Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Antivirus software disabled & other issues


  • This topic is locked This topic is locked
2 replies to this topic

#1 zann

zann

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:41 PM

Posted 15 February 2011 - 10:58 AM

Hello all,

I'm looking at a friend's Windows 7 Asus laptop with problems that began with Windows Defender malfunctioning (unable to scan, uninstall or reinstall). She installs lots of games so she thought she had a virus/rootkit and took action to try to fix it. I know she has tried something called Free Window Registry Repair along with Malwarebytes, Combofix and Kaspersky's scan TDSSKILLER.

I've been unable to install MS Security Essentials (error received: "The Microsoft Security Client Installation Wizard can't find files that are necessary to complete the installation. To install this program, please download the installation again from the Microsoft Security Client web site"--went through troubleshooting on MS KB page with no success).

Other symptoms:
- Windows update failing
- Frequent loss of internet (browser "unable to connect" errors)
- She let me know she was unable to install some programs like games
- Control panel System dialog doesn't display full system info like processor and memory
- DVD problems (tried to reinstall Windows but couldn't get far without hardware communication error)

Any suggestions welcome!

I'm honestly not sure if this is a malware issue or Windows malfunctioning, so I apologize in advance if this is in the wrong place. Thank you

Note about GMER log: most of the options were disabled so I could only check off services, registry, and files for scan.


DDS (Ver_10-12-12.02) - NTFS_AMD64
Run by Alison at 10:05:52.53 on Tue 02/15/2011
Internet Explorer: 8.0.7600.16385

============== Running Processes ===============


============== Pseudo HJT Report ===============

uStart Page = hxxp://m.www.yahoo.com/
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: H - No File
mURLSearchHooks: H - No File
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {5067A26B-1337-4436-8AFE-EE169C2DA79F} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
Trusted Zone: cinemanow.com
Trusted Zone: real.com\rhap-app-4-0
Trusted Zone: real.com\rhapreg
DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file:///C:/Program%20Files%20(x86)/Exorcist/Images/stg_drm.ocx
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {195B4BBF-E1E4-4020-9773-0A8C6F65EA35} - hxxp://games.bigfishgames.com/en_cooking-dash/online/CookingDashWeb.1.0.0.9.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll
DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} - hxxp://zone.msn.com/bingame/luxr/default/mjolauncher.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {BAE1D8DF-0B35-47E3-A1E7-EEB3FF2ECD19} - hxxp://zone.msn.com/bingame/fotg/default/ddfotg.1.0.0.37.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} - hxxp://l.yimg.com/jh/games/web_games/gamehouse/frenzy/SproutLauncher.cab
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://zone.msn.com/bingame/zuma/default/popcaploader_v6.cab
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\puresp4.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
BHO-X64: Windows Live Family Safety Browser Helper Class: {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll
BHO-X64: Windows Live Family Safety Browser Helper - No File
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File

================= FIREFOX ===================

FF - ProfilePath - C:\Users\Alison\AppData\Roaming\Mozilla\Firefox\Profiles\uk6ma8hn.default\
FF - prefs.js: browser.startup.homepage - hxxp://m.www.yahoo.com/
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: iWinGames Plugin: {98e34367-8df7-42b4-837b-20b892ff0849} - C:\ProgramData\iWin Games\firefox

============= SERVICES / DRIVERS ===============


=============== Created Last 30 ================

2011-02-15 14:42:08 -------- d-----w- C:\Program Files (x86)\Opti Drive Control
2011-02-15 10:56:43 -------- dc----w- C:\Users\Alison\AppData\Local\MigWiz
2011-02-15 07:21:29 -------- d-----w- C:\$WINDOWS.~LS
2011-02-15 07:19:12 -------- d-----w- C:\$UPGRADE.~OS
2011-02-15 07:18:50 -------- d-----w- C:\$WINDOWS.~BT
2011-02-12 16:34:16 -------- d-----w- C:\Program Files (x86)\Stray Souls - Dollhouse Story Collector's Edition
2011-02-12 16:10:59 -------- d-----w- C:\Users\Alison\AppData\Roaming\Muse
2011-02-12 15:57:29 -------- d-----w- C:\PROGRA~3\Big Fish Games
2011-02-11 10:42:41 18816 ------w- C:\Windows\SysWow64\SAVRKBootTasks.sys
2011-02-11 00:56:26 6144 ------w- C:\Windows\System32\24EF.tmp
2011-02-11 00:53:00 6144 ------w- C:\Windows\System32\FFF0.tmp
2011-02-11 00:52:54 -------- d-----w- C:\Program Files (x86)\Sophos
2011-02-11 00:36:32 -------- d-sh--w- C:\$RECYCLE.BIN
2011-02-11 00:13:43 98816 ----a-w- C:\Windows\sed.exe
2011-02-11 00:13:43 89088 ----a-w- C:\Windows\MBR.exe
2011-02-11 00:13:43 256512 ----a-w- C:\Windows\PEV.exe
2011-02-11 00:13:43 161792 ----a-w- C:\Windows\SWREG.exe
2011-02-10 23:52:07 -------- d-----w- C:\Program Files (x86)\MSECACHE
2011-02-10 23:43:28 -------- d-----w- C:\Program Files (x86)\Free Window Registry Repair
2011-02-10 23:05:10 -------- d-----w- C:\Users\Alison\AppData\Roaming\Malwarebytes
2011-02-10 23:05:05 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2011-02-10 23:05:05 -------- d-----w- C:\PROGRA~3\Malwarebytes
2011-02-10 23:05:01 24152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-02-10 23:05:01 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-02-10 22:58:24 -------- d-----w- C:\Windows\pss
2011-02-08 22:47:11 -------- d-----w- C:\Users\Alison\AppData\Roaming\Phantasmat_real_ce
2011-02-07 22:49:48 -------- d-----w- C:\Users\Alison\AppData\Roaming\Phantasmat_iwin_ce
2011-02-06 20:37:18 -------- d--h--w- C:\PROGRA~3\SugarGames
2011-02-05 16:07:39 -------- d-----w- C:\Users\Alison\AppData\Roaming\DarkParablesBriarRoseSE_Yahoo
2011-02-04 22:45:22 -------- d-----w- C:\Users\Alison\AppData\Roaming\Alawar
2011-02-04 22:39:33 7844688 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{1C87A50D-3DDE-498B-9CCE-EC3F17E132F3}\mpengine.dll
2011-02-02 23:15:08 -------- d-----w- C:\Users\Alison\AppData\Roaming\Jetdogs Studios
2011-02-02 22:48:06 -------- d-----w- C:\Users\Alison\AppData\Roaming\HdO Adventure
2011-02-02 01:00:03 -------- d-----w- C:\Users\Alison\AppData\Roaming\Virtual Prophecy
2011-01-31 00:17:15 -------- d-----w- C:\Program Files (x86)\Mishap 2 - An Intentional Haunting
2011-01-30 23:57:33 -------- d-----w- C:\Program Files (x86)\Shadow Wolf Mysteries - Curse of the Full Moon Collector's Edition
2011-01-27 23:51:49 -------- d-----w- C:\Users\Alison\AppData\Roaming\kingdom
2011-01-27 23:51:49 -------- d-----w- C:\PROGRA~3\boost_interprocess
2011-01-27 22:22:21 -------- d-----w- C:\Users\Alison\AppData\Roaming\WhiteBirdsProductions
2011-01-26 00:53:18 -------- d-----w- C:\Users\Alison\AppData\Roaming\TikisLab
2011-01-25 23:52:53 -------- d-----w- C:\PROGRA~3\Namco
2011-01-20 23:45:12 -------- d-----w- C:\Users\Alison\AppData\Roaming\Green Clover Games
2011-01-20 23:45:12 -------- d-----w- C:\PROGRA~3\Green Clover Games
2011-01-16 18:57:33 -------- d-----w- C:\Program Files (x86)\Sandlot Games
2011-01-16 18:57:33 -------- d-----w- C:\Program Files (x86)\Common Files\Sandlot Shared

==================== Find3M ====================

2011-02-04 22:33:31 45056 ----a-w- C:\Windows\System32\acovcnt.exe
2010-11-29 22:38:30 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
2010-11-29 22:38:30 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts

============= FINISH: 10:07:21.09 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:11:41 PM

Posted 20 February 2011 - 02:45 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. Click the Watch This Topic button at the top on the right.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#3 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:11:41 PM

Posted 24 February 2011 - 07:34 PM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users