Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Mbam will not run


  • This topic is locked This topic is locked
12 replies to this topic

#1 loneoakret

loneoakret

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:12:04 PM

Posted 12 November 2011 - 02:34 PM

Whenever I try to run Mbam I get the following message:

"Windows cannot access the specified device, path, or file. You may not have the approriate permissions to access them"

Do you have any idea what is going on here?

Please advise. Thanks!

BC AdBot (Login to Remove)

 


#2 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,911 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:01:04 PM

Posted 12 November 2011 - 02:54 PM

Hello,

Please follow the instructions in ==>This Guide<== starting at step 6. If you cannot complete a step, skip it and continue.

Once the proper logs are created, then post them in a reply to this topic by using the Add Reply button.

If you can produce at least some of the logs, then please create the post and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the reply and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.

Please note that I am not a member of the Malware Removal Team and will not be assisting you in removing the infection. I'm simply helping you to post the information they need in order to assist you.

If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

Orange Blossom :cherry:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#3 loneoakret

loneoakret
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:12:04 PM

Posted 12 November 2011 - 03:21 PM

Ok, here are my logs from DDS. I could not save a gmer log. As sson as gmer finished it simply dieappeared.

DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by J Paul Jackson at 14:00:49 on 2011-11-12
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1013.349 [GMT -6:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS\782390990:833183185.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\STacSV.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\sttray.exe
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe
C:\Program Files\MySoftware\MyInvoices\tracker.exe
C:\Program Files\Common Files\AOL\1313640899\ee\AOLSoftware.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\AOL Desktop 9.6\waol.exe
C:\Program Files\AOL Desktop 9.6\shellmon.exe
"C:\WINDOWS\system32\svchost.exe"
C:\Program Files\Internet Explorer\iexplore.exe
.
============== Pseudo HJT Report ===============
.
uWindow Title = Windows Internet Explorer provided by AOL
uDefault_Page_URL = hxxp://www.aol.com/?ncid=customie8
uInternet Settings,ProxyOverride = <local>
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [AOL Fast Start] "c:\program files\aol desktop 9.6\AOL.EXE" -b
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [SigmatelSysTrayApp] sttray.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [CarboniteSetupLite] "c:\program files\carbonite\CarbonitePreinstaller.exe" /preinstalled /showonfirst /reshowat=900
mRun: [MaxMenuMgr] "c:\program files\seagate\seagatemanager\freeagent status\StxMenuMgr.exe"
mRun: [Tracker] c:\program files\mysoftware\myinvoices\tracker.exe
mRun: [HostManager] c:\program files\common files\aol\1313640899\ee\AOLSoftware.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
LSP: mswsock.dll
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1313638915781
TCP: DhcpNameServer = 24.116.2.50 24.116.2.34
TCP: Interfaces\{67C8A2D6-CA02-457D-BEE2-CD4BBA624055} : DhcpNameServer = 24.116.2.50 24.116.2.34
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
============= SERVICES / DRIVERS ===============
.
R2 5607;5607;c:\docume~1\melanie\locals~1\temp\5607.sys [2011-11-9 133120]
R2 FreeAgentGoNext Service;Seagate Service;c:\program files\seagate\seagatemanager\sync\FreeAgentService.exe [2009-12-18 189736]
R4 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-11-12 41272]
.
=============== Created Last 30 ================
.
2011-11-12 19:23:58 1008092 ----a-w- c:\program files\rkill.com
2011-11-12 19:12:24 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-11-12 19:12:03 -------- d-----w- c:\documents and settings\j paul jackson\application data\Malwarebytes
2011-11-12 19:11:57 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2011-11-12 19:11:54 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-12 19:11:54 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-11-12 19:01:33 1008092 ----a-w- c:\program files\rkill.exe
.
==================== Find3M ====================
.
2011-08-18 13:17:27 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-08-18 04:11:17 58696 ----a-w- c:\windows\system32\AOLParconLink.exe
.
============= FINISH: 14:01:26.75 ===============

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 8/17/2011 10:23:11 PM
System Uptime: 11/12/2011 12:46:01 PM (2 hours ago)
.
Motherboard: Intel Corporation | | D946GZIS
Processor: Intel® Core™2 CPU 6320 @ 1.86GHz | | 1864/266mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 70 GiB total, 55.375 GiB free.
D: is CDROM (CDFS)
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP1: 8/17/2011 10:23:14 PM - System Checkpoint
RP2: 8/17/2011 10:37:18 PM - Printer Driver HP Officejet J4500 Series fax Installed
RP3: 8/17/2011 10:42:53 PM - Software Distribution Service 3.0
RP4: 8/17/2011 10:52:48 PM - Software Distribution Service 3.0
RP5: 8/17/2011 11:18:21 PM - Software Distribution Service 3.0
RP6: 8/17/2011 11:47:07 PM - Installed LiveUpdate
RP7: 8/17/2011 11:47:10 PM - Installed MyInvoices & Estimates Deluxe
RP8: 8/17/2011 11:54:38 PM - Installed Seagate Manager Installer
RP9: 8/17/2011 11:58:00 PM - Installed Seagate Manager Installer
RP10: 8/18/2011 12:30:17 AM - Removed MyInvoices & Estimates Deluxe
RP11: 8/18/2011 12:33:56 AM - Installed LiveUpdate
RP12: 8/18/2011 12:34:00 AM - Installed MyInvoices & Estimates Deluxe
RP13: 8/18/2011 12:46:41 AM - Installed Windows Internet Explorer 8.
RP14: 8/18/2011 12:47:18 AM - Software Distribution Service 3.0
RP15: 8/19/2011 12:59:32 AM - System Checkpoint
RP16: 8/20/2011 1:59:32 AM - System Checkpoint
RP17: 8/21/2011 2:59:32 AM - System Checkpoint
RP18: 8/22/2011 9:02:04 AM - System Checkpoint
RP19: 8/23/2011 8:32:50 AM - Installed Microsoft Office XP Professional
RP20: 8/24/2011 9:12:22 AM - System Checkpoint
RP21: 8/25/2011 9:15:46 AM - System Checkpoint
RP22: 8/26/2011 9:33:21 AM - System Checkpoint
RP23: 8/27/2011 9:45:21 AM - System Checkpoint
RP24: 8/28/2011 10:45:21 AM - System Checkpoint
RP25: 8/29/2011 11:14:08 AM - System Checkpoint
RP26: 8/30/2011 11:26:08 AM - System Checkpoint
RP27: 8/31/2011 12:12:20 PM - System Checkpoint
RP28: 9/1/2011 12:30:03 PM - System Checkpoint
RP29: 9/2/2011 2:22:53 PM - System Checkpoint
RP30: 9/3/2011 2:37:18 PM - System Checkpoint
RP31: 9/4/2011 5:20:47 PM - System Checkpoint
RP32: 9/5/2011 8:28:43 PM - System Checkpoint
RP33: 9/6/2011 9:41:06 PM - System Checkpoint
RP34: 9/7/2011 10:33:21 PM - System Checkpoint
RP35: 9/8/2011 11:45:21 PM - System Checkpoint
RP36: 9/10/2011 12:46:31 AM - System Checkpoint
RP37: 9/11/2011 1:34:31 AM - System Checkpoint
RP38: 9/12/2011 2:34:31 AM - System Checkpoint
RP39: 9/13/2011 3:34:31 AM - System Checkpoint
RP40: 9/14/2011 4:46:31 AM - System Checkpoint
RP41: 9/15/2011 5:46:31 AM - System Checkpoint
RP42: 9/16/2011 6:34:31 AM - System Checkpoint
RP43: 9/17/2011 6:34:39 AM - System Checkpoint
RP44: 9/18/2011 6:46:39 AM - System Checkpoint
RP45: 9/19/2011 7:46:39 AM - System Checkpoint
RP46: 9/20/2011 9:21:59 AM - System Checkpoint
RP47: 9/21/2011 9:23:56 AM - System Checkpoint
RP48: 9/22/2011 9:34:39 AM - System Checkpoint
RP49: 9/23/2011 9:38:08 AM - System Checkpoint
RP50: 9/24/2011 10:54:08 AM - System Checkpoint
RP51: 9/25/2011 11:46:52 AM - System Checkpoint
RP52: 9/26/2011 12:44:39 PM - System Checkpoint
RP53: 9/27/2011 2:13:20 PM - System Checkpoint
RP54: 9/28/2011 2:44:38 PM - System Checkpoint
RP55: 9/29/2011 5:05:55 PM - System Checkpoint
RP56: 9/30/2011 5:07:48 PM - System Checkpoint
RP57: 10/1/2011 5:56:42 PM - System Checkpoint
RP58: 10/2/2011 6:54:07 PM - System Checkpoint
RP59: 10/3/2011 6:59:10 PM - System Checkpoint
RP60: 10/4/2011 7:56:42 PM - System Checkpoint
RP61: 10/5/2011 8:13:31 PM - System Checkpoint
RP62: 10/6/2011 8:20:56 PM - System Checkpoint
RP63: 10/8/2011 11:20:45 AM - System Checkpoint
RP64: 10/9/2011 11:45:28 AM - System Checkpoint
RP65: 10/10/2011 12:45:28 PM - System Checkpoint
RP66: 10/11/2011 1:53:55 PM - System Checkpoint
RP67: 10/12/2011 3:25:57 PM - System Checkpoint
RP68: 10/13/2011 3:45:02 PM - System Checkpoint
RP69: 10/14/2011 4:28:49 PM - System Checkpoint
RP70: 10/15/2011 4:45:34 PM - System Checkpoint
RP71: 10/16/2011 4:46:04 PM - System Checkpoint
RP72: 10/17/2011 5:06:56 PM - System Checkpoint
RP73: 10/18/2011 5:13:44 PM - System Checkpoint
RP74: 10/19/2011 6:23:20 PM - System Checkpoint
RP75: 10/20/2011 7:01:56 PM - System Checkpoint
RP76: 10/21/2011 7:40:15 PM - System Checkpoint
RP77: 10/22/2011 8:40:16 PM - System Checkpoint
RP78: 10/23/2011 9:40:18 PM - System Checkpoint
RP79: 10/24/2011 9:41:23 PM - System Checkpoint
RP80: 10/25/2011 10:40:18 PM - System Checkpoint
RP81: 10/26/2011 11:14:54 PM - System Checkpoint
RP82: 10/27/2011 11:55:44 PM - System Checkpoint
RP83: 10/29/2011 12:21:58 AM - System Checkpoint
RP84: 10/30/2011 12:22:28 AM - System Checkpoint
RP85: 10/31/2011 1:09:59 AM - System Checkpoint
RP86: 11/1/2011 1:23:39 AM - System Checkpoint
RP87: 11/2/2011 9:51:24 AM - System Checkpoint
RP88: 11/3/2011 9:58:59 AM - System Checkpoint
RP89: 11/4/2011 11:08:31 AM - System Checkpoint
RP90: 11/6/2011 10:55:24 PM - System Checkpoint
RP91: 11/7/2011 11:43:29 PM - System Checkpoint
RP92: 11/9/2011 2:07:21 AM - System Checkpoint
RP93: 11/10/2011 4:46:34 PM - System Checkpoint
RP94: 11/11/2011 5:33:38 PM - System Checkpoint
.
==== Installed Programs ======================
.
32 Bit HP CIO Components Installer
4500_Help
Adobe Flash Player 10 ActiveX
Adobe Reader 8.2.0
AOL Toolbar for Firefox
AOL Uninstaller (Choose which Products to Remove)
Avanquest update
BPD_HPSU
bpd_scan
BPDSoftware
BPDSoftware_Ini
BufferChm
Carbonite Online Backup Setup
Cisco Connect
CustomerResearchQFolder
Destination Component
DeviceDiscovery
DeviceManagementQFolder
DocMgr
DocProc
DocProcQFolder
Download Updater (AOL LLC)
eSupportQFolder
Fax
GPBaseService
High Definition Audio Driver Package - KB888111
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB981793)
HP Customer Participation Program 10.0
HP Document Manager 1.0
HP Imaging Device Functions 10.0
HP Officejet J4500 Series
HP Photosmart Essential 2.5
HP Smart Web Printing
HP Solution Center 10.0
HP Update
HPProductAssistant
HPSSupply
Intel® Graphics Media Accelerator Driver
Intel® PRO Network Connections Drivers
J4500
Malwarebytes' Anti-Malware version 1.51.2.1300
MarketResearch
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office XP Professional
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 Redistributable
MSN
MSXML 4.0 SP2 (KB954430)
MyInvoices & Estimates Deluxe
Nero Suite
OCR Software by I.R.I.S. 10.0
PowerDVD
ProductContext
PSSWCORE
Scan
Seagate Manager Installer
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB981349)
Shop for HP Supplies
SigmaTel Audio
SmartWebPrintingOC
SolutionCenter
Status
Toolbox
TrayApp
Update for Windows Internet Explorer 8 (KB2447568)
Update for Windows XP (KB2467659)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VideoToolkit01
Viewpoint Media Player
WebFldrs XP
WebReg
Windows Driver Package - Intel (E100B) Net (01/12/2006 8.0.27.0)
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
Yahoo! Toolbar
.
==== Event Viewer Messages From Past Week ========
.
11/9/2011 8:51:58 AM, error: Service Control Manager [7023] - The Network Location Awareness (NLA) service terminated with the following error: The specified procedure could not be found.
11/9/2011 8:45:54 AM, error: System Error [1003] - Error code 000000f7, parameter1 00003ef6, parameter2 00003e02, parameter3 ffffc1fd, parameter4 00000000.
11/9/2011 8:45:35 AM, error: DCOM [10000] - Unable to start a DCOM Server: {078AEF33-C48A-49F7-AFF3-A0EE810BFE7C}. The error: "%5" Happened while starting this command: C:\WINDOWS\system32\igfxsrvc.exe -Embedding
11/9/2011 1:53:48 AM, error: Service Control Manager [7022] - The HP CUE DeviceDiscovery Service service hung on starting.
11/8/2011 1:22:16 PM, error: Service Control Manager [7034] - The AOL Connectivity Service service terminated unexpectedly. It has done this 1 time(s).
11/8/2011 1:16:45 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the HTTP SSL service to connect.
11/8/2011 1:16:45 PM, error: Service Control Manager [7000] - The HTTP SSL service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
11/8/2011 1:12:32 PM, error: Dhcp [1002] - The IP address lease 192.168.1.116 for the Network Card with network address 0019D1FAF8EE has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
11/7/2011 10:50:42 PM, error: DCOM [10000] - Unable to start a DCOM Server: {C2BFE331-6739-4270-86C9-493D9A04CD38}. The error: "%5" Happened while starting this command: C:\WINDOWS\system32\igfxsrvc.exe -Embedding
11/10/2011 3:45:00 PM, error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume C:.
.
==== End Of File ===========================

#4 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:01:04 PM

Posted 14 November 2011 - 01:27 PM

Hi,

Please do the following:


Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • When asked if you want to download Avast's virus definitions please select Yes.
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#5 loneoakret

loneoakret
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:12:04 PM

Posted 14 November 2011 - 02:49 PM

During the scan the program disappeared, and now I cannot open it. When I double click on the aswMBR icon on the desktop I get: "Windows cannot access the specified device, path or file. You may not have the appropriate permissions to access the item."

#6 loneoakret

loneoakret
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:12:04 PM

Posted 14 November 2011 - 03:00 PM

I should also add that all of my searches are being redirected, and I am constantly being asked to run Chkdsk. It seems that whatever malware has infected my computer detects any attempts to remove it and shuts them down.

#7 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:01:04 PM

Posted 14 November 2011 - 03:13 PM

Please run the following:


Note, if it doesn't run in normal mode at first,

download a fresh copy, but rename it to svchost and save it directly to your C:\ drive, then navigate to your C:\ drive and run it, if it still won't run, then boot into safe mode and try it in safe mode;

To Enter Safemode
  • Go to Start> Shut off your Computer> Restart
  • As the computer starts to boot-up, Tap the F8 KEY repeatedly,
  • this will bring up a menu.
  • Use the Up and Down Arrow Keys to scroll up to Safemode
  • Then press the Enter Key on your Keyboard
  • go into your usual account


Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image

  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

  • Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#8 loneoakret

loneoakret
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:12:04 PM

Posted 14 November 2011 - 03:49 PM

Please run the following? Either you left something out after that statement, or you meant run ComboFix. :) Please advise as I do not want to run combofix if you meant something else. Thanks, I really appreciate the time you are putting into helping me.

#9 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:01:04 PM

Posted 14 November 2011 - 03:57 PM

Hi,

i did mean ComboFix, I included the instructions for entering safemode in case you can't get it to run in normal mode

(sorry for the extra space in the instructions)

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#10 loneoakret

loneoakret
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:12:04 PM

Posted 14 November 2011 - 04:16 PM

No prob. Will do that and get back to you right away.

#11 loneoakret

loneoakret
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:12:04 PM

Posted 14 November 2011 - 10:14 PM

While running cobofix in normal mode a window opend saying that my computer was infected with with a virus called "rootlist"? Then my background screen appeared with no icons and the computer froze. I am now working from my other computer. What should I do?

#12 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:01:04 PM

Posted 14 November 2011 - 10:48 PM

see if you can open task manager (ctrl + alt + del)

see if there are any processes such as Pev.exe, sed.exe 3xe.exe and end the processes


then restart the computer and try running ComboFix again

if it still wont run, try running it in safe mode:

To Enter Safemode
  • Go to Start> Shut off your Computer> Restart
  • As the computer starts to boot-up, Tap the F8 KEY repeatedly,
  • this will bring up a menu.
  • Use the Up and Down Arrow Keys to scroll up to Safemode
  • Then press the Enter Key on your Keyboard
  • go into your usual account

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#13 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:01:04 PM

Posted 24 November 2011 - 08:53 PM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users