malware/virus can't go microsoft or av site

October 17, 2011 at 03:33:20
Specs: Windows XP sp2, 2ghz dual / 2gb
Hi
I'm having a few problems on my computer that runs xp sp2 that i suspect are becuse of some viruses i picked up but i don't know how to clean them. i've tried using zone alarm, malwarebytes' antimalware, ad-aware and spybot search and destroy and a rootkit scanner called sophos antirootkit which gave a extensive list of 'unknown files' that i cleaned but the problems persist. mainly some applications that are exe's gives the "x is not a valid win32 application" so i can't install things like microsoft dot net framework or even msn messenger live and other applications give the same error (i am running as administrator). i also can't go to microsoft websites, or popular av websites or run microsoft updates. i have noticed that sometimes the scans on the av softwares i use stop so the malware must have some way of detecting and avoiding the clean up.not long ago one of the malwarebytes full scans i tried cleaned some things on reboot but since that i can't use cmd in run, though i don't really know how. furthermore there is now some bios problem which i didnt really look at that keeps putting my clock out of order so i have to manually change it each boot. I would greatly appreciate any help at all since my computer has been having these problems for a very long time but i just ignored them. Thanks in advance.
-Ed

See More: malware/virus cant go microsoft or av site

Report •

#1
October 17, 2011 at 09:16:38
try these 3 cleaners in the EXACT order
1- rkill.exe (stops the malware process)
2- tdss killer (removes unwanted rootkit if found)
3- malwarebytes (run a full scan and fix all it finds)
Don't reboot untill after the malwarebytes scan & removal

Some HELP in posting on Computing.net plus free progs and instructions 7 Medals


Report •

#2
October 20, 2011 at 04:22:17
Hi XpUser4Real
thanks for the reply. i tried the steps in the order that u wrote but the first two programs found nothing. mbam found about 7 infections and i cleaned them except 1 which i uninstalled that program. when i rebooted i could visit ms and avg websites for about 10 minutes and then i got the search error. i still don't think the virus is cleaned and am stuck. any more ideas?

Report •

#3
October 20, 2011 at 09:38:36
Try combofix....follow the guide carefully and you should be fine:
http://www.bleepingcomputer.com/com...

Some HELP in posting on Computing.net plus free progs and instructions 7 Medals


Report •

Related Solutions

#4
October 22, 2011 at 07:07:28
I downloaded and tried to run ComboFix but it stopped about halfway through and gave me the alert message
"The contents of the ComboFix package has been compromised
Note: You may be infected with a patching virus 'Virut' "
A repair reinstall of windows didnt do anything and im not keen to format. The malware seems to be avoiding and stopping most of the antivirus and clean up programs ive used.

Report •

#5
October 22, 2011 at 14:41:58

Report •

#6
October 23, 2011 at 06:00:08
OK cool i got combofix to run and it cleaned up a lot! I can visit ms and anti virus websites now and successfully installed avg free and microsoft dot net framework this time. thanks so much for your help! its good to finally get some relief from those pesky little problems. um if u wanted to look at the combofix log here it is.if you do look at it could you please tell me anything significant that i should still do. thanks again!

ComboFix 11-10-21.06 - Ed the Boss 10/24/2011 0:59.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1332 [GMT 13:00]
Running from: c:\documents and settings\Ed the Boss\My Documents\Downloads\Programs\ComboFix.exe
AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
AV: ZoneAlarm Antivirus *Disabled/Updated* {5D467B10-818C-4CAB-9FF7-6893B5B8F3CF}
FW: ZoneAlarm Firewall *Disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Allen\Application Data\0ex0ta.log
c:\documents and settings\Allen\Application Data\9fx1p.log
c:\documents and settings\Allen\Application Data\bnghctdy.exe
c:\documents and settings\Allen\Application Data\ddlhjuf.log
c:\documents and settings\Allen\Application Data\e1p42i9.log
c:\documents and settings\Allen\Application Data\ggfi.log
c:\documents and settings\Allen\Application Data\m29bt.log
c:\documents and settings\Allen\Application Data\ntutw.log
c:\documents and settings\Allen\Application Data\prl2n86um.exe
c:\documents and settings\Allen\Local Settings\Application Data\inlog
c:\documents and settings\Allen\Local Settings\Application Data\MouseDriver.bat
c:\documents and settings\Allen\Local Settings\Application Data\myor91zv7.exe
c:\documents and settings\Allen\Local Settings\Application Data\rv02se.log
c:\documents and settings\Ed the Boss\Application Data\ggfi.log
c:\windows\help\tours\htmltour\unlock_playing.htm
c:\windows\settings.reg
.
c:\windows\system32\services.exe . . . is infected!!
.
c:\windows\system32\svchost.exe . . . is infected!!
.
c:\windows\explorer.exe . . . is infected!!
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_MOUSEDRIVER
.
.
((((((((((((((((((((((((( Files Created from 2011-09-23 to 2011-10-23 )))))))))))))))))))))))))))))))
.
.
2011-10-22 17:19 . 2011-10-22 17:19 -------- d-----w- c:\windows\system32\KB905474
2011-10-20 10:55 . 2008-06-13 11:05 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2011-10-20 10:50 . 2011-09-25 22:41 611328 ------w- c:\windows\system32\uiautomationcore.dll
2011-10-20 10:50 . 2011-07-15 13:29 456320 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2011-10-20 10:49 . 2009-06-09 20:19 2066432 -c----w- c:\windows\system32\dllcache\mstscax.dll
2011-10-20 10:48 . 2009-11-27 17:11 17920 -c----w- c:\windows\system32\dllcache\msyuv.dll
2011-10-20 10:47 . 2009-11-27 16:07 8704 -c----w- c:\windows\system32\dllcache\tsbyuv.dll
2011-10-20 10:47 . 2009-11-27 16:07 48128 -c----w- c:\windows\system32\dllcache\iyuv_32.dll
2011-10-20 10:46 . 2010-12-09 13:42 2148864 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2011-10-20 10:46 . 2010-12-09 13:38 2192768 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2011-10-20 10:46 . 2010-12-09 13:07 2027008 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2011-10-20 10:46 . 2010-12-09 13:07 2069376 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe
2011-10-20 10:46 . 2011-02-17 12:32 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2011-10-19 14:00 . 2011-10-22 17:18 -------- d-----w- c:\program files\Magic Workstation
2011-10-19 13:59 . 2011-10-19 13:59 45056 ----a-w- c:\windows\system32\UTSCSI.EXE
2011-10-17 10:02 . 2011-10-22 16:04 -------- d--h--w- c:\windows\$hf_mig$
2011-10-11 23:34 . 2011-10-12 18:21 -------- d-----w- c:\documents and settings\Administrator.COMPUTER
2011-10-11 23:20 . 2011-10-11 23:25 -------- d-----w- C:\updates
2011-10-11 12:28 . 2010-05-25 21:45 18816 ------w- c:\windows\system32\SAVRKBootTasks.sys
2011-10-11 11:29 . 2011-10-11 11:29 2 --shatr- c:\windows\winstart.bat
2011-10-11 11:29 . 2011-10-13 10:08 -------- d-----w- c:\program files\UnHackMe
2011-10-09 14:00 . 2001-12-31 11:23 18178080 --sha-w- c:\windows\system32\drivers\fidbox.dat
2011-10-09 13:53 . 2011-10-09 13:53 -------- d-----w- c:\documents and settings\All Users\.clamwin
2011-10-09 13:07 . 2001-12-31 11:26 -------- d-----w- c:\program files\CheckPoint
2011-10-09 13:07 . 2009-03-31 06:20 72584 ----a-w- c:\windows\zllsputility.exe
2011-10-09 06:01 . 2011-10-09 10:20 -------- d-----w- c:\windows\system32\URTTemp
2011-10-09 05:33 . 2008-04-14 12:00 221184 ----a-w- c:\windows\system32\wmpns.dll
2011-10-09 05:32 . 2008-04-14 12:00 16384 -c--a-w- c:\windows\system32\dllcache\isignup.exe
2011-10-09 05:32 . 2008-04-14 12:00 16384 ----a-w- c:\program files\Internet Explorer\Connection Wizard\isignup.exe
2011-10-09 05:31 . 2008-04-14 12:00 7168 -c--a-w- c:\windows\system32\dllcache\bitsprx4.dll
2011-10-09 05:31 . 2008-04-14 12:00 7168 ----a-w- c:\windows\system32\bitsprx4.dll
2011-10-09 05:30 . 2008-04-14 12:00 33792 ----a-w- c:\program files\Messenger\custsat.dll
2011-10-09 05:30 . 2008-04-14 12:00 53248 -c--a-w- c:\windows\system32\dllcache\tsgqec.dll
2011-10-09 05:30 . 2008-04-14 12:00 53248 ----a-w- c:\windows\system32\tsgqec.dll
2011-10-09 05:30 . 2008-04-14 12:00 290304 -c--a-w- c:\windows\system32\dllcache\rhttpaa.dll
2011-10-09 05:30 . 2008-04-14 12:00 290304 ----a-w- c:\windows\system32\rhttpaa.dll
2011-10-09 05:30 . 2008-04-14 12:00 136192 -c--a-w- c:\windows\system32\dllcache\aaclient.dll
2011-10-09 05:30 . 2008-04-14 12:00 136192 ----a-w- c:\windows\system32\aaclient.dll
2011-10-09 05:22 . 2011-10-09 05:22 -------- d-----w- c:\program files\LOLReplay
2011-10-09 05:19 . 2008-04-14 12:00 16535 ----a-r- c:\windows\SET49.tmp
2011-10-09 05:19 . 2008-04-14 12:00 1088840 ----a-r- c:\windows\SET3D.tmp
2011-10-09 05:19 . 2008-04-14 12:00 1296669 ----a-r- c:\windows\SET3C.tmp
2011-10-09 04:42 . 2001-12-31 11:15 -------- d-----w- c:\documents and settings\Ed the Boss
2011-10-09 00:45 . 2011-10-09 00:46 -------- d-----w- C:\$WIN_NT$.~BT
2011-10-07 10:48 . 2011-10-08 09:42 -------- d-----w- C:\dmc
2011-10-01 23:35 . 2011-10-01 23:35 -------- d-----w- c:\program files\WB Games
2011-09-25 13:00 . 2001-08-17 13:59 3072 ----a-w- c:\windows\system32\drivers\audstub.sys
2011-09-25 12:59 . 2008-04-13 11:10 57600 ----a-w- c:\windows\system32\drivers\redbook.sys
2011-09-25 12:53 . 2004-08-04 13:07 13753 ----a-r- c:\windows\SET8.tmp
2011-09-25 12:53 . 2004-08-04 13:07 1086058 ----a-r- c:\windows\SET4.tmp
2011-09-25 12:53 . 2004-08-04 13:07 1042903 ----a-r- c:\windows\SET3.tmp
2011-09-25 12:52 . 2011-09-25 01:05 -------- d-----w- c:\documents and settings\All Users.WINDOWS
2011-09-25 12:52 . 2001-12-31 11:46 -------- d--h--w- c:\documents and settings\Default User.WINDOWS
2011-09-25 02:29 . 2011-10-01 10:35 -------- d-----w- c:\program files\JDownloader
2011-09-25 02:29 . 2011-09-25 02:29 -------- d-----w- c:\program files\Common Files\i4j_jres
2011-09-25 01:37 . 2011-09-25 01:37 685816 ----a-w- c:\windows\system32\drivers\sptd.sys
2011-09-25 01:24 . 2007-07-03 11:06 39424 ----a-r- c:\windows\system32\drivers\l151x86.sys
2011-09-25 01:21 . 2011-10-17 10:39 315392 ----a-w- c:\windows\HideWin.exe
2011-09-25 01:21 . 2007-01-12 16:54 520192 ------r- c:\windows\RtlExUpd.dll
2011-09-25 01:16 . 2004-08-13 10:56 5810 ----a-r- c:\windows\system32\drivers\ASACPI.sys
2011-09-25 01:16 . 2006-10-11 03:33 10288 ----a-w- c:\windows\system32\drivers\ASUSHWIO.SYS
2011-09-25 01:11 . 2011-04-29 11:15 -------- d-sh--w- c:\documents and settings\LocalService.NT AUTHORITY
2011-09-25 01:11 . 2011-10-12 18:21 -------- d-sh--w- c:\documents and settings\NetworkService.NT AUTHORITY
2011-09-25 01:10 . 2011-09-25 01:54 -------- d-----w- c:\program files\Google
2011-09-25 01:06 . 2010-02-15 18:00 94208 ----a-w- c:\program files\Mozilla Firefox\plugins\nprpjplug.dll
2011-09-25 01:06 . 2010-02-15 18:00 140864 ----a-w- c:\program files\Mozilla Firefox\plugins\nppl3260.dll
2011-09-25 01:06 . 2004-01-11 22:00 348160 ----a-w- c:\windows\system32\msvcr71.dll
2011-09-25 01:06 . 2003-03-19 03:14 499712 ----a-w- c:\windows\system32\msvcp71.dll
2011-09-25 01:05 . 2010-04-16 17:00 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin6.dll
2011-09-25 01:05 . 2010-04-16 17:00 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin5.dll
2011-09-25 01:05 . 2010-04-16 17:00 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin4.dll
2011-09-25 01:05 . 2010-04-16 17:00 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin3.dll
2011-09-25 01:05 . 2010-04-16 17:00 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin2.dll
2011-09-25 01:05 . 2010-04-16 17:00 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin.dll
2011-09-25 01:05 . 2010-03-17 20:53 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-09-25 01:05 . 2010-03-17 20:53 69632 ----a-w- c:\windows\system32\QuickTime.qts
2011-09-25 01:05 . 2010-03-17 20:53 180224 ----a-w- c:\windows\system32\QTCF.dll
2011-09-25 01:03 . 2008-04-14 12:00 565248 -c--a-w- c:\windows\system32\dllcache\msobmain.dll
2011-09-25 01:02 . 2008-04-14 12:00 5632 -c--a-w- c:\windows\system32\dllcache\write.exe
2011-09-25 01:01 . 2008-04-14 12:00 33792 -c--a-w- c:\windows\system32\dllcache\regini.exe
2011-09-25 00:45 . 2011-08-31 05:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-09-25 00:37 . 2003-06-12 11:25 7062 ----a-w- c:\windows\system32\audiopid.vxd
2011-09-25 00:36 . 2000-05-22 08:58 647872 ------w- c:\windows\system32\Mscomct2.ocx
2011-09-25 00:36 . 2011-10-17 10:38 57344 ----a-w- c:\windows\Ctregrun.exe
2011-09-25 00:35 . 2011-10-17 10:41 25088 ----a-w- c:\windows\system32\CTSVCCTL.EXE
2011-09-25 00:35 . 2011-10-11 23:56 44544 ----a-w- c:\windows\system32\CTSVCCDA.EXE
2011-09-25 00:32 . 2011-09-25 00:32 409600 ----a-w- c:\windows\system32\wrap_oal.dll
2011-09-25 00:32 . 2011-09-25 00:32 114688 ----a-w- c:\windows\system32\OpenAL32.dll
2011-09-25 00:32 . 2008-04-13 11:15 6272 ----a-w- c:\windows\system32\drivers\splitter.sys
2011-09-25 00:32 . 2008-04-13 11:15 52864 ----a-w- c:\windows\system32\drivers\DMusic.sys
2011-09-25 00:32 . 2005-06-27 10:37 133632 ----a-r- c:\windows\system32\CtDvInst.dll
2011-09-25 00:32 . 2008-04-13 16:42 129536 ----a-w- c:\windows\system32\ksproxy.ax
2011-09-25 00:32 . 2008-04-13 16:41 4096 ----a-w- c:\windows\system32\ksuser.dll
2011-09-25 00:32 . 2005-06-15 03:07 11264 ----a-w- c:\windows\INRES.DLL
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-19 13:06 . 2008-04-14 12:00 289792 ----a-w- c:\windows\system32\vssvc.exe
2011-10-19 13:06 . 2008-04-14 12:00 29184 ----a-w- c:\windows\system32\verclsid.exe
2011-10-19 13:06 . 2008-04-14 12:00 18944 ----a-w- c:\windows\system32\ups.exe
2011-10-19 13:06 . 2008-04-14 12:00 73216 ----a-w- c:\windows\system32\tlntsvr.exe
2011-10-19 13:06 . 2008-04-14 12:00 90112 ----a-w- c:\windows\system32\smlogsvc.exe
2011-10-19 13:06 . 2008-04-14 12:00 45568 ----a-w- c:\windows\system32\shmgrate.exe
2011-10-19 13:06 . 2008-04-14 12:00 95744 ----a-w- c:\windows\system32\scardsvr.exe
2011-10-19 13:06 . 2008-04-14 12:00 133120 ----a-w- c:\windows\system32\rsvp.exe
2011-10-19 13:06 . 2008-04-14 12:00 12288 ----a-w- c:\windows\system32\regsvr32.exe
2011-10-19 13:06 . 2008-04-14 12:00 112128 ----a-w- c:\windows\system32\netdde.exe
2011-10-19 13:05 . 2008-04-14 12:00 79360 ----a-w- c:\windows\system32\msiexec.exe
2011-10-19 13:05 . 2008-04-14 12:00 75264 ----a-w- c:\windows\system32\locator.exe
2011-10-19 13:05 . 2008-04-14 12:00 150528 ----a-w- c:\windows\system32\imapi.exe
2011-10-19 13:04 . 2008-04-14 12:00 224768 ----a-w- c:\windows\system32\dmadmin.exe
2011-10-19 13:02 . 2008-04-14 12:00 33792 ----a-w- c:\windows\system32\clipsrv.exe
2011-10-19 13:01 . 2008-04-14 12:00 5632 ----a-w- c:\windows\system32\cisvc.exe
2011-10-17 10:45 . 2006-05-09 10:36 7168 ----a-w- c:\windows\system32\WdfMgr.exe
2011-10-17 10:45 . 2006-05-09 10:36 6656 ----a-w- c:\windows\system32\uWDF.exe
2011-10-17 10:43 . 2005-01-07 05:07 62464 ----a-w- c:\windows\system32\HdAShCut.exe
2011-10-17 10:43 . 2006-05-09 08:59 230400 ----a-w- c:\windows\system32\drmupgds.exe
2011-10-17 10:40 . 2005-05-03 11:35 24576 ----a-w- c:\windows\P17DEF.EXE
2011-10-17 10:40 . 2006-11-23 00:55 782336 ----a-w- c:\windows\OALInst.exe
2011-10-17 10:40 . 2002-12-03 09:16 53248 ----a-w- c:\windows\MIDIDEF.EXE
2011-10-17 10:31 . 2011-07-01 12:27 66560 ----a-w- c:\program files\notepad.exe
2011-10-17 10:03 . 2011-04-25 09:37 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-09 09:34 . 2006-10-26 01:45 293888 ----a-w- c:\windows\system32\WISPTIS.EXE
2011-10-02 16:06 . 2011-04-25 09:31 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-10-02 13:37 . 2001-12-31 11:41 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-09-25 22:41 . 2008-04-14 12:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-25 22:41 . 2008-04-14 12:00 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-09 09:12 . 2008-04-14 12:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-06 13:20 . 2008-04-14 12:00 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-09-05 13:56 . 2008-04-14 12:00 667136 ----a-w- c:\windows\system32\wininet.dll
2011-09-05 13:56 . 2008-04-14 12:00 61952 ----a-w- c:\windows\system32\tdc.ocx
2011-09-05 13:56 . 2008-04-14 12:00 81920 ----a-w- c:\windows\system32\ieencode.dll
2011-09-05 12:35 . 2008-04-14 12:00 369664 ----a-w- c:\windows\system32\html.iec
2011-08-18 03:25 . 2011-04-26 11:34 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys
2011-08-17 13:49 . 2008-04-14 12:00 138496 ----a-w- c:\windows\system32\drivers\afd.sys
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2009-02-06 . A5BFF1FAAFB39CB33C3B36E352BB79F1 . 110592 . . [5.1.2600.3520] . . c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP2GDR\services.exe
[-] 2009-02-06 . CC0538B850228ADDC391263B63D49E63 . 110592 . . [5.1.2600.5755] . . c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP3GDR\services.exe
[-] 2009-02-06 . CC0538B850228ADDC391263B63D49E63 . 110592 . . [5.1.2600.5755] . . c:\windows\system32\services.exe
[-] 2009-02-06 . 9F33E1386A45F03A7E9E54649A6B5407 . 110592 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\services.exe
[-] 2009-02-06 . 9F33E1386A45F03A7E9E54649A6B5407 . 110592 . . [5.1.2600.5755] . . c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP3QFE\services.exe
[-] 2009-02-06 . 208CC94BC2FCEFB34F1E2066942E67EC . 110592 . . [5.1.2600.3520] . . c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP2QFE\services.exe
[-] 2008-04-14 . C332CB4F0C227592577C26FC1EE7C490 . 108544 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956572$\services.exe
.
[-] 2008-04-14 . B8D5118B505A171980E8302AEE21830D . 14336 . . [5.1.2600.5512] . . c:\windows\system32\svchost.exe
.
[-] 2008-04-14 . C447085DEB4BF6F9FAE9AA9668BBE192 . 1033728 . . [6.00.2900.5512] . . c:\windows\explorer.exe
.
[-] 2008-04-14 . F6B143C0FEABF5B6A13725DD30493C04 . 146432 . . [5.1.2600.5512] . . c:\windows\regedit.exe
[-] 2008-04-14 . F6B143C0FEABF5B6A13725DD30493C04 . 146432 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\regedit.exe
.
[-] 2008-04-14 . 8717FA6EA4DCD61DCFE9414E316CF41C . 13824 . . [5.1.2600.5512] . . c:\windows\system32\wscntfy.exe
[-] 2008-04-14 . 8717FA6EA4DCD61DCFE9414E316CF41C . 13824 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\wscntfy.exe
.
[-] 2008-04-14 . 8FF83684214EC6BBD6E9D4CBE6205205 . 15360 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe
[-] 2008-04-14 . 0C6D90FE54A8224666959F3496586B45 . 15360 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ctfmon.exe
.
[-] 2008-04-14 . 22101DDB57EAFB3809655F197841253C . 93184 . . [6.00.2900.5512] . . c:\windows\system32\dllcache\iexplore.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2011-05-30 16:50 21864 ----a-w- c:\program files\Internet Download Manager\IDMShellExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2011-09-14 3425688]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"P17Helper"="P17.dll" [2007-12-28 65536]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-01-07 253672]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"ISW"="c:\program files\CheckPoint\ZAForceField\ForceField.exe" [2011-07-25 738944]
"ZoneAlarm"="c:\program files\CheckPoint\ZoneAlarm\zatray.exe" [2011-07-21 72336]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2011-04-07 111208]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-04-07 13891176]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\
LOLRecorder.lnk - c:\program files\LOLReplay\LOLRecorder.exe [N/A]
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"Shell"= explorer.exe,RunDll32 "c:\program files\Common Files\Blizzard Entertainment\msloglog.dll",Init
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0lsdeletesprestrt\0lsdelete
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Riot Games\\League of Legends\\lol.launcher.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [4/27/2011 12:34 a.m. 64512]
R1 IDMTDI;IDMTDI;c:\windows\system32\drivers\idmtdi.sys [9/16/2011 4:12 a.m. 101616]
R1 SAVRKBootTasks;Boot Tasks Driver;c:\windows\system32\SAVRKBootTasks.sys [10/12/2011 1:28 a.m. 18816]
R2 ISWKL;ZoneAlarm ForceField ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [7/26/2011 1:57 a.m. 27016]
R2 IswSvc;ZoneAlarm ForceField IswSvc;c:\program files\CheckPoint\ZAForceField\ISWSVC.exe [7/26/2011 1:57 a.m. 493184]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [8/18/2011 4:25 p.m. 2151640]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [6/11/2011 2:30 a.m. 366152]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [5/13/2011 2:55 a.m. 2218600]
R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\l151x86.sys [9/25/2011 2:24 p.m. 39424]
R3 icsak;icsak;c:\program files\CheckPoint\ZAForceField\AK\icsak.sys [7/26/2011 1:57 a.m. 36744]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [9/25/2011 1:45 p.m. 22216]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [9/25/2011 2:37 p.m. 685816]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\kernexplorer.sys [8/18/2011 4:25 p.m. 15232]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\D8.tmp --> c:\windows\system32\D8.tmp [?]
.
Contents of the 'Scheduled Tasks' folder
.
2001-12-31 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2011-10-22 09:18]
.
.
------- Supplementary Scan -------
.
IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Ed the Boss\Application Data\Mozilla\Firefox\Profiles\e2oqu8lt.default\
FF - prefs.js: browser.startup.homepage - google.bitcomet.com
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: IDM CC: mozilla_cc@internetdownloadmanager.com - c:\documents and settings\Ed the Boss\Application Data\IDM\idmmzcc5
.
- - - - ORPHANS REMOVED - - - -
.
HKU-Default-Run-m7jjbemp80 - c:\documents and settings\Administrator.COMPUTER\m7jjbemp80.exe
HKU-Default-Run-rr8h - c:\documents and settings\Ed the Boss\rr8h.exe
HKU-Default-Run-System Share - c:\windows\system32\svcloget.dll
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-10-24 01:08
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\D8.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{42fba6e5-b15d-4036-bfd8-32e9e651304b}]
@Denied: (Full) (Everyone)
"Model"=dword:0000010f
"Therad"=dword:00000026
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
38,95,44,88,79,0d,22,8e,33,17,75,13,d8,bf,8a,bd,f3,26,a8,25,ca,a9,35,f2,73,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):a4,e5,71,55,56,44,a7,f4,3a,63,8f,87,48,e9,eb,aa,2e,7c,32,32,67,
e5,a2,f0,2a,52,d7,7a,4b,d5,2a,7e,d0,17,6c,35,c0,48,0b,88,00,00,00,00,00,00,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):76,6e,56,91,14,65,a3,29,c9,df,67,b7,d9,54,39,cb,95,db,47,90,bf,
8d,57,bc,af,68,37,58,19,87,1f,62,b2,a5,90,6b,22,28,13,5d,00,00,00,00,00,00,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{8b0affbe-b4c4-4b51-9d19-19d359b9f567}]
@Denied: (Full) (Everyone)
"Model"=dword:0000016c
"Therad"=dword:00000001
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(524)
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
c:\program files\CheckPoint\ZAForceField\AK\icsak.dll
.
- - - - - - - > 'lsass.exe'(756)
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
c:\program files\CheckPoint\ZAForceField\AK\icsak.dll
.
- - - - - - - > 'explorer.exe'(2176)
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
c:\program files\CheckPoint\ZAForceField\AK\icsak.dll
c:\program files\Internet Download Manager\IDMShellExt.dll
c:\program files\Internet Download Manager\IDMNetMon.DLL
.
- - - - - - - > 'csrss.exe'(500)
c:\program files\CheckPoint\ZAForceField\AK\akconsole.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\windows\system32\CTsvcCDA.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\windows\system32\UTSCSI.EXE
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\Rundll32.exe
c:\windows\system32\RUNDLL32.EXE
.
**************************************************************************
.
Completion time: 2011-10-24 01:13:40 - machine was rebooted
ComboFix-quarantined-files.txt 2011-10-23 12:13
.
Pre-Run: 22,039,482,368 bytes free
Post-Run: 22,008,999,936 bytes free
.
Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 5332107F03258F2A97A21AB4EDD29740


Report •

#7
October 23, 2011 at 06:10:01
hmm strange i still get the same problem that stops me installing windows live messenger.

Report •

#8
October 23, 2011 at 10:13:15
uninstall Zone Alarm and then try installing Live Messenger

Some HELP in posting on Computing.net plus free progs and instructions 7 Medals


Report •

#9
October 23, 2011 at 12:51:52
c:\windows\system32\services.exe . . . is infected!!
c:\windows\system32\svchost.exe . . . is infected!!
c:\windows\explorer.exe . . . is infected!!

u got virut
infects .exe's + systm files

bad news dnt waste ur time

bckup .doc .jpg, etc, to CD only


Report •

#10
October 25, 2011 at 02:18:23
an older version of live messenger installed ok after uninstalling zone alarm and the computer seems ok atm so i think ill just leave it now. it can at least do most of the things that i want it to.

Report •

Ask Question