Having no success. Help, please?

Discussion in 'Malware Help (A Specialist Will Reply)' started by damputer, Nov 4, 2010.

  1. damputer

    damputer Private E-2

    It started a month or so ago with Chrome telling me it had "encountered a problem and must close down". I wasn't overly concerned, because I had encountered that occasionally ever since I started using Chrome a year ago. Then two weeks ago, I started getting "Generic Host Process for Win32 Services has encountered a problem and must close down" after having the computer up for 1/2 hour or so. Then Chrome couldn't open any page, and Opera would only open to the home page.

    So far I have run everything in the R & R Me First thread. Combofix ended up giving me the BSOD after running through all the tests and telling me it needed to reboot. After 2 more attempts to reboot, it come up fine.

    I got through the other scans, but still no luck. I would appreciate any help that might be offered.

    Here are the logs, I hope.

    SUPERAntiSpyware Scan Log
    http://www.superantispyware.com

    Generated 11/04/2010 at 04:21 PM

    Application Version : 4.44.1000

    Core Rules Database Version : 5747
    Trace Rules Database Version: 3559

    Scan type : Complete Scan
    Total Scan Time : 01:07:17

    Memory items scanned : 587
    Memory threats detected : 0
    Registry items scanned : 8037
    Registry threats detected : 0
    File items scanned : 27989
    File threats detected : 0
    --------------------------------------
    Malwarebytes' Anti-Malware 1.46
    www.malwarebytes.org

    Database version: 4943

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    11/4/2010 5:49:53 PM
    mbam-log-2010-11-04 (17-49-53).txt

    Scan type: Full scan (C:\|)
    Objects scanned: 222681
    Time elapsed: 1 hour(s), 22 minute(s), 33 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)
    -------------------------------------
    ComboFix 10-11-03.04 - dad 11/04/2010 19:23:36.1.2 - x86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.617 [GMT -5:00]
    Running from: E:\ComboFix.exe
    AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
    .
    ---------------------------------------
    ==================================================
    Scan Start Time: 2010/11/04 20:32
    Program Version: Version 1.3.5.0
    Windows Version: Windows XP SP3
    ==================================================

    Hidden/Locked Files
    -------------------
    Path: C:\hiberfil.sys
    Status: Locked to the Windows API!

    Path: C:\WINDOWS\Prefetch\OPERA.EXE-3B75DA17.pf
    Status: Visible to the Windows API, but not on disk.

    Path: C:\Documents and Settings\NetworkService\Cookies\system@scorecardresearch[3].txt
    Status: Invisible to the Windows API!

    Path: C:\Documents and Settings\NetworkService\Cookies\system@egotvonline[2].txt
    Status: Invisible to the Windows API!

    Path: C:\Documents and Settings\NetworkService\Cookies\system@bluekai[2].txt
    Status: Visible to the Windows API, but not on disk.

    Path: C:\Documents and Settings\NetworkService\Cookies\system@egotvonline[1].txt
    Status: Visible to the Windows API, but not on disk.

    Path: C:\Documents and Settings\NetworkService\Cookies\system@scorecardresearch[4].txt
    Status: Visible to the Windows API, but not on disk.

    Path: C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\967DXZ8F\cookies[1].js
    Status: Visible to the Windows API, but not on disk.

    Path: C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\EATWEEDD\int[1].js
    Status: Visible to the Windows API, but not on disk.

    Path: C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\FK7HGC5D\top_youtube_logo[1].jpg
    Status: Visible to the Windows API, but not on disk.

    Path: c:\documents and settings\networkservice\local settings\temporary internet files\content.ie5\trmc4gpb\jquery[1].js
    Status: Size mismatch (API: 48273, Raw: 24679)

    Path: C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\TRMC4GPB\600chocolateplans_com[1].htm
    Status: Visible to the Windows API, but not on disk.
     
    damputer, Nov 4, 2010
    #1
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Welcome to Major Geeks!

    Please do not post any logs in line like you are doing. See our sticky thread instructions which explain how to attach logs.


    You need to attach the rest of the requested logs from MGtools

    Also you need to put ComboFix on your Desktop as instructed. It should not have been run from your E drive.


    Right now I suspect that you may not be having malware problems.
     
    chaslang, Nov 4, 2010
    #2

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds