jaysel
-
Posts
3 -
Joined
-
Last visited
-
Unable to run MBAM. System hanging
jaysel replied to jaysel's topic in Resolved Malware Removal Logs
Ok - after the reboot I could run stuff. Second DDS: . DDS (Ver_2011-06-23.01) - NTFSx86 NETWORK Internet Explorer: 9.0.8112.16421 Run by Administrator at 17:21:30 on 2011-08-04 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.2038.1640 [GMT 1:00] . AV: Norton 360 *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF} SP: Norton 360 *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202} FW: Norton 360 *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k rpcss C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Program Files\SUPERAntiSpyware\SASCORE.EXE C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\Explorer.EXE C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_GB&c=71&bd=PRESARIO&pf=laptop mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_GB&c=71&bd=PRESARIO&pf=laptop mURLSearchHooks: H - No File BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun uRun: [sUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe mRun: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe mRun: [sMSERIAL] c:\program files\motorola\smserial\sm56hlpr.exe mRun: [RtHDVCpl] RtHDVCpl.exe mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe" mRun: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start mRun: [Persistence] c:\windows\system32\igfxpers.exe mRun: [NapsterShell] c:\program files\napster\napster.exe /systray mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [igfxTray] c:\windows\system32\igfxtray.exe mRun: [iAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe mRun: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adober~2.lnk - c:\program files\adobe\reader 8.0\reader\reader_sl.exe StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\reader 8.0\reader\AdobeCollabSync.exe StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\photof~1.lnk - c:\program files\panasonic\photofunstudio\PhAutoRun.exe mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} - hxxp://quickscan.bitdefender.com/qsax/qsax.cab DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w3/resources/VistaMSNPUplden-gb.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUplden-gb.cab TCP: DhcpNameServer = 192.168.1.254 TCP: Interfaces\{232E6076-E6E4-4CE8-85C5-7654E69DA199} : DhcpNameServer = 192.168.1.254 TCP: Interfaces\{8640CB16-A2AA-46FA-921B-B7CDFF0538FB} : DhcpNameServer = 192.168.10.5 8.8.8.8 Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL Notify: igfxcui - igfxdev.dll SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL . ============= SERVICES / DRIVERS =============== . R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-7-19 123264] S0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [2011-6-22 53816] S1 RapportCerberus_26762;RapportCerberus_26762;c:\programdata\trusteer\rapport\store\exts\rapportcerberus\26762\RapportCerberus_26762.sys [2011-6-13 57144] S1 RapportEI;RapportEI;c:\program files\trusteer\rapport\bin\RapportEI.sys [2011-6-22 66360] S1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2011-6-22 158904] S1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880] S1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664] S2 RapportMgmtService;Rapport Management Service;c:\program files\trusteer\rapport\bin\RapportMgmtService.exe [2011-6-22 870200] S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2010-12-30 39272] S4 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S4 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-10-20 21504] S4 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-23 1493352] S4 gupdate1ca242fbe5d3210;Google Update Service (gupdate1ca242fbe5d3210);c:\program files\google\update\GoogleUpdate.exe [2009-8-23 133104] S4 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-8-23 133104] S4 sprtsvc_O2;SupportSoft Sprocket Service (O2);c:\program files\o2\bin\sprtsvc.exe [2007-6-7 202280] S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040] S4 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504] . =============== Created Last 30 ================ . 2011-08-04 15:56:44 -------- d-----w- c:\users\administrator.tricky-pc\appdata\local\temp 2011-08-04 15:56:05 -------- d-sh--w- C:\$RECYCLE.BIN 2011-08-04 15:45:47 -------- d-----w- C:\ComboFix 2011-08-03 16:30:34 632064 ----a-w- c:\windows\system32\msvcr80.dll 2011-08-03 16:30:33 554240 ----a-w- c:\windows\system32\msvcp80.dll 2011-08-03 16:30:32 34048 ----a-w- c:\windows\system32\eEmpty.exe 2011-08-03 16:30:28 -------- d-----w- c:\program files\common files\MicroWorld 2011-08-03 16:30:22 -------- d-----w- c:\programdata\MicroWorld 2011-08-02 16:37:22 -------- d-----w- c:\users\administrator.tricky-pc\appdata\roaming\SUPERAntiSpyware.com 2011-08-02 16:36:30 -------- d-----w- c:\programdata\!SASCORE 2011-08-02 16:36:27 -------- d-----w- c:\programdata\SUPERAntiSpyware.com 2011-08-02 16:36:27 -------- d-----w- c:\program files\SUPERAntiSpyware 2011-08-02 16:35:47 -------- d-----w- c:\program files\Hitman Pro 3.5 2011-08-02 16:28:29 -------- d-----w- c:\programdata\Hitman Pro 2011-08-02 08:06:11 -------- d-----w- c:\programdata\Kaspersky Lab 2011-08-02 06:31:57 -------- d-----w- c:\users\administrator.tricky-pc\appdata\roaming\Malwarebytes 2011-08-02 06:31:49 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-08-02 06:31:48 -------- d-----w- c:\programdata\Malwarebytes 2011-08-02 06:31:45 22712 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-08-02 06:31:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-08-01 17:59:14 -------- d-----w- c:\users\administrator.tricky-pc\appdata\local\Apple Computer 2011-08-01 17:54:01 -------- d-----w- c:\users\administrator.tricky-pc\appdata\local\Google 2011-08-01 17:53:28 -------- d-----w- c:\program files\CCleaner 2011-08-01 17:39:39 -------- d-----w- c:\windows\pss 2011-08-01 17:18:05 -------- d-----w- C:\Combo-Fix 2011-08-01 17:06:45 -------- d-----w- c:\program files\BHODemon 2 2011-08-01 17:04:08 -------- d--h--w- c:\windows\PIF 2011-08-01 16:24:45 388096 ----a-r- c:\users\administrator.tricky-pc\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe 2011-08-01 16:24:43 -------- d-----w- c:\program files\Trend Micro 2011-08-01 16:08:07 -------- d-----w- c:\users\administrator.tricky-pc\appdata\roaming\QuickScan 2011-08-01 15:00:26 -------- d-----w- c:\users\administrator.tricky-pc\appdata\local\CrashDumps 2011-08-01 14:49:36 -------- d-----w- c:\users\administrator.tricky-pc\appdata\local\Adobe 2011-08-01 14:01:47 -------- d-----w- c:\users\administrator.tricky-pc\appdata\local\QuickPlay 2011-08-01 14:01:45 -------- d-----w- c:\users\administrator.tricky-pc\appdata\local\ArcSoft 2011-08-01 14:01:23 -------- d-----w- c:\users\administrator.tricky-pc\appdata\local\SupportSoft 2011-08-01 14:01:04 -------- d-----w- c:\users\administrator.tricky-pc\appdata\local\Trusteer 2011-08-01 13:04:13 208896 ----a-w- c:\windows\MBR.exe 2011-08-01 13:04:12 98816 ----a-w- c:\windows\sed.exe 2011-08-01 13:04:12 518144 ----a-w- c:\windows\SWREG.exe 2011-08-01 13:04:12 256000 ----a-w- c:\windows\PEV.exe 2011-07-28 08:56:44 -------- d-----w- C:\972957a43b2d557e1e2362db6e1eff8d 2011-07-28 08:50:09 -------- d-----w- C:\4bc50e099e0061bdded5c7dd 2011-07-28 08:38:17 -------- d-----w- C:\3c63e7097ed858fe4a36897884 2011-07-23 14:18:43 508416 ----a-w- c:\windows\system32\drivers\bthport.sys 2011-07-23 14:18:43 30208 ----a-w- c:\windows\system32\drivers\BTHUSB.SYS 2011-07-23 14:18:39 2043392 ----a-w- c:\windows\system32\win32k.sys 2011-07-23 14:18:29 49152 ----a-w- c:\windows\system32\csrsrv.dll 2011-07-23 14:18:29 375808 ----a-w- c:\windows\system32\winsrv.dll . ==================== Find3M ==================== . 2011-06-22 17:01:26 53816 ----a-w- c:\windows\system32\drivers\RapportKELL.sys 2011-05-31 10:17:18 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl . ============= FINISH: 17:22:33.38 =============== -
Unable to run MBAM. System hanging
jaysel replied to jaysel's topic in Resolved Malware Removal Logs
Combo Fix log as requested. Incidentally - I can no longer access my netowrk & if I go into the CP or run anything (like DDS.SCR) - I get "illegal operation attempted on a registry key that has been marked for deletion" I will reboot & see if the issue remains ComboFix 11-08-01.02 - Administrator 04/08/2011 16:47:32.1.2 - x86 NETWORK Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.2038.1638 [GMT 1:00] Running from: c:\users\Administrator.tricky-PC\Desktop\Virus - Jay\ComboFix.exe * Created a new restore point . . ((((((((((((((((((((((((( Files Created from 2011-07-04 to 2011-08-04 ))))))))))))))))))))))))))))))) . . 2011-08-04 15:54 . 2011-08-04 15:54 -------- d-----w- c:\users\tricky\AppData\Local\temp 2011-08-04 15:54 . 2011-08-04 15:54 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-08-03 16:30 . 2011-08-03 16:30 632064 ----a-w- c:\windows\system32\msvcr80.dll 2011-08-03 16:30 . 2011-08-03 16:30 554240 ----a-w- c:\windows\system32\msvcp80.dll 2011-08-03 16:30 . 2011-08-03 16:30 34048 ----a-w- c:\windows\system32\eEmpty.exe 2011-08-03 16:30 . 2011-08-03 16:30 -------- d-----w- c:\program files\Common Files\MicroWorld 2011-08-03 16:30 . 2011-08-03 16:30 -------- d-----w- c:\programdata\MicroWorld 2011-08-02 16:36 . 2011-08-02 16:36 -------- d-----w- c:\programdata\!SASCORE 2011-08-02 16:36 . 2011-08-02 16:37 -------- d-----w- c:\program files\SUPERAntiSpyware 2011-08-02 16:36 . 2011-08-02 16:36 -------- d-----w- c:\programdata\SUPERAntiSpyware.com 2011-08-02 16:35 . 2011-08-02 16:35 -------- d-----w- c:\program files\Hitman Pro 3.5 2011-08-02 16:28 . 2011-08-02 16:28 -------- d-----w- c:\programdata\Hitman Pro 2011-08-02 08:06 . 2011-08-02 08:06 -------- d-----w- c:\programdata\Kaspersky Lab 2011-08-02 06:31 . 2011-07-06 18:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-08-02 06:31 . 2011-08-02 06:31 -------- d-----w- c:\programdata\Malwarebytes 2011-08-02 06:31 . 2011-08-02 06:31 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-08-02 06:31 . 2011-07-06 18:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-08-01 17:53 . 2011-08-01 17:53 -------- d-----w- c:\program files\CCleaner 2011-08-01 17:18 . 2011-08-01 17:29 -------- d-----w- C:\Combo-Fix 2011-08-01 17:06 . 2011-08-01 17:08 -------- d-----w- c:\program files\BHODemon 2 2011-08-01 17:04 . 2011-08-01 17:04 -------- d--h--w- c:\windows\PIF 2011-08-01 16:24 . 2011-08-01 16:24 -------- d-----w- c:\program files\Trend Micro 2011-08-01 13:54 . 2011-08-01 13:54 -------- d-----w- c:\users\Administrator 2011-07-30 09:28 . 2011-07-30 09:28 0 ---ha-w- c:\users\tricky\AppData\Local\BIT9EF.tmp 2011-07-28 08:56 . 2011-07-28 08:56 -------- d-----w- C:\972957a43b2d557e1e2362db6e1eff8d 2011-07-28 08:50 . 2011-07-28 08:50 -------- d-----w- C:\4bc50e099e0061bdded5c7dd 2011-07-28 08:38 . 2011-07-28 08:38 -------- d-----w- C:\3c63e7097ed858fe4a36897884 2011-07-26 19:08 . 2011-07-26 19:08 0 ---ha-w- c:\users\tricky\AppData\Local\BIT3E67.tmp 2011-07-26 18:40 . 2011-07-26 18:40 -------- d-----w- c:\users\tricky\AppData\Roaming\Malwarebytes 2011-07-23 14:18 . 2011-04-21 13:55 508416 ----a-w- c:\windows\system32\drivers\bthport.sys 2011-07-23 14:18 . 2009-06-17 13:23 30208 ----a-w- c:\windows\system32\drivers\BTHUSB.SYS 2011-07-23 14:18 . 2011-06-02 13:34 2043392 ----a-w- c:\windows\system32\win32k.sys 2011-07-23 14:18 . 2011-04-20 15:55 375808 ----a-w- c:\windows\system32\winsrv.dll 2011-07-23 14:18 . 2011-04-20 15:50 49152 ----a-w- c:\windows\system32\csrsrv.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-06-22 17:01 . 2011-06-22 17:01 53816 ----a-w- c:\windows\system32\drivers\RapportKELL.sys 2011-05-31 10:17 . 2011-05-31 10:17 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-05-17 08:07 . 2011-05-17 08:07 784136 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920] "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-07-29 4599680] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-10 317128] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-01-13 827392] "SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-10-09 729088] "RtHDVCpl"="RtHDVCpl.exe" [2007-03-09 4390912] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888] "QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-02-16 172032] "QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-02-13 159744] "Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-21 133656] "NapsterShell"="c:\program files\Napster\napster.exe" [2006-09-06 323216] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-03-07 421160] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-21 141848] "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-15 178712] "hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-03-01 472776] "HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840] "HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2006-12-04 46704] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-21 166424] "ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-04-13 47392] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048] Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872] PHOTOfunSTUDIO HD Edition.lnk - c:\program files\Panasonic\PHOTOfunSTUDIO\PhAutoRun.exe [2009-8-2 44176] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux1"=wdmaud.drv . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE] @="" . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 . R0 RapportKELL;RapportKELL;c:\windows\System32\Drivers\RapportKELL.sys [2011-06-22 53816] R1 RapportCerberus_26762;RapportCerberus_26762;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\26762\RapportCerberus_26762.sys [2011-06-13 57144] R1 RapportEI;RapportEI;c:\program files\Trusteer\Rapport\bin\RapportEI.sys [2011-06-22 66360] R1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [2011-06-22 158904] R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2011-07-22 12880] R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2011-07-12 67664] R2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [2011-06-22 870200] R4 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R4 gupdate1ca242fbe5d3210;Google Update Service (gupdate1ca242fbe5d3210);c:\program files\Google\Update\GoogleUpdate.exe [2009-08-23 133104] R4 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2009-08-23 133104] R4 sprtsvc_O2;SupportSoft Sprocket Service (O2);c:\program files\O2\bin\sprtsvc.exe [2007-06-07 202280] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040] R4 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504] S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2011-07-19 123264] . . --- Other Services/Drivers In Memory --- . *Deregistered* - klmd25 . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache bthsvcs REG_MULTI_SZ BthServ . Contents of the 'Scheduled Tasks' folder . 2011-08-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-08-23 20:24] . 2011-07-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-08-23 20:24] . 2011-08-02 c:\windows\Tasks\Hitman Pro 3.5 Boot Task.job - c:\program files\Hitman Pro 3.5\HitmanPro35.exe [2011-08-02 16:03] . 2011-06-27 c:\windows\Tasks\Norton Security Scan for tricky.job - c:\progra~1\NORTON~3\Engine\301~1.8\Nss.exe [2011-01-15 20:15] . . ------- Supplementary Scan ------- . uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_GB&c=71&bd=PRESARIO&pf=laptop mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_GB&c=71&bd=PRESARIO&pf=laptop TCP: DhcpNameServer = 192.168.1.254 . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-08-04 16:54 Windows 6.0.6002 Service Pack 2 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-2670147850-1205366126-802892886-500\Software\Microsoft\Internet Explorer\Approved Extensions] @Denied: (2) (Administrator) "{50BCBFA7-2A6A-41ED-9D96-34D2073A8943}"=hex:51,66,7a,6c,4c,1d,3b,1b,b7,a3,a8, 4e,5d,78,86,0b,89,98,76,92,06,7b,cc,5a "{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:51,66,7a,6c,4c,1d,3b,1b,a1,de,0c, 3d,52,1b,bf,5b,8f,16,42,d0,26,e4,88,56 "{32004B8A-44A9-43E7-84E9-808838809519}"=hex:51,66,7a,6c,4c,1d,3b,1b,9a,57,14, 2c,9e,16,8c,09,90,e7,c2,c8,39,c1,d0,00 "{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}"=hex:51,66,7a,6c,4c,1d,3b,1b,8f,82,90, 18,e0,9a,32,07,ac,73,3a,0b,7c,2a,a5,aa "{6EBF7485-159F-4BFF-A14F-B9E3AAC4465B}"=hex:51,66,7a,6c,4c,1d,3b,1b,95,68,ab, 70,a8,47,94,01,b5,41,fb,a3,ab,85,03,42 "{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,3b,1b,ab,8b,00, 68,c7,84,47,0c,a2,e5,96,9a,f0,98,68,5a "{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,3b,1b,74,c8,24, 8e,35,1e,d4,00,9a,c2,13,24,77,49,26,df "{9FDDE16B-836F-4806-AB1F-1455CBEFF289}"=hex:51,66,7a,6c,4c,1d,3b,1b,7b,fd,c9, 81,58,d1,6d,02,bf,11,56,15,ca,ae,b7,90 "{AA58ED58-01DD-4D91-8333-CF10577473F7}"=hex:51,66,7a,6c,4c,1d,3b,1b,48,f1,4c, b4,ea,53,fa,07,97,3d,8d,50,56,35,36,ee "{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,3b,1b,54,1c,dc, c5,72,f6,30,09,a8,7a,de,65,c0,84,cd,b0 . [HKEY_USERS\S-1-5-21-2670147850-1205366126-802892886-500\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration] @Denied: (2) (Administrator) "Timestamp"=hex:cc,45,8c,83,64,50,cc,01 . [HKEY_USERS\S-1-5-21-2670147850-1205366126-802892886-500\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (Administrator) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,3b,09,64,2c,19,f9,b6,40,83,1f,a8,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,3b,09,64,2c,19,f9,b6,40,83,1f,a8,\ . [HKEY_LOCAL_MACHINE\system\ControlSet004\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:000000b5 . Completion time: 2011-08-04 16:56:43 ComboFix-quarantined-files.txt 2011-08-04 15:56 ComboFix2.txt 2011-08-01 17:29 . Pre-Run: 59,815,108,608 bytes free Post-Run: 60,147,720,192 bytes free . - - End Of File - - 7C1E9177D8B3EDDCB3B1613E2D1C3DC9 -
Hi - I have a laptop running Vista SP2 32bit.(Unable to update the OS yet!) I have enabled the Admin account & running everyting from this accout whilst in safemode, else the laptop hangs. I have had problems getting MBAM to run (MBAM_ERROR_EXPANDING_VARIABLES (0,453) & other errors) managed to run MBAM_CLEAN & then reinstall, allowed me to run it and find some viruses - then it hangs. Then I ran MBAM, found viruses, Aborted, cleaned etc..etc However, eventually MBAM hangs again & I have to reboot. After the reboot, I am unable to run MBAM without clanign & reinstalling I have run KILL (in its various guises prior to running MBAM, to no avail. HJT, DDS & GMER are attached, I hope someone can help! Jay.. . DDS (Ver_2011-06-23.01) - NTFSx86 Internet Explorer: 9.0.8112.16421 Run by Administrator at 7:53:47 on 2011-08-02 . ============== Running Processes =============== . . ============== Pseudo HJT Report =============== . uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_GB&c=71&bd=PRESARIO&pf=laptop mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_GB&c=71&bd=PRESARIO&pf=laptop mURLSearchHooks: H - No File BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} - hxxp://quickscan.bitdefender.com/qsax/qsax.cab DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w3/resources/VistaMSNPUplden-gb.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUplden-gb.cab TCP: DhcpNameServer = 192.168.1.254 TCP: Interfaces\{232E6076-E6E4-4CE8-85C5-7654E69DA199} : DhcpNameServer = 192.168.1.254 TCP: Interfaces\{8640CB16-A2AA-46FA-921B-B7CDFF0538FB} : DhcpNameServer = 192.168.10.5 8.8.8.8 Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll Notify: igfxcui - igfxdev.dll . ============= SERVICES / DRIVERS =============== . . =============== Created Last 30 ================ . 2011-08-02 06:31:57 -------- d-----w- c:\users\administrator.tricky-pc\appdata\roaming\Malwarebytes 2011-08-02 06:31:49 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-08-02 06:31:48 -------- d-----w- c:\programdata\Malwarebytes 2011-08-02 06:31:45 22712 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-08-02 06:31:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-08-01 17:59:14 -------- d-----w- c:\users\administrator.tricky-pc\appdata\local\Apple Computer 2011-08-01 17:54:01 -------- d-----w- c:\users\administrator.tricky-pc\appdata\local\Google 2011-08-01 17:53:28 -------- d-----w- c:\program files\CCleaner 2011-08-01 17:39:39 -------- d-----w- c:\windows\pss 2011-08-01 17:29:05 -------- d-----w- c:\users\administrator.tricky-pc\appdata\local\temp 2011-08-01 17:28:27 -------- d-sh--w- C:\$RECYCLE.BIN 2011-08-01 17:18:05 -------- d-----w- C:\Combo-Fix 2011-08-01 17:06:45 -------- d-----w- c:\program files\BHODemon 2 2011-08-01 17:04:08 -------- d--h--w- c:\windows\PIF 2011-08-01 16:56:49 -------- d-----w- C:\ComboFix 2011-08-01 16:24:45 388096 ----a-r- c:\users\administrator.tricky-pc\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe 2011-08-01 16:24:43 -------- d-----w- c:\program files\Trend Micro 2011-08-01 16:08:07 -------- d-----w- c:\users\administrator.tricky-pc\appdata\roaming\QuickScan 2011-08-01 15:00:26 -------- d-----w- c:\users\administrator.tricky-pc\appdata\local\CrashDumps 2011-08-01 14:49:36 -------- d-----w- c:\users\administrator.tricky-pc\appdata\local\Adobe 2011-08-01 14:01:47 -------- d-----w- c:\users\administrator.tricky-pc\appdata\local\QuickPlay 2011-08-01 14:01:45 -------- d-----w- c:\users\administrator.tricky-pc\appdata\local\ArcSoft 2011-08-01 14:01:23 -------- d-----w- c:\users\administrator.tricky-pc\appdata\local\SupportSoft 2011-08-01 14:01:04 -------- d-----w- c:\users\administrator.tricky-pc\appdata\local\Trusteer 2011-08-01 13:04:13 208896 ----a-w- c:\windows\MBR.exe 2011-08-01 13:04:12 98816 ----a-w- c:\windows\sed.exe 2011-08-01 13:04:12 518144 ----a-w- c:\windows\SWREG.exe 2011-08-01 13:04:12 256000 ----a-w- c:\windows\PEV.exe 2011-07-28 08:56:44 -------- d-----w- C:\972957a43b2d557e1e2362db6e1eff8d 2011-07-28 08:50:09 -------- d-----w- C:\4bc50e099e0061bdded5c7dd 2011-07-28 08:38:17 -------- d-----w- C:\3c63e7097ed858fe4a36897884 2011-07-23 14:18:43 508416 ----a-w- c:\windows\system32\drivers\bthport.sys 2011-07-23 14:18:43 30208 ----a-w- c:\windows\system32\drivers\BTHUSB.SYS 2011-07-23 14:18:39 2043392 ----a-w- c:\windows\system32\win32k.sys 2011-07-23 14:18:29 49152 ----a-w- c:\windows\system32\csrsrv.dll 2011-07-23 14:18:29 375808 ----a-w- c:\windows\system32\winsrv.dll . ==================== Find3M ==================== . 2011-06-22 17:01:26 53816 ----a-w- c:\windows\system32\drivers\RapportKELL.sys 2011-05-31 10:17:18 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl . ============= FINISH: 7:54:49.36 =============== Attach.zip