Help - Unable to launch IE or FF - unable to run DDS

Go ahead and end task on it and see if CF will run, if not try CF in safemode

To Enter Safemode
  • Go to Start> Shut off your Computer> Restart
  • As the computer starts to boot-up, Tap the F8 KEY somewhat rapidly,
    this will bring up a menu.
  • Use the Up and Down Arrow Keys to scroll up to Safemode with Networking
  • Then press the Enter Key on your Keyboard
Tutorial if you need it How to boot into Safemode
 
ComboFix - Running under safe mode

Combofix is running under safemode.

It is running on a blue screen with the title "Autoscan"

It has made it to stage 2 and there is a blinking cursor on the next line...

Checking Task manager the process is running at about 4000k usage when I checked....


I'll let you know as soon as it completes..

You have stuck with me all day on this and I really appreciate it. having been out of work for over 12 months, I'm up for 2 or 3 very important interviews this week and having the computer running correctly is critical...

Thanks again

Lee
 
Lee, been a loooooong day, been at this since 4 am, take your time and I will be back in the am around 4
 
Ok i will see you then... should I just let this go as long as it takes??

Again.. I really appreciate all the help.

Lee
 
ComboFix Log

YEAH!!!

Ok the combofix ran through in safe mode.

I rebooted into regular mode and IE came up fine right off.

Below is the combofix log:

ComboFix 11-05-09.04 - Lee F. Mallory 05/10/2011 19:55:11.2.2 - FAT32x86 NETWORK
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2046.1587 [GMT -4:00]
Running from: c:\documents and settings\Lee F. Mallory\Desktop\ComboFix-11x.exe
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Lee F. Mallory\Application Data\Microsoft\services391.exe
c:\program files\Internet Explorer\Copy of iexplore.bat
c:\program files\Internet Explorer\iexplorex.bat
c:\program files\Veehd Plugin\tbHElper.dll
.
.
((((((((((((((((((((((((( Files Created from 2011-04-11 to 2011-05-11 )))))))))))))))))))))))))))))))
.
.
2011-05-10 17:05 . 2011-05-10 17:05 -------- d-----w- C:\_OTL
2011-05-08 01:53 . 2011-05-08 01:53 -------- d-----w- c:\documents and settings\Lee F. Mallory\Application Data\IObit
2011-05-08 01:53 . 2011-05-08 01:53 -------- d-----w- c:\documents and settings\All Users\Application Data\IObit
2011-05-08 01:53 . 2011-05-08 01:53 -------- d-----w- c:\program files\IObit
2011-05-06 21:45 . 2011-05-06 21:45 11776 ----a-w- c:\program files\Mozilla Firefox\plugins\nprjplug.dll
2011-05-06 21:44 . 2011-05-06 21:45 -------- d-----w- c:\program files\Common Files\xing shared
2011-05-06 21:44 . 2011-05-06 21:44 150712 ----a-w- c:\program files\Mozilla Firefox\plugins\nppl3260.dll
2011-05-06 21:44 . 2011-05-06 21:44 105472 ----a-w- c:\program files\Mozilla Firefox\plugins\nprpjplug.dll
2011-05-06 21:44 . 2011-05-06 21:44 -------- d-----w- c:\program files\real
2011-05-03 17:34 . 2011-05-03 17:34 -------- d-----w- c:\documents and settings\Lee F. Mallory\Local Settings\Application Data\Autodesk
2011-05-01 00:29 . 2011-05-01 00:29 -------- d-----w- c:\documents and settings\Lee F. Mallory\Application Data\Toolbar4
2011-05-01 00:28 . 2011-05-01 00:28 -------- d-----w- c:\program files\Veehd Plugin
2011-05-01 00:27 . 2011-05-01 00:27 -------- d-----w- c:\program files\VEEHD
2011-04-29 19:51 . 2011-04-29 19:51 -------- d-----w- c:\documents and settings\All Users\Application Data\eJ06511HdKiI06511
2011-04-27 16:52 . 2011-04-27 16:52 -------- d-----w- c:\documents and settings\Lee F. Mallory\Local Settings\Application Data\Microsoft Help
2011-04-26 18:43 . 2011-04-26 18:43 -------- d-----w- c:\program files\Yontoo Layers
2011-04-26 18:43 . 2011-04-26 18:43 -------- d-----w- c:\documents and settings\Lee F. Mallory\Local Settings\Application Data\Babylon
2011-04-26 18:43 . 2011-04-26 18:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Babylon
2011-04-26 18:43 . 2011-04-26 18:43 -------- d-----w- c:\documents and settings\Lee F. Mallory\Application Data\Babylon
2011-04-22 20:44 . 2011-04-22 20:44 625664 ----a-w- c:\temp\rar\dds[1].scr
2011-04-15 01:42 . 2011-04-15 01:42 -------- d-----w- c:\documents and settings\Lee F. Mallory\Local Settings\Application Data\The Weather Channel
2011-04-15 01:36 . 2011-04-15 01:36 -------- d-----w- c:\program files\The Weather Channel FW
2011-04-13 23:53 . 2011-04-13 23:53 -------- d-----w- c:\documents and settings\Lee F. Mallory\Local Settings\Application Data\Apple Computer
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-18 13:42 . 2011-02-18 13:42 53248 ----a-r- c:\documents and settings\Lee F. Mallory\Application Data\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
1998-12-08 18:53 . 1998-12-08 18:53 99840 ----a-w- c:\program files\Common Files\IRAABOUT.DLL
1998-12-08 18:53 . 1998-12-08 18:53 70144 ----a-w- c:\program files\Common Files\IRAMDMTR.DLL
1998-12-08 18:53 . 1998-12-08 18:53 48640 ----a-w- c:\program files\Common Files\IRALPTTR.DLL
1998-12-08 18:53 . 1998-12-08 18:53 31744 ----a-w- c:\program files\Common Files\IRAWEBTR.DLL
1998-12-08 18:53 . 1998-12-08 18:53 186368 ----a-w- c:\program files\Common Files\IRAREG.DLL
1998-12-08 18:53 . 1998-12-08 18:53 17920 ----a-w- c:\program files\Common Files\IRASRIAL.DLL
2010-10-14 02:28 . 2011-01-29 13:23 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-04-27_10.46.36 )))))))))))))))))))))))))))))))))))))))))
.
- 2006-05-01 16:42 . 2011-04-26 16:07 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2006-05-01 16:42 . 2011-05-10 23:18 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2011-04-27 13:59 . 2011-05-10 23:18 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2006-05-01 16:42 . 2011-04-26 16:07 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2011-05-06 21:45 . 2011-05-06 21:45 18944 c:\windows\Installer\1d2ef08.msi
+ 2011-05-06 21:44 . 2011-05-06 21:44 92672 c:\windows\Installer\1d2eeff.msi
+ 2011-04-27 15:57 . 2011-04-27 15:57 21504 c:\windows\Installer\11e55b8.msi
- 2006-05-31 04:41 . 2006-05-31 04:41 5632 c:\windows\system32\pndx5032.dll
+ 2011-05-06 21:44 . 2011-05-06 21:44 5632 c:\windows\system32\pndx5032.dll
+ 2011-05-06 21:44 . 2011-05-06 21:44 6656 c:\windows\system32\pndx5016.dll
- 2006-05-31 04:41 . 2006-05-31 04:41 6656 c:\windows\system32\pndx5016.dll
+ 2011-05-06 21:44 . 2011-05-06 21:44 198848 c:\windows\system32\rmoc3260.dll
+ 2006-05-31 04:41 . 2011-05-06 21:44 272896 c:\windows\system32\pncrt.dll
+ 2006-04-22 23:55 . 2011-05-10 22:17 131454 c:\windows\system32\nvModes.dat
+ 2006-05-01 18:30 . 2011-05-06 22:11 3817472 c:\windows\Installer\73c93.msi
- 2006-05-01 18:30 . 2011-04-26 12:23 3817472 c:\windows\Installer\73c93.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{32EA9CD0-5187-4FE3-B989-B4D1408D2802}"= "c:\program files\Veehd Plugin\tbcore3.dll" [2011-04-19 2636800]
.
[HKEY_CLASSES_ROOT\clsid\{32ea9cd0-5187-4fe3-b989-b4d1408d2802}]
[HKEY_CLASSES_ROOT\TBSB05541.TBSB05541.3]
[HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
[HKEY_CLASSES_ROOT\TBSB05541.TBSB05541]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{32EA9CD0-5187-4FE3-B989-B4D1408D2802}"= "c:\program files\Veehd Plugin\tbcore3.dll" [2011-04-19 2636800]
.
[HKEY_CLASSES_ROOT\clsid\{32ea9cd0-5187-4fe3-b989-b4d1408d2802}]
[HKEY_CLASSES_ROOT\TBSB05541.TBSB05541.3]
[HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
[HKEY_CLASSES_ROOT\TBSB05541.TBSB05541]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ModemOnHold"="c:\program files\NetWaiting\netWaiting.exe" [2003-09-10 20480]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-22 68856]
"DW6"="c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe" [2010-06-04 822384]
"Logitech Vid"="c:\program files\Logitech\Vid\Vid.exe" [2010-05-11 6061400]
"Logitech Vid HD"="c:\program files\Logitech\Vid\vid.exe" [2010-05-11 6061400]
"AOL Fast Start"="c:\program files\AOL 9.5\AOL.EXE" [2010-03-23 29520]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ShowLOMControl"="1 (0x1)" [X]
"nwiz"="nwiz.exe" [2007-11-17 1626112]
"NVHotkey"="nvHotkey.dll" [2007-11-17 86016]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-28 667718]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-12-28 602182]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947]
"Document Manager"="c:\program files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe" [2006-03-09 98304]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-10 49152]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"Venturi Configurator"="c:\program files\Venturi2\Configurator\ventcfg.exe" [2004-03-08 680063]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]
"AOLDialer"="c:\program files\Common Files\AOL\ACS\AOLDial.exe" [2006-10-23 71216]
"SigmatelSysTrayApp"="stsystra.exe" [2006-02-10 282624]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 110592]
"lxcemon.exe"="c:\program files\Lexmark 4300 Series\lxcemon.exe" [2005-08-02 192512]
"EzPrint"="c:\program files\Lexmark 4300 Series\ezprint.exe" [2005-07-26 94208]
"bacstray"="c:\program files\Broadcom\BACS\BacsTray.exe" [2005-10-28 118784]
"HostManager"="c:\program files\Common Files\AOL\1290459129\ee\AOLSoftware.exe" [2010-02-10 41800]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-07-27 221184]
"nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2009-07-07 647216]
"nmapp"="c:\program files\Pure Networks\Network Magic\nmapp.exe" [2009-07-08 472112]
"File Helper"="c:\program files\File Helper\2.3.0.8\FileHelper.exe" [2010-04-09 585184]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-18 421888]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-09-01 1164584]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2010-11-22 1193848]
"LWS"="c:\program files\Logitech\LWS\Webcam Software\LWS.exe" [2010-05-07 165208]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [BU]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2011-05-06 273544]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2004-08-04 53760]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe [2005-6-16 49152]
EMBASSY Trust Suite Secure Update.lnk - c:\program files\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe [2005-11-30 192512]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-4-22 24576]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
Symantec Fax Starter Edition Port.lnk - c:\program files\Microsoft Office\Office\1033\OLFSNT40.EXE [1998-12-23 45568]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-12-15 813584]
Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-5-15 217193]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2009-03-18 23:34 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2009-07-20 16:28 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Logitech\\Vid\\Vid.exe"=
.
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [1/22/2011 9:11 PM 84072]
R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [1/22/2011 9:11 PM 271480]
R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\Mcafee\SystemCore\mfefire.exe [1/22/2011 9:13 PM 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [1/22/2011 8:59 PM 141792]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [1/22/2011 9:11 PM 313288]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [1/22/2011 9:11 PM 88544]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [8/4/2004 12:00 PM 14336]
S2 ASFIPmon;Broadcom ASF IP Monitor;c:\program files\Broadcom\ASFIPMon\AsfIpMon.exe [10/18/2005 5:11 PM 61440]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [10/9/2010 8:45 PM 135664]
S2 IS360service;IS360service;c:\program files\IObit\IObit Security 360\is360srv.exe [5/7/2011 9:53 PM 312152]
S2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [12/15/2009 7:21 AM 10384]
S2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [1/22/2011 9:11 PM 271480]
S2 mi-raysat_3dsmax2011_32;mental ray 3.8 Satellite for Autodesk 3ds Max 2011 32-bit 32-bit;c:\program files\Autodesk\3DS Max 2011\mentalimages\satellite\raysat_3dsmax2011_32server.exe [3/10/2010 2:10 AM 86016]
S2 mitsijm2011;Autodesk Moldflow Inventor Tool Suite Integration 2011 Job Manager;c:\program files\Autodesk\Inventor 2011\Moldflow\bin\mitsijm.exe [1/22/2010 6:42 PM 462336]
S2 Viewpoint Manager Service;Viewpoint Manager Service;"c:\program files\Viewpoint\Common\ViewpointService.exe" --> c:\program files\Viewpoint\Common\ViewpointService.exe [?]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [1/22/2011 9:11 PM 55840]
S3 CompFilter;UVCCompositeFilter;c:\windows\system32\drivers\lvbusflt.sys [5/14/2010 4:58 PM 20704]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [10/9/2010 8:45 PM 135664]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [1/15/2010 8:49 AM 227232]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [1/22/2011 9:11 PM 88544]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [1/22/2011 9:11 PM 84264]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - LBEEPKE
*NewlyCreated* - MDMXSDK
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2011-05-10 c:\windows\Tasks\User_Feed_Synchronization-{2A7078BE-01C3-4591-B22D-FE734C6AB8DA}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 08:31]
.
2011-05-01 c:\windows\Tasks\File Helper.job
- c:\program files\File Helper\2.3.0.8\FileHelper.exe [2010-04-13 13:45]
.
2011-05-07 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]
.
2011-05-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-10 00:45]
.
2011-05-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-10 00:45]
.
2011-05-10 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-3923555660-1190350133-623060438-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 14:47]
.
2011-05-10 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-3923555660-1190350133-623060438-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 14:47]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.aol.com
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
LSP: %SYSTEMROOT%\system32\biolsp.dll
Trusted Zone: intuit.com\ttlc
Trusted Zone: turbotax.com
TCP: {40F7E621-301F-4B07-848F-9259306DC1ED} = 208.67.220.220,208.67.222.222
TCP: {679427EA-E3FE-4F13-8ADB-F1C8E6FA0B22} = 208.67.220.220,208.67.222.222
TCP: {F87D22A7-0A8E-4D59-A1A6-0073BBF96B85} = 208.67.220.220,208.67.222.222
FF - ProfilePath - c:\documents and settings\Lee F. Mallory\Application Data\Mozilla\Firefox\Profiles\mbtr1unv.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage -
.
.
------- File Associations -------
.
.scr=AutoCADScriptFile
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKCU-Run-Adobe Reader Speed Launcher - c:\documents and settings\Lee F. Mallory\Application Data\Microsoft\services391.exe
HKLM-Run-Adobe Reader Speed Launcher - c:\documents and settings\Lee F. Mallory\Application Data\Microsoft\services391.exe
SSODL-bestreak- - (no file)
AddRemove-{7760A193-8668-4FAB-B1B1-525C259F84DC}_is1 - c:\program files\File Helper\2.5.3.0\unins000.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-05-10 21:04
Windows 5.1.2600 Service Pack 2 FAT NTAPI
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Intel\Wireless\Folders\8*Á*& ]
"Path"="c:\\WINDOWS\\system32\\config\\systemprofile\\Application Data\\Intel\\Wireless\\"
.
[HKEY_LOCAL_MACHINE\software\Intel\Wireless\Folders\Æ**& ]
"Path"="c:\\WINDOWS\\system32\\config\\systemprofile\\Application Data\\Intel\\Wireless\\"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1336)
c:\program files\Citrix\GoToAssist\514\G2AWinLogon.dll
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll
.
Completion time: 2011-05-10 21:05:53
ComboFix-quarantined-files.txt 2011-05-11 01:05
.
Pre-Run: 18,615,074,816 bytes free
Post-Run: 18,556,026,880 bytes free
.
- - End Of File - - 598861D00F3C9E792CED4C526F6FA58E
 
Morning Update

KEN545

Good Morning...

Everything seems to be running OK.

I ran full scans of SpybotSD, Malwarebytes, I0bit Security 360, and McAfee last night and all went well.

FireFox 4 is loaded and seems to be running fine.

There seems to be one or two "visual" differences to the interface (Taskbar color / format).

I have yet to reboot again.

I thought I would wait for you to finish your review - no sense in going back to the beginning again if there was something we needed to do before I rebooted now we are this far along.

Thank You

Lee
 
Update

KEN545

OK it appears there are still more issues, so I wanted to update you in case it was pertinant to your review of the CF log...

1. Calling up a second IE window, the window does a couple of strange things:

a. Window flashes up and then off
b. Window comes all the way up to home page, then flashes off

2. Opening linked IE window from email in new window only works sporadically and exhibits the symptoms above, but I was able to get it to work once (this session I am typing in now).

3. Opening a new tab from email link, the tab opens, but never finds the page being looked for, but does not error out either.

Thanks

Lee
 
Lee,

Open Internet Explorer and go to Tools > Manage Add Ons and remove all your add ons, you may have one or two that are causing problems
 
KEN545

... My system just rebooted itself... don't know why exactly

Anyway it is in the middle of checking the "c" drive...

Should be back online in a minute or so and I will let you know how it comes back up
 
Ok.. Its all back up and I still have IE operational - so I guess that is progress!!

I disabled all Toolbars and extensions (could not remove - not an option)

I removed all search providers but google

I removed all accelorators

no InPrivate Filtering present


Result:

Tabs seem to be opening fine

New windows seem to be opening fine


Lee
 
Security Software all blocked

... I hate to report this...

but since the reboot it looks like all my security software is blocked... again

none of it comes up...

Lee
 
This is just plain weird...

SpybotSD will not come up at all

Malwarebytes comes up ever 4th try pretty regularly

McAfee comes up ever 4th try pretty regularly and if you shut it down and go right back in immediatly it seems to come up.

Security 360 will not come up at all...

Everything else seem ok... seems


Thanks

Lee
 
I seriously wish you were sitting here seeing this for yourself... this reminds me of when I was a CAD Manager over several offices and some of the network plotting issues we used to have - hard to believe if you were not there seeing it with your own eyes...

Now SpybotSD, malwarebytes, and McAfee are all coming up fine... Security 360 is blocked.

Hopefully this makes some sense to you...

Lee
 
Lee,

When your computer reboots and goes right to Chkdsk, not always but it could be a warning that your hard drive is failing, what I would like you to do is post here and let them know about that and they can run you through some tests to check your drive, all us forums work together so link them to this thread so they can see what we have done. Just tell them about the reboot and going to Chkdsk and ask them if they can run you though some tests to check the health of your hard drive
http://forums.whatthetech.com/index.php?showforum=119


Then I would like you to drag aswMBR to the trash and download a fresh copy, just run the scan and post the log, just want to make sure the rootkit is gone

Download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan
aswMBR1.png


On completion of the scan click save log, save it to your desktop and post in your next reply
aswMBR2.png
 
Update

OK I downloaded the zip version of aswMBR

I ran it and got a log file

Then everything went haywire...

The spybot site (this one) closed

The AOL site I run email through became very sluggish and closed

I was getting an almost constant hit to the HD

I did copy the log file to a thumb drive (see below)

I can get into IE, but my email is blocked.


aswMBR version 0.9.4 Copyright(c) 2011 AVAST Software
Run date: 2011-05-11 08:56:26
-----------------------------
08:56:26.921 OS Version: Windows 5.1.2600 Service Pack 2
08:56:26.921 Number of processors: 2 586 0xE08
08:56:27.031 ComputerName: LFM-01 UserName:
08:57:04.890 Initialize success
08:57:14.796 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
08:57:15.000 Disk 0 Vendor: Hitachi_HTS721010G9SA00 MCZOC10H Size: 95396MB BusType: 3
08:57:17.187 Disk 0 MBR read successfully
08:57:17.187 Disk 0 MBR scan
08:57:19.187 Disk 0 scanning sectors +195366465
08:57:19.234 Disk 0 scanning C:\WINDOWS\system32\drivers
08:57:36.484 Service scanning
08:57:41.328 Disk 0 trace - called modules:
08:57:41.359 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
08:57:41.375 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8abb6030]
08:57:41.375 3 CLASSPNP.SYS[ba11905b] -> nt!IofCallDriver -> \Device\00000086[0x8ac419e8]
08:57:41.375 5 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8ac40940]
08:57:41.375 Scan finished successfully
 
There seems to be no end to the problems on this computer, we seem to take two steps forward and then three back, you may want to think about doing a windows repair, what this would do is reinstall windows on top of the current one and in the process will fix things as it installs, you wont lose any data.

The other option that I strongly recommend is to save all your data and then do a format and reinstall of windows, this will guarantee a nice clean stable operating system .

Before you make your choice, run this free online virus scanner, it may give us more info

ESET Online Scanner
I'd like us to scan your machine with ESET OnlineScan

*Note
It is recommended to disable onboard antivirus program and antispyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your antivirus along with your antispyware programs.


  1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  2. Click the
    esetOnline.png
    button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    1. Click on
      esetSmartInstall.png
      to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the
      esetSmartInstallDesktopIcon.png
      icon on your desktop.
  4. Check
    esetAcceptTerms.png
  5. Click the
    esetStart.png
    button.
  6. Accept any security warnings from your browser.
  7. Check
    esetScanArchives.png
  8. Make sure that the option "Remove found threats" is Unchecked
  9. Push the Start button.
  10. ESET will then download updates for itself, install itself, and begin
    scanning your computer. Please be patient as this can take some time.
  11. When the scan completes, push
    esetListThreats.png
  12. Push
    esetExport.png
    , and save the file to your desktop using a unique name, such as
    ESETScan. Include the contents of this report in your next reply.
  13. Push the
    esetBack.png
    button.
  14. Push
    esetFinish.png
Please make sure you include the following items in your next post:
The log that was produced after running ESET Online Scanner.
 
This is the first real virus attack I have had on this computer. I am normally very careful and make sure I keep the anti-virus software up and running and up to date.

That said - I am back to being blocked from launching IE or FF

However, now all the virus software is unblocked.

Its like round and round we go, as if the virus is hiding in several locations - like fighting cancer.

OK... since I cannot run ESET online, can it be downloaded?

If not maybe the windows repair is the best option. I would really like to avoid the reformat... Besides, if I pull all the files off, what is to stop the sneaky virus from going with them? It seems impervious to any of the anti-virus,

Lee
 
You must log in or register to reply here.
Back
Top