Jump to content

Malwarebytes

MBAM scan runs for 2-3 seconds and closes... *cries*

- - - - -
Started by Mr. Bojangles, Sep 23 2009 11:45 AM

10 replies to this topic

#1
Mr. Bojangles
Posted 23 September 2009 - 11:45 AM

    New Member

  • Members
  • Pip
  • 7 posts

G-day mate,

I am having problems with my PC.

Whenever I go to web addresses i am getting Google search results instead of the page i am looking for (i am typing the addresses into the address bar, not my search engine bar wink.gif ) and i am also sometimes redirected to random web sites. I am unable to run some programs like Windows Live Messenger (platform error) and My Anti-Virus software (AVG 8.5 professional) will not scan my computer. I also do not have the rights to run or change cleanup programs like 'Hijack This' and your 'Malwarebytes Anti-Malware' programs. Windows defender is no better sad.gif . It has been getting progressively worse over the past week or so.

I am running Windows XP Professional. My Anti-Virus is AVG 8.5 professional.

I have read through the forums for some general advice on similar problems however i am not game enough to try anything on my own as i don't want to make things worse :/ .

I am more than willing to allow remote access to my PC if this will help? it is on almost 24/7 so i don't really need to be here if you want to look at stuff or whatever. I thank you in advance for your assistance.

Kind regards,

Mr. Bojangles
It will all work out in the end; if it hasn't worked out, it's not the end...

#2
sjpritch25
Posted 24 September 2009 - 11:17 PM

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 1,605 posts
  • Gender:Male
  • Location:West Coast of Florida
Welcome to Malwarebytes!!!!

Do you still require help?

Please download Win32kDiag.exe by AD to your Desktop.
Double-click on Win32kDiag.exe.
It will create Win32kDiag.txt on your Desktop.
In your next reply, please include the log. Thanks
Microsoft Valuable Professional---MVP Consumer Security 2007-2010
Windows 7 Ultimate 64bit
Gigabyte P55A-UD4P Motherboard Intel i5 750 G.SKILL Ripjaws Series 4GB DDR3 1333 1TB WD 32mb cache
60gb OCZ Vertex Turbo SSD (BOOT drive)Noctua NH-U12P SE2 HeatsinkAntec P183 Case

#3
Mr. Bojangles
Posted 25 September 2009 - 06:37 AM

    New Member

  • Members
  • Pip
  • 7 posts


Hi! yes i do still need help :)

thankyou!

here is the win32diag log:



######################################

Running from: C:\Documents and Settings\Mr. Bojangles\My Documents\Downloads\Win32kDiag.exe

Log file at : C:\Documents and Settings\Mr. Bojangles\Desktop\Win32kDiag.txt

WARNING: Could not get backup privileges!

Searching 'C:\WINDOWS'...



Found mount point : C:\WINDOWS\$hf_mig$\KB893066\KB893066

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB900725\KB900725

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB908531\KB908531

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB912945\KB912945

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB913446\KB913446

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB920213\KB920213

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB921398\KB921398

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB924270\KB924270

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB925902\KB925902

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB932168\KB932168

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB933729\KB933729

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB943460\KB943460

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB943485\KB943485

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB956844\KB956844

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB971961-IE8\KB971961-IE8

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\addins\addins

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP342.tmp\ZAP342.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP428.tmp\ZAP428.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP648.tmp\ZAP648.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP6F8.tmp\ZAP6F8.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP7DA.tmp\ZAP7DA.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP7FC.tmp\ZAP7FC.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPC0.tmp\ZAPC0.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\temp\temp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\tmp\tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Config\Config

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Connection Wizard\Connection Wizard

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Help\SBSI\Training\WXPPRO\Cbz\Cbz

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Help\SBSI\Training\WXPPRO\Lib\Lib

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Help\SBSI\Training\WXPPRO\Wave\Wave

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\imejp\applets\applets

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\imejp98\imejp98

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002105501100000000000000F01FEC\12.0.4518\12.0.4518

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002109511090400000000000F01FEC\12.0.4518\12.0.4518

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002109711090400000000000F01FEC\12.0.4518\12.0.4518

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002109910090400000000000F01FEC\12.0.4518\12.0.4518

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002109B10090400000000000F01FEC\12.0.4518\12.0.4518

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002109F100A0C00000000000F01FEC\12.0.4518\12.0.4518

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002109F100C0400000000000F01FEC\12.0.4518\12.0.4518

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\0DC1503A46F231838AD88BCDDC8E8F7C\3.2.30729\3.2.30729

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\DC3BF90CC0D3D2F398A9A6D1762F70F3\2.2.30729\2.2.30729

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\java\classes\classes

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\java\trustlib\trustlib

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files\Bind Logs\Bind Logs

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\Temporary ASP.NET Files

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\msapps\msinfo\msinfo

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\msdownld.tmp\msdownld.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\ERRORREP\QHEADLES\QHEADLES

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\ERRORREP\QSIGNOFF\QSIGNOFF

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\BATCH\BATCH

Mount point destination : \Device\__max++>\^

Cannot access: C:\WINDOWS\pchealth\helpctr\binaries\helpsvc.exe


<END>

#########################################################
It will all work out in the end; if it hasn't worked out, it's not the end...

#4
Mr. Bojangles
Posted 25 September 2009 - 06:53 AM

    New Member

  • Members
  • Pip
  • 7 posts
sorry here is the rest...



########################################################


Cannot access: C:\WINDOWS\pchealth\helpctr\binaries\helpsvc.exe

[1] 2004-08-04 22:00:00 743936 C:\WINDOWS\$NtServicePackUninstall$\helpsvc.exe (Microsoft Corporation)

[1] 2008-04-14 10:12:21 744448 C:\WINDOWS\pchealth\helpctr\binaries\helpsvc.exe ()

[1] 2008-04-14 10:12:21 744448 C:\WINDOWS\ServicePackFiles\i386\helpsvc.exe (Microsoft Corporation)



Found mount point : C:\WINDOWS\pchealth\helpctr\Config\CheckPoint\CheckPoint

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\HelpFiles\HelpFiles

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\InstalledSKUs\InstalledSKUs

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\System\DFS\DFS

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\System\News\News

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\System_OEM\System_OEM

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\Temp\Temp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\PIF\PIF

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Registration\CRMLog\CRMLog

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\AuthCabs\Downloaded\Downloaded

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\2a8c07aaf8ec0a2dbcb5ab11c4e40d88\backup\backup

Mount point destination : \Device\__max++>\^

Cannot access: C:\WINDOWS\SoftwareDistribution\Download\c263092dccc247f68a43cfee93ecc72d\update\update.exe

[1] 2004-10-15 04:21:58 654848 C:\WINDOWS\$hf_mig$\KB873339\update\update.exe (Microsoft Corporation)

[1] 2004-12-01 08:29:47 654848 C:\WINDOWS\$hf_mig$\KB885250\update\update.exe (Microsoft Corporation)

[1] 2004-10-15 04:34:52 654848 C:\WINDOWS\$hf_mig$\KB885835\update\update.exe (Microsoft Corporation)

[1] 2004-10-15 04:34:48 654848 C:\WINDOWS\$hf_mig$\KB885836\update\update.exe (Microsoft Corporation)

[1] 2004-07-29 09:15:07 654336 C:\WINDOWS\$hf_mig$\KB885894\update\update.exe (Microsoft Corporation)

[1] 2004-10-15 04:34:52 654848 C:\WINDOWS\$hf_mig$\KB886185\update\update.exe (Microsoft Corporation)

[1] 2004-10-14 11:34:54 654848 C:\WINDOWS\$hf_mig$\KB887472\update\update.exe (Microsoft Corporation)

[1] 2004-10-15 04:34:48 654848 C:\WINDOWS\$hf_mig$\KB888113\update\update.exe (Microsoft Corporation)

[1] 2004-10-15 04:34:48 654848 C:\WINDOWS\$hf_mig$\KB888302\update\update.exe (Microsoft Corporation)

[1] 2005-02-25 13:35:05 718048 C:\WINDOWS\$hf_mig$\KB890046\update\update.exe (Microsoft Corporation)

[1] 2004-12-01 08:46:38 654848 C:\WINDOWS\$hf_mig$\KB890047\update\update.exe (Microsoft Corporation)

[1] 2004-10-15 04:21:58 654848 C:\WINDOWS\$hf_mig$\KB890175\update\update.exe (Microsoft Corporation)

[1] 2005-02-25 13:53:09 718048 C:\WINDOWS\$hf_mig$\KB890859\update\update.exe (Microsoft Corporation)

[1] 2004-10-15 04:21:58 654848 C:\WINDOWS\$hf_mig$\KB891781\update\update.exe (Microsoft Corporation)

[1] 2005-02-25 13:35:05 718048 C:\WINDOWS\$hf_mig$\KB893756\update\update.exe (Microsoft Corporation)

[1] 2005-02-25 13:35:05 718048 C:\WINDOWS\$hf_mig$\KB896358\update\update.exe (Microsoft Corporation)

[1] 2005-02-25 13:35:05 718048 C:\WINDOWS\$hf_mig$\KB896422\update\update.exe (Microsoft Corporation)

[1] 2005-02-25 13:35:05 718048 C:\WINDOWS\$hf_mig$\KB896423\update\update.exe (Microsoft Corporation)

[1] 2005-02-25 13:35:05 718048 C:\WINDOWS\$hf_mig$\KB896424\update\update.exe (Microsoft Corporation)

[1] 2005-02-25 13:35:05 718048 C:\WINDOWS\$hf_mig$\KB896428\update\update.exe (Microsoft Corporation)

[1] 2005-02-25 13:35:05 718048 C:\WINDOWS\$hf_mig$\KB898461\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 20:35:06 718048 C:\WINDOWS\$hf_mig$\KB899587\update\update.exe (Microsoft Corporation)

[1] 2005-02-25 13:35:05 718048 C:\WINDOWS\$hf_mig$\KB899589\update\update.exe (Microsoft Corporation)

[1] 2005-02-25 13:35:05 718048 C:\WINDOWS\$hf_mig$\KB899591\update\update.exe (Microsoft Corporation)

[1] 2005-10-13 09:12:29 716000 C:\WINDOWS\$hf_mig$\KB900485\update\update.exe (Microsoft Corporation)

[1] 2005-02-25 13:35:05 718048 C:\WINDOWS\$hf_mig$\KB901017\update\update.exe (Microsoft Corporation)

[1] 2005-02-25 13:35:05 718048 C:\WINDOWS\$hf_mig$\KB901214\update\update.exe (Microsoft Corporation)

[1] 2005-02-25 13:35:05 718048 C:\WINDOWS\$hf_mig$\KB902400\update\update.exe (Microsoft Corporation)

[1] 2005-10-13 09:12:28 716000 C:\WINDOWS\$hf_mig$\KB904706\update\update.exe (Microsoft Corporation)

[1] 2005-02-25 13:35:05 718048 C:\WINDOWS\$hf_mig$\KB905414\update\update.exe (Microsoft Corporation)

[1] 2005-02-25 13:35:05 718048 C:\WINDOWS\$hf_mig$\KB905749\update\update.exe (Microsoft Corporation)

[1] 2005-10-13 09:12:28 716000 C:\WINDOWS\$hf_mig$\KB905915\update\update.exe (Microsoft Corporation)

[1] 2005-10-13 09:12:28 716000 C:\WINDOWS\$hf_mig$\KB908519\update\update.exe (Microsoft Corporation)

[1] 2005-10-13 09:12:28 716000 C:\WINDOWS\$hf_mig$\KB910437\update\update.exe (Microsoft Corporation)

[1] 2005-10-13 09:12:29 716000 C:\WINDOWS\$hf_mig$\KB911280\update\update.exe (Microsoft Corporation)

[1] 2005-10-13 09:12:28 716000 C:\WINDOWS\$hf_mig$\KB911562\update\update.exe (Microsoft Corporation)

[1] 2005-10-13 09:12:28 716000 C:\WINDOWS\$hf_mig$\KB911567\update\update.exe (Microsoft Corporation)

[1] 2005-10-13 09:12:28 716000 C:\WINDOWS\$hf_mig$\KB911927\update\update.exe (Microsoft Corporation)

[1] 2005-10-13 09:12:28 716000 C:\WINDOWS\$hf_mig$\KB912919\update\update.exe (Microsoft Corporation)

[1] 2005-10-13 09:12:29 716000 C:\WINDOWS\$hf_mig$\KB913580\update\update.exe (Microsoft Corporation)

[1] 2005-10-13 09:12:28 716000 C:\WINDOWS\$hf_mig$\KB914388\update\update.exe (Microsoft Corporation)

[1] 2005-10-13 09:12:29 716000 C:\WINDOWS\$hf_mig$\KB914389\update\update.exe (Microsoft Corporation)

[1] 2005-10-13 09:12:28 716000 C:\WINDOWS\$hf_mig$\KB915865\update\update.exe (Microsoft Corporation)

[1] 2005-10-13 09:16:51 716000 C:\WINDOWS\$hf_mig$\KB916595\update\update.exe (Microsoft Corporation)

[1] 2005-10-13 09:12:28 716000 C:\WINDOWS\$hf_mig$\KB917159\update\update.exe (Microsoft Corporation)

[1] 2005-10-13 09:12:28 716000 C:\WINDOWS\$hf_mig$\KB917344\update\update.exe (Microsoft Corporation)

[1] 2005-10-13 09:12:28 716000 C:\WINDOWS\$hf_mig$\KB917422\update\update.exe (Microsoft Corporation)

[1] 2005-10-13 09:12:29 716000 C:\WINDOWS\$hf_mig$\KB918118\update\update.exe (Microsoft Corporation)

[1] 2005-10-13 09:12:28 716000 C:\WINDOWS\$hf_mig$\KB918439\update\update.exe (Microsoft Corporation)

[1] 2005-10-13 09:12:28 716000 C:\WINDOWS\$hf_mig$\KB920214\update\update.exe (Microsoft Corporation)

[1] 2005-10-13 09:12:28 716000 C:\WINDOWS\$hf_mig$\KB920670\update\update.exe (Microsoft Corporation)

[1] 2005-10-13 09:12:28 716000 C:\WINDOWS\$hf_mig$\KB920683\update\update.exe (Microsoft Corporation)

[1] 2005-10-13 09:12:29 716000 C:\WINDOWS\$hf_mig$\KB920685\update\update.exe (Microsoft Corporation)

[1] 2005-10-13 09:12:29 716000 C:\WINDOWS\$hf_mig$\KB920872\update\update.exe (Microsoft Corporation)

[1] 2005-10-13 09:12:28 716000 C:\WINDOWS\$hf_mig$\KB921883\update\update.exe (Microsoft Corporation)

[1] 2005-10-13 09:12:28 716000 C:\WINDOWS\$hf_mig$\KB922582\update\update.exe (Microsoft Corporation)

[1] 2005-10-13 09:12:28 716000 C:\WINDOWS\$hf_mig$\KB922616\update\update.exe (Microsoft Corporation)

[1] 2008-11-16 03:18:04 755576 C:\WINDOWS\$hf_mig$\KB923561\update\update.exe (Microsoft Corporation)

[1] 2005-10-13 09:16:51 716000 C:\WINDOWS\$hf_mig$\KB923980\update\update.exe (Microsoft Corporation)

[1] 2005-10-13 09:12:29 716000 C:\WINDOWS\$hf_mig$\KB926255\update\update.exe (Microsoft Corporation)

[1] 2005-10-13 09:16:51 716000 C:\WINDOWS\$hf_mig$\KB926436\update\update.exe (Microsoft Corporation)

[1] 2006-01-20 05:29:19 716000 C:\WINDOWS\$hf_mig$\KB927779\update\update.exe (Microsoft Corporation)

[1] 2005-10-13 09:12:29 716000 C:\WINDOWS\$hf_mig$\KB927802\update\update.exe (Microsoft Corporation)

[1] 2006-01-20 05:29:19 716000 C:\WINDOWS\$hf_mig$\KB927891\update\update.exe (Microsoft Corporation)

[1] 2006-01-20 05:29:19 716000 C:\WINDOWS\$hf_mig$\KB928255\update\update.exe (Microsoft Corporation)

[1] 2005-10-13 09:12:28 716000 C:\WINDOWS\$hf_mig$\KB928388\update\update.exe (Microsoft Corporation)

[1] 2005-10-13 09:12:29 716000 C:\WINDOWS\$hf_mig$\KB928843\update\update.exe (Microsoft Corporation)

[1] 2005-10-13 09:12:28 716000 C:\WINDOWS\$hf_mig$\KB929120\update\update.exe (Microsoft Corporation)

[1] 2006-01-20 05:29:19 716000 C:\WINDOWS\$hf_mig$\KB929123\update\update.exe (Microsoft Corporation)

[1] 2005-10-13 09:12:29 716000 C:\WINDOWS\$hf_mig$\KB930178\update\update.exe (Microsoft Corporation)

[1] 2005-10-13 09:12:29 716000 C:\WINDOWS\$hf_mig$\KB930916\update\update.exe (Microsoft Corporation)

[1] 2006-01-20 05:29:19 716000 C:\WINDOWS\$hf_mig$\KB931261\update\update.exe (Microsoft Corporation)

[1] 2007-03-06 11:22:59 716000 C:\WINDOWS\$hf_mig$\KB932823-v3\update\update.exe (Microsoft Corporation)

[1] 2005-10-13 09:12:29 716000 C:\WINDOWS\$hf_mig$\KB935839\update\update.exe (Microsoft Corporation)

[1] 2006-01-20 05:29:19 716000 C:\WINDOWS\$hf_mig$\KB935840\update\update.exe (Microsoft Corporation)

[1] 2006-01-20 05:29:19 716000 C:\WINDOWS\$hf_mig$\KB936357\update\update.exe (Microsoft Corporation)

[1] 2005-10-13 09:12:29 716000 C:\WINDOWS\$hf_mig$\KB937894\update\update.exe (Microsoft Corporation)

[1] 2007-03-06 11:22:59 716000 C:\WINDOWS\$hf_mig$\KB938127-IE7\update\update.exe (Microsoft Corporation)

[1] 2007-03-06 11:22:56 716000 C:\WINDOWS\$hf_mig$\KB938127-v2-IE7\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 21:20:44 755576 C:\WINDOWS\$hf_mig$\KB938464\update\update.exe (Microsoft Corporation)

[1] 2005-10-13 09:12:29 716000 C:\WINDOWS\$hf_mig$\KB938828\update\update.exe (Microsoft Corporation)

[1] 2007-03-06 11:22:59 716000 C:\WINDOWS\$hf_mig$\KB943055\update\update.exe (Microsoft Corporation)

[1] 2007-03-06 11:22:59 716000 C:\WINDOWS\$hf_mig$\KB944653\update\update.exe (Microsoft Corporation)

[1] 2007-03-06 11:22:59 716000 C:\WINDOWS\$hf_mig$\KB945553\update\update.exe (Microsoft Corporation)

[1] 2007-03-06 11:22:59 716000 C:\WINDOWS\$hf_mig$\KB946026\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 21:20:44 755576 C:\WINDOWS\$hf_mig$\KB946648\update\update.exe (Microsoft Corporation)

[1] 2007-03-06 11:22:59 716000 C:\WINDOWS\$hf_mig$\KB950749\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 22:39:22 755576 C:\WINDOWS\$hf_mig$\KB950762\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 22:39:18 755576 C:\WINDOWS\$hf_mig$\KB950974\update\update.exe (Microsoft Corporation)

[1] 2007-12-04 01:25:31 755576 C:\WINDOWS\$hf_mig$\KB951066\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 21:18:51 755576 C:\WINDOWS\$hf_mig$\KB951376-v2\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 22:39:22 755576 C:\WINDOWS\$hf_mig$\KB951698\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 22:39:18 755576 C:\WINDOWS\$hf_mig$\KB951748\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 22:39:18 755576 C:\WINDOWS\$hf_mig$\KB951978\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 22:39:22 755576 C:\WINDOWS\$hf_mig$\KB952004\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 21:18:51 755576 C:\WINDOWS\$hf_mig$\KB952287\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 22:39:22 755576 C:\WINDOWS\$hf_mig$\KB952954\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 17:38:29 755576 C:\WINDOWS\$hf_mig$\KB954211\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 21:18:51 755576 C:\WINDOWS\$hf_mig$\KB954600\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 21:18:51 755576 C:\WINDOWS\$hf_mig$\KB955069\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 22:39:22 755576 C:\WINDOWS\$hf_mig$\KB955839\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 22:39:22 755576 C:\WINDOWS\$hf_mig$\KB956391\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 17:38:29 755576 C:\WINDOWS\$hf_mig$\KB956572\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 21:40:52 755576 C:\WINDOWS\$hf_mig$\KB956744\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 17:38:29 755576 C:\WINDOWS\$hf_mig$\KB956802\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 21:18:51 755576 C:\WINDOWS\$hf_mig$\KB956803\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 21:18:51 755576 C:\WINDOWS\$hf_mig$\KB956841\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 21:18:51 755576 C:\WINDOWS\$hf_mig$\KB957095\update\update.exe (Microsoft Corporation)

[1] 2008-07-08 23:02:04 755576 C:\WINDOWS\$hf_mig$\KB957097\update\update.exe (Microsoft Corporation)

[1] 2007-03-06 11:22:56 716000 C:\WINDOWS\$hf_mig$\KB958215-IE7\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 21:18:51 755576 C:\WINDOWS\$hf_mig$\KB958644\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 21:18:51 755576 C:\WINDOWS\$hf_mig$\KB958687\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 17:38:29 755576 C:\WINDOWS\$hf_mig$\KB958690\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 17:38:29 755576 C:\WINDOWS\$hf_mig$\KB959426\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 21:18:51 755576 C:\WINDOWS\$hf_mig$\KB960225\update\update.exe (Microsoft Corporation)

[1] 2007-03-06 11:22:56 716000 C:\WINDOWS\$hf_mig$\KB960714-IE7\update\update.exe (Microsoft Corporation)

[1] 2008-11-16 03:18:04 755576 C:\WINDOWS\$hf_mig$\KB960715\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 21:18:51 755576 C:\WINDOWS\$hf_mig$\KB960803\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 21:40:52 755576 C:\WINDOWS\$hf_mig$\KB960859\update\update.exe (Microsoft Corporation)

[1] 2007-03-06 11:22:59 716000 C:\WINDOWS\$hf_mig$\KB961260-IE7\update\update.exe (Microsoft Corporation)

[1] 2008-07-08 23:02:04 755576 C:\WINDOWS\$hf_mig$\KB961371\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 22:39:22 755576 C:\WINDOWS\$hf_mig$\KB961373\update\update.exe (Microsoft Corporation)

[1] 2008-07-08 23:02:04 755576 C:\WINDOWS\$hf_mig$\KB961501\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 22:39:22 755576 C:\WINDOWS\$hf_mig$\KB961503\update\update.exe (Microsoft Corporation)

[1] 2008-07-08 23:02:04 755576 C:\WINDOWS\$hf_mig$\KB963027-IE7\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 17:38:29 755576 C:\WINDOWS\$hf_mig$\KB967715\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 21:40:52 755576 C:\WINDOWS\$hf_mig$\KB968389\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 17:38:29 755576 C:\WINDOWS\$hf_mig$\KB968537\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 17:38:29 755576 C:\WINDOWS\$hf_mig$\KB969897-IE7\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 22:39:22 755576 C:\WINDOWS\$hf_mig$\KB969897-IE8\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 22:39:22 755576 C:\WINDOWS\$hf_mig$\KB969898\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 22:39:22 755576 C:\WINDOWS\$hf_mig$\KB970238\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 21:40:52 755576 C:\WINDOWS\$hf_mig$\KB971557\update\update.exe (Microsoft Corporation)

[1] 2008-07-08 23:02:04 755576 C:\WINDOWS\$hf_mig$\KB971633\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 21:40:52 755576 C:\WINDOWS\$hf_mig$\KB971657\update\update.exe (Microsoft Corporation)

[1] 2008-07-08 23:02:04 755576 C:\WINDOWS\$hf_mig$\KB971930-IE8\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 21:40:52 755576 C:\WINDOWS\$hf_mig$\KB972260-IE8\update\update.exe (Microsoft Corporation)

[1] 2008-07-08 23:02:04 755576 C:\WINDOWS\$hf_mig$\KB973346\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 21:40:52 755576 C:\WINDOWS\$hf_mig$\KB973354\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 21:40:52 755576 C:\WINDOWS\$hf_mig$\KB973507\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 21:40:52 755576 C:\WINDOWS\$hf_mig$\KB973815\update\update.exe (Microsoft Corporation)

[1] 2008-07-08 23:02:04 755576 C:\WINDOWS\$hf_mig$\KB973869\update\update.exe (Microsoft Corporation)

[1] 2007-05-29 01:06:48 155417 C:\WINDOWS\BricoPacks\Vista Inspirat 2\Update.exe ()

############################################################################
It will all work out in the end; if it hasn't worked out, it's not the end...

#5
sjpritch25
Posted 25 September 2009 - 09:50 PM

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 1,605 posts
  • Gender:Male
  • Location:West Coast of Florida
Thats not the whole log. Please attach it. Thanks
Microsoft Valuable Professional---MVP Consumer Security 2007-2010
Windows 7 Ultimate 64bit
Gigabyte P55A-UD4P Motherboard Intel i5 750 G.SKILL Ripjaws Series 4GB DDR3 1333 1TB WD 32mb cache
60gb OCZ Vertex Turbo SSD (BOOT drive)Noctua NH-U12P SE2 HeatsinkAntec P183 Case

#6
Mr. Bojangles
Posted 26 September 2009 - 06:33 AM

    New Member

  • Members
  • Pip
  • 7 posts


lol sorry, here it is...

Attached Files


It will all work out in the end; if it hasn't worked out, it's not the end...

#7
sjpritch25
Posted 27 September 2009 - 05:02 PM

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 1,605 posts
  • Gender:Male
  • Location:West Coast of Florida
1. Please download The Avenger2 by Swandog46 to your Desktop.
  • Right click on the Avenger.zip folder and select "Extract All..."
  • Follow the prompts and extract the avenger folder to your desktop
2. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):

Files to move:
C:\WINDOWS\system32\logevent.dll | C:\WINDOWS\system32\eventlog.dll

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

3. Now, open the avenger folder and start The Avenger program by clicking on its icon.
  • Right click on the window under Input script here:, and select Paste.
  • You can also Paste the text copied to the clipboard into this window by pressing (Ctrl+V), or click on the third button under the menu to paste it from the clipboard.
  • Click on Execute
  • Answer "Yes" twice when prompted.
4. The Avenger will automatically do the following:
  • It will Restart your computer. ( In cases where the code to execute contains "Drivers to Delete" or "Drivers to Disable", The Avenger will actually restart your system twice.)
  • On reboot, it will briefly open a black command window on your desktop, this is normal.
  • After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
  • The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
5. Please copy/paste the content of c:\avenger.txt into your reply.



==================================================



Download Combofix from any of the links below. You must rename it before saving it. Save it to your desktop.

Link 1
Link 2
Link 3

Posted Image


Posted Image
--------------------------------------------------------------------

Double click on Combo-Fix.exe & follow the prompts.
    When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt so we can continue cleaning the system.

Microsoft Valuable Professional---MVP Consumer Security 2007-2010
Windows 7 Ultimate 64bit
Gigabyte P55A-UD4P Motherboard Intel i5 750 G.SKILL Ripjaws Series 4GB DDR3 1333 1TB WD 32mb cache
60gb OCZ Vertex Turbo SSD (BOOT drive)Noctua NH-U12P SE2 HeatsinkAntec P183 Case

#8
Mr. Bojangles
Posted 27 September 2009 - 07:27 PM

    New Member

  • Members
  • Pip
  • 7 posts

Here are the log files:

Avenger:



Logfile of The Avenger Version 2.0, © by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

File move operation "C:\WINDOWS\system32\logevent.dll|C:\WINDOWS\system32\eventlog.dll" completed successfully.

Completed script processing.

*******************

Finished! Terminate.
________________________________________________________________________________
_______________________


Combofix:


ComboFix 09-09-25.01 - Mr. Bojangles 09/28/2009 5:00.1.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1419 [GMT 10:00]
Running from: c:\documents and settings\Mr. Bojangles\Desktop\Combo-Fix.exe
AV: AVG Internet Security *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *enabled* {8decf618-9569-4340-b34a-d78d28969b66}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\recycler\S-1-5-21-1716803336-3326182553-3633396690-500
c:\windows\Installer\17987e84.msi
c:\windows\system\update.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED}
-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226EE}


((((((((((((((((((((((((( Files Created from 2009-08-27 to 2009-09-27 )))))))))))))))))))))))))))))))
.

2009-09-23 09:02 . 2009-09-23 09:02 -------- d-----w- c:\program files\Trend Micro
2009-09-23 08:48 . 2009-09-24 13:47 -------- d--h--w- c:\windows\PIF
2009-09-23 08:38 . 2009-09-23 08:38 -------- d-----w- c:\documents and settings\Mr. Bojangles\Application Data\Malwarebytes
2009-09-23 08:38 . 2009-09-10 04:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-23 08:38 . 2009-09-23 08:52 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-23 08:38 . 2009-09-23 08:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-09-23 08:38 . 2009-09-10 04:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-23 08:12 . 2009-09-23 08:12 -------- d-----w- c:\program files\Windows Defender
2009-09-23 07:47 . 2009-09-23 07:47 -------- d-----w- c:\documents and settings\All Users\Application Data\RegCure
2009-09-23 07:47 . 2009-09-23 07:53 -------- d-----w- c:\program files\RegCure
2009-09-15 04:23 . 2009-09-15 04:23 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-09-12 05:12 . 2009-09-25 06:26 -------- d-----w- c:\documents and settings\Mr. Bojangles\Application Data\vlc
2009-09-12 05:11 . 2009-09-12 05:11 -------- d-----w- c:\program files\VideoLAN
2009-09-09 07:35 . 2009-09-09 07:35 -------- d-----w- c:\windows\Time Stopper
2009-09-09 07:35 . 2009-09-09 07:35 -------- d-----w- c:\program files\Time Stopper
2009-09-09 02:00 . 2009-09-09 02:00 -------- d-----w- C:\_SMA
2009-09-08 15:40 . 2009-09-08 15:40 -------- d-----w- c:\program files\Enigma Software Group
2009-09-08 15:25 . 2009-09-08 15:25 20 ----a-w- c:\windows\system32\drivers\WIN32K.SYS
2009-09-08 05:24 . 2009-09-08 05:24 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet
2009-09-08 05:24 . 2009-09-08 05:24 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2009-09-08 05:23 . 2008-04-06 19:38 22872 ----a-r- c:\windows\system32\AdobePDFUI.dll
2009-09-08 05:23 . 2008-04-06 19:38 45392 ----a-r- c:\windows\system32\AdobePDF.dll
2009-09-08 04:14 . 2009-09-08 04:21 -------- d-----w- c:\documents and settings\Mr. Bojangles\Application Data\Download Manager
2009-09-08 04:08 . 2009-09-08 04:08 -------- d-----w- c:\documents and settings\Mr. Bojangles\Application Data\Downloaded Installations
2009-09-05 05:14 . 2009-09-05 05:14 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-08-31 03:40 . 2009-08-31 03:40 -------- d-----w- c:\documents and settings\Mr. Bojangles\Application Data\Office Genuine Advantage
2009-08-30 06:02 . 2009-08-30 06:02 -------- d-----w- c:\documents and settings\Mr. Bojangles\Local Settings\Application Data\BVRP Software
2009-08-30 06:01 . 2008-04-13 18:45 26112 ----a-w- c:\windows\system32\drivers\usbser.sys
2009-08-30 06:01 . 2008-04-13 18:45 26112 ----a-w- c:\windows\system32\dllcache\usbser.sys
2009-08-30 06:00 . 2009-08-30 06:00 -------- d-----w- c:\program files\Common Files\Motorola Shared
2009-08-30 06:00 . 2009-09-02 05:48 -------- d-----w- c:\documents and settings\All Users\Application Data\BVRP Software
2009-08-30 06:00 . 2009-08-30 06:01 -------- d-----w- c:\program files\Motorola Phone Tools
2009-08-30 05:59 . 2009-08-30 05:59 -------- d-----w- c:\documents and settings\Mr. Bojangles\Application Data\InstallShield

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-27 19:08 . 2009-01-08 20:24 3216 ----a-w- c:\windows\system32\encobject.dat
2009-09-26 14:00 . 2009-01-08 04:47 5427 ----a-w- c:\windows\system32\EGATHDRV.SYS
2009-09-25 18:54 . 2009-01-08 22:02 -------- d-----w- c:\program files\Steam
2009-09-24 03:30 . 2009-01-08 21:53 -------- d-----w- c:\documents and settings\Mr. Bojangles\Application Data\uTorrent
2009-09-23 07:29 . 2009-01-08 21:22 -------- d-----w- c:\documents and settings\Mr. Bojangles\Application Data\MSNShell
2009-09-17 12:28 . 2009-04-16 15:40 -------- d---a-w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-09-09 07:59 . 2009-08-14 01:59 -------- d-----w- c:\program files\AVG
2009-09-08 17:56 . 2009-01-08 21:52 -------- d-----w- c:\program files\Alarm
2009-09-08 05:24 . 2009-02-02 02:58 -------- d-----w- c:\program files\Common Files\Adobe
2009-08-30 06:00 . 2009-01-08 04:31 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-29 15:13 . 2009-06-26 02:50 -------- d-----w- c:\program files\Weatherzone Tracker
2009-08-25 12:20 . 2009-03-19 14:12 -------- d-----w- c:\documents and settings\Mr. Bojangles\Application Data\U3
2009-08-23 18:49 . 2009-08-23 18:49 -------- d-----w- c:\program files\MSECache
2009-08-23 11:08 . 2009-07-07 04:53 -------- d-----w- c:\documents and settings\Mr. Bojangles\Application Data\GetRightToGo
2009-08-16 03:46 . 2009-08-16 03:46 -------- d-----w- c:\program files\eMule
2009-08-14 02:00 . 2009-08-14 02:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Downloaded Installations
2009-08-14 02:00 . 2009-08-14 02:00 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-08-14 02:00 . 2009-08-14 02:00 12552 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2009-08-14 02:00 . 2009-08-14 02:00 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-08-14 02:00 . 2009-08-14 02:00 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-08-14 02:00 . 2009-08-14 02:00 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-08-14 01:59 . 2009-08-14 01:59 50968 ----a-w- c:\windows\system32\avgfwdx.dll
2009-08-14 01:59 . 2009-08-14 01:59 29208 ----a-w- c:\windows\system32\drivers\avgfwdx.sys
2009-08-14 01:59 . 2009-08-14 01:59 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-08-14 01:52 . 2009-08-14 01:52 -------- d-----w- c:\documents and settings\Mr. Bojangles\Application Data\AVG8
2009-08-10 06:13 . 2009-06-01 17:12 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-08-06 17:02 . 2009-08-06 17:02 -------- d-----w- c:\program files\MSBuild
2009-08-06 17:02 . 2009-08-06 17:02 -------- d-----w- c:\program files\Reference Assemblies
2009-08-05 09:01 . 2006-04-30 06:55 204800 ------w- c:\windows\system32\mswebdvd.dll
2009-08-04 13:01 . 2009-01-08 22:00 -------- d-----w- c:\program files\Smallvideosoft
2009-08-04 12:36 . 2009-01-08 21:58 -------- d-----w- c:\program files\PokerStars
2009-08-03 05:07 . 2009-08-03 05:07 403816 ----a-w- c:\windows\system32\OGACheckControl.dll
2009-08-03 05:07 . 2009-08-03 05:07 322928 ----a-w- c:\windows\system32\OGAAddin.dll
2009-08-03 05:07 . 2009-08-03 05:07 230768 ----a-w- c:\windows\system32\OGAEXEC.exe
2009-07-30 16:37 . 2009-01-08 04:41 -------- d-----w- c:\program files\Symantec Client Security
2009-07-30 12:58 . 2009-07-30 12:58 -------- d-----w- c:\documents and settings\Mr. Bojangles\Application Data\Sonic
2009-07-30 12:39 . 2009-07-30 12:39 -------- d-----w- c:\documents and settings\Mr. Bojangles\Application Data\DivX
2009-07-30 12:21 . 2009-01-08 04:42 -------- d-----w- c:\program files\Symantec
2009-07-30 12:21 . 2009-01-08 04:41 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-07-30 12:21 . 2009-01-08 04:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2009-07-30 12:20 . 2009-01-08 04:42 40 ----a-w- c:\windows\system32\profile.dat
2009-07-30 12:19 . 2009-06-02 12:31 -------- d-----w- c:\program files\Soldier of Fortune II - Double Helix GOLD
2009-07-30 12:17 . 2009-05-11 02:43 -------- d-----w- c:\program files\Common Files\Apple
2009-07-30 12:16 . 2009-07-11 03:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-07-30 06:50 . 2009-07-30 06:50 -------- d-----w- c:\program files\DivX
2009-07-30 06:50 . 2009-07-30 06:50 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-07-30 06:45 . 2009-07-30 06:34 -------- d-----w- c:\program files\Xvid
2009-07-26 06:44 . 2009-07-26 06:44 48448 ----a-w- c:\windows\system32\sirenacm.dll
2009-07-22 07:23 . 2009-07-22 07:23 74760 ----a-w- c:\windows\system32\drivers\UniversalDD.sys
2009-07-22 07:23 . 2009-07-22 07:23 25608 ----a-w- c:\windows\system32\drivers\AVGIDSErHr.sys
2009-07-17 19:01 . 2006-04-30 06:55 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-13 13:43 . 2006-04-30 06:56 286208 ------w- c:\windows\system32\wmpdxm.dll
2009-07-03 17:09 . 2006-04-30 06:56 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{1392b8d2-5c05-419f-a8f6-b9f15a596612}"= "c:\program files\Freecorder\tbFre0.dll" [2009-07-22 2215960]

[HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
2009-07-22 04:22 2215960 ----a-w- c:\program files\Freecorder\tbFre0.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{1392b8d2-5c05-419f-a8f6-b9f15a596612}"= "c:\program files\Freecorder\tbFre0.dll" [2009-07-22 2215960]

[HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{1392B8D2-5C05-419F-A8F6-B9F15A596612}"= "c:\program files\Freecorder\tbFre0.dll" [2009-07-22 2215960]

[HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Weather Tracker3"="c:\program files\Weatherzone Tracker\weather_tracker.exe" [2009-07-17 2888403]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-12-12 143360]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-12-12 143360]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-09-18 2022680]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-28 221184]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2009-02-27 38768]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2009-02-27 640376]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-03 866584]
"Mouse Suite 98 Daemon"="ICO.EXE" - c:\windows\system32\ico.exe [2005-04-13 49152]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-08-24 437160]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AwayNotify]
2006-06-18 17:06 49152 ------w- c:\program files\Lenovo\AwayTask\AwayNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-14 02:00 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Mr. Bojangles^Start Menu^Programs^Startup^Y'z Shadow.lnk]
path=c:\documents and settings\Mr. Bojangles\Start Menu\Programs\Startup\Y'z Shadow.lnk
backup=c:\windows\pss\Y'z Shadow.lnkStartup

[HKLM\~\startupfolder\^NTUSER.DAT]
path=\NTUSER.DAT
backup=c:\windows\pss\NTUSER.DATCommon Startup

[HKLM\~\startupfolder\^ntuser.dat.LOG]
path=\ntuser.dat.LOG
backup=c:\windows\pss\ntuser.dat.LOGCommon Startup

[HKLM\~\startupfolder\^ntuser.ini]
path=\ntuser.ini
backup=c:\windows\pss\ntuser.iniCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"iPod Service"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\MSNShell\\Bin\\engie.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Steam\\steamapps\\nikmikalishen\\counter-strike source\\hl2.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgdiag.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [8/14/2009 12:00 PM 12552]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [8/14/2009 12:00 PM 335240]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [8/14/2009 12:00 PM 108552]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [8/14/2009 11:59 AM 297752]
R2 avgfws8;AVG8 Firewall;c:\progra~1\AVG\AVG8\avgfws8.exe [8/14/2009 12:00 PM 1370488]
R2 PrivateDisk;PrivateDisk;c:\program files\Lenovo\SafeGuard PrivateDisk\privatediskm.sys [3/14/2006 10:05 AM 58368]
R2 smi2;smi2;c:\program files\SMI2\smi2.sys [7/15/2006 9:55 AM 3968]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [8/14/2009 11:59 AM 29208]
R3 pelmouse;Mouse Suite Driver;c:\windows\system32\drivers\PELMOUSE.SYS [1/8/2009 2:31 PM 16384]
R3 pelusblf;USB Mouse Low Filter Driver;c:\windows\system32\drivers\pelusblf.sys [1/8/2009 2:31 PM 9216]
S2 BcmSqlStartupSvc;Business Contact Manager SQL Server Startup Service;c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe [1/12/2008 11:50 AM 30312]
S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [8/14/2009 11:59 AM 29208]
S3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [12/18/2008 4:25 AM 29181272]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-09-27 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2009-06-10 22:28]

2009-09-27 c:\windows\Tasks\RegCure Startup.job
- c:\program files\RegCure\RegCure.exe [2009-06-10 22:28]

2009-09-27 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2009-06-10 22:28]

2009-01-08 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2009-01-08 01:32]

2009-09-27 c:\windows\Tasks\User_Feed_Synchronization-{B0CC9A6F-834D-47FF-9C2A-B9379DCECD3B}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 18:31]

2009-09-27 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-04-09 12:18]
.
.
------- Supplementary Scan -------
.
uStart Page = www.google.com/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Set As Messenger Live Display Picture - c:\program files\MSNShell\Bin\SetMSNDP.htm
FF - ProfilePath - c:\documents and settings\Mr. Bojangles\Application Data\Mozilla\Firefox\Profiles\64w0fp13.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Windows Updates - c:\windows\system\Update.exe
HKLM-Run-Windows Updates - c:\windows\system\Update.exe
HKLM-Run-AVGIDS - c:\program files\AVG\AVG8\IdentityProtection\agent\bin\AVGIDSUI.exe
Notify-NavLogon - (no file)
AddRemove-Activation Assistant for the 2007 Microsoft Office suites - c:\documents and settings\All Users\Application Data\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}\Microsoft Office Activation Assistant.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-28 05:10
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1272)
c:\windows\system32\tvt_gina.dll
c:\program files\Lenovo\Client Security Solution\css_gina_plugin.dll
c:\program files\Lenovo\Client Security Solution\css_wait_bar.dll
c:\program files\Lenovo\Client Security Solution\cssuserdatadispatcher.dll
c:\program files\Lenovo\Client Security Solution\csswait.dll
c:\program files\Common Files\Lenovo\tvt_banner.dll
c:\program files\Lenovo\Client Security Solution\cssdlgpwentry.dll
c:\program files\Lenovo\Client Security Solution\dlganswerprompt.dll
c:\program files\Lenovo\Client Security Solution\tvttsp.dll
c:\program files\Lenovo\Client Security Solution\tcsrpc.dll
c:\program files\Common Files\Lenovo\tvt_res.dll
c:\program files\Lenovo\AwayTask\AwayNotify.dll

- - - - - - - > 'explorer.exe'(1188)
c:\windows\system32\SHDOCVW.dll
c:\windows\system32\WININET.dll
c:\windows\system32\PROCHLP.DLL
c:\windows\system32\ntshrui.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\NETSHELL.dll
c:\windows\system32\credui.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\pelscrll.dll
c:\windows\system32\PELCOMM.dll
c:\windows\system32\PELHOOKS.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\IPSSVC.EXE
c:\program files\AVG\AVG8\avgwdsvc.exe
c:\program files\AVG\AVG8\avgfws8.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Diskeeper Corporation\Diskeeper\DkService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\progra~1\AVG\AVG8\avgam.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\Lenovo\System Update\SUService.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\program files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
c:\program files\Lenovo\Rescue and Recovery\rrservice.exe
c:\program files\Common Files\Lenovo\Scheduler\tvtsched.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Lenovo\Client Security Solution\cssauth.exe
c:\program files\Diskeeper Corporation\Diskeeper\DkIcon.exe
c:\windows\system32\FSRremoS.EXE
c:\windows\system32\igfxsrvc.exe
c:\windows\system32\PELMICED.EXE
.
**************************************************************************
.
Completion time: 2009-09-27 5:15 - machine was rebooted
ComboFix-quarantined-files.txt 2009-09-27 19:15

Pre-Run: 13,774,307,328 bytes free
Post-Run: 14,092,820,480 bytes free

313 --- E O F --- 2009-09-26 05:35
It will all work out in the end; if it hasn't worked out, it's not the end...

#9
sjpritch25
Posted 28 September 2009 - 01:33 AM

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 1,605 posts
  • Gender:Male
  • Location:West Coast of Florida
please update Malwarebytes, run a quick scan, and post the results.

How is everything running???
Microsoft Valuable Professional---MVP Consumer Security 2007-2010
Windows 7 Ultimate 64bit
Gigabyte P55A-UD4P Motherboard Intel i5 750 G.SKILL Ripjaws Series 4GB DDR3 1333 1TB WD 32mb cache
60gb OCZ Vertex Turbo SSD (BOOT drive)Noctua NH-U12P SE2 HeatsinkAntec P183 Case

#10
Mr. Bojangles
Posted 28 September 2009 - 09:08 AM

    New Member

  • Members
  • Pip
  • 7 posts

My system is running ok now i think... thank you so much for your help!

is there anything more that needs to be done?

here is the malwarebytes log:


Malwarebytes' Anti-Malware 1.41
Database version: 2866
Windows 5.1.2600 Service Pack 3

9/28/2009 6:53:23 PM
mbam-log-2009-09-28 (18-53-23).txt

Scan type: Quick Scan
Objects scanned: 94283
Time elapsed: 5 minute(s), 40 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
It will all work out in the end; if it hasn't worked out, it's not the end...

#11
sjpritch25
Posted 28 September 2009 - 10:41 PM

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 1,605 posts
  • Gender:Male
  • Location:West Coast of Florida
Go to Start ---> Run ---> Type Combo-Fix /u and press Enter. That will uninstall ComboFix
Microsoft Valuable Professional---MVP Consumer Security 2007-2010
Windows 7 Ultimate 64bit
Gigabyte P55A-UD4P Motherboard Intel i5 750 G.SKILL Ripjaws Series 4GB DDR3 1333 1TB WD 32mb cache
60gb OCZ Vertex Turbo SSD (BOOT drive)Noctua NH-U12P SE2 HeatsinkAntec P183 Case
Back to Resolved HijackThis Logs · Next Unread Topic →


1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

  1. Malwarebytes Forum
  2. Computer Help
  3. Malware Removal - HijackThis Logs
  4. Resolved HijackThis Logs

Products

About

Partners

Follow Us