Welcome to Tech Support Forum home to more then 136,000 problems solved. Issues have included: Spyware, Malware, Virus Issues, Windows, Microsoft, Linux, Networking, Security, Hardware, and Gaming Getting your problem solved is as easy as:
1. Registering for a free account
2. Asking your question
3. Receiving an answer

Registered members:
* Get free support
* Communicate privately with other members (PM).
* Removal of this message
* See fewer ads.
* And much more..

 


Want to know how to post a question? click here Having problems with spyware and pop-ups? First Steps
Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help
Reload this Page Virus problems...firewall greyed out
User Name
Password
Site Map Register Donate Rules Blogs Mark Forums Read


Virus/Trojan/Spyware Help Get Rid Of Malware With Help From Our Analysts. Follow the "First Steps" link at the top right of each page before posting for help.

Reply
Page 1 of 2 1 2
 
LinkBack Thread Tools
Old 09-20-2009, 12:24 PM   #1 (permalink)
Registered User
 
Join Date: Sep 2009
Posts: 19
OS: XP


Virus problems...firewall greyed out
Hi all,

Seem to have a virus and have tried everything possible apart from this....so here goes. Can;t update microsoft updates or turn on firewall as it is greyed out. So am looking for somee help please...thanks.


DDS (Ver_09-07-30.01) - FAT32x86
Run by Owner at 19:11:42.23 on 20/09/2009
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.510.114 [GMT 1:00]

AV: avast! antivirus 4.8.1351 [VPS 090905-0] *On-access scanning enabled* (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\IObit\IObit Security 360\IS360srv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Creative\Shared Files\CTSched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\BacsTray.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Creative\Shared Files\Software Update\AutoUpdate.exe
C:\Program Files\IObit\IObit Security 360\IS360tray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\FinePixViewerS\QuickDCF2.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Owner\Desktop\dds.scr
C:\WINDOWS\System32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.co.uk/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uWindow Title = Internet Explorer Provided By Sky Broadband
uDefault_Page_URL = hxxp://www.sky.com
mDefault_Search_URL = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = hxxp://www.mytalktalk.co.uk/
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn2\yt.dll
mURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn2\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn2\yt.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn2\yt.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [swg] c:\program files\google\googletoolbarnotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
uRun: [Sonic RecordNow!]
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [CreativeTaskScheduler] "c:\program files\creative\shared files\CTSched.exe" /logon
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [BCMSMMSG] BCMSMMSG.exe
mRun: [Dell AIO Printer A920] "c:\program files\dell aio printer a920\dlbkbmgr.exe"
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [StorageGuard] "c:\program files\common files\sonic\update manager\sgtray.exe" /r
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [bacstray] BacsTray.exe
mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop album starter edition\3.2\apps\apdproxy.exe"
mRun: [winntR1] c:\winnt_\winntR1.exe
mRun: [winnt2] c:\winnt_\winnt2.exe
mRun: [winnt3] c:\winnt_\winnt3.exe
mRun: [winnt4] c:\winnt_\winnt4.exe
mRun: [winnt6] c:\winnt_\winnt6.exe
mRun: [Creative Software Update] "c:\program files\creative\shared files\software update\AutoUpdate.exe" /Silent
mRun: [IObit Security 360] c:\program files\iobit\iobit security 360\IS360tray.exe
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\documents and settings\owner\start menu\programs\startup\PowerReg Scheduler V3.exe
StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\exifla~1.lnk - c:\program files\finepixviewers\QuickDCF2.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.sky.com
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: bupa.co.uk
Trusted Zone: bupa.com
TCP: {6E545277-EB04-4F2A-B4C3-96C819B1132D} = 192.168.0.1
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GR99D3~1.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxsrvc.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\8mmghrw6.default\
FF - plugin: c:\program files\mozilla firefox\plugins\npicaN.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-8-25 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-1-23 20560]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2008-8-25 138680]
R2 IS360service;IS360service;c:\program files\iobit\iobit security 360\is360srv.exe [2009-8-29 305936]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2008-8-25 254040]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2008-8-25 352920]
R3 V0260VID;Live! Cam Vista IM;c:\windows\system32\drivers\V0260Vid.sys [2008-10-15 162176]
S3 aswArKrn;aswArKrn;\??\c:\docume~1\owner\locals~1\temp\aswarkrn.sys --> c:\docume~1\owner\locals~1\temp\aswArKrn.sys [?]
S3 rootrepeal;rootrepeal;\??\c:\windows\system32\drivers\rootrepeal.sys --> c:\windows\system32\drivers\rootrepeal.sys [?]
S3 s0017bus;Sony Ericsson Device 0017 driver (WDM);c:\windows\system32\drivers\s0017bus.sys [2009-6-1 90536]
S3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;c:\windows\system32\drivers\s0017mdfl.sys [2009-6-1 15016]
S3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;c:\windows\system32\drivers\s0017mdm.sys [2009-6-1 122152]

=============== Created Last 30 ================

2009-09-16 21:29 <DIR> --d----- c:\program files\uTorrent
2009-09-09 16:28 <DIR> --d----- c:\program files\FinePixViewerS
2009-09-05 22:21 <DIR> --dsh--- C:\FOUND.000
2009-09-05 19:18 <DIR> --d----- c:\program files\Zone Labs
2009-08-30 01:17 229,376 a------- c:\windows\PEV.exe
2009-08-30 01:17 161,792 a------- c:\windows\SWREG.exe
2009-08-30 01:17 98,816 a------- c:\windows\sed.exe
2009-08-30 01:17 <DIR> --ds---- C:\avoidTDSS
2009-08-30 01:17 388,608 a------- c:\windows\system32\CF18355.exe
2009-08-30 01:15 388,608 a------- c:\windows\system32\CF17934.exe
2009-08-29 23:10 <DIR> --d----- c:\docume~1\owner\applic~1\Malwarebytes
2009-08-29 23:10 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-29 23:10 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-08-29 23:10 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-08-29 23:10 <DIR> --d----- c:\docume~1\alluse~1.win\applic~1\Malwarebytes
2009-08-29 22:49 <DIR> --d----- c:\docume~1\alluse~1.win\applic~1\IObit
2009-08-29 22:49 <DIR> --d----- c:\program files\IObit
2009-08-29 19:41 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-08-29 19:41 <DIR> --d----- c:\docume~1\alluse~1.win\applic~1\Spybot - Search & Destroy
2009-08-25 19:49 <DIR> --d----- c:\docume~1\owner\applic~1\ICAClient
2009-08-25 19:47 <DIR> --d----- c:\program files\Citrix

==================== Find3M ====================

2009-09-05 17:18 90,112 a------- c:\windows\DUMP2b46.tmp
2009-08-29 18:47 90,112 a------- c:\windows\DUMP2fe9.tmp
2007-12-02 12:19 200,846 a------- c:\program files\RuntimeSetup.exe
2007-12-02 12:19 1,068 a------- c:\program files\runtimesetup.ini

============= FINISH: 19:13:04.17 ===============
Attached Files
File Type: zip details.zip (3.9 KB, 2 views)
markhtar is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Reply With Quote
Important Information
Join the #1 Tech Support Forum Today - It's Totally Free!

TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free.

Join TechSupportforum.com Today - Click Here

Old 09-21-2009, 05:09 AM   #2 (permalink)
Registered User
 
Join Date: Sep 2009
Posts: 19
OS: XP


Re: Virus problems...firewall greyed out
I deleted UACD.sys - while doing a few checks and thought i would repost all my details again (details2.zip). Thanks.


DDS (Ver_09-07-30.01) - FAT32x86
Run by Owner at 11:59:35.96 on 21/09/2009
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.510.268 [GMT 1:00]

AV: avast! antivirus 4.8.1351 [VPS 090919-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\IObit\IObit Security 360\IS360srv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Creative\Shared Files\CTSched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\BacsTray.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Creative\Shared Files\Software Update\AutoUpdate.exe
C:\Program Files\IObit\IObit Security 360\IS360tray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\FinePixViewerS\QuickDCF2.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Owner\Desktop\dds.scr
C:\WINDOWS\System32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.co.uk/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uWindow Title = Internet Explorer Provided By Sky Broadband
uDefault_Page_URL = hxxp://www.sky.com
mDefault_Search_URL = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = hxxp://www.mytalktalk.co.uk/
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn2\yt.dll
mURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn2\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn2\yt.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn2\yt.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [swg] c:\program files\google\googletoolbarnotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
uRun: [Sonic RecordNow!]
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [CreativeTaskScheduler] "c:\program files\creative\shared files\CTSched.exe" /logon
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [BCMSMMSG] BCMSMMSG.exe
mRun: [Dell AIO Printer A920] "c:\program files\dell aio printer a920\dlbkbmgr.exe"
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [StorageGuard] "c:\program files\common files\sonic\update manager\sgtray.exe" /r
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [bacstray] BacsTray.exe
mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop album starter edition\3.2\apps\apdproxy.exe"
mRun: [winntR1] c:\winnt_\winntR1.exe
mRun: [winnt2] c:\winnt_\winnt2.exe
mRun: [winnt3] c:\winnt_\winnt3.exe
mRun: [winnt4] c:\winnt_\winnt4.exe
mRun: [winnt6] c:\winnt_\winnt6.exe
mRun: [Creative Software Update] "c:\program files\creative\shared files\software update\AutoUpdate.exe" /Silent
mRun: [IObit Security 360] c:\program files\iobit\iobit security 360\IS360tray.exe
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\documents and settings\owner\start menu\programs\startup\PowerReg Scheduler V3.exe
StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\exifla~1.lnk - c:\program files\finepixviewers\QuickDCF2.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.sky.com
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: bupa.co.uk
Trusted Zone: bupa.com
TCP: {6E545277-EB04-4F2A-B4C3-96C819B1132D} = 192.168.0.1
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GR99D3~1.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxsrvc.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\8mmghrw6.default\
FF - plugin: c:\program files\mozilla firefox\plugins\npicaN.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-8-25 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-1-23 20560]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2008-8-25 138680]
R2 IS360service;IS360service;c:\program files\iobit\iobit security 360\is360srv.exe [2009-8-29 305936]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2008-8-25 254040]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2008-8-25 352920]
R3 V0260VID;Live! Cam Vista IM;c:\windows\system32\drivers\V0260Vid.sys [2008-10-15 162176]
S3 aswArKrn;aswArKrn;\??\c:\docume~1\owner\locals~1\temp\aswarkrn.sys --> c:\docume~1\owner\locals~1\temp\aswArKrn.sys [?]
S3 rootrepeal;rootrepeal;\??\c:\windows\system32\drivers\rootrepeal.sys --> c:\windows\system32\drivers\rootrepeal.sys [?]
S3 s0017bus;Sony Ericsson Device 0017 driver (WDM);c:\windows\system32\drivers\s0017bus.sys [2009-6-1 90536]
S3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;c:\windows\system32\drivers\s0017mdfl.sys [2009-6-1 15016]
S3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;c:\windows\system32\drivers\s0017mdm.sys [2009-6-1 122152]

=============== Created Last 30 ================

2009-09-16 21:29 <DIR> --d----- c:\program files\uTorrent
2009-09-09 16:28 <DIR> --d----- c:\program files\FinePixViewerS
2009-09-05 22:21 <DIR> --dsh--- C:\FOUND.000
2009-09-05 19:18 <DIR> --d----- c:\program files\Zone Labs
2009-08-30 01:17 229,376 a------- c:\windows\PEV.exe
2009-08-30 01:17 161,792 a------- c:\windows\SWREG.exe
2009-08-30 01:17 98,816 a------- c:\windows\sed.exe
2009-08-30 01:17 <DIR> --ds---- C:\avoidTDSS
2009-08-30 01:17 388,608 a------- c:\windows\system32\CF18355.exe
2009-08-30 01:15 388,608 a------- c:\windows\system32\CF17934.exe
2009-08-29 23:10 <DIR> --d----- c:\docume~1\owner\applic~1\Malwarebytes
2009-08-29 23:10 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-29 23:10 19,160 a------- c:\windows\system32\drivers\mbam.sys
2009-08-29 23:10 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-08-29 23:10 <DIR> --d----- c:\docume~1\alluse~1.win\applic~1\Malwarebytes
2009-08-29 22:49 <DIR> --d----- c:\docume~1\alluse~1.win\applic~1\IObit
2009-08-29 22:49 <DIR> --d----- c:\program files\IObit
2009-08-29 19:41 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-08-29 19:41 <DIR> --d----- c:\docume~1\alluse~1.win\applic~1\Spybot - Search & Destroy
2009-08-25 19:49 <DIR> --d----- c:\docume~1\owner\applic~1\ICAClient
2009-08-25 19:47 <DIR> --d----- c:\program files\Citrix

==================== Find3M ====================

2009-09-05 17:18 90,112 a------- c:\windows\DUMP2b46.tmp
2009-08-29 18:47 90,112 a------- c:\windows\DUMP2fe9.tmp
2007-12-02 12:19 200,846 a------- c:\program files\RuntimeSetup.exe
2007-12-02 12:19 1,068 a------- c:\program files\runtimesetup.ini

============= FINISH: 12:01:21.34 ===============
Attached Files
File Type: zip details2.zip (3.8 KB, 1 views)
markhtar is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Reply With Quote
Old 09-23-2009, 05:50 AM   #3 (permalink)
Registered User
 
Join Date: Sep 2009
Posts: 19
OS: XP


Re: Virus problems...firewall greyed out
Bumping... :)
markhtar is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Reply With Quote
Old 09-23-2009, 02:06 PM   #4 (permalink)
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 27,024
OS: WinXP and Vista


Re: Virus problems...firewall greyed out
Who advised you to run ComboFix? Post the log please.
__________________

Member of ASAP since 2005
Member of UNITE since 2006

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Reply With Quote
Old 09-23-2009, 03:03 PM   #5 (permalink)
Registered User
 
Join Date: Sep 2009
Posts: 19
OS: XP


Re: Virus problems...firewall greyed out
Hi i haven't run it... i downloaded it as i got desparate and then didn't run it as a forum told me not too.

Thanks,
markhtar is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Reply With Quote
Old 09-23-2009, 03:20 PM   #6 (permalink)
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 27,024
OS: WinXP and Vista


Re: Virus problems...firewall greyed out
Okay, thanks for letting me know. :)

It will require more than one round to properly clean your system. Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Read through this entire procedure and if you have any questions, please ask them before you begin. Then either print out, or copy this page to Notepad and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.

====================================================


Download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

====================================================


Disable your AntiVirus and AntiSpyware applications as they will interfere with our tools and the removal.

Right click on the avast! icon in system tray (looks like this: ) and choose (***Stop On-Access Protection****)

Right click, > Program Settings > Troubleshooting > Tick disable self defense

====================================================


Double click on combofix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.




Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:





Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply for further review.
__________________

Member of ASAP since 2005
Member of UNITE since 2006

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Reply With Quote
Old 09-25-2009, 03:38 PM   #7 (permalink)
Registered User
 
Join Date: Sep 2009
Posts: 19
OS: XP


Re: Virus problems...firewall greyed out
Hi Ried,

Thanks for the advice, i won't be able to try this now till next friday due to the machine being my mother in laws and i won't get my hands on it till then - unless i could do this remotely? Is it possible??

If not, can you please leave this post open till then and i promise to get back to you ASAP....thanks for your time and help!
markhtar is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Reply With Quote
Old 09-25-2009, 06:19 PM   #8 (permalink)
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 27,024
OS: WinXP and Vista


Re: Virus problems...firewall greyed out
No, it's best you are physically in front of the machine while carrying out the instructions. I'll leave this open.
__________________

Member of ASAP since 2005
Member of UNITE since 2006

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Reply With Quote
Old 09-29-2009, 02:08 PM   #9 (permalink)
Registered User
 
Join Date: Sep 2009
Posts: 19
OS: XP


Re: Virus problems...firewall greyed out
Hi Ried,

Got my wife to do the work!!! ;)

ComboFix 09-09-28.01 - Owner 29/09/2009 20:14.1.2 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.510.196 [GMT 1:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1351 [VPS 090919-0] *On-access scanning enabled* (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\recycled\NPROTECT
c:\windows\system32\drivers\fad.sys
c:\windows\system32\i
c:\windows\system32\sySInfo.ocx

.
((((((((((((((((((((((((( Files Created from 2009-08-28 to 2009-09-29 )))))))))))))))))))))))))))))))
.

2009-09-24 10:02 . 2009-09-24 10:02 -------- d-----w- c:\documents and settings\Sofiya.ALIHOMEPC\Local Settings\Application Data\Help
2009-09-21 11:44 . 2009-09-21 11:44 -------- d-----w- C:\FOUND.001
2009-09-21 11:12 . 2009-09-21 11:12 -------- d-----w- c:\documents and settings\Owner\Application Data\uTorrent
2009-09-16 20:29 . 2009-09-16 20:29 -------- d-----w- c:\program files\uTorrent
2009-09-16 20:29 . 2009-09-16 20:29 -------- d-----w- c:\documents and settings\Guest\Application Data\uTorrent
2009-09-09 15:36 . 2009-09-09 15:36 -------- d-----w- c:\documents and settings\Haseena.ALIHOMEPC\Application Data\FUJIFILM
2009-09-09 15:28 . 2009-09-09 15:28 -------- d-----w- c:\program files\FinePixViewerS
2009-09-09 15:28 . 2009-09-09 15:28 -------- d-----w- c:\documents and settings\Sofiya.ALIHOMEPC\Application Data\InstallShield
2009-09-06 15:44 . 2009-09-06 15:44 -------- d-----w- c:\documents and settings\Haseena.ALIHOMEPC\Application Data\U3
2009-09-06 01:14 . 2009-09-06 01:15 70376 ----a-w- c:\documents and settings\Administrator.ALIHOMEPC\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-06 01:13 . 2009-09-06 01:13 -------- d-----w- c:\documents and settings\Administrator.ALIHOMEPC\Application Data\Malwarebytes
2009-09-05 21:21 . 2009-09-05 21:21 -------- d-----w- C:\FOUND.000
2009-09-05 18:28 . 2009-09-05 18:28 -------- d-s---w- c:\documents and settings\Mum\UserData
2009-09-05 18:18 . 2009-09-05 18:18 -------- d-----w- c:\program files\Zone Labs
2009-09-05 16:54 . 2009-09-05 16:54 -------- d-----w- c:\documents and settings\Mum\Application Data\Malwarebytes
2009-09-05 15:28 . 2009-09-05 15:28 -------- d-----w- c:\documents and settings\Mum\Local Settings\Application Data\Adobe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-13 22:17 . 2008-08-26 20:39 70376 ----a-w- c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-12 08:36 . 2008-09-17 17:33 70376 ----a-w- c:\documents and settings\Mum\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-10 13:54 . 2009-08-29 22:10 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 13:53 . 2009-08-29 22:10 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-07 15:36 . 2008-08-27 09:11 70376 ----a-w- c:\documents and settings\Haseena.ALIHOMEPC\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-05 16:18 . 2009-06-11 11:37 90112 ----a-w- c:\windows\DUMP2b46.tmp
2009-08-29 22:10 . 2009-08-29 22:10 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes
2009-08-29 22:10 . 2009-08-29 22:10 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-29 22:10 . 2009-08-29 22:10 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes
2009-08-29 21:49 . 2009-08-29 21:49 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\IObit
2009-08-29 21:49 . 2009-08-29 21:49 -------- d-----w- c:\program files\IObit
2009-08-29 18:41 . 2009-08-29 18:41 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-08-29 18:41 . 2009-08-29 18:41 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2009-08-29 17:47 . 2009-06-11 11:37 90112 ----a-w- c:\windows\DUMP2fe9.tmp
2009-08-25 18:49 . 2009-08-25 18:49 -------- d-----w- c:\documents and settings\Owner\Application Data\ICAClient
2009-08-25 18:47 . 2009-08-25 18:47 -------- d-----w- c:\program files\Citrix
2009-08-17 16:10 . 2008-08-25 18:38 1279456 ----a-w- c:\windows\system32\aswBoot.exe
2009-08-17 16:06 . 2008-08-25 18:38 93392 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-08-17 16:06 . 2008-08-25 18:38 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-08-17 16:05 . 2008-08-25 18:38 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-08-17 16:05 . 2009-01-23 20:04 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-08-17 16:04 . 2008-08-25 18:38 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-08-17 16:04 . 2008-08-25 18:38 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-08-17 16:03 . 2008-08-25 18:38 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-08-17 16:02 . 2008-08-25 18:38 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-08-04 18:13 . 2009-08-04 18:13 -------- d-----w- c:\documents and settings\Mum\Application Data\Apple Computer
2007-12-02 11:19 . 2007-12-02 11:18 1068 ----a-w- c:\program files\runtimesetup.ini
2007-12-02 11:19 . 2007-12-02 11:18 200846 ----a-w- c:\program files\RuntimeSetup.exe
2007-06-21 17:39 . 2007-06-21 17:39 685640 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll
2007-06-21 17:39 . 2007-06-21 17:39 34376 ----a-w- c:\program files\mozilla firefox\plugins\logging.dll
2007-06-21 17:39 . 2007-06-21 17:39 46664 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll
2007-06-21 17:39 . 2007-06-21 17:39 38472 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll
2007-06-21 17:38 . 2007-06-21 17:38 140872 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll
2007-06-21 17:38 . 2007-06-21 17:38 71240 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll
2007-06-21 17:38 . 2007-06-21 17:38 30280 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll
2007-06-21 17:40 . 2007-06-21 17:40 30280 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll
2007-06-21 17:38 . 2007-06-21 17:38 79432 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll
.

------- Sigcheck -------

Cryptography Services Error !!
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CreativeTaskScheduler"="c:\program files\Creative\Shared Files\CTSched.exe" [2006-01-09 53340]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2003-10-02 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2003-10-02 118784]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000]
"Dell AIO Printer A920"="c:\program files\Dell AIO Printer A920\dlbkbmgr.exe" [2003-06-02 270336]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2003-08-06 114741]
"StorageGuard"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-02-13 155648]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-07 136600]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712]
"Creative Software Update"="c:\program files\Creative\Shared Files\Software Update\AutoUpdate.exe" [2006-02-07 417881]
"IObit Security 360"="c:\program files\IObit\IObit Security 360\IS360tray.exe" [2009-08-20 943888]
"BCMSMMSG"="BCMSMMSG.exe" - c:\windows\BCMSMMSG.exe [2003-08-29 122880]
"bacstray"="BacsTray.exe" - c:\windows\system32\BacsTray.exe [2003-01-03 98304]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-04 15360]

c:\documents and settings\Owner\Start Menu\Programs\Startup\
PowerReg Scheduler V3.exe [2009-5-10 225280]

c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
Exif Launcher S.lnk - c:\program files\FinePixViewerS\QuickDCF2.exe [2009-9-9 303104]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\MSMSGS.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\outlook.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\groove.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\onenote.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [25/08/2008 7:38 PM 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [23/01/2009 9:04 PM 20560]
R2 IS360service;IS360service;c:\program files\IObit\IObit Security 360\is360srv.exe [29/08/2009 10:49 PM 305936]
S3 aswArKrn;aswArKrn;\??\c:\docume~1\Owner\LOCALS~1\Temp\aswArKrn.sys --> c:\docume~1\Owner\LOCALS~1\Temp\aswArKrn.sys [?]
S3 s0017bus;Sony Ericsson Device 0017 driver (WDM);c:\windows\system32\drivers\s0017bus.sys [01/06/2009 5:13 PM 90536]
S3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;c:\windows\system32\drivers\s0017mdfl.sys [01/06/2009 5:14 PM 15016]
S3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;c:\windows\system32\drivers\s0017mdm.sys [01/06/2009 5:14 PM 122152]
S3 V0260VID;Live! Cam Vista IM;c:\windows\system32\drivers\V0260Vid.sys [15/10/2008 12:22 AM 162176]
.
Contents of the 'Scheduled Tasks' folder

2009-09-24 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
uInternet Connection Wizard,ShellNext = hxxp://www.mytalktalk.co.uk/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.sky.com
Trusted Zone: bupa.co.uk
Trusted Zone: bupa.com
TCP: {6E545277-EB04-4F2A-B4C3-96C819B1132D} = 192.168.0.1
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\8mmghrw6.default\
FF - plugin: c:\program files\Mozilla Firefox\plugins\npicaN.dll
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-swg - c:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
HKCU-Run-Sonic RecordNow! - (no file)
HKLM-Run-winntR1 - c:\winnt_\winntR1.exe
HKLM-Run-winnt3 - c:\winnt_\winnt3.exe
HKLM-Run-winnt4 - c:\winnt_\winnt4.exe
HKLM-Run-winnt6 - c:\winnt_\winnt6.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-29 20:23
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-09-29 20:25
ComboFix-quarantined-files.txt 2009-09-29 19:25

Pre-Run: 1,533,706,240 bytes free
Post-Run: 9,577,431,040 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

172 --- E O F --- 2008-08-27 18:20


let me know what you see...
markhtar is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Reply With Quote
Old 09-30-2009, 06:38 AM   #10 (permalink)
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 27,024
OS: WinXP and Vista


Re: Virus problems...firewall greyed out
Hello markhtar,

I do see a serious Operating System issue. How is the system behaving? Is this still occurring?
Quote:
Can't update microsoft updates or turn on firewall as it is greyed out.
__________________

Member of ASAP since 2005
Member of UNITE since 2006

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Reply With Quote
Old 10-01-2009, 01:47 PM   #11 (permalink)
Registered User
 
Join Date: Sep 2009
Posts: 19
OS: XP


Re: Virus problems...firewall greyed out
Hi Ried,

Ok got my sister in law to check this time! ;-)

Windows firewall is now activated and i can switch it on and off...
Windows update (from the website) - encounters an issue. Seems like i could add the active X required this time, but the updates did not install - not sure why that is as like i said my sister in law had a check and i wasn't there.

Thanks,

Umar
markhtar is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Reply With Quote
Old 10-01-2009, 03:27 PM   #12 (permalink)
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 27,024
OS: WinXP and Vista


Re: Virus problems...firewall greyed out
Quote:
------- Sigcheck -------

Cryptography Services Error !!
.
I did mention you had some serious Operating Sytem issues.

Click Start>Run and type cmd into the Run box and click OK.

You should see a black box with a white blinking cursor. Type in the following bolded text and press Enter:

NET START CRYPTSVC

Tell me what it said.
__________________

Member of ASAP since 2005
Member of UNITE since 2006

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Reply With Quote
Old 10-03-2009, 06:11 AM   #13 (permalink)
Registered User
 
Join Date: Sep 2009
Posts: 19
OS: XP


Re: Virus problems...firewall greyed out
Ta - see below....

Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.

C:\Documents and Settings\Owner>net start cryptsvc
The requested service has already been started.

More help is available by typing NET HELPMSG 2182.


C:\Documents and Settings\Owner>
markhtar is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Reply With Quote
Old 10-03-2009, 06:34 AM   #14 (permalink)
Registered User
 
Join Date: Sep 2009
Posts: 19
OS: XP


Re: Virus problems...firewall greyed out
Oh and here are the screen shots of trying to install MS updates before after installing the activeX...see attached
Attached Images
File Type: jpg 1.JPG (116.6 KB, 2 views)
File Type: jpg 2.JPG (185.6 KB, 2 views)
markhtar is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Reply With Quote
Old 10-03-2009, 08:01 AM   #15 (permalink)
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 27,024
OS: WinXP and Vista


Re: Virus problems...firewall greyed out
Click Start>Run and type in services.msc

Locate CRYPTSVC and click the Stop button. Leave this open.

Next, using Windows Explorer, locate the folder C:\Windows\System32\catroot2 and rename it to xcatroot.

Now restart the CRYPTSVC and try again to update.
__________________

Member of ASAP since 2005
Member of UNITE since 2006

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Reply With Quote
Old 10-03-2009, 08:12 AM   #16 (permalink)
Registered User
 
Join Date: Sep 2009
Posts: 19
OS: XP


Re: Virus problems...firewall greyed out
Tried to rename the catroot2 to xcatroot but i got access denied...there is also a catroot folder also.

The service stopped and started ok...

thanks,
markhtar is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Reply With Quote
Old 10-03-2009, 08:23 AM   #17 (permalink)
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 27,024
OS: WinXP and Vista


Re: Virus problems...firewall greyed out
Download Junction.zip and save it to your desktop. Double click the junction.zip and extract to your desktop.

Next, open Notepad and copy/paste the contents in the quote box below, into Notepad.

Quote:
junction -s c:\ > log.txt
notepad log.txt
exit
Save this as junction.bat Choose to "Save type as - All Files" and save it to your desktop.


It should look like this:
  • Double click Junction folder to open it.
  • Now drag the junction.bat into the Junction folder
  • Double click the junction.bat and allow it to run -it can take a while to complete, so be patient.
Post the log it produces
__________________

Member of ASAP since 2005
Member of UNITE since 2006

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Reply With Quote
Old 10-03-2009, 08:35 AM   #18 (permalink)
Registered User
 
Join Date: Sep 2009
Posts: 19
OS: XP


Re: Virus problems...firewall greyed out
Junction v1.05 - Windows junction creator and reparse point viewer
Copyright (C) 2000-2007 Mark Russinovich
Systems Internals - http://www.sysinternals.com


Failed to open \\?\c:\\pagefile.sys: Access is denied.


...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

..No reparse points found.
markhtar is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Reply With Quote
Old 10-03-2009, 08:49 AM   #19 (permalink)
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 27,024
OS: WinXP and Vista


Re: Virus problems...firewall greyed out
Stop the CRYPTSVC again.

Click Start>Run type cmd

At the command prompt, type the following bolded text

ren %systemroot%\System32\Catroot2 oldcatroot2

Start the CRYPTSVC

Try to update again.
__________________

Member of ASAP since 2005
Member of UNITE since 2006

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Reply With Quote
Old 10-03-2009, 10:37 AM   #20 (permalink)
Registered User
 
Join Date: Sep 2009
Posts: 19
OS: XP


Re: Virus problems...firewall greyed out
Got access denied in CMD and the windowsupdate had the same activeX issue...
markhtar is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Reply With Quote
Reply
Page 1 of 2 1 2

« Previous Thread | Next Thread »

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off



All times are GMT -7. The time now is 06:09 PM.

Contact Us - Tech Support Forum - Archive - Privacy Statement - Top


Copyright 2001 - 2009, Tech Support Forum
Home Tips Plus | Outdoor Basecamp | Automotive Support Forum

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85