Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I can't open anti virus programs on my computer


  • This topic is locked This topic is locked
2 replies to this topic

#1 Andrei180

Andrei180

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:08:50 PM

Posted 18 October 2009 - 10:43 PM

Hi, I'm new to the forums so sorry if i do something wrong. I can't run any of my anti-spyware; anti-virus programs. Spybot, ad aware, mcfaee, won't open. I tried a few other ones that also didn't work. the hijak program also doesn't open on my computer. I ran combo fix and that worked, but dont know what to do now. Here is the output. Thanks for the help.


ComboFix 09-10-18.02 - Andrei 10/18/2009 22:32.1.2 - NTFSx86 MINIMAL
Microsoft® Windows Vista™ Business 6.0.6002.2.1252.1.1033.18.3038.2585 [GMT -4:00]
Running from: c:\users\Andrei\Desktop\ComboFix.exe
AV: McAfee VirusScan Enterprise *On-access scanning enabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-1751340025-624803116-3758112878-500
c:\$recycle.bin\S-1-5-21-414854224-1900353229-2636520066-500
c:\program files\Adware Professional
c:\program files\Adware Professional\Adware Professional.exe
c:\program files\Adware Professional\noadware4_081909.na
c:\program files\Adware Professional\nutilities.dll
c:\program files\Adware Professional\unins000.dat
c:\program files\Adware Professional\unins000.exe
c:\program files\Adware Professional\UninstlDll.dll
c:\windows\system32\Cache

Infected copy of c:\windows\system32\cngaudit.dll was found and disinfected
Restored copy from - c:\windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED}
-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226EE}


((((((((((((((((((((((((( Files Created from 2009-09-19 to 2009-10-19 )))))))))))))))))))))))))))))))
.

2009-10-19 02:38 . 2009-10-19 02:39 -------- d-----w- c:\users\Andrei\AppData\Local\temp
2009-10-19 02:38 . 2009-10-19 02:38 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-10-19 02:10 . 2009-10-19 02:10 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2009-10-19 02:10 . 2009-10-19 02:37 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-10-19 02:10 . 2009-10-19 02:10 -------- d-----w- c:\users\Andrei\AppData\Roaming\SUPERAntiSpyware.com
2009-10-19 02:04 . 2009-10-19 02:04 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-10-19 01:42 . 2009-10-08 15:31 149456 ----a-w- c:\windows\SGDetectionTool.dll
2009-10-19 01:42 . 2009-10-08 15:31 767952 ----a-w- c:\windows\BDTSupport.dll
2009-10-19 01:42 . 2009-10-02 18:19 1152470 ----a-w- c:\windows\UDB.zip
2009-10-19 01:42 . 2008-11-26 16:08 131 ----a-w- c:\windows\IDB.zip
2009-10-19 01:42 . 2009-10-08 15:31 165840 ----a-w- c:\windows\PCTBDRes.dll
2009-10-19 01:42 . 2009-10-08 15:31 1636304 ----a-w- c:\windows\PCTBDCore.dll
2009-10-19 01:41 . 2009-09-24 12:55 97208 ----a-w- c:\windows\system32\drivers\pctwfpfilter.sys
2009-10-19 01:41 . 2009-09-24 12:55 229304 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2009-10-19 01:40 . 2009-10-06 20:31 87784 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2009-10-19 01:40 . 2009-09-23 20:10 207280 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-10-19 01:40 . 2009-09-03 13:45 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2009-10-19 01:40 . 2009-10-19 01:44 -------- d-----w- c:\program files\Spyware Doctor
2009-10-19 01:40 . 2009-10-19 01:43 -------- d-----w- c:\program files\Common Files\PC Tools
2009-10-19 01:40 . 2009-10-19 01:40 -------- d-----w- c:\users\Andrei\AppData\Roaming\PC Tools
2009-10-19 01:40 . 2009-10-19 01:40 -------- d-----w- c:\programdata\PC Tools
2009-10-18 23:08 . 2008-06-19 21:24 28544 ----a-w- c:\windows\system32\drivers\pavboot.sys
2009-10-18 23:07 . 2009-10-18 23:07 -------- d-----w- c:\program files\Panda Security
2009-10-18 22:17 . 2009-09-23 12:55 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-10-18 22:16 . 2009-10-18 22:16 -------- dc-h--w- c:\programdata\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2009-10-18 22:16 . 2009-10-18 22:17 -------- d-----w- c:\programdata\Lavasoft
2009-10-18 22:16 . 2009-10-18 22:16 -------- d-----w- c:\program files\Lavasoft
2009-10-18 04:00 . 2009-10-19 02:25 0 ----a-r- c:\windows\win32k.sys
2009-10-16 05:11 . 2009-09-10 16:48 218624 ----a-w- c:\windows\system32\msv1_0.dll
2009-10-16 05:11 . 2009-08-04 12:34 3600456 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-10-16 05:11 . 2009-08-04 12:34 3548216 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-10-16 05:09 . 2009-09-04 11:41 60928 ----a-w- c:\windows\system32\msasn1.dll
2009-10-16 05:09 . 2009-09-14 09:29 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2009-10-16 05:09 . 2009-05-08 12:53 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL
2009-10-14 18:52 . 2009-10-14 18:52 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-10-14 18:48 . 2009-10-14 18:49 43083040 ----a-w- C:\AdbeRdr910_en_US_Std.exe
2009-10-12 21:11 . 2009-10-12 21:12 -------- d-----w- c:\windows\system32\ca-ES
2009-10-12 21:11 . 2009-10-12 21:12 -------- d-----w- c:\windows\system32\eu-ES
2009-10-12 21:11 . 2009-10-12 21:12 -------- d-----w- c:\windows\system32\vi-VN
2009-10-12 18:57 . 2009-10-12 18:57 -------- d-----w- c:\windows\system32\EventProviders
2009-10-11 18:44 . 2009-10-11 18:44 -------- d-----w- c:\program files\CCleaner
2009-10-03 00:59 . 2009-10-01 14:29 195440 ------w- c:\windows\system32\MpSigStub.exe
2009-10-03 00:50 . 2009-08-07 02:24 44768 ----a-w- c:\windows\system32\wups2.dll
2009-10-03 00:50 . 2009-08-07 02:24 53472 ----a-w- c:\windows\system32\wuauclt.exe
2009-10-03 00:50 . 2009-08-07 02:23 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-10-03 00:50 . 2009-08-07 01:45 2421760 ----a-w- c:\windows\system32\wucltux.dll
2009-10-03 00:50 . 2009-08-07 02:24 35552 ----a-w- c:\windows\system32\wups.dll
2009-10-03 00:50 . 2009-08-07 02:23 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-10-03 00:50 . 2009-08-07 01:44 87552 ----a-w- c:\windows\system32\wudriver.dll
2009-10-03 00:49 . 2009-08-06 23:23 171608 ----a-w- c:\windows\system32\wuwebv.dll
2009-10-03 00:49 . 2009-08-06 22:44 33792 ----a-w- c:\windows\system32\wuapp.exe
2009-09-29 23:00 . 2009-05-18 18:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-09-29 23:00 . 2008-04-17 17:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2009-09-29 22:58 . 2009-09-29 22:58 -------- d-----w- c:\program files\iPod
2009-09-29 22:58 . 2009-09-29 23:00 -------- d-----w- c:\programdata\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-09-29 22:58 . 2009-09-29 23:00 -------- d-----w- c:\program files\iTunes
2009-09-29 22:56 . 2009-09-29 22:56 -------- d-----w- c:\program files\QuickTime

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-19 02:22 . 2008-06-17 17:27 12 ----a-w- c:\windows\bthservsdp.dat
2009-10-19 01:29 . 2009-07-15 14:45 -------- d-----w- c:\users\Andrei\AppData\Roaming\EndNote
2009-10-19 01:10 . 2009-09-15 15:20 1356 ----a-w- c:\users\Andrei\AppData\Local\d3d9caps.dat
2009-10-18 21:55 . 2008-08-22 23:05 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2009-10-18 21:55 . 2008-08-22 23:05 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-10-18 16:01 . 2008-08-23 02:24 -------- d-----w- c:\programdata\Google Updater
2009-10-16 11:30 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-10-14 18:51 . 2008-06-17 17:53 -------- d-----w- c:\program files\Common Files\Adobe
2009-10-12 21:12 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2009-10-12 21:12 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2009-10-12 21:12 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal
2009-10-12 21:12 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
2009-10-12 21:12 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2009-10-12 21:12 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2009-10-11 21:18 . 2008-08-07 17:22 -------- d-----w- c:\program files\Microsoft Works
2009-09-29 22:58 . 2008-08-23 02:20 -------- d-----w- c:\program files\Common Files\Apple
2009-09-29 22:50 . 2009-07-31 23:00 -------- d-----w- c:\program files\Safari
2009-09-23 23:18 . 2008-08-18 21:06 -------- d-----w- c:\programdata\Microsoft Help
2009-09-16 07:20 . 2009-10-19 01:40 7383 ----a-w- c:\windows\system32\drivers\pctcore.cat
2009-09-15 10:20 . 2009-10-19 01:40 7383 ----a-w- c:\windows\system32\drivers\pctplsg.cat
2009-09-15 06:12 . 2009-10-19 01:40 7412 ----a-w- c:\windows\system32\drivers\PCTAppEvent.cat
2009-09-15 05:01 . 2009-10-19 01:41 7387 ----a-w- c:\windows\system32\drivers\pctgntdi.cat
2009-08-29 00:27 . 2009-09-02 22:22 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-29 00:14 . 2009-09-02 22:22 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-08-27 05:22 . 2009-10-16 05:10 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-27 05:17 . 2009-10-16 05:10 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-08-27 05:17 . 2009-10-16 05:10 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-08-27 03:42 . 2009-10-16 05:10 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-08-14 16:27 . 2009-09-09 12:06 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-08-14 15:53 . 2009-09-09 12:05 17920 ----a-w- c:\windows\system32\netevent.dll
2009-08-14 13:49 . 2009-09-09 12:06 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2009-08-14 13:49 . 2009-09-09 12:05 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2009-08-14 13:49 . 2009-09-09 12:05 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2009-08-14 13:49 . 2009-09-09 12:06 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2009-08-14 13:49 . 2009-09-09 12:06 19968 ----a-w- c:\windows\system32\ARP.EXE
2009-08-14 13:49 . 2009-09-09 12:05 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2009-08-14 13:49 . 2009-09-09 12:05 10240 ----a-w- c:\windows\system32\finger.exe
2009-08-14 13:48 . 2009-09-09 12:06 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2009-08-14 13:48 . 2009-09-09 12:06 105984 ----a-w- c:\windows\system32\netiohlp.dll
2009-04-10 00:07 . 2009-07-15 14:23 23864 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
2008-06-17 18:18 . 2008-06-17 18:18 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{472734EA-242A-422B-ADF8-83D1E48CC825}= "c:\program files\Spyware Doctor\BDT\PCTBrowserDefender.dll" [2009-10-08 395216]

[HKEY_CLASSES_ROOT\clsid\{472734ea-242a-422b-adf8-83d1e48cc825}]
[HKEY_CLASSES_ROOT\BrowserDefender.BDToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{175B7885-28AB-4D18-8773-7A13A99980A4}]
[HKEY_CLASSES_ROOT\BrowserDefender.BDToolbar]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]
@="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}"
[HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]
4/3/2008 20:10 2957312 ----a-w- c:\program files\Protector Suite QL\farchns.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]
@="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}"
[HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]
4/3/2008 20:10 2957312 ----a-w- c:\program files\Protector Suite QL\farchns.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
Sidebar="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
WMPNSCFG="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
SUPERAntiSpyware="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-10-13 2000112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
Windows Defender="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
SynTPEnh="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-03-09 835584]
ISBMgr.exe="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2008-04-04 317280]
VMSwitch="c:\program files\Sony\VAIO Mode Switch\VMSwitch.exe" [2008-05-26 534368]
SmartWiHelper="c:\program files\Sony Corporation\SmartWi Connection Utility\SmartWiHelper.exe" [2008-05-30 73728]
VAIO Help and Support Demo="c:\program files\Sony\VAIO Help and Support Demo\LaunchVHSD.exe" [2007-08-28 290816]
StartCCC="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
PSQLLauncher="c:\program files\Protector Suite QL\launcher.exe" [2008-04-03 48904]
AppleSyncNotifier="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
SunJavaUpdateSched="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600]
McAfeeUpdaterUI="c:\program files\McAfee\Common Framework\udaterui.exe" [2008-03-14 136512]
ShStatEXE="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2009-04-10 124240]
QuickTime Task="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
iTunesHelper="c:\program files\iTunes\iTunesHelper.exe" [2009-09-21 305440]
Adobe Reader Speed Launcher="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
ISTray="c:\program files\Spyware Doctor\pctsTray.exe" [2009-09-22 1243088]
RtHDVCpl="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2008-06-07 6111232]
Skytel="Skytel.exe" - c:\windows\SkyTel.exe [2008-06-07 1826816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
GrpConv="grpconv -o" [X]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-8-17 113664]
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-10-30 748072]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
EnableUIADesktopToggle= 0 (0x0)
DisableCAD= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
9/3/2009 19:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
4/3/2008 19:57 90112 ----a-w- c:\windows\System32\psqlpwd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
5/16/2008 0:20 98304 ----a-w- c:\windows\System32\VESWinlogon.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli psqlpwd

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\McAfeeEngineService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
AntiVirusOverride=dword:00000001
VistaSp2=hex(:(:ba,66,79,82,81,4b,ca,01

R0 Lbd;Lbd;c:\windows\System32\drivers\Lbd.sys [10/18/2009 6:17 PM 64288]
R0 PCTCore;PCTools KDS;c:\windows\System32\drivers\PCTCore.sys [10/18/2009 9:40 PM 207280]
R0 shpf;Sony HDD Protection Filter Driver;c:\windows\System32\drivers\shpf.sys [6/17/2008 2:17 PM 22560]
R2 McAfeeEngineService;McAfee Engine Service;c:\program files\McAfee\VirusScan Enterprise\engineserver.exe [4/9/2009 8:07 PM 21256]
R3 SFEP;Sony Firmware Extension Parser;c:\windows\System32\drivers\SFEP.sys [6/17/2008 2:18 PM 9344]
S0 pavboot;pavboot;c:\windows\System32\drivers\pavboot.sys [10/18/2009 7:08 PM 28544]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [10/12/2009 9:24 PM 9968]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [10/12/2009 9:24 PM 74480]
S2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [10/18/2009 9:42 PM 112592]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [9/24/2009 7:17 AM 1169232]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\System32\mfevtps.exe [7/15/2009 10:23 AM 70216]
S2 regi;regi;c:\windows\System32\drivers\regi.sys [4/17/2007 11:09 PM 11032]
S2 RtkHDMIService;RtkHDMIService;c:\windows\RTKAUDIOSERVICE.EXE [6/17/2008 1:42 PM 98304]
S2 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [10/18/2009 9:40 PM 358600]
S2 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [6/17/2008 1:55 PM 411488]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\System32\drivers\btwl2cap.sys [6/17/2008 1:43 PM 28464]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\System32\drivers\mferkdet.sys [7/15/2009 10:23 AM 65224]
S3 NETw5v32;Intel® Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit ;c:\windows\System32\drivers\NETw5v32.sys [4/28/2008 9:29 AM 3658752]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ
.
Contents of the 'Scheduled Tasks' folder

2009-10-19 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-08-23 00:32]
.
.
------- Supplementary Scan -------
.
uLocal Page = \blank.htm
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.ro
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
FF - ProfilePath - c:\users\Andrei\AppData\Roaming\Mozilla\Firefox\Profiles\3ialdmxl.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - component: c:\program files\Mozilla Firefox\components\Scriptff.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npSfAppM.dll
FF - plugin: c:\users\Andrei\AppData\Roaming\Move Networks\plugins\npqmp071503000010.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Adware Professional - c:\program files\Adware Professional\Adware Professional.exe
HKLM-RunOnce-<NO NAME> - (no file)
AddRemove-Adware Professional 5.0_is1 - c:\program files\Adware Professional\unins000.exe



**************************************************************************
scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
BlindDial=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
BlindDial=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
BlindDial=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
BlindDial=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
BlindDial=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(608)
c:\windows\system32\psqlpwd.dll
c:\program files\Protector Suite QL\homefus2.dll
c:\program files\Protector Suite QL\infra.dll

- - - - - - - > 'Explorer.exe'(1360)
c:\program files\Protector Suite QL\farchns.dll
c:\program files\Protector Suite QL\infra.dll
.
------------------------ Other Running Processes ------------------------
.
c:\combofix\CF20536.exe
.
**************************************************************************
.
Completion time: 2009-10-19 22:44 - machine was rebooted
ComboFix-quarantined-files.txt 2009-10-19 02:43

Pre-Run: 170,713,935,872 bytes free
Post-Run: 170,522,013,696 bytes free

- - End Of File - - 64942D760BCBDA9C6B4DFDA4F1D5B9EA

BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:12:50 AM

Posted 29 October 2009 - 08:22 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.



Please note: ComboFix is an extremely powerful tool which should only be used when instructed to do so by someone who has been properly trained. ComboFix is intended by its creator to be "used under the guidance and supervision of an expert." It is NOT for private use. Please read Combofix's Disclaimer.

Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.


Please reply and we'll take it from there :(
Posted Image
m0le is a proud member of UNITE

#3 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:12:50 AM

Posted 02 November 2009 - 10:27 AM

Since this issue appears to be resolved ... this topic has been closed. Glad we could help. :(

If you're the topic starter, and need this topic reopened, please contact me via pm with the address of the thread.

Everyone else please begin a New Topic.
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users