GeekPolice
Would you like to react to this message? Create an account in a few clicks or log in to continue.

GeekPoliceLog in

 


Malwarebytes Closes after 2 seconds

2 posters

descriptionMalwarebytes Closes after 2 seconds EmptyMalwarebytes Closes after 2 seconds20th November 2009, 3:44 pm

more_horiz
Hi, im trying to run malwarebytes but it closes after 2 seconds. also when i tried to find resources on firefox that closed also, i ran avast antivirus, exterminate it anti spyware but neither found anything. Heres the hijackthis log:

Logfile of HijackThis v1.99.1
Scan saved at 10:36:22 AM, on 11/20/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\PCPitstop\PCPitstopScheduleService.exe
C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Brownie\BrstsWnd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Maxthon2\Maxthon.exe
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\M54HEPQ2\SystemLook[1].exe
C:\WINDOWS\notepad.exe
C:\WINDOWS\notepad.exe
C:\Documents and Settings\user\My Documents\utorrent\New Folder\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
O3 - Toolbar: Veoh Video Compass - {52836EB0-631A-47B1-94A6-61F9D9112DAE} - C:\Program Files\Veoh Networks\Veoh Video Compass\SearchRecsPlugin.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [BrStsWnd] C:\Program Files\Brownie\BrstsWnd.exe Autorun
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O11 - Options group: [INTERNATIONAL] International
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/betapit/PCPitStop.CAB
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/Optimize3/pcpitstop2.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{A12822CC-159C-41CF-BA28-11A533950B9E}: NameServer = 192.168.1.1
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: PCPitstop Scheduling - PC Pitstop LLC - C:\Program Files\PCPitstop\PCPitstopScheduleService.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk10\PDEngine.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

and also noticed that there was a toic about this and it said to do a search for a few .dll files

SystemLook v1.0 by jpshortstuff (29.08.09)
Log created at 10:25 on 20/11/2009 by user (Administrator - Elevation successful)

========== filefind ==========

Searching for "scecli.dll"
C:\i386\scecli.dll --a--- 180224 bytes [08:32 01/07/2006] [09:00 04/08/2004] 0F78E27F563F2AAF74B91A49E2ABF19A
C:\WINDOWS\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\scecli.dll --a--- 181248 bytes [23:47 13/03/2009] [00:12 14/04/2008] A86BB5E61BF3E39B62AB4C7E7085A084
C:\WINDOWS\system32\scecli.dll --a--- 180224 bytes [16:51 10/08/2004] [09:00 04/08/2004] 0F78E27F563F2AAF74B91A49E2ABF19A

Searching for "netlogon.dll"
C:\i386\netlogon.dll --a--- 407040 bytes [08:29 01/07/2006] [09:00 04/08/2004] 96353FCECBA774BB8DA74A1C6507015A
C:\WINDOWS\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\netlogon.dll --a--- 407040 bytes [23:47 13/03/2009] [00:12 14/04/2008] 1B7F071C51B77C272875C3A23E1E4550
C:\WINDOWS\system32\netlogon.dll --a--- 407040 bytes [16:51 10/08/2004] [09:00 04/08/2004] 96353FCECBA774BB8DA74A1C6507015A

Searching for "eventlog.dll"
C:\i386\eventlog.dll --a--- 55808 bytes [08:27 01/07/2006] [09:00 04/08/2004] 82B24CB70E5944E6E34662205A2A5B78
C:\WINDOWS\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\eventlog.dll --a--- 56320 bytes [23:45 13/03/2009] [00:11 14/04/2008] 6D4FEB43EE538FC5428CC7F0565AA656
C:\WINDOWS\system32\eventlog.dll --a--- 55808 bytes [16:51 10/08/2004] [09:00 04/08/2004] 82B24CB70E5944E6E34662205A2A5B78

Searching for "cngaudit.dll"
No files found.

-=End Of File=-

descriptionMalwarebytes Closes after 2 seconds EmptyRe: Malwarebytes Closes after 2 seconds20th November 2009, 5:14 pm

more_horiz
Hello.

  • Open HijackThis
  • Choose "Do a system scan only"
  • Check the boxes in front of these lines:


    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)


  • Press "Fix Checked"
  • Close Hijack This.

Please download and run this tool.

Download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

Post the contents of the MBAM Log.

descriptionMalwarebytes Closes after 2 seconds EmptyRe: Malwarebytes Closes after 2 seconds20th November 2009, 5:33 pm

more_horiz
I tried running malwarebytes again but again, it closed after 2 seconds after opening the program.

descriptionMalwarebytes Closes after 2 seconds EmptyRe: Malwarebytes Closes after 2 seconds20th November 2009, 7:47 pm

more_horiz
ran combofix also, still cant run malwarebytes and strangely google's search on firefox. Here's the log from combofix:

ComboFix 09-11-20.01 - user 11/20/2009 14:14.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.502.265 [GMT -5:00]
Running from: c:\documents and settings\user\Desktop\svchost.exe
AV: avast! antivirus 4.8.1335 [VPS 090812-0] *On-access scanning disabled* (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\user\Application Data\.#
c:\documents and settings\user\Application Data\.#\MBX@3370@A14170.###
c:\documents and settings\user\Application Data\.#\MBX@3370@A141A0.###
c:\documents and settings\user\Application Data\.#\MBX@3370@A141D0.###
c:\windows\system32\actejgoj.ini
c:\windows\system32\drivers\pciide.sys

.
((((((((((((((((((((((((( Files Created from 2009-10-20 to 2009-11-20 )))))))))))))))))))))))))))))))
.

2009-11-20 19:14 . 2004-08-04 02:59 95360 ----a-w- c:\windows\system32\drivers\atapi.sys
2009-11-20 19:14 . 2004-08-04 02:59 95360 ----a-w- c:\windows\system32\dllcache\atapi.sys
2009-11-20 05:07 . 2009-09-10 19:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-20 05:07 . 2009-11-20 19:04 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-20 05:07 . 2009-09-10 19:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-20 04:44 . 2009-11-20 05:27 -------- d-----w- c:\program files\Exterminate It!
2009-11-20 04:27 . 2009-11-20 04:27 -------- d-----w- c:\documents and settings\All Users\Application Data\IndigoRose
2009-11-20 04:27 . 2009-11-20 04:27 -------- d-----w- c:\program files\Setup Factory 8.0 Trial
2009-11-19 15:02 . 2009-11-19 15:02 -------- d-----w- c:\documents and settings\All Users\Application Data\EscapeTheMuseum2
2009-11-19 05:05 . 2009-11-19 05:05 -------- d-----w- c:\program files\Cybertek Games
2009-11-19 04:17 . 2009-11-20 19:08 -------- d-----w- c:\documents and settings\user\Application Data\MxBoost
2009-11-19 03:46 . 2009-11-20 05:05 -------- d-----w- c:\documents and settings\All Users\Application Data\PCPitstop
2009-11-15 00:23 . 2009-11-15 00:23 -------- d-----w- c:\program files\Brain Spa
2009-11-13 04:29 . 2009-11-13 17:23 -------- d-----w- c:\documents and settings\user\Application Data\ElementalsTheMagicKey
2009-11-13 03:43 . 2009-11-14 03:01 -------- d-----w- c:\program files\Elementals The Magic Key
2009-11-10 07:42 . 2009-11-10 07:42 -------- d-----w- c:\windows\Cooking Quest
2009-11-09 03:41 . 2009-11-09 03:41 -------- d-----w- c:\documents and settings\user\Local Settings\Application Data\Namco Networks
2009-11-08 17:59 . 2009-11-08 17:59 -------- d-----w- c:\windows\Arctic Quest 2
2009-11-08 17:59 . 2009-11-08 18:00 -------- d-----w- c:\program files\Arctic Quest 2
2009-11-08 17:59 . 2009-11-08 17:59 -------- d-----w- c:\windows\Arctic Quest
2009-11-08 17:59 . 2009-11-08 22:03 -------- d-----w- c:\program files\Arctic Quest
2009-11-08 17:46 . 2009-11-08 17:46 -------- d-----w- c:\windows\Tinseltown Dreams
2009-11-02 04:50 . 2009-11-02 05:24 -------- d-----w- c:\documents and settings\user\Application Data\SquareLogic
2009-11-02 03:02 . 2009-11-02 03:02 -------- d-----w- c:\documents and settings\user\Application Data\URSE Games
2009-11-02 02:33 . 2009-11-02 02:33 -------- d-----w- c:\windows\Wisegal
2009-11-02 02:27 . 2009-11-02 02:27 -------- d-----w- c:\program files\Avernum 5
2009-11-02 02:27 . 2009-11-02 02:27 -------- d-----w- c:\windows\Avernum 5
2009-11-02 00:32 . 2009-11-02 00:32 -------- d-----w- c:\windows\Everyday Genius - Square Logic
2009-11-02 00:32 . 2009-11-02 00:32 -------- d-----w- c:\program files\Everyday Genius - Square Logic
2009-10-26 02:56 . 2009-10-26 02:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Wrinkle-free Games
2009-10-25 23:19 . 2009-10-25 23:19 -------- d-----w- c:\program files\Picket Fences
2009-10-25 23:19 . 2009-10-25 23:19 -------- d-----w- c:\windows\Picket Fences
2009-10-24 18:32 . 2009-10-24 18:32 -------- d-----w- c:\documents and settings\user\Application Data\Dekovir
2009-10-23 18:16 . 2009-10-23 18:16 -------- d-----w- c:\windows\Hidden Magic
2009-10-23 18:16 . 2009-10-23 18:16 -------- d-----w- c:\program files\Hidden Magic

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-20 19:03 . 2009-03-13 01:48 3476 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2009-11-20 04:40 . 2007-05-24 22:57 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-11-20 04:38 . 2008-06-14 07:58 -------- d-----w- c:\program files\SpywareBlaster
2009-11-20 04:15 . 2006-07-11 18:04 -------- d-----w- c:\documents and settings\user\Application Data\uTorrent
2009-11-19 05:11 . 2008-10-28 01:47 -------- d-----w- c:\program files\Games
2009-11-19 04:17 . 2008-06-14 16:08 -------- d-----w- c:\program files\Maxthon2
2009-11-19 04:08 . 2006-10-04 05:38 -------- d-----w- c:\program files\Maxthon
2009-11-19 03:46 . 2006-11-13 06:17 -------- d-----w- c:\program files\PCPitstop
2009-11-18 03:48 . 2008-10-12 00:52 -------- d-----w- c:\documents and settings\user\Application Data\Skype
2009-11-18 02:27 . 2008-10-12 00:54 -------- d-----w- c:\documents and settings\user\Application Data\skypePM
2009-11-17 17:39 . 2008-11-27 16:46 -------- d-----w- c:\documents and settings\user\Application Data\Ubisoft
2009-11-15 03:24 . 2008-11-09 15:31 -------- d-----w- c:\documents and settings\user\Application Data\MysteryStudio
2009-11-14 19:58 . 2008-10-14 23:32 -------- d-----w- c:\documents and settings\All Users\Application Data\MumboJumbo
2009-11-14 04:55 . 2009-10-15 10:22 -------- d-----w- c:\program files\Agatha Christie - Death on the Nile
2009-11-14 04:53 . 2009-09-28 17:43 -------- d-----w- c:\program files\Kitchen Brigade
2009-11-14 04:50 . 2009-10-05 04:57 -------- d-----w- c:\program files\World of Zellians
2009-11-14 04:48 . 2009-10-04 02:14 -------- d-----w- c:\program files\Alawar Games
2009-11-14 04:45 . 2009-09-08 17:14 -------- d-----w- c:\program files\Encore
2009-11-14 04:43 . 2009-10-10 15:13 -------- d-----w- c:\program files\Hidden World of Art 2 - Undercover Art Agent
2009-11-14 03:01 . 2009-10-05 02:38 -------- d-----w- c:\program files\iWin
2009-11-14 02:58 . 2009-08-01 14:13 -------- d-----w- c:\program files\Bookworm Adventures Volume 2
2009-11-13 04:29 . 2006-06-25 16:08 40840 ----a-w- c:\documents and settings\user\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-11-08 18:00 . 2008-08-19 03:16 -------- d-----w- c:\documents and settings\All Users\Application Data\PlayFirst
2009-11-08 18:00 . 2008-08-15 03:37 -------- d-----w- c:\documents and settings\user\Application Data\PlayFirst
2009-11-08 04:12 . 2008-12-19 06:08 -------- d-----w- c:\documents and settings\user\Application Data\blg
2009-11-08 04:12 . 2008-12-19 06:08 -------- d-----w- c:\documents and settings\All Users\Application Data\blg
2009-11-05 07:04 . 2008-10-10 07:30 -------- d-----w- c:\documents and settings\user\Application Data\Hoyle
2009-11-02 07:03 . 2009-09-17 05:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Merscom
2009-11-02 07:03 . 2009-09-17 05:15 -------- d-----w- c:\documents and settings\user\Application Data\Merscom
2009-10-29 05:12 . 2008-05-22 17:18 177024 ----a-w- c:\documents and settings\user\Application Data\Mozilla\Firefox\Profiles\2isekvic.default\FlashGot.exe
2009-10-18 17:43 . 2009-10-18 17:43 -------- d-----w- c:\documents and settings\user\Application Data\FloodLightGames
2009-10-18 17:43 . 2009-10-18 17:43 -------- d-----w- c:\documents and settings\All Users\Application Data\FloodLightGames
2009-10-17 02:48 . 2008-11-13 07:25 -------- d-----w- c:\documents and settings\user\Application Data\Flood Light Games
2009-10-17 02:48 . 2008-11-13 07:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Flood Light Games
2009-10-16 07:20 . 2009-09-25 07:20 3695616 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AutoLaunch.exe
2009-10-16 07:20 . 2009-06-26 07:19 2353992 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
2009-10-15 10:48 . 2009-10-15 10:47 -------- d-----w- c:\program files\Zombie Bowl O Rama
2009-10-15 03:43 . 2009-10-15 03:43 -------- d-----w- c:\documents and settings\user\Application Data\pixelStorm
2009-10-14 04:44 . 2009-10-13 17:14 -------- d-----w- c:\documents and settings\user\Application Data\Millennium_Saves
2009-10-13 16:07 . 2009-10-13 16:07 -------- d-----w- c:\documents and settings\user\Application Data\Enki Games
2009-10-13 16:07 . 2009-10-13 16:06 -------- d-----w- c:\program files\ Millennium A New Hope
2009-10-12 03:44 . 2008-12-22 10:58 -------- d-----w- c:\documents and settings\user\Application Data\Meridian93
2009-10-12 02:43 . 2009-10-12 02:42 -------- d-----w- c:\documents and settings\user\Application Data\MissTeriTale3
2009-10-11 04:47 . 2009-10-10 15:12 -------- d-----w- c:\program files\Heros Tale - Enhanced Edition
2009-10-11 04:39 . 2009-10-11 04:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Islands
2009-10-10 15:16 . 2009-10-10 15:14 -------- d-----w- c:\program files\Route 66
2009-10-09 14:52 . 2008-08-12 04:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Alawar Stargaze
2009-10-09 04:44 . 2009-10-09 04:44 -------- d-----w- c:\documents and settings\user\Application Data\Alawar
2009-10-06 04:03 . 2009-10-06 04:03 -------- d-----w- c:\program files\Bigfish Games
2009-10-05 05:20 . 2009-07-25 03:52 -------- d-----w- c:\documents and settings\user\Application Data\GameInvest
2009-10-04 07:07 . 2008-10-10 07:41 -------- d-----w- c:\documents and settings\user\Application Data\Hoyle FaceCreator
2009-10-03 15:14 . 2009-10-03 15:14 -------- d-----w- c:\documents and settings\user\Application Data\casanova
2009-10-03 04:19 . 2009-07-16 23:15 -------- d-----w- c:\documents and settings\user\Application Data\ERS G-Studio
2009-10-03 03:26 . 2009-04-17 07:41 -------- d-----w- c:\documents and settings\user\Application Data\Playrix Entertainment
2009-10-03 00:35 . 2009-10-03 00:35 -------- d-----w- c:\documents and settings\user\Application Data\Magic Academy 2
2009-09-30 02:43 . 2009-09-30 02:43 -------- d-----w- c:\program files\Eeezee Products
2009-09-28 18:27 . 2009-09-28 18:27 -------- d-----w- c:\documents and settings\user\Application Data\Freezetag
2009-09-28 18:03 . 2009-09-25 19:08 -------- d-----w- c:\program files\theclumsys
2009-09-28 17:56 . 2009-09-28 17:15 -------- d-----w- c:\program files\Microsoft DirectX SDK (August 2009)
2009-09-26 20:01 . 2008-08-30 07:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Fugazo
2009-09-26 03:18 . 2008-11-15 04:50 -------- d-----w- c:\documents and settings\user\Application Data\Gogii Games
2009-09-26 03:18 . 2008-11-15 04:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Gogii Games
2009-09-26 03:07 . 2009-09-26 03:07 -------- d-----w- c:\documents and settings\All Users\Application Data\SOS
2009-09-26 02:23 . 2009-09-26 02:23 -------- d-----w- c:\documents and settings\user\Application Data\FlyWheelGames
2009-09-25 19:11 . 2009-09-25 19:11 -------- d-----w- c:\documents and settings\user\Application Data\Sudden Games LLC
2009-09-25 19:09 . 2009-09-25 19:09 -------- d-----w- c:\program files\Shade Tree Games
2009-09-25 19:05 . 2009-09-25 19:05 -------- d-----w- c:\program files\Sudden Games
2009-09-25 06:17 . 2009-09-25 06:17 -------- d-----w- c:\program files\TextTwist 2
2009-09-25 04:12 . 2008-06-09 02:00 -------- d-----w- c:\documents and settings\All Users\Application Data\JollyBear
2009-09-25 03:46 . 2009-09-24 16:15 -------- d-----w- c:\program files\Peggle Deluxe
2009-09-24 16:16 . 2009-09-24 16:16 -------- d-----w- c:\documents and settings\user\Application Data\TheScruffs
2009-09-22 18:19 . 2009-09-22 18:19 -------- d-----w- c:\documents and settings\user\Application Data\TikisLab
2009-09-22 16:28 . 2009-09-22 16:28 -------- d-----w- c:\documents and settings\All Users\Application Data\MythPeople
2009-09-22 16:15 . 2009-09-22 16:15 -------- d-----w- c:\program files\Womens Murder Club Twice in a Blue Moon
2009-09-22 16:08 . 2009-09-22 16:08 -------- d-----w- c:\program files\Once Upon a Time in Chicago
2009-09-18 03:55 . 2009-01-08 19:04 153600 ----a-w- c:\documents and settings\user\Application Data\yoclient\native\lwjgl.dll
2009-09-14 01:56 . 2009-09-14 01:45 12496 ----a-w- c:\windows\MSPuzzle.dat
2009-09-04 21:44 . 2009-09-27 00:47 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2009-09-04 21:44 . 2009-09-27 00:47 238936 ----a-w- c:\windows\system32\xactengine3_5.dll
2009-09-04 21:44 . 2009-09-27 00:47 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2009-09-04 21:29 . 2009-09-27 00:47 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2009-09-04 21:29 . 2009-09-27 00:47 235344 ----a-w- c:\windows\system32\d3dx11_42.dll
2009-09-04 21:29 . 2009-09-27 00:47 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2009-09-04 21:29 . 2009-09-27 00:47 5501792 ----a-w- c:\windows\system32\d3dcsx_42.dll
2009-09-04 21:29 . 2009-09-27 00:47 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2008-06-09 00:53 . 2008-06-09 00:53 0 ----a-w- c:\program files\temp01
2006-07-07 03:12 . 2006-06-25 16:08 88 --sh--r- c:\windows\system32\C1771F8A0F.sys
2006-08-17 16:37 . 2006-06-25 16:08 4184 --sha-w- c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"BrStsWnd"="c:\program files\Brownie\BrstsWnd.exe" [2007-08-01 815104]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-06-29 286720]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"WUAppSetup"="c:\program files\Common Files\logishrd\WUApp32.exe" [2007-02-03 430080]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *\0lsdelete

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^EPSON Status Monitor 3 Environment Check 2.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\EPSON Status Monitor 3 Environment Check 2.lnk
backup=c:\windows\pss\EPSON Status Monitor 3 Environment Check 2.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NETGEAR WG311v2 Smart Configuration.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\NETGEAR WG311v2 Smart Configuration.lnk
backup=c:\windows\pss\NETGEAR WG311v2 Smart Configuration.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^user^Start Menu^Programs^Startup^MagicDisc.lnk]
path=c:\documents and settings\user\Start Menu\Programs\Startup\MagicDisc.lnk
backup=c:\windows\pss\MagicDisc.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\700fc162
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\brastk

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"UMWdf"=2 (0x2)
"srservice"=2 (0x2)
"seclogon"=2 (0x2)
"mnmsrvc"=3 (0x3)
"Fax"=2 (0x2)
"EventSystem"=3 (0x3)
"Apple Mobile Device"=2 (0x2)
"iPod Service"=3 (0x3)
"ose"=3 (0x3)
"usnjsvc"=3 (0x3)
"JavaQuickStarterService"=2 (0x2)
"wscsvc"=2 (0x2)
"avast! Web Scanner"=3 (0x3)
"avast! Mail Scanner"=3 (0x3)
"Lavasoft Ad-Aware Service"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [6/26/2009 2:20 AM 64160]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [7/26/2006 2:21 AM 685816]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [3/30/2008 9:34 AM 114768]
R1 SSHDRV85;SSHDRV85;c:\windows\system32\drivers\SSHDRV85.sys [7/15/2006 7:39 PM 78848]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [3/30/2008 9:34 AM 20560]
R2 PCPitstop Scheduling;PCPitstop Scheduling;c:\program files\PCPitstop\PCPitstopScheduleService.exe [11/18/2009 10:46 PM 90352]
S3 TimeServ;Time Service;c:\windows\system32\timeserv.exe [3/11/2007 3:06 AM 141584]
S4 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [3/9/2009 2:06 PM 1028432]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - CLASSPNP_2
*Deregistered* - CLASSPNP_2
.
Contents of the 'Scheduled Tasks' folder

2009-11-20 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 07:20]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = about:blank
IE: Download All by FlashGet - c:\program files\FlashGet\jc_all.htm
IE: Download using FlashGet - c:\program files\FlashGet\jc_link.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Sothink SWF Catcher - c:\program files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
TCP: {A12822CC-159C-41CF-BA28-11A533950B9E} = 192.168.1.1
FF - ProfilePath - c:\documents and settings\user\Application Data\Mozilla\Firefox\Profiles\2isekvic.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - about:blank
FF - plugin: c:\program files\Mozilla Firefox\plugins\npitunes.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll
.
- - - - ORPHANS REMOVED - - - -

AddRemove-Murder, She Wrote 1.00 - c:\program files\Games\Murder



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-20 14:28
Windows 5.1.2600 Service Pack 2 NTFS

scanning hȋdden processes ...

scanning hȋdden autostart entries ...

scanning hȋdden files ...

scan completed successfully
hȋdden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x82D681E8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf84f9fc3
\Driver\ACPI -> ACPI.sys @ 0xf828acb8
\Driver\atapi -> 0x82d681e8
IoDeviceObjectType -> ParseProcedure -> ntkrnlpa.exe @ 0x80581684
\Device\Harddisk0\DR0 -> ParseProcedure -> ntkrnlpa.exe @ 0x80581684
NDIS: Intel(R) PRO/100 VE Network Connection -> SendCompleteHandler -> NDIS.sys @ 0xf8138ba0
PacketIndicateHandler -> NDIS.sys @ 0xf8145b21
SendHandler -> NDIS.sys @ 0xf812387b
Warning: possible MBR rootkit infection !
user & kernel MBR OK

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(876)
c:\windows\system32\wininet.dll

- - - - - - - > 'explorer.exe'(2180)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Raxco\PerfectDisk10\PDAgent.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-11-20 14:36 - machine was rebooted
ComboFix-quarantined-files.txt 2009-11-20 19:36

Pre-Run: 11,775,574,016 bytes free
Post-Run: 11,885,559,808 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

Current=2 Default=2 Failed=3 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 4B2D748D5822C57527B0A4A65619C228

descriptionMalwarebytes Closes after 2 seconds EmptyRe: Malwarebytes Closes after 2 seconds21st November 2009, 1:14 am

more_horiz
Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /u

Malwarebytes Closes after 2 seconds CF_Cleanup

This will also reset your restore points.

How is the machine running now?

descriptionMalwarebytes Closes after 2 seconds EmptyRe: Malwarebytes Closes after 2 seconds

more_horiz
privacy_tip Permissions in this forum:
You cannot reply to topics in this forum