Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

antivirus wont open..


  • This topic is locked This topic is locked
2 replies to this topic

#1 jhayms

jhayms

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:41 AM

Posted 21 January 2010 - 05:29 PM

Hello!!! How are you guys??//

my antivirus after the installation does not appear even if i manually start the AV.

I cant even go to the kasper site to download AV. I tried to install ESET but same result.

here is my last combo fix log

============================x4ye0/p663 e\a[i\
ComboFix 10-01-20.04 - 01/21/2010 13:07:27.4.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1023.589 [GMT 8:00]
Running from: c:\combofix\ComboFix.exe
Command switches used :: ComboFix
AV: Kaspersky Internet Security *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Java\jre6\bin\jucheck.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ASC3360PR
-------\Service_asc3360pr


((((((((((((((((((((((((( Files Created from 2009-12-21 to 2010-01-21 )))))))))))))))))))))))))))))))
.

2010-01-21 05:30 . 2010-01-21 05:30 5509 -c--a-w- c:\windows\system32\drivers\qihooh.sys
2010-01-21 04:05 . 2010-01-21 04:05 604140 -csha-w- c:\windows\system32\drivers\ISwift3.dat
2010-01-21 02:36 . 2010-01-21 02:36 94643 -c--a-w- c:\windows\system32\drivers\klick.dat
2010-01-21 02:36 . 2010-01-21 02:36 105395 -c--a-w- c:\windows\system32\drivers\klin.dat
2010-01-21 02:29 . 2010-01-21 04:39 -------- dc----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2010-01-21 02:29 . 2010-01-21 02:29 -------- dc----w- c:\program files\Kaspersky Lab
2010-01-21 02:04 . 2010-01-21 02:04 -------- dc----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-12-24 08:56 . 2003-07-06 06:07 372736 -c--a-w- c:\windows\system32\IJL_11.DLL

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-21 04:35 . 2009-05-17 11:11 -------- dc----w- c:\program files\Microsoft Silverlight
2010-01-20 18:15 . 2009-07-27 14:39 -------- dc----w- c:\program files\Registry Easy
2010-01-20 09:14 . 2009-07-04 01:53 -------- dc----w- c:\program files\Cheat Engine
2010-01-19 10:54 . 2009-07-02 15:31 -------- dc----w- c:\documents and settings\...\Application Data\TeamViewer
2010-01-18 17:58 . 2009-12-01 09:39 -------- dc--a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-01-16 05:08 . 2009-09-25 21:46 -------- dc----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-07 08:07 . 2009-09-25 21:46 38224 -c--a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 08:07 . 2009-09-25 21:46 19160 -c--a-w- c:\windows\system32\drivers\mbam.sys
2009-12-28 07:30 . 2009-05-24 08:58 -------- dc-h--w- c:\program files\Juxjvfejdwqeq
2009-12-18 06:17 . 2009-12-18 06:17 664 -c--a-w- c:\windows\system32\d3d9caps.dat
2009-12-11 04:42 . 2009-07-02 15:31 -------- dc----w- c:\program files\TeamViewer
2009-12-01 09:45 . 2009-12-01 09:45 -------- dc----w- c:\program files\GetData
2009-11-30 11:50 . 2009-11-30 11:50 -------- dc----w- c:\program files\MunSoft
2009-11-22 15:40 . 2009-11-22 15:40 -------- dc----w- c:\program files\flyff
2009-11-19 19:06 . 2009-01-12 23:46 38 -c--a-w- c:\documents and settings\.... \jagex_runescape_preferences.dat
2009-11-11 15:38 . 2009-11-11 15:38 0 -c--a-w- c:\documents and settings\...\FFP Manual Patch (Part 1).zip
2009-01-10 01:04 . 2009-01-10 01:03 6011514 -c--a-w- c:\program files\yahoo_firefox_ph_3.0.5.exe
2009-01-09 22:26 . 2009-01-09 22:26 518912 -c--a-w- c:\program files\msgr9us.exe
2009-02-24 19:34 . 2009-02-24 19:34 1044480 -c--a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-02-24 19:34 . 2009-02-24 19:34 200704 -c--a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ChikkaDefault"="c:\progra~1\CHIKKA~1\CHIKKA~1.4\ChikkaLauncher.exe" [2007-08-28 110592]
"Systweak Memory Optimizer"="c:\program files\advanced system optimizer\memtuneup.exe" [2007-06-22 196848]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2006-01-13 89088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-11-11 7311360]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3919872]
"VMSnap3"="c:\windows\VMSnap3.EXE" [2006-08-30 331776]
"SoundMan"="SOUNDMAN.EXE" [2003-05-14 124928]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-11-11 86016]
"BigDog303"="c:\windows\VM303_STI.EXE" [BU]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2006-01-13 44544]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe" [2009-02-03 240544]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
"RestrictRun"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\54df7fcd560]
[BU]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\rofibihy]
[BU]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hp psc 1000 series.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hpoddt01.exe.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^janice^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
backup=c:\windows\pss\LimeWire On Startup.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Domino]
2006-06-28 16:54 49152 -c--a-w- c:\windows\Domino.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2009-04-16 17:25 206832 -c--atw- c:\documents and settings\....\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
2010-01-07 08:07 1463632 -c--a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2005-11-11 12:47 1519616 -c--a-w- c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-05-26 16:18 491520 -c--a-w- c:\program files\QuickTime Alternative\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Search Protection]
2009-02-23 13:05 181488 -c--a-w- c:\program files\Yahoo!\Search Protection\SearchProtection.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Startup Manager]
2007-06-22 10:56 993008 -c--a-w- c:\program files\Advanced System Optimizer\startUp manager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-07-13 05:28 226712 -c--a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YSearchProtection]
2009-02-23 13:05 181488 -c--a-w- c:\program files\Yahoo!\Search Protection\SearchProtection.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files\QuickTime Alternative\QTTask.exe" -atboottime
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"BigDog303"=c:\windows\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Documents and Settings\\....\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\...\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\TeamViewer\\Version4\\TeamViewer.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\TeamViewer\\Version5\\TeamViewer.exe"=
"c:\\PROGRA~1\\Yahoo!\\MESSEN~1\\YAHOOM~1.EXE"=
"c:\\program files\\advanced system optimizer\\memtuneup.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\ymsgr_tray.exe"=
"c:\\Program Files\\Google\\Update\\GoogleUpdate.exe"=
"c:\\PROGRA~1\\CHIKKA~1\\CHIKKA~1.4\\ChikkaLauncher.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\Binaries\\MSCONFIG.EXE"=
"c:\\Program Files\\Google\\Update\\1.2.183.13\\GoogleCrashHandler.exe"=
"c:\\WINDOWS\\system32\\wscntfy.exe"=
"c:\\WINDOWS\\system32\\MsiExec.exe"= c:\\WINDOWS\\system32\\msiexec.exe
"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=
"c:\\WINDOWS\\system32\\wuauclt.exe"=
"c:\\WINDOWS\\system32\\taskmgr.exe"=
"c:\\WINDOWS\\VMSnap3.EXE"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"57511:TCP"= 57511:TCP:Pando Media Booster
"57511:UDP"= 57511:UDP:Pando Media Booster
"57911:TCP"= 57911:TCP:Pando Media Booster
"57911:UDP"= 57911:UDP:Pando Media Booster

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [12/15/2008 8:41 PM 33808]
R2 TeamViewer4;TeamViewer 4;c:\program files\TeamViewer\Version4\TeamViewer_Service.exe [6/25/2009 3:22 PM 185640]
R2 TeamViewer5;TeamViewer 5;c:\program files\TeamViewer\Version5\TeamViewer_Service.exe [1/12/2010 10:57 PM 185640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [5/13/2009 5:46 PM 31760]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [5/16/2009 8:59 PM 19472]
R3 vmfilter303;vmfilter303;c:\windows\system32\drivers\vmfilter303.sys [9/14/2008 9:53 PM 428160]
S2 gupdate1c9cfe41adfc770;Google Update Service (gupdate1c9cfe41adfc770);c:\program files\Google\Update\GoogleUpdate.exe [5/3/2009 10:21 PM 206832]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 S12345;S12345;\??\d:\s12345.sys --> d:\S12345.SYS [?]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - ASC3360PR

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder

2010-01-21 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2009-04-27 14:37]

2010-01-16 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2009-01-22 c:\windows\Tasks\FRU Task 2003-04-10 00:56ewlett-Packard2003-04-10 00:56p psc 1200 seriesA64A00663AE18E921B16BFC2E6C5536113B8CADB222862663.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-09 16:56]

2010-01-21 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-05-07 13:06]

2010-01-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-03 14:21]

2010-01-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-03 14:21]

2010-01-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1275210071-1708537768-1828712179-1003Core.job
- c:\documents and settings\janice.545FB630E5E0498\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-04-16 17:25]

2010-01-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1275210071-1708537768-1828712179-1003UA.job
- c:\documents and settings\janice.545FB630E5E0498\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-04-16 17:25]

2010-01-18 c:\windows\Tasks\Schedule Task Weekly.job
- c:\program files\Registry Easy\RE.exe [2009-07-27 18:15]

2010-01-21 c:\windows\Tasks\User_Feed_Synchronization-{27922B57-C4CC-4BCA-BD03-6652A535AF13}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 03:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.tattoodle.com/?tid={66FB52F2-1F91-49fa-8F20-C0E4CF37B532}
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr10/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr10/*http://www.yahoo.com
IE: Add to Anti-Banner - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-21 13:32
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
BigDog303 = c:\windows\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)????????????????0?????????@??????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3764)
c:\program files\TeamViewer\Version5\tv.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\windows\System32\TUProgSt.exe
c:\program files\TeamViewer\Version5\TeamViewer.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\windows\SOUNDMAN.EXE
c:\progra~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
c:\windows\system32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Completion time: 2010-01-21 13:48:52 - machine was rebooted
ComboFix-quarantined-files.txt 2010-01-21 05:48
ComboFix2.txt 2010-01-20 09:45
ComboFix3.txt 2009-07-18 15:29

Pre-Run: 16,442,814,464 bytes free
Post-Run: 16,417,226,752 bytes free

- - End Of File - - E470C0DA47378161200D36459DE9BD54


BC AdBot (Login to Remove)

 


#2 etavares

etavares

    Bleepin' Remover


  • Malware Response Instructor
  • 14,121 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:41 AM

Posted 27 January 2010 - 06:31 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Also, please subscribe to this topic, so you are notified when someone replies. Please continue to check manually on occasion, as every now and then the email may be caught by your spam filter.
To enable topic notifications you should do the following:
  1. Click on the My Controls link at the top of the page to enter your control panel.
  2. Scroll down to the Options category in the left hand side menu bar and click on the Email Settings link.
  3. Put a checkmark in the checkbox labeled Enable 'Email Notification' by default?.
  4. Set the If ticked, choose default type: menu option to Immediate Email Notification to have an email sent immediately when someone replied.

Information on A/V control HERE


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

unite_teal.png
Unified Network of Instructors and Trusted Eliminators
 


#3 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 3,468 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:03:41 PM

Posted 01 February 2010 - 07:06 PM

Due to the lack of feedback, this Topic will now be closed.

If you need this topic reopened, please request this by sending one of the Moderating team or an Administrator
a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.

unite1.png





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users