exe [2006-4-4 491520]
VAIO Launcher.lnk - c:\program files\Sony\VAIO Launcher\Launcher.exe [2006-5-19 778240]

c:\documents and settings\Administrator\Start Menu\Programs\Startup\
E-Flyer.lnk - c:\program files\Sony\E-Flyer\E-Flyer.exe [2006-4-4 491520]

c:\documents and settings\Kamilia\Start Menu\Programs\Startup\
VAIO Launcher.lnk - c:\program files\Sony\VAIO Launcher\Launcher.exe [2006-5-19 778240]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\bdeedffceafb]
2010-10-19 11:25 116224 ----a-w- c:\windows\system32\bdeedffceafb.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2005-05-21 00:42 73728 ----a-w- c:\windows\system32\VESWinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Sony\\VAIO Media 5.0\\Vc.exe"=
"c:\\Program Files\\Ares Destiny\\Ares.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R1 aefe;aefe;c:\windows\system32\aefe.sys [11/11/2010 11:02 AM 75264]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [6/6/2009 9:55 PM 108289]
R2 CVCompressionService;CVision Compression Service;c:\program files\CVision\Services\CVCompressionService.exe [9/14/2009 2:53 PM 495616]
S0 0e623b2e7af6fd0620165d52b149c6e9;0e623b2e7af6fd0620165d52b149c6e9;c:\windows\system32\0e623b2e7af6fd0620165d52b149c6e9.sys --> c:\windows\system32\0e623b2e7af6fd0620165d52b149c6e9.sys [?]
S1 ffad;ffad; [x]
S2 SSPORT;SSPORT;\??\c:\windows\system32\Drivers\SSPORT.sys --> c:\windows\system32\Drivers\SSPORT.sys [?]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [1/15/2010 11:49 PM 227232]
S3 SonyImgF;Sony Image Conversion Filter Driver;c:\windows\system32\drivers\SonyImgF.sys [4/3/2006 1:32 PM 29184]
.
Contents of the 'Scheduled Tasks' folder

2010-12-01 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 04:07]

2010-10-02 c:\windows\Tasks\Rescue Reminder for 2HASD52J.job
- c:\program files\Maxtor\ManagerApp\MaxUtilities.exe [2007-09-06 06:52]

2010-12-01 c:\windows\Tasks\User_Feed_Synchronization-{2DAED915-7066-46A9-A30D-A1A8DAE31A99}.job
- c:\windows\system32\msfeedssync.exe [2009-03-07 17:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://au.yahoo.com
uSearchURL,(Default) = hxxp://au.rd.yahoo.com/customize/ycomp/defaults/su/*http://au.yahoo.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Open in new background tab - c:\program files\Windows Live Toolbar\Components\en-my\msntabres.dll.mui/229?db8c425394904854956b0c49706c1c01
IE: Open in new foreground tab - c:\program files\Windows Live Toolbar\Components\en-my\msntabres.dll.mui/230?db8c425394904854956b0c49706c1c01
IE: Transfer by Image Converter 2 Plus - c:\program files\Sony\Image Converter 2\menu.htm
FF - ProfilePath - c:\documents and settings\Kamilia\Application Data\Mozilla\Firefox\Profiles\qwj01kau.default\
FF - prefs.js: browser.search.defaulturl - hxxp://au.search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://au.yahoo.com
FF - prefs.js: keyword.URL - hxxp://au.search.yahoo.com/search?fr=ffds1&p=
FF - component: c:\program files\Mozilla Firefox\extensions\browserhighlighter@ebay.com\components\Shim.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: The Browser Highlighter: browserhighlighter@ebay.com - c:\program files\Mozilla Firefox\extensions\browserhighlighter@ebay.com
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Extension: Forecastfox Weather: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3} - c:\documents and settings\Kamilia\Application Data\Mozilla\Firefox\Profiles\qwj01kau.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\documents and settings\Kamilia\Application Data\Mozilla\Firefox\Profiles\qwj01kau.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Extension: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - c:\documents and settings\Kamilia\Application Data\Mozilla\Firefox\Profiles\qwj01kau.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Extension: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff

---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Search Protection - c:\program files\Yahoo!\Search Protection\SearchProtection.exe
HKLM-Run-PAV - c:\program files\PAV\pav.exe
Notify-ccbaff - c:\windows\system32\ccbaff.dll
AddRemove-MSNINST - c:\program files\MSN\MsnInstaller\msninst.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-01 14:07
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(752)
c:\windows\system32\bdeedffceafb.dll
c:\windows\system32\VESWinlogon.dll
c:\windows\system32\Wininet.dll

- - - - - - - > 'explorer.exe'(2904)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Maxtor\Sync\SyncServices.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Sony\VAIO Event Service\VESMgr.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
c:\windows\RTHDCPL.EXE
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
c:\windows\system32\ICO.EXE
c:\program files\Apoint\Apntex.exe
c:\windows\system32\igfxext.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
c:\windows\system32\wscntfy.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2010-12-01 15:04:48 - machine was rebooted
ComboFix-quarantined-files.txt 2010-12-01 04:04

Pre-Run: 5,723,152,384 bytes free
Post-Run: 5,867,597,824 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - C98EAD59667C3B38D1A396A3406386D5

 

[crunchie]

Are you able to install MBA-M now?

 

[pascaleledumbo]

Nup..It still refusing to install mbam and same goes with the anti-virus and the internet browser crashes with certain keywords..I am so bummed!! Gah!

This seems weird eh crunchie

 

[crunchie]

Do you have your operating system CD/ We might have to do a system repair.

 

[pascaleledumbo]

I don't think so I have it with me. Is there any other options withou the OS CD??

 

[crunchie]

Are you able to borrow one for a short time?

 

[pascaleledumbo]

I'll try to find one crunchie..Sorry for the late reply..