Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unable to run malwarebytes


  • This topic is locked This topic is locked
2 replies to this topic

#1 Estam

Estam

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:05:19 AM

Posted 10 February 2011 - 06:04 PM

Hi all, I am running xp pro sp2 on a dell p4. Received a virus with a large page telling me I'm infected and was trying to tun a cleaner. I ran Hijackthis and hope someone could give it a quick browse and advice.
Many thanks...


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 5:25:08 PM, on 2/10/2011
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Dave\My Documents\Downloads\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://java.com/
O2 - BHO: Watch for Browser Events -

{516E2306-7ADF-47EC-AEA8-ACB6B51899F1} -

C:\PROGRA~1\MACROE~1\iCapture.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper -

{DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program

Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl -

{E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program

Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone

Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Lexmark X83 Button Monitor]

C:\PROGRA~1\LEXMAR~1\ACMonitor_X83.exe
O4 - HKLM\..\Run: [Lexmark X83 Button Manager]

C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X83.exe
O4 - HKLM\..\Run: [mlklijsys] rundll32.exe "yaxwtq.dll",s
O4 - HKLM\..\Run: [wvtuspaudio] rundll32.exe "qopoom.dll",s
O4 - HKLM\..\Run: [ssttttaudio] rundll32.exe "rqrrqo.dll",s
O4 - HKLM\..\RunServices: [BitTorrentBitTorrent6.4.0.18095] c:\program

files\bittorrent\bittorrentbittorrent.exe
O4 - HKLM\..\RunServices: [SAPI5WindowsTM5.1.4111.00] c:\program files\common

files\speechengines\microsoft\tts\1033\microsoftsystem.exe
O4 - HKLM\..\RunServices: [dsconfigDSConfig] c:\program files\k-lite codec

pack\tools\statsreaderdirectshow1.0.0.1.exe
O4 - HKLM\..\RunServices: [FrontPagefp4Awec] c:\program files\common

files\microsoft shared\web server extensions\40\bin\microsoftfp30utl.exe
O4 - HKLM\..\RunServices: [LogitechLogitech] C:\program files\common

files\logishrd\logidriverstore\lvdrivers\11.50.1145\elch\logitechquickcam.exe
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes'

Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [SacReminderHDDV2] c:\documents and settings\all

users\application data\Clickfree\C2SMB\reminder\SacReminder.exe
O4 - HKCU\..\Run: [{6D4355E6-4A6C-B393-6985-B9807E723D3C}] "C:\Documents

and Settings\Dave\Application Data\Fuaph\fiuv.exe"
O4 - HKCU\..\Run: [{432900B8-CDC5-FC51-B32C-86204DD4468F}] "C:\Documents

and Settings\Dave\Application Data\Muxoi\baor.exe"
O4 - HKCU\..\Run: [rqpnkjaudio] rundll32.exe "qopoom.dll",s
O4 - HKCU\..\Run: [byvutraudio] rundll32.exe "rqrrqo.dll",s
O4 - HKCU\..\RunOnce: [lDbLbIa06511] C:\Documents and Settings\All

Users\Application Data\lDbLbIa06511\lDbLbIa06511.exe
O4 - HKUS\S-1-5-18\..\Run: [fcbyvssys] rundll32.exe "yaxwtq.dll",s (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [wvwwvwaudio] rundll32.exe "qopoom.dll",s (User

'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [fcbyvssys] rundll32.exe "yaxwtq.dll",s (User 'Default

user')
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe
O4 - Global Startup: Macro Express 3.lnk = C:\Program Files\Macro

Express3\MacExp.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -

C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger -

{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -

http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.c

ab?1268332328093
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -

http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.c

ab?1268332317843
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} -

C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader -

{438755C2-A8BA-11D1-B96B-00A0C90312E1} -

C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon -

{8C7461EF-2B13-11d2-BE35-3078302C2030} -

C:\WINDOWS\system32\browseui.dll
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program

Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation -

C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. -

C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common

Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common

Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common

Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog

Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software

Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 5515 bytes

BC AdBot (Login to Remove)

 


#2 Estam

Estam
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:05:19 AM

Posted 11 February 2011 - 10:11 PM

I understand that everyone is very busy so I am requesting this thread be closed as I am being helped by another forum.
Best regards, Dave

#3 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:06:19 AM

Posted 12 February 2011 - 02:46 PM

Estam,

Thank you for letting us know. We appreciate it.

Per request this thread will now be closed.

Kindest Regards,
SweetTech.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users