Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

cant run Spybot S&D, AVG,Hijackthis,Combo fix


  • This topic is locked This topic is locked
8 replies to this topic

#1 benindavisca

benindavisca

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:06:05 AM

Posted 28 October 2009 - 02:51 PM

Hi all,

A couple days ago I updated AVG 8.5, then ran a scan. A bunch of stuff popped up and I couldnt heal it delete it or do anything to it. The names of the files seemed to be legit programs. I tried to get 9.0 but it wont install. I uninstalled 8.5 with Revo, then used the AVG tool. Still cant install 9.0 . Tried to run Spybot S&D , it opened fine.. updated, then when I tried to run it.. I got " Windows cannot access the specified device, path, or file. You may not have appropriate permissions to access the item" I tried running Hijack this to get a log.. got the same message went to Majorgeeks tried running the Windows XP Cleaning Procedure combo they got there .. Super Anti Spyware ran ok found nothing then the Malwarebytes.. it wouldnt run.. I followed isntructions, then I tried to run Combofix and got a warning message that the file was corrupt and I should go to bleepingcomputer and get the download. Now on my desktop there is a little rectangular box its gray says combofix on it and there is a blue bar .. its stuck there.. nothin movin. Im losin my mind.. HELP!!


Thanks!!!
Ben

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,725 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:10:05 AM

Posted 28 October 2009 - 03:26 PM

Hello. I am moving this to Am I Infected from XP for now.

EDIT:

We need to disable Spybot S&D's "TeaTimer"
TeaTimer works by preventing ANY changes to the system. It will attempt to undo any fixes we run, because it blocks these fixes from running.

In order to safeguard your system from problems that can be brought on by a half finished fix, we need to disable TeaTimer. We can reenable it when we're done if you like.
  • Open SpyBot Search and Destroy by going to Start -> All Programs -> Spybot Search and Destroy -> Spybot Search and Destroy.
  • If prompted with a legal dialog, accept the warning.
  • Click Posted Image and then on "Advanced Mode"
    Posted Image
  • You may be presented with a warning dialog. If so, press Posted Image
  • Click on Posted Image
  • Click on Posted Image
  • Uncheck this checkbox:
    Posted Image
  • Close/Exit Spybot Search and Destroy

Let's try MBAM this way.
Please download Rkill by Grinler and save it to your desktop.Link 2
Link 3
Link 4
  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista, right-click on it and Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • If the tool does not run from any of the links provided, please let me know.
Do not reboot the computer, you will need to run the application again .

NEXT:
1. Uninstall Malwarebytes' Anti-Malware using Add/Remove programs in the control panel.
2. Restart your computer (very important).
3. Download and run this utility. Mbam clean
4. It will ask to restart your computer (please allow it to).
5. After the computer restarts, install the latest version from here. http://www.malwarebytes.org/mbam-download.php
Note: You will need to reactivate the program using the license you were sent.
Note: If using Free version, ignore the part about putting in your license key and activating.
Launch the program and set the Protection and Registration.
Then go to the UPDATE tab if not done during installation and check for updates.
Restart the computer again and verify that MBAM is in the task tray and run a Quick Scan and post that log.

Edited by boopme, 28 October 2009 - 03:28 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 benindavisca

benindavisca
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:06:05 AM

Posted 28 October 2009 - 03:44 PM

When I had previously installed Spybot S&D a long while ago. I had disabled TeaTimer. so............ anyway I will uninstall Spybot S&D . Its a good thing because as I stated in my previous post. I cannot open Spybot S&D I get the 'Windows cant access message" I ran the rkill it didnt flash the black box .. it opened and stayed open and said " The operation completed successfully" several times, and it opened "My Documents". I left both of these open.I ran the mbam-cleaner and then rebooted. now what?

I sit patiently awaiting your sage advice........... ok Im not really sitting waiting patiently .. Im pulling my hair out 10 at a time.. hurry its almost gone!

Ben

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,725 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:10:05 AM

Posted 28 October 2009 - 03:57 PM

Hi baldy :thumbsup:
Please post the MBAM scan log.
The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 benindavisca

benindavisca
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:06:05 AM

Posted 28 October 2009 - 04:03 PM

Mbam log.... HA HA HA HA! in order for me to post that.... the program would have to run! I managed to open it. and update it and then clicked quickscan.. it started to prepare to scan then POOF! * all gone.. now when I click the ICON I get " Windows cannot access the specified device etc"
:thumbsup:

#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,725 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:10:05 AM

Posted 28 October 2009 - 04:12 PM

Well I seriously suspect a rootkit now.

This should run.
Download this Utility and save it to your Desktop.
Double-click the Utility to run it and and let it finish.
When it states Finished! Press any key to exit, press any key to close the program.
It will save a .txt file to your desktop automatically. Double-click on the Win32kDiag.txt file that is located on your Desktop and post the entire contents of that log as part of the reply in the topic you will create below..
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 benindavisca

benindavisca
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:06:05 AM

Posted 28 October 2009 - 05:41 PM

Well while I was awaiting your instructions.... I ran combo fix.. it ran sort of.. told me if found a couple things and removed them see log..
Then I ran the Win32KDiag thing..
Also several of my anti-malware programs no long show their ICONS. just the little white square with blue on top file thing. and now my Super Anti Spyware program is giving me the " Windows cannot find the specified device etc" message.. one by one they seem to all be failing me....

ComboFix 09-10-27.08 - Owner 2009-10-28 14:31.1.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1527.1064 [GMT -7:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Downloaded Program Files\popcaploader.dll
c:\windows\Downloaded Program Files\popcaploader.inf
c:\windows\system32\404Fix.exe
c:\windows\system32\Agent.OMZ.Fix.exe
c:\windows\system32\dumphive.exe
c:\windows\system32\IEDFix.C.exe
c:\windows\system32\IEDFix.exe
c:\windows\system32\o4Patch.exe
c:\windows\system32\Process.exe
c:\windows\system32\ps2.bat
c:\windows\system32\SrchSTS.exe
c:\windows\system32\tmp.reg
c:\windows\system32\VACFix.exe
c:\windows\system32\VCCLSID.exe
c:\windows\system32\WS2Fix.exe
D:\Autorun.inf

Infected copy of c:\windows\System32\DRIVERS\atapi.sys was found and disinfected
Restored copy from - Kitty ate it tongue.gif
c:\windows\system32\eventlog.dll . . . is infected!! . . .Failed to restore. Attempting to replace on reboot

Infected copy of c:\windows\system32\eventlog.dll was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\eventlog.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED}


((((((((((((((((((((((((( Files Created from 2009-09-28 to 2009-10-28 )))))))))))))))))))))))))))))))
.

2009-10-28 21:24 . 2003-02-23 02:55 141824 ----a-w- c:\windows\system32\drivers\fasttx2k.sys
2009-10-28 21:10 . 2009-10-28 21:11 -------- d-----w- C:\32788R22FWJFW
2009-10-28 20:47 . 2009-09-10 21:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-28 20:47 . 2009-10-28 20:47 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-28 20:47 . 2009-09-10 21:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-28 20:08 . 2009-10-28 20:08 17090 ----a-w- C:\MGlogs.zip
2009-10-28 20:08 . 2009-10-28 20:08 -------- d-----w- C:\MGtools
2009-10-28 19:09 . 2009-10-28 20:47 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes
2009-10-28 19:09 . 2009-10-28 20:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-10-28 15:28 . 2009-10-28 15:28 -------- d-----w- C:\Rooter$
2009-10-28 05:21 . 2009-09-15 10:54 52368 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-10-28 05:21 . 2009-09-15 10:54 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-10-28 05:21 . 2009-09-15 10:53 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-10-28 05:21 . 2009-09-15 10:56 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-10-28 05:21 . 2009-09-15 10:56 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-10-28 05:21 . 2009-09-15 10:55 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-10-28 05:21 . 2009-09-15 10:55 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-10-28 05:21 . 2009-09-15 10:53 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-10-28 05:21 . 2009-09-15 10:59 1279968 ----a-w- c:\windows\system32\aswBoot.exe
2009-10-28 05:20 . 2009-10-28 05:20 -------- d-----w- c:\program files\Alwil Software
2009-10-28 03:27 . 2009-10-28 03:38 -------- d-----w- c:\documents and settings\Owner\Pavark
2009-10-28 02:24 . 2009-10-28 20:50 0 ----a-r- c:\windows\win32k.sys
2009-10-28 02:22 . 2009-10-28 05:12 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-10-28 00:06 . 2009-10-28 02:21 -------- d-----w- c:\program files\Spybot - Search & Destroy(2)
2009-10-12 23:50 . 2009-10-12 23:50 -------- d-----w- c:\program files\Turbo Tax Audit Support Center
2009-10-06 04:45 . 2009-10-19 04:31 -------- d-----w- c:\documents and settings\All Users\Application Data\GoldWaveCDDB
2009-10-06 04:45 . 2009-10-06 04:45 -------- d-----w- c:\documents and settings\Owner\Application Data\GoldWaveCDDB

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-28 05:12 . 2008-06-11 06:32 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-10-28 04:45 . 2008-06-11 06:32 -------- d-----w- c:\program files\AVG
2009-10-28 02:22 . 2003-09-09 07:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-10-27 21:32 . 2007-10-14 00:35 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-10-27 21:31 . 2008-04-02 04:40 -------- d-----w- c:\program files\SpywareBlaster
2009-10-27 19:48 . 2009-06-03 20:34 -------- d-----w- c:\documents and settings\Owner\Application Data\BitTorrent
2009-10-27 18:53 . 2009-10-27 18:53 12722176 ---ha-w- c:\documents and settings\Owner\ntuser.tmp
2009-10-25 19:35 . 2003-04-10 10:58 -------- d-----w- c:\program files\Common Files\Adobe
2009-10-23 21:41 . 2009-05-26 20:27 -------- d-----w- c:\program files\DivX
2009-10-23 21:41 . 2009-03-28 06:45 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-10-15 15:11 . 2008-08-02 06:56 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-09-26 20:27 . 2009-09-26 20:27 -------- d-----w- c:\program files\Microsoft ActiveSync
2009-09-25 16:41 . 2009-09-25 16:41 856064 ----a-w- c:\windows\system32\divx_xx0c.dll
2009-09-25 16:41 . 2009-09-25 16:41 856064 ----a-w- c:\windows\system32\divx_xx07.dll
2009-09-25 16:41 . 2009-09-25 16:41 847872 ----a-w- c:\windows\system32\divx_xx0a.dll
2009-09-25 16:41 . 2009-09-25 16:41 843776 ----a-w- c:\windows\system32\divx_xx16.dll
2009-09-25 16:41 . 2009-09-25 16:41 839680 ----a-w- c:\windows\system32\divx_xx11.dll
2009-09-25 16:41 . 2009-09-25 16:41 696320 ----a-w- c:\windows\system32\DivX.dll
2009-09-25 05:37 . 2004-02-07 01:05 667136 ----a-w- c:\windows\system32\wininet.dll
2009-09-25 05:37 . 2009-03-25 16:05 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-09-25 00:39 . 2009-05-09 05:55 -------- d-----w- c:\program files\a-squared Free
2009-09-17 22:23 . 2009-09-17 22:23 -------- d-----w- c:\program files\Opera
2009-09-13 03:19 . 2009-09-13 03:19 -------- d-----w- c:\program files\Free RAR Extract Frog
2009-09-11 14:18 . 2003-04-25 15:44 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-07 19:25 . 2003-04-10 10:50 -------- d-----w- c:\program files\Common Files\Real
2009-09-07 19:24 . 2003-08-13 01:17 499712 ----a-w- c:\windows\system32\msvcp71.dll
2009-09-07 19:24 . 2003-08-13 01:17 348160 ----a-w- c:\windows\system32\msvcr71.dll
2009-09-05 00:54 . 2009-09-05 00:54 -------- d-----w- c:\documents and settings\All Users\Application Data\GoldWave
2009-09-04 21:03 . 2003-04-25 16:24 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-09-04 03:27 . 2009-09-04 03:27 -------- d-----w- c:\program files\GoldWave
2009-08-26 08:00 . 2003-04-25 15:45 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-07 02:24 . 2004-08-15 17:22 327896 ----a-w- c:\windows\system32\wucltui.dll
2009-08-07 02:24 . 2004-08-15 17:22 209632 ----a-w- c:\windows\system32\wuweb.dll
2009-08-07 02:24 . 2005-05-26 11:16 44768 ----a-w- c:\windows\system32\wups2.dll
2009-08-07 02:24 . 2004-08-15 17:22 35552 ----a-w- c:\windows\system32\wups.dll
2009-08-07 02:24 . 2003-04-25 15:46 53472 ----a-w- c:\windows\system32\wuauclt.exe
2009-08-07 02:24 . 2003-04-25 16:17 96480 ----a-w- c:\windows\system32\cdm.dll
2009-08-07 02:23 . 2004-08-15 17:22 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-08-07 02:23 . 2003-04-25 15:46 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-08-05 09:01 . 2002-12-12 14:14 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-04 15:13 . 2002-08-29 08:04 2145280 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-08-04 14:20 . 2002-08-29 08:04 2023936 ----a-w- c:\windows\system32\ntkrnlpa.exe
2003-10-02 01:57 . 2003-10-02 01:57 4204008 ----a-w- c:\program files\wdfull_gc_blasterball2.exe
2009-09-25 16:41 . 2009-09-25 16:41 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-09-25 16:41 . 2009-09-25 16:41 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = localhost;*.local
Trusted Zone: turbotax.com
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\maos23uo.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - component: c:\program files\real\realone player\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\documents and settings\Owner\Application Data\Mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npImgCtl.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmusicn.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npsabffx.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\real\realone player\Netscape6\nppl3260.dll
FF - plugin: c:\program files\real\realone player\Netscape6\nprjplug.dll
FF - plugin: c:\program files\real\realone player\Netscape6\nprpjplug.dll
FF - plugin: c:\windows\system32\SuperAdBlocker.com\npsabffx.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************
scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(468)
c:\windows\system32\MrvGINA.dll
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\program files\Softex\OmniPass\opxpgina.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\NETGEAR\WG311v3\WinDomainlogon.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\CTsvcCDA.EXE
c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
c:\windows\system32\MsPMSPSv.exe
c:\program files\NETGEAR\WG311v3\WinDomainlogon.exe
c:\combofix\CF5582.exe
c:\program files\Common Files\Real\Update_OB\realsched.exe
c:\progra~1\ALWILS~1\Avast4\ashDisp.exe
c:\program files\NETGEAR\WG311v3\wlancfg5.exe
c:\combofix\PEV.cfxxe
.
**************************************************************************
.
Completion time: 2009-10-28 15:01 - machine was rebooted
ComboFix-quarantined-files.txt 2009-10-28 22:00

Pre-Run: 42,291,064,832 bytes free
Post-Run: 45,789,036,544 bytes free

- - End Of File - - B3A0D1119968CD0C36FAC4DB33DF1CF5


Running from: C:\Documents and Settings\Owner\Desktop\Win32kDiag.exe

Log file at : C:\Documents and Settings\Owner\Desktop\Win32kDiag.txt

WARNING: Could not get backup privileges!

Searching 'C:\WINDOWS'...





Finished!

Edited by quietman7, 29 October 2009 - 02:27 PM.


#8 benindavisca

benindavisca
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:06:05 AM

Posted 28 October 2009 - 06:18 PM

I ran a rookit revealer .. here is the log

HKU\.DEFAULT\Control Panel\international_combofixbackup 2008-12-05 17:34 0 bytes Security mismatch.
HKU\.DEFAULT\Control Panel\international_combofixbackup\Geo 2008-12-05 17:34 0 bytes Security mismatch.
HKU\S-1-5-21-3116725465-2440287356-1625361881-1003\Console 2009-10-28 15:01 0 bytes Security mismatch.
HKU\S-1-5-21-3116725465-2440287356-1625361881-1003\Control Panel\international_combofixbackup 2008-12-05 17:34 0 bytes Security mismatch.
HKU\S-1-5-21-3116725465-2440287356-1625361881-1003\Control Panel\international_combofixbackup\Geo 2008-12-05 17:34 0 bytes Security mismatch.
HKU\S-1-5-21-3116725465-2440287356-1625361881-1003\Software\Adobe\MediaBrowser\MRU\illustrator\ApplicationPath 2008-11-11 12:28 91 bytes Data mismatch between Windows API and raw hive data.
HKU\S-1-5-18\Control Panel\international_combofixbackup 2008-12-05 17:34 0 bytes Security mismatch.
HKU\S-1-5-18\Control Panel\international_combofixbackup\Geo 2008-12-05 17:34 0 bytes Security mismatch.
HKLM\SECURITY\Policy\Secrets\SAC* 2003-04-09 20:02 0 bytes Key name contains embedded nulls (*)
HKLM\SECURITY\Policy\Secrets\SAI* 2003-04-09 20:02 0 bytes Key name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\webcal\URL Protocol 2005-05-04 16:08 13 bytes Data mismatch between Windows API and raw hive data.
HKLM\SOFTWARE\Google\Update\network\secure-S-1-5-18\sk 2009-10-28 13:45 176 bytes Data mismatch between Windows API and raw hive data.
HKLM\SOFTWARE\Microsoft\Cryptography\RNG\Seed 2009-10-28 15:44 80 bytes Data mismatch between Windows API and raw hive data.
HKLM\SOFTWARE\Microsoft\SchedulingAgent\LastTaskRun 2009-10-28 15:41 16 bytes Data mismatch between Windows API and raw hive data.
C:\$AttrDef 2003-04-25 08:43 2.50 KB Hidden from Windows API.
C:\$BadClus 2003-04-25 08:43 0 bytes Hidden from Windows API.
C:\$BadClus:$Bad 2003-04-25 08:43 13.68 GB Hidden from Windows API.
C:\$Bitmap 2003-04-25 08:43 3.36 MB Hidden from Windows API.
C:\$Boot 2003-04-25 08:43 8.00 KB Hidden from Windows API.
C:\$Extend 2003-04-25 08:43 0 bytes Hidden from Windows API.
C:\$Extend\$ObjId 2003-04-25 08:43 0 bytes Hidden from Windows API.
C:\$Extend\$Quota 2003-04-25 08:43 0 bytes Hidden from Windows API.
C:\$Extend\$Reparse 2003-04-25 08:43 0 bytes Hidden from Windows API.
C:\$LogFile 2003-04-25 08:43 64.00 MB Hidden from Windows API.
C:\$MFT 2003-04-25 08:43 226.50 MB Hidden from Windows API.
C:\$MFTMirr 2003-04-25 08:43 4.00 KB Hidden from Windows API.
C:\$Secure 2003-04-25 08:43 0 bytes Hidden from Windows API.
C:\$UpCase 2003-04-25 08:43 128.00 KB Hidden from Windows API.
C:\$Volume 2003-04-25 08:43 0 bytes Hidden from Windows API.
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\maos23uo.default\parent.lock 2009-10-28 15:48 0 bytes Visible in Windows API, MFT, but not in directory index.
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\maos23uo.default\places.sqlite-journal 2009-10-28 15:42 0 bytes Visible in Windows API, directory index, but not in MFT.
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\maos23uo.default\sessionstore.js 2009-10-28 15:49 4.71 KB Visible in Windows API, MFT, but not in directory index.
C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\maos23uo.default\Cache\04E7C341d01 2009-10-28 15:49 16.13 KB Visible in Windows API, MFT, but not in directory index.
C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\maos23uo.default\Cache\22F40F8Ad01 2009-10-28 15:49 45.85 KB Visible in Windows API, MFT, but not in directory index.
C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\maos23uo.default\Cache\3278B4EAd01 2009-10-28 15:49 19.17 KB Visible in Windows API, MFT, but not in directory index.
C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\maos23uo.default\Cache\42EFAC6Ad01 2009-10-28 15:49 35.77 KB Visible in Windows API, MFT, but not in directory index.
C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\maos23uo.default\Cache\506341AAd01 2009-10-28 15:48 20.89 KB Visible in Windows API, MFT, but not in directory index.
C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\maos23uo.default\Cache\60B1A367d01 2009-10-28 15:48 34.81 KB Visible in Windows API, MFT, but not in directory index.
C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\maos23uo.default\Cache\7470DD12d01 2009-10-28 15:49 0 bytes Visible in Windows API, MFT, but not in directory index.
C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\maos23uo.default\Cache\815EC7D6d01 2009-10-28 15:48 23.57 KB Visible in Windows API, MFT, but not in directory index.
C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\maos23uo.default\Cache\9184A09Cd01 2009-10-28 15:48 29.77 KB Visible in Windows API, MFT, but not in directory index.
C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\maos23uo.default\Cache\C2FE8865d01 2009-10-28 15:48 33.58 KB Visible in Windows API, MFT, but not in directory index.
C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\maos23uo.default\Cache\D5ACACA1d01 2009-10-28 15:49 52.56 KB Visible in Windows API, MFT, but not in directory index.
C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\maos23uo.default\Cache\E4EFA30Dd01 2009-10-28 15:49 25.42 KB Visible in Windows API, MFT, but not in directory index.
C:\WINDOWS\Temp\grlT2Q7t.exe.part 2009-10-28 15:49 720.00 KB Hidden from Windows API.
D: 0 bytes Error mounting volume

#9 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,929 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:10:05 AM

Posted 29 October 2009 - 02:29 PM

You were not directed to use Combofix. Please note the message text in blue at the top of this forum.

ComboFix logs should not to be posted outside the HijackThis Logs and Malware Removal forums and then only when requested by a HJT Team member. It is an extremely powerful tool which should only be used when instructed to do so by someone who has been properly trained. ComboFix is intended by its creator to be "used under the guidance and supervision of an expert", NOT for general public or personal use. Please read Combofix's Disclaimer. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again. That's the decision by the creator and we will abide by that decision.

Further, ComboFix logs are not permitted outside the HijackThis Logs and Malware Removal forum and then only when requested by a HJT Team member. Since you used ComboFix on your own and posted a log instead of following our instructions, we cannot continue in this forum.

Please read the pinned topic titled "Preparation Guide For Use Before Posting A Hijackthis Log". If you cannot complete a step, then skip it and continue with the next. In Step 6 there are instructions for downloading and running DDS which will create a Pseudo HJT Report as part of its log.

When you have done that, post your log ComboFix log and DDS/HijackThis log in the HijackThis Logs and Malware Removal forum, NOT here, for assistance by the HJT Team Experts. A member of the Team will walk you through, step by step, on how to clean your computer.

Start a new topic, give it a relevant title and post your log along with a brief description of your problem, a summary of any anti-malware tools you have used and a summary of any steps that you have performed on your own. An expert will analyze your log and reply with instructions advising you what to fix. After doing this, we would appreciate if you post a link to your log back here so we know that your getting help from the HJT Team.

Please be patient. It may take a while to get a response because the HJT Team members are very busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT "bump" your post or make another reply until it has been responded to by a member of the HJT Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another HJT Team member is already assisting you and not open the thread to respond.

This topic is now closed. If you have any questions, please PM me or another Moderator.
The BC Staff

Edited by quietman7, 29 October 2009 - 02:39 PM.

.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users