PDA

View Full Version : Cant Install Anti Virus and Cant run some .exe



uchizenmaru
2010-10-10, 08:06
Hjt log

logfile of trend micro hijackthis v2.0.2
scan saved at 12:58:36 pm, on 10/10/2010
platform: Windows xp sp3 (winnt 5.01.2600)
msie: Internet explorer v6.00 sp3 (6.00.2900.5512)
boot mode: Normal

running processes:
D:\windows\system32\smss.exe
d:\windows\system32\winlogon.exe
d:\windows\system32\services.exe
d:\windows\system32\lsass.exe
d:\program files\webroot\webrootsecurity\wrconsumerservice.exe
d:\windows\system32\svchost.exe
d:\windows\system32\svchost.exe
d:\windows\system32\spoolsv.exe
d:\windows\explorer.exe
d:\windows\vistadrive\vistadrive.exe
d:\program files\lclock\lclock.exe
d:\program files\usb disk security\usbguard.exe
d:\program files\common files\java\java update\jusched.exe
d:\program files\webroot\webrootsecurity\spysweeperui.exe
d:\program files\internet download manager\idman.exe
d:\program files\java\jre6\bin\jqs.exe
d:\windows\system32\svchost.exe
d:\program files\webroot\webrootsecurity\spysweeper.exe
d:\program files\internet download manager\iemonitor.exe
d:\docume~1\overload\locals~1\temp\wincvsyrc.exe
d:\docume~1\overload\locals~1\temp\winpfab.exe
d:\docume~1\overload\locals~1\temp\w74757.exe
d:\program files\bonjour\mdnsresponder.exe
d:\program files\mozilla firefox\firefox.exe
d:\program files\mozilla firefox\plugin-container.exe
d:\documents and settings\overload\my documents\downloads\programs\honinstaller.exe
d:\program files\winrar\winrar.exe
d:\program files\trend micro\hijackthis\hijackthis.exe

r1 - hkcu\software\microsoft\windows\currentversion\internet settings,proxyoverride = *.local
o2 - bho: Idm helper - {0055c089-8582-441b-a0bf-17b458c2a3a8} - d:\program files\internet download manager\idmiecc.dll
o2 - bho: Java(tm) plug-in 2 ssv helper - {dbc80044-a445-435b-bc74-9c25c1c588a9} - d:\program files\java\jre6\bin\jp2ssv.dll
o2 - bho: Jqsiestartdetectorimpl - {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - d:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
o4 - hklm\..\run: [imjpmig8.1] "d:\windows\ime\imjp8_1\imjpmig.exe" /spoil /remadvdef /migration32
o4 - hklm\..\run: [phime2002async] "d:\windows\system32\ime\tintlgnt\tintsetp.exe" /sync
o4 - hklm\..\run: [phime2002a] "d:\windows\system32\ime\tintlgnt\tintsetp.exe" /imename
o4 - hklm\..\run: [vistadrive] "d:\windows\vistadrive\vistadrive.exe"
o4 - hklm\..\run: [unlockerassistant] "d:\program files\unlocker\unlockerassistant.exe" -h
o4 - hklm\..\run: [lclock] "d:\program files\lclock\lclock.exe"
o4 - hklm\..\run: [usb antivirus] "d:\program files\usb disk security\usbguard.exe"
o4 - hklm\..\run: [sunjavaupdatesched] "d:\program files\common files\java\java update\jusched.exe"
o4 - hklm\..\run: [malwarebytes anti-malware (reboot)] "d:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
o4 - hklm\..\run: [spysweeper] "d:\program files\webroot\webrootsecurity\spysweeperui.exe" /startintray
o4 - hkcu\..\run: [idman] "d:\program files\internet download manager\idman.exe" /onboot
o4 - hkus\s-1-5-19\..\runonce: [_nltide_3] rundll32 advpack.dll,launchinfsectionex nlite.inf,c,,4,n (user 'local service')
o4 - hkus\s-1-5-20\..\runonce: [_nltide_3] rundll32 advpack.dll,launchinfsectionex nlite.inf,c,,4,n (user 'network service')
o4 - hkus\s-1-5-18\..\run: [ctfmon.exe] d:\windows\system32\ctfmon.exe (user 'system')
o4 - hkus\s-1-5-18\..\runonce: [_nltide_3] rundll32 advpack.dll,launchinfsectionex nlite.inf,c,,4,n (user 'system')
o4 - hkus\.default\..\run: [ctfmon.exe] d:\windows\system32\ctfmon.exe (user 'default user')
o4 - hkus\.default\..\runonce: [_nltide_3] rundll32 advpack.dll,launchinfsectionex nlite.inf,c,,4,n (user 'default user')
o8 - extra context menu item: Download all links with idm - d:\program files\internet download manager\iegetall.htm
o8 - extra context menu item: Download flv video content with idm - d:\program files\internet download manager\iegetvl.htm
o8 - extra context menu item: Download with idm - d:\program files\internet download manager\ieext.htm
o9 - extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - d:\windows\network diagnostic\xpnetdiag.exe
o9 - extra 'tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - d:\windows\network diagnostic\xpnetdiag.exe
o10 - unknown file in winsock lsp: D:\windows\system32\nwprovau.dll
o23 - service: 1286637858sstr (.1286637858sstr) - unknown owner - d:\documents and settings\all users\application data\webroot\darkuser5003022.exe
o23 - service: ##id_string1.6844f930_1628_4223_b5cc_5bb94b879762## (bonjour service) - apple computer, inc. - d:\program files\bonjour\mdnsresponder.exe
o23 - service: Flexnet licensing service - macrovision europe ltd. - d:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe
o23 - service: Java quick starter (javaquickstarterservice) - sun microsystems, inc. - d:\program files\java\jre6\bin\jqs.exe
o23 - service: Webroot spy sweeper engine (webrootspysweeperservice) - webroot software, inc. (www.webroot.com) - d:\program files\webroot\webrootsecurity\spysweeper.exe
o23 - service: Webroot client service (wrconsumerservice) - webroot software, inc. - d:\program files\webroot\webrootsecurity\wrconsumerservice.exe

--
end of file - 5269 bytes


dds



dds (ver_10-10-10.03) - ntfsx86
run by overload at 13:01:00.43 on sun 10/10/2010
internet explorer: 6.0.2900.5512 browserjavaversion: 1.6.0_21
microsoft windows xp professional 5.1.2600.3.874.63.1033.18.1023.437 [gmt 7:00]

av: Webroot spy sweeper *on-access scanning disabled* (updated) {77e10c7f-2cca-4187-9394-bdbc267ad597}

============== running processes ===============

d:\program files\webroot\webrootsecurity\wrconsumerservice.exe
d:\windows\system32\svchost -k dcomlaunch
d:\windows\system32\svchost -k rpcss
d:\windows\system32\svchost.exe -k netsvcs
d:\windows\system32\svchost.exe -k networkservice
d:\windows\system32\spoolsv.exe
d:\windows\explorer.exe
d:\windows\vistadrive\vistadrive.exe
d:\program files\lclock\lclock.exe
d:\program files\usb disk security\usbguard.exe
d:\program files\common files\java\java update\jusched.exe
d:\program files\webroot\webrootsecurity\spysweeperui.exe
d:\program files\internet download manager\idman.exe
d:\program files\java\jre6\bin\jqs.exe
d:\windows\system32\svchost.exe -k imgsvc
d:\program files\webroot\webrootsecurity\spysweeper.exe
d:\windows\system32\svchost.exe -k localservice
d:\program files\internet download manager\iemonitor.exe
d:\docume~1\overload\locals~1\temp\wincvsyrc.exe
d:\docume~1\overload\locals~1\temp\winpfab.exe
d:\docume~1\overload\locals~1\temp\w74757.exe
d:\program files\bonjour\mdnsresponder.exe
d:\program files\webroot\webrootsecurity\ssu.exe
d:\program files\mozilla firefox\firefox.exe
d:\program files\mozilla firefox\plugin-container.exe
d:\documents and settings\overload\my documents\downloads\programs\honinstaller.exe
d:\program files\winrar\winrar.exe
d:\program files\trend micro\hijackthis\hijackthis.exe
d:\windows\system32\notepad.exe
d:\documents and settings\overload\my documents\downloads\dds.scr
d:\windows\system32\wbem\wmiprvse.exe

============== pseudo hjt report ===============

ustart page = hxxp://www.microsoft.com
udefault_page_url = hxxp://www.microsoft.com
mdefault_page_url = hxxp://www.microsoft.com
mstart page = hxxp://www.microsoft.com
mwindow title = microsoft internet explorer
uinternet settings,proxyoverride = *.local
usearchurl,(default) = hxxp://www.google.com/keyword/%s
mwinlogon: Sfcdisable=-99 (0xffffff9d)
bho: Idmiehlprobj class: {0055c089-8582-441b-a0bf-17b458c2a3a8} - d:\program files\internet download manager\idmiecc.dll
bho: Java(tm) plug-in 2 ssv helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - d:\program files\java\jre6\bin\jp2ssv.dll
bho: Jqsiestartdetectorimpl class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - d:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
urun: [idman] "d:\program files\internet download manager\idman.exe" /onboot
mrun: [imjpmig8.1] "d:\windows\ime\imjp8_1\imjpmig.exe" /spoil /remadvdef /migration32
mrun: [phime2002async] "d:\windows\system32\ime\tintlgnt\tintsetp.exe" /sync
mrun: [phime2002a] "d:\windows\system32\ime\tintlgnt\tintsetp.exe" /imename
mrun: [vistadrive] "d:\windows\vistadrive\vistadrive.exe"
mrun: [unlockerassistant] "d:\program files\unlocker\unlockerassistant.exe" -h
mrun: [lclock] "d:\program files\lclock\lclock.exe"
mrun: [usb antivirus] "d:\program files\usb disk security\usbguard.exe"
mrun: [sunjavaupdatesched] "d:\program files\common files\java\java update\jusched.exe"
mrun: [malwarebytes anti-malware (reboot)] "d:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mrun: [spysweeper] "d:\program files\webroot\webrootsecurity\spysweeperui.exe" /startintray
drun: [ctfmon.exe] d:\windows\system32\ctfmon.exe
drunonce: [_nltide_3] rundll32 advpack.dll,launchinfsectionex nlite.inf,c,,4,n
upolicies-explorer: Nosmconfigureprograms = 1 (0x1)
mpolicies-system: Synchronousmachinegrouppolicy = 0 (0x0)
mpolicies-system: Synchronoususergrouppolicy = 0 (0x0)
mpolicies-system: Enablelua = 0 (0x0)
dpolicies-explorer: Nosmconfigureprograms = 1 (0x1)
ie: Download all links with idm - d:\program files\internet download manager\iegetall.htm
ie: Download flv video content with idm - d:\program files\internet download manager\iegetvl.htm
ie: Download with idm - d:\program files\internet download manager\ieext.htm
ie: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\network diagnostic\xpnetdiag.exe
dpf: {8ad9c840-044e-11d1-b3e9-00805f499d93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
dpf: {cafeefac-0016-0000-0003-abcdeffedcba} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
dpf: {cafeefac-0016-0000-0021-abcdeffedcba} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
dpf: {cafeefac-ffff-ffff-ffff-abcdeffedcba} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
ssodl: Wpdshserviceobj - {aaa288ba-9a4c-45b0-95d7-94d524869db5} - d:\windows\system32\wpdshserviceobj.dll

================= firefox ===================

ff - profilepath - d:\docume~1\overload\applic~1\mozilla\firefox\profiles\ey537v14.default\
ff - component: D:\documents and settings\overload\application data\idm\idmmzcc3\components\idmmzcc.dll
ff - plugin: D:\program files\java\jre6\bin\new_plugin\npdeployjava1.dll
ff - hiddenextension: Java console: No registry reference - d:\program files\mozilla firefox\extensions\{cafeefac-0016-0000-0021-abcdeffedcba}

---- firefox policies ----
d:\program files\mozilla firefox\greprefs\all.js - pref("network.idn.whitelist.xn--mgbaam7a8h", true);
d:\program files\mozilla firefox\greprefs\all.js - pref("network.idn.whitelist.xn--mgberp4a5d4ar", true);

============= services / drivers ===============

r0 ssfs0bbc;ssfs0bbc;d:\windows\system32\drivers\ssfs0bbc.sys [2009-4-21 29808]
r1 idmtdi;idmtdi;d:\windows\system32\drivers\idmtdi.sys [2010-8-25 76768]
r1 vcdrom;virtual cd-rom device driver;d:\program files\system\cpl bonus\vcdrom.sys [2010-10-9 8576]
r2 webrootspysweeperservice;webroot spy sweeper engine;d:\program files\webroot\webrootsecurity\spysweeper.exe [2009-4-21 4048240]
r2 wrconsumerservice;webroot client service;d:\program files\webroot\webrootsecurity\wrconsumerservice.exe [2010-10-9 1205760]
r3 amsint32;amsint32;\??\d:\windows\system32\drivers\tolnt.sys --> d:\windows\system32\drivers\tolnt.sys [?]
s2 .1286637858sstr;1286637858sstr;d:\documents and settings\all users\application data\webroot\darkuser5003022.exe [2009-6-2 425355]

=============== created last 30 ================

2010-10-10 05:58:22 -------- d-----w- d:\program files\trend micro
2010-10-10 05:34:59 -------- d-----w- d:\docume~1\overload\applic~1\garena
2010-10-10 02:35:48 -------- d-----w- d:\docume~1\overload\locals~1\applic~1\adobe
2010-10-10 02:18:44 -------- d-----w- d:\program files\bonjour
2010-10-10 02:07:52 -------- d-----w- d:\program files\common files\macrovision shared

==================== find3m ====================

2010-10-09 15:44:46 103140 --sh--r- d:\ysgksd.pif
2010-10-09 15:40:02 103140 --sh--r- d:\lojf.pif
2010-10-09 15:35:55 73728 ----a-w- d:\windows\system32\javacpl.cpl
2010-10-09 15:35:55 423656 ----a-w- d:\windows\system32\deployjava1.dll
2010-10-09 15:07:08 103140 --sh--r- d:\rgix.pif

============= finish: 13:01:34.78 ===============

uchizenmaru
2010-10-10, 08:08
and also it always choose Do Not Show Hidden Files even though I adjusted i already in Hidden in Registry. It keeps turning in to 2.

uchizenmaru
2010-10-10, 09:30
and i found out this autorun.inf on my C:


[AutoRun]
;
;OeJqFg
ShElL\open\command=unblm.pif
;iNeePniVom
shell\explorE\ComMANd =unblm.pif
;
SHelL\opEn\dEfAult=1
;
oPEn=unblm.pif
;
sHeLl\Autoplay\comMAnD =unblm.pif

tashi
2010-10-10, 18:07
Hello uchizenmaru,

"BEFORE you POST"(READ this Procedure BEFORE Requesting Assistance) (http://forums.spybot.info/showthread.php?t=288)


Posting additional comments or logs before a volunteer responds, can push you back instead of forward, because your thread ends up with a newer date. In addition helpers would think you are already being assisted because of the post count. :eek:

Please start a new topic with one post and containing the DDS logs only.

Best regards. :)