Malwarebytes not woorking lots of other problems

3 posters

WiredWX Christian Hobby Weather Tools :: GeekPolice tech support archive :: Technical Support

Malwarebytes not woorking lots of other problems26th January 2009, 12:49 pm

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:45:49 AM, on 1/26/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
c:\program files\mcafee.com\agent\mcdetect.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\WINDOWS\system32\sstray.exe
C:\WINDOWS\zHotkey.exe
C:\Program Files\support.com\bin\tgcmd.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Documents and Settings\Owner\Desktop\Firefox Downloads\hijackgpthis.exe

Re: Malwarebytes not woorking lots of other problems26th January 2009, 12:50 pm

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://wapp.verizon.net/bookmarks/bmredir.asp?region=all&bw=fiber&cd=7.0unattached&bm=ho_central
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: (no name) - {0298AEE5-3901-4A46-A412-81FA26DDAB5E} - (no file)
O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: (no name) - {107F5F94-CE58-4C19-9FB1-12FF710C0294} - C:\WINDOWS\system32\hgGxVPGx.dll (file missing)
O2 - BHO: (no name) - {28E3C621-2C17-4300-84EE-9583AB411189} - C:\WINDOWS\system32\iifdaxxW.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: {46d31ad0-1f7f-6fa9-be34-4bef7e399395} - {593993e7-feb4-43eb-9af6-f7f10da13d64} - C:\WINDOWS\system32\pndsik.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {626af04d-6b7d-40af-ad58-f91d4ef5d624} - (no file)
O2 - BHO: (no name) - {64F5CCCC-B4D0-4974-BAF5-26012642DB5A} - (no file)
O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINDOWS\system32\fccddbab.dll
O2 - BHO: (no name) - {8F56E2EB-3016-4318-B0C3-803ACAC3680B} - (no file)
O2 - BHO: (no name) - {91D2A2A9-AB77-4E59-84FB-B3FA5FA4FC6A} - (no file)
O2 - BHO: Mirar - {9A9C9B69-F908-4AAB-8D0C-10EA8997F37E} - C:\WINDOWS\system32\WinNB55.dll
O2 - BHO: (no name) - {9C28EAFB-FF50-4F42-8D39-A006129CC907} - (no file)
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: (no name) - {A23AB01D-21DA-2B06-F734-71A296EF43C8} - (no file)
O2 - BHO: (no name) - {A5769113-36EB-4C78-A828-9C244E37020B} - (no file)
O2 - BHO: (no name) - {A96EE14A-77D9-7D5C-FF34-71A296EE4F9F} - (no file)
O2 - BHO: (no name) - {C2C868DA-186B-4ABB-B9CE-9385583ECCF3} - (no file)
O2 - BHO: (no name) - {f9ff0c27-38da-4955-9a1f-edfaecf14b47} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
O3 - Toolbar: Mirar - {9A9C9B68-F908-4AAB-8D0C-10EA8997F37E} - C:\WINDOWS\system32\WinNB55.dll
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\support.com\bin\tgcmd.exe" /server
O4 - HKLM\..\Run: [PS1] C:\WINDOWS\System32\ps1.exe
O4 - HKLM\..\Run: [vFFU32Q] iexkcs32.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [Verizon_McciTrayApp] C:\Program Files\Verizon\McciTrayApp.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [ShowWnd] ShowWnd.exe
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [ATICustomerCare] "C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe"
O4 - HKLM\..\Run: [TkBellExe] "realsched.exe" -osboot
O4 - HKLM\..\Run: [C:\WINDOWS\system32\kdkou.exe] C:\WINDOWS\system32\kdkou.exe
O4 - HKLM\..\Run: [C:\WINDOWS\system32\kdjrh.exe] C:\WINDOWS\system32\kdjrh.exe
O4 - HKLM\..\Run: [C:\WINDOWS\system32\kdvkf.exe] C:\WINDOWS\system32\kdvkf.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [StarzTray] C:\Program Files\StarzPlay\StarzPlayTray.exe
O4 - HKLM\..\Run: [autochk] rundll32.exe C:\WINDOWS\system32\autochk.dll,_IWMPEvents@16
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [eow8RScme] helraptb.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [Bolt Link] C:\DOCUME~1\Owner\APPLIC~1\BIKESE~1\NounMpeg.exe
O4 - HKCU\..\Run: [Jhoos] "C:\PROGRA~1\Jhoos\Jhoos.exe" -minimize
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\IGN\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Steam] C:\Program Files\Steam\Steam.exe -silent
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IMC] C:\Program Files\FriendFinder\FriendFinder Messenger 40\imc.exe
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [CurseClient] C:\Program Files\Curse\CurseClient.exe -silent
O4 - HKCU\..\Run: [VeohPlugin] "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"
O4 - HKCU\..\Policies\Explorer\Run: [crsmrw.exe] C:\WINDOWS\system\crsmrw.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: BitTorrent.lnk = C:\Program Files\BitTorrent\bittorrent.exe
O4 - Startup: ChkDisk.dll
O4 - Startup: ChkDisk.lnk = ?
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Startup: Neverwinter Nights_ Platinum Edition Registration.lnk = C:\NeverwinterNights\NWN\ereg\ATR1.EXE
O4 - Startup: XFX Game Controller.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE

Re: Malwarebytes not woorking lots of other problems26th January 2009, 12:51 pm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: ATLAS Translation - {B7707A72-4355-11D4-82BD-00000EBBEF8D} - C:\Program Files\ATLAS V11\Atlscript.html
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemyfios.verizon.net/sdcCommon/download/FIOS/Verizon%20FiOS%20Installer.cab
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1116113423578
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v4.cab
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) -
O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} -
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://games.myspace.com/Gameshell/GameHost/1.0/OberonGameHost.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Filter hijack: text/html - {0341ee03-fb8c-4535-90b0-5285fc7a544d} - C:\WINDOWS\system32\msiebbar.dll
O20 - AppInit_DLLs: C:\WINDOWS\system32\wowfx.dll,avgrsstx.dll wkscbe.dll pndsik.dll
O20 - Winlogon Notify: fccddbab - C:\WINDOWS\SYSTEM32\fccddbab.dll
O20 - Winlogon Notify: geBuvSMe - geBuvSMe.dll (file missing)
O20 - Winlogon Notify: oppayshn - oppayshn.dll (file missing)
O20 - Winlogon Notify: urqrsts - urqrsts.dll (file missing)
O22 - SharedTaskScheduler: {93ac7c30-3878-4eaa-9420-7977285df5b1} - cinnamomum - (no file)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O24 - Desktop Component 0: (no name) - (no file)

--
End of file - 17506 bytes

Re: Malwarebytes not woorking lots of other problems26th January 2009, 2:51 pm

Hello.
This is one messy log.
If you want my help, I ask that you uninstall all the P2P programs you ar running.

I see that you are running Napster/Limewire/Bittorrent.
P2P(Peer to peer) applications are designed to help you easily share and distribute files between you and a group of people. But they can also be used to distribute malware, and thus are not considered safe.
The removal of these programs is optional, but highly recommended.
Should you choose to remove them, but you are having trouble doing so, please let me know in your next post here and I will aid you.

You are also running two AV's, this is a bad idea as they can conflict and cause problems. I see AVG and Mcafee.
I would recommend that you remove Mcafee to avoid conflict and other future problems.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs if present.

Bittorrent
Limewire
Napster
Mcafee Antivirus

I notice that you have Spybot's TeaTimer running. While this is normally a wonderful tool to protect against hijackers, it can also interfere with HijackThis fixes. So please disable TeaTimer by doing the following:
1) Run Spybot-S&D
2) Go to the Mode menu, and make sure "Advanced Mode" is selected
3) On the left hand side, choose Tools -> Resident
4) Uncheck "Resident TeaTimer" and OK any prompts
You can reenable TeaTimer once your system is clean.

Please make sure Teatimer is disable before we do this, otherwise this fix will fail.

Open HijackThis
Choose "Do a system scan only"
Check the boxes in front of these lines:

O2 - BHO: (no name) - {0298AEE5-3901-4A46-A412-81FA26DDAB5E} - (no file)
O2 - BHO: (no name) - {107F5F94-CE58-4C19-9FB1-12FF710C0294} - C:\WINDOWS\system32\hgGxVPGx.dll (file missing)
O2 - BHO: (no name) - {28E3C621-2C17-4300-84EE-9583AB411189} - C:\WINDOWS\system32\iifdaxxW.dll
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: {46d31ad0-1f7f-6fa9-be34-4bef7e399395} - {593993e7-feb4-43eb-9af6-f7f10da13d64} - C:\WINDOWS\system32\pndsik.dll
O2 - BHO: (no name) - {626af04d-6b7d-40af-ad58-f91d4ef5d624} - (no file)
O2 - BHO: (no name) - {64F5CCCC-B4D0-4974-BAF5-26012642DB5A} - (no file)
O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINDOWS\system32\fccddbab.dll
O2 - BHO: (no name) - {8F56E2EB-3016-4318-B0C3-803ACAC3680B} - (no file)
O2 - BHO: (no name) - {91D2A2A9-AB77-4E59-84FB-B3FA5FA4FC6A} - (no file)
O2 - BHO: Mirar - {9A9C9B69-F908-4AAB-8D0C-10EA8997F37E} - C:\WINDOWS\system32\WinNB55.dll
O2 - BHO: (no name) - {9C28EAFB-FF50-4F42-8D39-A006129CC907} - (no file)
O2 - BHO: (no name) - {A23AB01D-21DA-2B06-F734-71A296EF43C8} - (no file)
O2 - BHO: (no name) - {A5769113-36EB-4C78-A828-9C244E37020B} - (no file)
O2 - BHO: (no name) - {A96EE14A-77D9-7D5C-FF34-71A296EE4F9F} - (no file)
O2 - BHO: (no name) - {C2C868DA-186B-4ABB-B9CE-9385583ECCF3} - (no file)
O2 - BHO: (no name) - {f9ff0c27-38da-4955-9a1f-edfaecf14b47} - (no file)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: Mirar - {9A9C9B68-F908-4AAB-8D0C-10EA8997F37E} - C:\WINDOWS\system32\WinNB55.dll
O4 - HKLM\..\Run: [vFFU32Q] iexkcs32.exe
O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray
O4 - HKLM\..\Run: [C:\WINDOWS\system32\kdkou.exe] C:\WINDOWS\system32\kdkou.exe
O4 - HKLM\..\Run: [C:\WINDOWS\system32\kdjrh.exe] C:\WINDOWS\system32\kdjrh.exe
O4 - HKLM\..\Run: [C:\WINDOWS\system32\kdvkf.exe] C:\WINDOWS\system32\kdvkf.exe
O4 - HKLM\..\Run: [autochk] rundll32.exe C:\WINDOWS\system32\autochk.dll,_IWMPEvents@16
O4 - HKCU\..\Run: [eow8RScme] helraptb.exe
O4 - HKCU\..\Run: [Bolt Link] C:\DOCUME~1\Owner\APPLIC~1\BIKESE~1\NounMpeg.exe
O4 - HKCU\..\Policies\Explorer\Run: [crsmrw.exe] C:\WINDOWS\system\crsmrw.exe
O4 - Startup: BitTorrent.lnk = C:\Program Files\BitTorrent\bittorrent.exe
O4 - Startup: ChkDisk.dll
O4 - Startup: ChkDisk.lnk = ?
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O18 - Filter hijack: text/html - {0341ee03-fb8c-4535-90b0-5285fc7a544d} - C:\WINDOWS\system32\msiebbar.dll
O20 - AppInit_DLLs: C:\WINDOWS\system32\wowfx.dll,avgrsstx.dll wkscbe.dll pndsik.dll
O20 - Winlogon Notify: fccddbab - C:\WINDOWS\SYSTEM32\fccddbab.dll
O20 - Winlogon Notify: geBuvSMe - geBuvSMe.dll (file missing)
O20 - Winlogon Notify: oppayshn - oppayshn.dll (file missing)
O20 - Winlogon Notify: urqrsts - urqrsts.dll (file missing)
O22 - SharedTaskScheduler: {93ac7c30-3878-4eaa-9420-7977285df5b1} - cinnamomum - (no file)
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O24 - Desktop Component 0: (no name) - (no file)
Press "Fix Checked"
Close Hijack This.

1. Please download The Avenger by Swandog46 to your Desktop
Link: HERE or HERE.

Click on Avenger.zip to open the file
Extract avenger.exe to your desktop

2. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):

Files to delete:
C:\WINDOWS\system32\iifdaxxW.dll
C:\WINDOWS\system32\pndsik.dll
C:\WINDOWS\system32\fccddbab.dll
C:\WINDOWS\system32\WinNB55.dll
C:\WINDOWS\system32\kdkou.exe
C:\WINDOWS\system32\kdjrh.exe
C:\WINDOWS\system32\kdvkf.exe
C:\WINDOWS\system32\autochk.dll
C:\WINDOWS\system\crsmrw.exe
C:\WINDOWS\system32\wowfx.dll
C:\WINDOWS\system32\wkscbe.dll
C:\WINDOWS\system32\pndsik.dll
C:\WINDOWS\system32\msiebbar.dll

Folders to delete:
C:\Program Files\Viewpoint

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

3. Now, start The Avenger program by clicking on its icon on your desktop.

Under "Input script here:", paste in the script from the quote box above.
Leave the ticked box "Scan for rootkit" ticked.
Then tick "Disable any rootkits found"
Now click on the Execute to begin execution of the script.
Answer "Yes" twice when prompted.

The Avenger will automatically do the following:
It will Restart your computer.
On reboot, it will briefly open a black command window on your desktop, this is normal.
After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.

4. Please copy/paste the content of c:\avenger.txt into your reply.

............................................................................................
Site Admin / Security Administrator

Virus Removal ~ OS Support ~ Have we helped you? Help us! ~ GeekChat
- Please PM me if I fail to respond within 24hrs.
Malwarebytes not woorking lots of other problems DXwU4

Malwarebytes not woorking lots of other problems DXwU4

Malwarebytes not woorking lots of other problems VvYDg

Re: Malwarebytes not woorking lots of other problems26th January 2009, 5:12 pm

did everything you told me to here is the avenger.txt

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.

Hidden driver "TDSSserv.sys" found!
ImagePath: \systemroot\system32\drivers\TDSSpqxt.sys
Driver disabled successfully.

Rootkit scan completed.

File "C:\WINDOWS\system32\iifdaxxW.dll" deleted successfully.
File "C:\WINDOWS\system32\pndsik.dll" deleted successfully.
File "C:\WINDOWS\system32\fccddbab.dll" deleted successfully.

Error: file "C:\WINDOWS\system32\WinNB55.dll" not found!
Deletion of file "C:\WINDOWS\system32\WinNB55.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Error: file "C:\WINDOWS\system32\kdkou.exe" not found!
Deletion of file "C:\WINDOWS\system32\kdkou.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Error: file "C:\WINDOWS\system32\kdjrh.exe" not found!
Deletion of file "C:\WINDOWS\system32\kdjrh.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Error: file "C:\WINDOWS\system32\kdvkf.exe" not found!
Deletion of file "C:\WINDOWS\system32\kdvkf.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

File "C:\WINDOWS\system32\autochk.dll" deleted successfully.

Error: file "C:\WINDOWS\system\crsmrw.exe" not found!
Deletion of file "C:\WINDOWS\system\crsmrw.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Error: file "C:\WINDOWS\system32\wowfx.dll" not found!
Deletion of file "C:\WINDOWS\system32\wowfx.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Error: file "C:\WINDOWS\system32\wkscbe.dll" not found!
Deletion of file "C:\WINDOWS\system32\wkscbe.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Error: file "C:\WINDOWS\system32\pndsik.dll" not found!
Deletion of file "C:\WINDOWS\system32\pndsik.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Error: file "C:\WINDOWS\system32\msiebbar.dll" not found!
Deletion of file "C:\WINDOWS\system32\msiebbar.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Folder "C:\Program Files\Viewpoint" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

Re: Malwarebytes not woorking lots of other problems26th January 2009, 5:34 pm

Hello.
We need to use these next three tools to clear this up, so take your time here and post all 3 logs that are asked for at the bottom of this post.

Please download and run this tool.

Download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

Post the contents of the MBAM Log.
====

Please download Deljob.exe and save it on your desktop.
Doubleclick Deljob.exe.

A log, (logit.txt) should open afterwards. This log will be present on your desktop. Please paste the contents of this log file in your next reply.
====

Please download DDS by sUBs to your Desktop (Important!!) from one of these locations:
Link 1
Link 2
Link 3
Double click DDS.scr to run
When complete, DDS.txt will open.
Click No for Optional Scan.
Save the report to your Desktop.
Copy and paste DDS.txt back here, I don't need to see attach.txt.

Please post:
1. MBAM log
2. Deljob log
3. DDS .txt log

Re: Malwarebytes not woorking lots of other problems26th January 2009, 6:03 pm

Malwarebytes' Anti-Malware 1.33
Database version: 1695
Windows 5.1.2600 Service Pack 2

1/26/2009 12:59:35 PM
mbam-log-2009-01-26 (12-59-35).txt

Scan type: Full Scan (C:\|)
Objects scanned: 55274
Time elapsed: 49 minute(s), 31 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 12
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\fccddbab (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1037b06c-84b7-4240-8d80-485810a0497d} (Adware.Mirar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{54b287f9-fd90-4457-b65e-cb91560c021d} (Adware.Mirar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{6e4c7afc-9915-4036-b7f9-8b3f1710788f} (Adware.Mirar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9a9c9b68-f908-4aab-8d0c-10ea8997f37e} (Adware.Mirar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{566dede9-9ed8-45da-9be6-9b2eeab17f49} (Adware.Mirar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9a9c9b68-f908-4aab-8d0c-10ea8997f37e} (Adware.Mirar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9a9c9b69-f908-4aab-8d0c-10ea8997f37e} (Adware.Mirar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8a0dcbda-6e20-489c-9041-c1e8a0352e75} (Adware.Mirar) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{9a9c9b68-f908-4aab-8d0c-10ea8997f37e} (Adware.Mirar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\fccddbab.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ansrdbwo.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\owbdrsna.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.

Re: Malwarebytes not woorking lots of other problems26th January 2009, 6:04 pm

--------------------------------------------------------
Backups created in C:\deljob

BBF371E084A4EEF4.job
--------------------------------------------------------
Files in Windows Tasks folder

AppleSoftwareUpdate.job
At1.job
At10.job
At11.job
At12.job
At13.job
At14.job
At15.job
At16.job
At17.job
At18.job
At19.job
At2.job
At20.job
At21.job
At22.job
At23.job
At24.job
At25.job
At26.job
At27.job
At28.job
At29.job
At3.job
At30.job
At31.job
At32.job
At33.job
At34.job
At35.job
At36.job
At37.job
At38.job
At39.job
At4.job
At40.job
At41.job
At42.job
At43.job
At44.job
At45.job
At46.job
At47.job
At48.job
At5.job
At6.job
At7.job
At8.job
At9.job
qukvpfvi.job
Symantec NetDetect.job
--------------------------------------------------------
Export App Data folders
--------------------------------------------------------
Volume in drive C has no label.
Volume Serial Number is 6893-56EF

Directory of C:\Documents and Settings\Owner\Application Data

01/25/2009 04:26 PM .
01/25/2009 04:26 PM ..
05/16/2005 02:14 AM BITTOR~1 .bittorrent
09/22/2008 06:49 PM Acreon
06/25/2008 09:31 PM Adobe
06/20/2008 07:21 PM AdobeUM
05/15/2005 10:16 PM Aim
01/03/2003 08:41 AM AOL
12/26/2008 01:47 PM APPLEC~1 Apple Computer
03/19/2008 10:30 AM ATI
12/04/2008 09:27 AM AVGTOO~1 AVGTOOLBAR
11/24/2008 11:29 AM AVS4YOU
07/29/2008 04:50 PM Azureus
02/25/2006 08:43 AM BIKESE~1 Bike Second Jump
01/25/2009 07:09 PM cogad
01/03/2003 08:59 AM CYBERL~1 CyberLink
01/05/2009 07:12 PM DivX
08/29/2006 08:06 AM EFAXME~1 eFax Messenger
01/06/2008 08:30 PM FaxCtr
07/29/2005 09:36 PM fltk.org
11/18/2005 01:59 AM Fujitsu
11/18/2005 12:52 PM Google
02/25/2006 08:43 AM GREYSO~1 Grey software corn
06/10/2005 02:39 PM Help
01/03/2003 07:57 AM IDENTI~1 Identities
07/24/2008 08:56 PM IGN_DLM
01/06/2007 05:31 PM INSTAL~1 InstallShield
06/10/2008 12:56 AM Lavasoft
12/20/2006 10:04 AM LEADER~1 Leadertech
01/04/2008 10:33 AM LEXMAR~1 Lexmark Productivity Studio
01/26/2009 07:31 AM LimeWire
05/27/2005 07:20 PM MACROM~1 Macromedia
12/03/2008 07:14 AM MALWAR~1 Malwarebytes
11/20/2005 12:32 PM MEDIAP~1 Media Player Classic
01/05/2009 09:31 PM MICROS~1 Microsoft
01/09/2009 06:39 PM mIRC
08/27/2007 08:02 AM Motive
07/16/2008 11:17 PM Mozilla
05/23/2005 06:22 PM MSN6
05/27/2005 03:36 PM mtph
11/22/2008 12:31 AM Real
08/28/2006 12:13 PM Roxio
03/26/2006 02:14 PM Shareaza
01/03/2003 08:44 AM Sun
01/03/2003 08:42 AM Symantec
09/15/2006 07:29 PM SYSTEM~1 System Requirements Lab
08/30/2005 04:33 PM Talkback
11/22/2005 06:32 PM TEAMSP~1 teamspeak2
12/06/2008 06:29 PM Ventrilo
01/29/2008 04:46 PM Verizon
06/15/2007 02:14 AM VIEWPO~1 Viewpoint
08/22/2008 12:01 PM VOL_TO~1 vol_toolbar
06/10/2007 05:02 PM Vso
11/25/2008 12:46 PM XILISO~1 Xilisoft Corporation
12/31/2007 12:50 AM Yahoo!
05/25/2005 04:29 PM YAHOO!~1 Yahoo! Messenger
01/03/2003 08:27 AM YOU'VE~1 You've Got Pictures Screensaver
07/15/2008 08:38 PM SSEMBL~1 ?ssembly
0 File(s) 0 bytes
58 Dir(s) 66,302,013,440 bytes free
Volume in drive C has no label.
Volume Serial Number is 6893-56EF

Directory of C:\Documents and Settings\All Users\Application Data

01/25/2009 09:20 PM .
01/25/2009 09:20 PM ..
09/19/2007 12:11 PM Adobe
08/01/2005 02:30 PM AOL
01/14/2007 12:48 AM AOLDOW~1 AOL Downloads
12/25/2008 01:37 PM Apple
12/25/2008 01:40 PM APPLEC~1 Apple Computer
03/19/2008 10:30 AM ATI
12/01/2008 06:01 PM avg8
07/16/2008 11:07 PM AVS4YOU
10/14/2008 10:18 PM Blizzard
01/25/2009 09:20 PM CRUCIA~1 CrucialSoft Ltd
01/03/2003 08:41 AM CYBERL~1 CyberLink
08/27/2007 08:03 AM EXETEN~1 Exetender
01/04/2008 10:23 AM FaxCtr
10/08/2006 10:31 PM INSTAL~1 InstallShield
07/16/2008 08:55 PM Lavasoft
12/03/2008 07:13 AM MALWAR~1 Malwarebytes
01/26/2009 11:11 AM McAfee.com
11/22/2008 12:37 AM MICROS~1 Microsoft
12/24/2008 03:33 AM MICROS~2 Microsoft Help
09/01/2007 08:24 AM Motive
05/23/2005 06:22 PM MSN6
01/26/2009 11:13 AM Napster
09/26/2005 04:15 PM NVIEW_~1 nView_Profiles
11/01/2007 04:43 PM Outspark
02/25/2006 08:43 AM POLLSL~1 poll slow 16 pop
01/05/2008 10:20 AM PopCap
01/03/2003 08:27 AM PURENE~1 Pure Networks
10/21/2005 02:43 AM QUICKT~1 QuickTime
11/02/2008 01:34 PM SPYBOT~1 Spybot - Search & Destroy
01/06/2009 01:47 PM STARZE~1 StarzEntertainment
05/14/2005 04:51 PM Support.com
06/09/2008 03:41 PM SUPPOR~1 SupportSoft
02/25/2006 02:02 AM Symantec
01/25/2009 04:25 PM TEMP
05/01/2007 11:39 AM Trymedia
01/29/2008 04:46 PM Verizon
11/05/2008 09:25 PM VIEWPO~1 Viewpoint
09/08/2005 12:08 AM WINDOW~1 Windows Genuine Advantage
12/15/2006 08:46 PM yahoo!
06/27/2008 10:41 AM YAHOO!~1 Yahoo! Companion
12/25/2008 01:43 PM {3276B~1 {3276BE95_AF08_429F_A64F_CA64CB79BCF6}
0 File(s) 0 bytes
43 Dir(s) 66,302,013,440 bytes free
--------------------------------------------------------
All User Accounts
--------------------------------------------------------
Administrator
All Users
Owner
Own?Z
--------------------------------------------------------

Re: Malwarebytes not woorking lots of other problems26th January 2009, 6:06 pm

DDS (Ver_09-01-19.01) - NTFSx86
Run by Owner at 13:03:14.96 on Mon 01/26/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1023.226 [GMT -5:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\WINDOWS\system32\sstray.exe
C:\WINDOWS\zHotkey.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Verizon\McciTrayApp.exe
C:\Program Files\Java\jre1.5.0_02\bin\jucheck.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\StarzPlay\StarzPlayTray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\AIM\aim.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Curse\CurseClient.exe
C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\XFXGameController\XFXController.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\SYSTEM32\NOTEPAD.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\Owner\Desktop\Firefox Downloads\dds.scr

============== Pseudo HJT Report ===============

uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uStart Page = hxxp://wapp.verizon.net/bookmarks/bmredir.asp?region=all&bw=fiber&cd=7.0unattached&bm=ho_central
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
mWinlogon: SFCDisable=4 (0x4)
BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn2\yt.dll
BHO: {0298AEE5-3901-4A46-A412-81FA26DDAB5E} - No File
BHO: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark toolbar\toolband.dll
BHO: {107F5F94-CE58-4C19-9FB1-12FF710C0294} - No File
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll
BHO: {626af04d-6b7d-40af-ad58-f91d4ef5d624} - No File
BHO: {64F5CCCC-B4D0-4974-BAF5-26012642DB5A} - No File
BHO: {7fccbe08-eed5-43ba-a1bc-d9d02a7571cf} - c:\windows\system32\iifdaxxW.dll
BHO: {8F56E2EB-3016-4318-B0C3-803ACAC3680B} - No File
BHO: {91D2A2A9-AB77-4E59-84FB-B3FA5FA4FC6A} - No File
BHO: {9C28EAFB-FF50-4F42-8D39-A006129CC907} - No File
BHO: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
BHO: {A23AB01D-21DA-2B06-F734-71A296EF43C8} - No File
BHO: {A5769113-36EB-4C78-A828-9C244E37020B} - No File
BHO: {A96EE14A-77D9-7D5C-FF34-71A296EE4F9F} - No File
BHO: {C2C868DA-186B-4ABB-B9CE-9385583ECCF3} - No File
BHO: {f9ff0c27-38da-4955-9a1f-edfaecf14b47} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn2\yt.dll
TB: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark toolbar\toolband.dll
TB: Veoh Browser Plug-in: {d0943516-5076-4020-a3b5-aefaf26ab263} - c:\program files\veoh networks\veoh\plugins\reg\VeohToolbar.dll
TB: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
TB: Veoh Web Player Video Finder: {0fbb9689-d3d7-4f7a-a2e2-585b10099bfc} - c:\program files\veoh networks\veohwebplayer\VeohIEToolbar.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar2.dll
TB: AOLToolBand Class: {de9c389f-3316-41a7-809b-aa305ed9d922} - c:\program files\aol toolbar 2.0\aoltb.dll
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [Yahoo! Pager] "c:\progra~1\yahoo!\messen~1\YAHOOM~1.EXE" -quiet
uRun: [LogitechSoftwareUpdate] "c:\program files\logitech\video\ManifestEngine.exe" boot
uRun: [Jhoos] "c:\progra~1\jhoos\Jhoos.exe" -minimize
uRun: [igndlm.exe] c:\program files\ign\download manager\DLM.exe /windowsstart /startifwork
uRun: [AIM] c:\program files\aim\aim.exe -cnetwait.odl
uRun: [Steam] c:\program files\steam\Steam.exe -silent
uRun: [updateMgr] "c:\program files\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [IMC] c:\program files\friendfinder\friendfinder messenger 40\imc.exe
uRun: [Veoh] "c:\program files\veoh networks\veoh\VeohClient.exe" /VeohHide
uRun: []
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [CurseClient] c:\program files\curse\CurseClient.exe -silent
uRun: [VeohPlugin] "c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe"
mRun: [AOLDialer] c:\program files\common files\aol\acs\AOLDial.exe
mRun: [AOL Spyware Protection] "c:\progra~1\common~1\aol\aolspy~1\AOLSP Scheduler.exe"
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [nForce Tray Options] sstray.exe /r
mRun: []
mRun: [CHotkey] zHotkey.exe
mRun: [SunKistEM] c:\program files\digital media reader\shwiconem.exe
mRun: [tgcmd] "c:\program files\support.com\bin\tgcmd.exe" /server
mRun: [PS1] c:\windows\system32\ps1.exe
mRun: [DAEMON Tools-1033] "c:\program files\d-tools\daemon.exe" -lang 1033
mRun: [Microsoft Works Update Detection] c:\program files\common files\microsoft shared\works shared\WkUFind.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [LVCOMSX] c:\windows\system32\LVCOMSX.EXE
mRun: [LogitechVideoRepair] c:\program files\logitech\video\ISStart.exe
mRun: [LogitechVideoTray] c:\program files\logitech\video\LogiTray.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [SunJavaUpdateSched] c:\program files\java\jre1.5.0_02\bin\jusched.exe
mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [Verizon_McciTrayApp] c:\program files\verizon\McciTrayApp.exe
mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\cli.exe" runtime -Delay
mRun: [Zune Launcher] "c:\program files\zune\ZuneLauncher.exe"
mRun: [VirusScan Online] c:\program files\mcafee.com\vso\mcvsshld.exe
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [ShowWnd] ShowWnd.exe
mRun: [FaxCenterServer] "c:\program files\lexmark fax solutions\fm3032.exe" /s
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe"
mRun: [ATICustomerCare] "c:\program files\ati\aticustomercare\ATICustomerCare.exe"
mRun: [TkBellExe] "realsched.exe" -osboot
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [StarzTray] c:\program files\starzplay\StarzPlayTray.exe
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\owner\startm~1\programs\startup\neverw~1.lnk - c:\neverwinternights\nwn\ereg\ATR1.EXE
StartupFolder: c:\docume~1\owner\startm~1\programs\startup\xfxgam~1.lnk - c:\docume~1\owner\applic~1\microsoft\installer\{c843a6e6-5b4e-4f36-9f1a-10187070d3da}\XFXController.exe1_C843A6E65B4E4F369F1A10187070D3DA.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\bigfix.lnk - c:\program files\bigfix\BigFix.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE
IE: {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe
IE: {B7707A72-4355-11D4-82BD-00000EBBEF8D} - c:\program files\atlas v11\Atlscript.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {08B0E5C0-4FCB-11CF-AAA5-00401C608501}
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: {01113300-3E00-11D2-8470-0060089874ED} - hxxps://activatemyfios.verizon.net/sdcCommon/download/FIOS/Verizon%20FiOS%20Installer.cab
DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - hxxps://support.microsoft.com/OAS/ActiveX/MSDcode.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab
DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - c:\program files\yahoo!\common\yinsthelper.dll
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1116113423578
DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} - hxxp://www.acclaim.com/cabs/acclaim_v4.cab
DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} -
DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243}
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - hxxp://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab
DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} - hxxp://games.myspace.com/Gameshell/GameHost/1.0/OberonGameHost.cab
Filter: text/html - {0341ee03-fb8c-4535-90b0-5285fc7a544d} -
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\window~4\MpShHook.dll
SEH: {9C28EAFB-FF50-4F42-8D39-A006129CC907} - No File
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, wowfx.dll, xlibgfl254.dll, digeste.dll
LSA: Authentication Packages = msv1_0 c:\windows\system32\iifdaxxW

Re: Malwarebytes not woorking lots of other problems26th January 2009, 6:06 pm

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\xyf0yr0t.default\
FF - prefs.js: browser.startup.homepage - hxxp://wapp.verizon.net/bookmarks/bmredir.asp?region=all&bw=fiber&cd=7.0unattached&bm=ho_central
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - component: c:\program files\avg\avg8\toolbarff\components\vmAVGConnector.dll
FF - plugin: c:\progra~1\yahoo!\common\npyaxmpb.dll
FF - plugin: c:\program files\ign\download manager\npfpdlm.dll
FF - plugin: c:\program files\java\jre1.5.0_02\bin\NPJava11.dll
FF - plugin: c:\program files\java\jre1.5.0_02\bin\NPJava12.dll
FF - plugin: c:\program files\java\jre1.5.0_02\bin\NPJava13.dll
FF - plugin: c:\program files\java\jre1.5.0_02\bin\NPJava14.dll
FF - plugin: c:\program files\java\jre1.5.0_02\bin\NPJava32.dll
FF - plugin: c:\program files\java\jre1.5.0_02\bin\NPJPI150_02.dll
FF - plugin: c:\program files\java\jre1.5.0_02\bin\NPOJI610.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\veoh networks\veoh\plugins\noreg\NPVeohVersion.dll
FF - plugin: c:\program files\veoh networks\veohwebplayer\NPVeohTVPlugin.dll
FF - plugin: c:\program files\veoh networks\veohwebplayer\npWebPlayerVideoPluginATL.dll

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-12-1 97928]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-12-1 26824]
R3 QCEmerald;Logitech QuickCam Web;c:\windows\system32\drivers\OVCE.sys [2005-7-16 31872]
R4 aawservice;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\aawservice.exe [2008-5-12 611664]
R4 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2008-12-1 875288]
R4 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2008-12-1 231704]
R4 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-12-1 76040]
S3 Ndisprot;ArcNet NDIS Protocol Driver;c:\windows\system32\drivers\ndisprot.sys [2008-11-22 27904]
S4 Viewpoint Manager Service;Viewpoint Manager Service;"c:\program files\viewpoint\common\viewpointservice.exe" --> c:\program files\viewpoint\common\ViewpointService.exe [?]
S4 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]

=============== Created Last 30 ================

2009-01-26 13:02 --d----- C:\deljob
2009-01-25 21:21 21,504 a--sh--- c:\documents and settings\owner\protect.dll
2009-01-25 21:20 --d----- c:\docume~1\alluse~1\applic~1\CrucialSoft Ltd
2009-01-25 21:20 143 a------- c:\windows\system32\mcrh.tmp
2009-01-25 21:20 36,352 a------- c:\windows\system32\nnnLcaBT.dll
2009-01-25 18:44 129,024 a------- c:\windows\system32\vjalbjsr.dll
2009-01-25 18:41 461,003 a--sh--- c:\windows\system32\Wxxadfii.ini2
2009-01-25 18:41 461,003 a--sh--- c:\windows\system32\Wxxadfii.ini
2009-01-25 15:07 2,207 a------- c:\windows\system32\TDSSfpmp.dll
2009-01-25 15:07 31,232 a------- c:\windows\system32\TDSSriqp.dll
2009-01-25 15:07 29,696 a------- c:\windows\system32\TDSSnrsr.dll
2009-01-25 15:07 441 a------- c:\windows\system32\TDSSosvn.dat
2009-01-25 15:05 35,840 a------- c:\windows\system32\TDSSoiqh.dll
2009-01-25 15:03 60,416 a------- c:\windows\system32\drivers\TDSSpqxt.sys
2009-01-25 15:03 --d----- c:\docume~1\owner\applic~1\cogad
2009-01-25 15:02 23,552 a------- c:\windows\system32\wpv351232895756.cpx
2009-01-25 15:02 20,480 a------- c:\windows\system32\~.exe
2009-01-06 13:47 --d----- c:\docume~1\alluse~1\applic~1\StarzEntertainment
2009-01-06 13:47 --d----- c:\program files\StarzPlay
2008-12-29 18:07 --d----- c:\temp\REX81

==================== Find3M ====================

2009-01-14 16:11 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-14 16:11 15,504 a------- c:\windows\system32\drivers\mbam.sys
2008-12-12 11:18 87,336 a------- c:\windows\system32\dns-sd.exe
2008-12-12 11:11 61,440 a------- c:\windows\system32\dnssd.dll
2008-12-11 06:57 333,184 a------- c:\windows\system32\drivers\srv.sys
2008-12-01 18:02 76,040 a------- c:\windows\system32\drivers\avgtdix.sys
2008-12-01 18:02 10,520 a------- c:\windows\system32\avgrsstx.dll
2008-12-01 18:02 97,928 a------- c:\windows\system32\drivers\avgldx86.sys
2008-11-22 09:18 3,086,336 a------- c:\windows\system32\flvvideo.dll
2008-11-14 15:53 12,247 a------- c:\program files\common files\ofaw.dat
2008-11-14 15:53 19,178 a------- c:\docume~1\alluse~1\applic~1\jubo.dat
2008-11-14 15:53 14,234 a------- c:\program files\common files\qobefu.bin
2008-11-14 15:53 11,951 a------- c:\program files\common files\nazynypil.dat
2008-11-14 13:31 13,424 a------- c:\docume~1\owner\applic~1\arobu.dat
2008-11-14 13:31 13,281 a------- c:\program files\common files\alex._sy
2008-11-14 13:31 12,985 a------- c:\program files\common files\faze.dl
2008-11-14 13:31 10,501 a------- c:\program files\common files\tyjid._dl
2008-10-28 17:36 823,296 a------- c:\windows\system32\divx_xx0c.dll
2008-10-28 17:36 823,296 a------- c:\windows\system32\divx_xx07.dll
2008-10-28 17:35 815,104 a------- c:\windows\system32\divx_xx0a.dll
2008-10-28 17:35 802,816 a------- c:\windows\system32\divx_xx11.dll
2008-10-28 17:35 684,032 a------- c:\windows\system32\DivX.dll
2008-07-29 17:07 23 a------- c:\documents and settings\owner\jagex_runescape_preferences.dat
2007-08-04 19:27 51,185,123 a------- c:\documents and settings\owner\WoW-2.1.3.6898-to-0.2.0.6932-enUS-patch.exe
2007-04-30 21:51 221,149,222 a------- c:\documents and settings\owner\WoW-2.0.12.6546-to-0.1.0.6577-enUS-patch.exe
2006-08-09 14:36 81,920 a------- c:\docume~1\owner\applic~1\ezpinst.exe
2006-08-09 14:36 47,360 a------- c:\docume~1\owner\applic~1\pcouffin.sys
2005-11-14 12:51 0 a------- c:\docume~1\owner\applic~1\wklnhst.dat
2006-02-23 04:27 441,672 ac-sh--- c:\windows\$ntuninstallkb893086$\ksatofni.bak1
2006-02-25 08:29 448,798 -c-sh--- c:\windows\$ntuninstallkb893086$\ksatofni.bak2
2006-02-25 09:25 449,364 -c-sh--- c:\windows\$ntuninstallkb893086$\ksatofni.ini2
2008-06-15 08:15 684,967 a--sh--- c:\windows\system32\BcdLVvut.ini2
2008-06-10 18:50 747,773 a--sh--- c:\windows\system32\CMloonmp.ini2
2008-07-14 10:02 734,854 a--sh--- c:\windows\system32\nXEddMoq.ini2
2008-06-27 18:52 664,338 a--sh--- c:\windows\system32\tDJRqBeg.ini2
2007-11-21 12:19 439,957 a--sh--- c:\windows\system32\wvvwa.ini2
2008-07-17 00:35 885,831 a--sh--- c:\windows\system32\xGPVxGgh.ini2
2008-09-14 09:18 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008091420080915\index.dat

============= FINISH: 13:04:12.28 ===============

Re: Malwarebytes not woorking lots of other problems26th January 2009, 6:41 pm

Hello.

Now open a new notepad file.
Input this into the notepad file:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SecurityProviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
Save this as fix.reg, save it to your desktop.
Double click fix.reg to run it.
Select yes to the registry merge prompt.

Please download the OTMoveIt3 by OldTimer.

Save it to your desktop.
Please disable your local AV (Anti-virus) by right clicking it's icon in the tray, and exit it.
Please double-click OTMoveIt3.exe to run it.
Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

:services
Viewpoint Manager Service
Ndisprot

:files
C:\WINDOWS\Tasks\At*.job
C:\WINDOWS\Tasks\qukvpfvi.job
C:\Documents and Settings\Owner\Application Data\poll slow 16 pop
C:\deljob
c:\windows\system32\drivers\ndisprot.sys
c:\documents and settings\owner\protect.dll
c:\windows\system32\mcrh.tmp
c:\windows\system32\nnnLcaBT.dll
c:\windows\system32\vjalbjsr.dll
c:\windows\system32\Wxxadfii.ini2
c:\windows\system32\Wxxadfii.ini
c:\windows\system32\TDSSfpmp.dll
c:\windows\system32\TDSSriqp.dll
c:\windows\system32\TDSSnrsr.dll
c:\windows\system32\TDSSosvn.dat
c:\windows\system32\TDSSoiqh.dll
c:\windows\system32\drivers\TDSSpqxt.sys
c:\windows\system32\wpv351232895756.cpx
c:\windows\system32\~.exe
c:\windows\system32\BcdLVvut.ini2
c:\windows\system32\CMloonmp.ini2
c:\windows\system32\nXEddMoq.ini2
c:\windows\system32\tDJRqBeg.ini2
c:\windows\system32\wvvwa.ini2
c:\windows\system32\xGPVxGgh.ini2
c:\program files\common files\ofaw.dat
c:\docume~1\alluse~1\applic~1\jubo.dat
c:\program files\common files\qobefu.bin
c:\program files\common files\nazynypil.dat
c:\docume~1\owner\applic~1\arobu.dat
c:\program files\common files\alex._sy
c:\program files\common files\faze.dl
c:\program files\common files\tyjid._dl

:reg
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"=hex(7):"msv1_0"

:commands
[purity]
[emptytemp]
[reboot]
Return to OTMoveIt3, right click in the "Paste instructions for items to be Moved" window (under the light blue bar) and choose Paste.
Click the red Moveit! button.
Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
Close OTMoveIt3

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Please post the OTMoveIt log.

Re: Malwarebytes not woorking lots of other problems27th January 2009, 3:35 am

========== SERVICES/DRIVERS ==========
Unable to stop service Viewpoint Manager Service .
Unable to stop service Ndisprot .
========== FILES ==========
File/Folder C:\WINDOWS\Tasks\At*.job not found.
File/Folder C:\WINDOWS\Tasks\qukvpfvi.job not found.
File/Folder C:\Documents and Settings\Owner\Application Data\poll slow 16 pop not found.
File/Folder C:\deljob not found.
File/Folder c:\windows\system32\drivers\ndisprot.sys not found.
File/Folder c:\documents and settings\owner\protect.dll not found.
File/Folder c:\windows\system32\mcrh.tmp not found.
File/Folder c:\windows\system32\nnnLcaBT.dll not found.
File/Folder c:\windows\system32\vjalbjsr.dll not found.
File/Folder c:\windows\system32\Wxxadfii.ini2 not found.
File/Folder c:\windows\system32\Wxxadfii.ini not found.
File/Folder c:\windows\system32\TDSSfpmp.dll not found.
File/Folder c:\windows\system32\TDSSriqp.dll not found.
File/Folder c:\windows\system32\TDSSnrsr.dll not found.
File/Folder c:\windows\system32\TDSSosvn.dat not found.
File/Folder c:\windows\system32\TDSSoiqh.dll not found.
File/Folder c:\windows\system32\drivers\TDSSpqxt.sys not found.
File/Folder c:\windows\system32\wpv351232895756.cpx not found.
File/Folder c:\windows\system32\~.exe not found.
File/Folder c:\windows\system32\BcdLVvut.ini2 not found.
File/Folder c:\windows\system32\CMloonmp.ini2 not found.
File/Folder c:\windows\system32\nXEddMoq.ini2 not found.
File/Folder c:\windows\system32\tDJRqBeg.ini2 not found.
File/Folder c:\windows\system32\wvvwa.ini2 not found.
File/Folder c:\windows\system32\xGPVxGgh.ini2 not found.
File/Folder c:\program files\common files\ofaw.dat not found.
File/Folder c:\docume~1\alluse~1\applic~1\jubo.dat not found.
File/Folder c:\program files\common files\qobefu.bin not found.
File/Folder c:\program files\common files\nazynypil.dat not found.
File/Folder c:\docume~1\owner\applic~1\arobu.dat not found.
File/Folder c:\program files\common files\alex._sy not found.
File/Folder c:\program files\common files\faze.dl not found.
File/Folder c:\program files\common files\tyjid._dl not found.
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\\"Authentication Packages"|hex(7):"msv1_0" /E : value set successfully!
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\Owner\LOCALS~1\Temp\Perflib_Perfdata_e14.dat scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Owner\LOCALS~1\Temp\~DF73CB.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Windows Temp folder emptied.
Java cache emptied.
FireFox cache emptied.
Temp folders emptied.

OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 01262009_222719

Re: Malwarebytes not woorking lots of other problems27th January 2009, 5:45 pm

Hmm.
Post a new DDS log please.

Re: Malwarebytes not woorking lots of other problems28th January 2009, 7:59 pm

DDS (Ver_09-01-19.01) - NTFSx86
Run by Owner at 14:55:04.89 on Wed 01/28/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1023.416 [GMT -5:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\WINDOWS\system32\sstray.exe
C:\WINDOWS\zHotkey.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Java\jre1.5.0_02\bin\jucheck.exe
C:\Program Files\Verizon\McciTrayApp.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\AIM\aim.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Curse\CurseClient.exe
C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\XFXGameController\XFXController.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Ventrilo\Ventrilo.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Owner\Desktop\Firefox Downloads\dds.scr

============== Pseudo HJT Report ===============

uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uStart Page = hxxp://wapp.verizon.net/bookmarks/bmredir.asp?region=all&bw=fiber&cd=7.0unattached&bm=ho_central
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
mWinlogon: SFCDisable=4 (0x4)
BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn2\yt.dll
BHO: {0298AEE5-3901-4A46-A412-81FA26DDAB5E} - No File
BHO: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark toolbar\toolband.dll
BHO: {107F5F94-CE58-4C19-9FB1-12FF710C0294} - No File
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll
BHO: {626af04d-6b7d-40af-ad58-f91d4ef5d624} - No File
BHO: {64F5CCCC-B4D0-4974-BAF5-26012642DB5A} - No File
BHO: {7fccbe08-eed5-43ba-a1bc-d9d02a7571cf} - c:\windows\system32\iifdaxxW.dll
BHO: {8F56E2EB-3016-4318-B0C3-803ACAC3680B} - No File
BHO: {91D2A2A9-AB77-4E59-84FB-B3FA5FA4FC6A} - No File
BHO: {9C28EAFB-FF50-4F42-8D39-A006129CC907} - No File
BHO: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
BHO: {A23AB01D-21DA-2B06-F734-71A296EF43C8} - No File
BHO: {A5769113-36EB-4C78-A828-9C244E37020B} - No File
BHO: {A96EE14A-77D9-7D5C-FF34-71A296EE4F9F} - No File
BHO: {C2C868DA-186B-4ABB-B9CE-9385583ECCF3} - No File
BHO: {f9ff0c27-38da-4955-9a1f-edfaecf14b47} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn2\yt.dll
TB: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark toolbar\toolband.dll
TB: Veoh Browser Plug-in: {d0943516-5076-4020-a3b5-aefaf26ab263} - c:\program files\veoh networks\veoh\plugins\reg\VeohToolbar.dll
TB: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
TB: Veoh Web Player Video Finder: {0fbb9689-d3d7-4f7a-a2e2-585b10099bfc} - c:\program files\veoh networks\veohwebplayer\VeohIEToolbar.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar2.dll
TB: AOLToolBand Class: {de9c389f-3316-41a7-809b-aa305ed9d922} - c:\program files\aol toolbar 2.0\aoltb.dll
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [Yahoo! Pager] "c:\progra~1\yahoo!\messen~1\YAHOOM~1.EXE" -quiet
uRun: [LogitechSoftwareUpdate] "c:\program files\logitech\video\ManifestEngine.exe" boot
uRun: [Jhoos] "c:\progra~1\jhoos\Jhoos.exe" -minimize
uRun: [igndlm.exe] c:\program files\ign\download manager\DLM.exe /windowsstart /startifwork
uRun: [AIM] c:\program files\aim\aim.exe -cnetwait.odl
uRun: [Steam] c:\program files\steam\Steam.exe -silent
uRun: [updateMgr] "c:\program files\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [IMC] c:\program files\friendfinder\friendfinder messenger 40\imc.exe
uRun: [Veoh] "c:\program files\veoh networks\veoh\VeohClient.exe" /VeohHide
uRun: []
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [CurseClient] c:\program files\curse\CurseClient.exe -silent
uRun: [VeohPlugin] "c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe"
mRun: [AOLDialer] c:\program files\common files\aol\acs\AOLDial.exe
mRun: [AOL Spyware Protection] "c:\progra~1\common~1\aol\aolspy~1\AOLSP Scheduler.exe"
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [nForce Tray Options] sstray.exe /r
mRun: []
mRun: [CHotkey] zHotkey.exe
mRun: [SunKistEM] c:\program files\digital media reader\shwiconem.exe
mRun: [tgcmd] "c:\program files\support.com\bin\tgcmd.exe" /server
mRun: [PS1] c:\windows\system32\ps1.exe
mRun: [DAEMON Tools-1033] "c:\program files\d-tools\daemon.exe" -lang 1033
mRun: [Microsoft Works Update Detection] c:\program files\common files\microsoft shared\works shared\WkUFind.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [LVCOMSX] c:\windows\system32\LVCOMSX.EXE
mRun: [LogitechVideoRepair] c:\program files\logitech\video\ISStart.exe
mRun: [LogitechVideoTray] c:\program files\logitech\video\LogiTray.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [SunJavaUpdateSched] c:\program files\java\jre1.5.0_02\bin\jusched.exe
mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [Verizon_McciTrayApp] c:\program files\verizon\McciTrayApp.exe
mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\cli.exe" runtime -Delay
mRun: [Zune Launcher] "c:\program files\zune\ZuneLauncher.exe"
mRun: [VirusScan Online] c:\program files\mcafee.com\vso\mcvsshld.exe
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [ShowWnd] ShowWnd.exe
mRun: [FaxCenterServer] "c:\program files\lexmark fax solutions\fm3032.exe" /s
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe"
mRun: [ATICustomerCare] "c:\program files\ati\aticustomercare\ATICustomerCare.exe"
mRun: [TkBellExe] "realsched.exe" -osboot
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [StarzTray] c:\program files\starzplay\StarzPlayTray.exe
mRun: [autochk] rundll32.exe c:\windows\system32\autochk.dll,_IWMPEvents@16
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
mRunOnce: [OTMoveIt] c:\documents and settings\owner\desktop\firefox downloads\OTMoveIt3.exe
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\documents and settings\owner\start menu\programs\startup\ChkDisk.dll
StartupFolder: c:\docume~1\owner\startm~1\programs\startup\chkdisk.lnk - c:\windows\system32\rundll32.exe
StartupFolder: c:\docume~1\owner\startm~1\programs\startup\neverw~1.lnk - c:\neverwinternights\nwn\ereg\ATR1.EXE
StartupFolder: c:\docume~1\owner\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\docume~1\owner\startm~1\programs\startup\xfxgam~1.lnk - c:\docume~1\owner\applic~1\microsoft\installer\{c843a6e6-5b4e-4f36-9f1a-10187070d3da}\XFXController.exe1_C843A6E65B4E4F369F1A10187070D3DA.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\bigfix.lnk - c:\program files\bigfix\BigFix.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE
IE: {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe
IE: {B7707A72-4355-11D4-82BD-00000EBBEF8D} - c:\program files\atlas v11\Atlscript.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {08B0E5C0-4FCB-11CF-AAA5-00401C608501}
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: {01113300-3E00-11D2-8470-0060089874ED} - hxxps://activatemyfios.verizon.net/sdcCommon/download/FIOS/Verizon%20FiOS%20Installer.cab
DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - hxxps://support.microsoft.com/OAS/ActiveX/MSDcode.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab
DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - c:\program files\yahoo!\common\yinsthelper.dll
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1116113423578
DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} - hxxp://www.acclaim.com/cabs/acclaim_v4.cab
DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} -
DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243}
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - hxxp://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab
DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} - hxxp://games.myspace.com/Gameshell/GameHost/1.0/OberonGameHost.cab
Filter: text/html - {0341ee03-fb8c-4535-90b0-5285fc7a544d} -
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\window~4\MpShHook.dll
SEH: {9C28EAFB-FF50-4F42-8D39-A006129CC907} - No File
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, wowfx.dll, xlibgfl254.dll, digeste.dll

Re: Malwarebytes not woorking lots of other problems28th January 2009, 8:00 pm

Re: Malwarebytes not woorking lots of other problems28th January 2009, 8:42 pm

I notice that you have Spybot's TeaTimer running. While this is normally a wonderful tool to protect against hijackers, it can also interfere with our fixes. So please disable TeaTimer by doing the following:
1) Run Spybot-S&D
2) Go to the Mode menu, and make sure "Advanced Mode" is selected
3) On the left hand side, choose Tools -> Resident
4) Uncheck "Resident TeaTimer" and OK any prompts
You can reenable TeaTimer once your system is clean.

Please make sure Teatimer is disable before we do this, otherwise this fix will fail.

Now open a new notepad file.
Input this into the notepad file:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SecurityProviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"autochk"=-
Save this as fix.reg, save it to your desktop.
Double click fix.reg to run it.
Select yes to the registry merge prompt.

How is the machine now?

Re: Malwarebytes not woorking lots of other problems29th January 2009, 8:43 am

Everythings runnin alot better now no problems thx

Re: Malwarebytes not woorking lots of other problems29th January 2009, 2:32 pm

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.
Updating Java:

Download the latest version of Java SE Runtime Environment (JRE) 6 Update 11.
Select the first option where it says "Java SE Runtime Environment (JRE) 6 Update 11".
Click the "Download" button to the right.
In the Window that opens, select your platform and language, check the "agree" box, and click Continue.
Click on the link to download Windows Offline Installation and save to your desktop.
Close any programs you may have running - especially your web browser.
Go to Start > Control Panel double-click on Add or Remove Programs and remove all older versions of Java.
Check any item with Java Runtime Environment (JRE or J2SE) in the name.
- Examples of older versions in Add or Remove Programs:
- Java 2 Runtime Environment, SE v1.4.2
- J2SE Runtime Environment 5.0
- J2SE Runtime Environment 5.0 Update 2
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each Java versions.
Reboot your computer once all Java components are removed.
Then from your desktop double-click on jre-6u11-windows-i586-p.exe that you downloaded to install the newest version.

Please make sure the new version of Java is installed before you run JavaRa.

Please download JavaRa from here

First, unzip it.
Then run JavaRa.
Select English from the drop down menu and press Select.
This will open JavaRa.
Press Remove older versions
Press yes to the prompt.
It will make a log file of what it's removed.
Copy and paste the log back here.

Re: Malwarebytes not woorking lots of other problems9th May 2009, 10:00 am

Since this issue has been addressed, a "solved" tag will be added and this topic will be closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter.

Everyone else, please open a new topic for your questions.

............................................................................................
Please be a GeekPolice fan on Facebook!

Malwarebytes not woorking lots of other problems Lambo-11

Have we helped you? Help us! | Doctor by day, ninja by night.

Re: Malwarebytes not woorking lots of other problems9th May 2009, 10:00 am

............................................................................................
Please be a GeekPolice fan on Facebook!

Malwarebytes not woorking lots of other problems Lambo-11

Have we helped you? Help us! | Doctor by day, ninja by night.

Malwarebytes not woorking lots of other problems

descriptionMalwarebytes not woorking lots of other problems26th January 2009, 12:49 pm

descriptionRe: Malwarebytes not woorking lots of other problems26th January 2009, 12:50 pm

descriptionRe: Malwarebytes not woorking lots of other problems26th January 2009, 12:51 pm

descriptionRe: Malwarebytes not woorking lots of other problems26th January 2009, 2:51 pm

descriptionRe: Malwarebytes not woorking lots of other problems26th January 2009, 5:12 pm

descriptionRe: Malwarebytes not woorking lots of other problems26th January 2009, 5:34 pm

descriptionRe: Malwarebytes not woorking lots of other problems26th January 2009, 6:03 pm

descriptionRe: Malwarebytes not woorking lots of other problems26th January 2009, 6:04 pm

descriptionRe: Malwarebytes not woorking lots of other problems26th January 2009, 6:06 pm

descriptionRe: Malwarebytes not woorking lots of other problems26th January 2009, 6:06 pm

descriptionRe: Malwarebytes not woorking lots of other problems26th January 2009, 6:41 pm

descriptionRe: Malwarebytes not woorking lots of other problems27th January 2009, 3:35 am

descriptionRe: Malwarebytes not woorking lots of other problems27th January 2009, 5:45 pm

descriptionRe: Malwarebytes not woorking lots of other problems28th January 2009, 7:59 pm

descriptionRe: Malwarebytes not woorking lots of other problems28th January 2009, 8:00 pm

descriptionRe: Malwarebytes not woorking lots of other problems28th January 2009, 8:42 pm

descriptionRe: Malwarebytes not woorking lots of other problems29th January 2009, 8:43 am

descriptionRe: Malwarebytes not woorking lots of other problems29th January 2009, 2:32 pm

descriptionRe: Malwarebytes not woorking lots of other problems9th May 2009, 10:00 am

descriptionRe: Malwarebytes not woorking lots of other problems9th May 2009, 10:00 am

descriptionRe: Malwarebytes not woorking lots of other problems