Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 91813 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

[Resolved] Malwarebytes Crashes, hijackthis log checkup


  • This topic is locked This topic is locked
30 replies to this topic

#16 inzanity

inzanity

    ♠♠lost♠♠

  • Malware Team
  • 2,340 posts

Posted 14 October 2009 - 11:20 PM

Let's try ESET,

Please run this free online virus scanner from ESET
  • Note: You will need to use Internet explorer for this scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Scan unwanted applications is checked
  • Click Scan
  • Wait for the scan to finish
  • Use notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

Proud graduate of WTT Classroom


The help we provide here is free, however, if you wish to donate, you can do so here: http://www.whatthetech.com/donate/

ASAP and UNITE member

________________________________________________


!

    Advertisements

Register to Remove


#17 lichking21st

lichking21st

    Authentic Member

  • Authentic Member
  • PipPip
  • 89 posts

Posted 15 October 2009 - 10:54 PM

ESETSmartInstaller@High as CAB hook log: OnlineScanner.cab - delete file error:The process cannot access the file because it is being used by another process. OnlineScanner.ocx - registred OK # version=6 # iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339) # OnlineScanner.ocx=1.0.0.6050 # api_version=3.0.2 # EOSSerial=e5cd46ebbe7cda4aa640d7696bfcefea # end=finished # remove_checked=true # archives_checked=true # unwanted_checked=true # unsafe_checked=true # antistealth_checked=true # utc_time=2009-10-16 04:48:06 # local_time=2009-10-16 05:48:06 (+1200, New Zealand Daylight Time) # country="New Zealand" # lang=9 # osver=6.0.6002 NT Service Pack 2 # compatibility_mode=769 61 100 100 43593902000 # compatibility_mode=5889 61 66 100 547862738874595 # scanned=177027 # found=2 # cleaned=2 # scan_time=3733 A:\Not installable games\Fable\Trainers\FableTrn.exe probably a variant of Win32/Spy.Agent trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C A:\Random Software\CheatEngine55\{app}\dbk32.sys Win32/HackTool.CheatEngine application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
No Comment is a comment...

To mess up a Linux box, you need to work at it; to mess up your Windows box, you just need to work on it

#18 inzanity

inzanity

    ♠♠lost♠♠

  • Malware Team
  • 2,340 posts

Posted 15 October 2009 - 11:34 PM

Hi, Please run another DDS scan for me please. Also, please describe in detail anymore problems you are having with your computer. Thank you.

Proud graduate of WTT Classroom


The help we provide here is free, however, if you wish to donate, you can do so here: http://www.whatthetech.com/donate/

ASAP and UNITE member

________________________________________________


!


#19 lichking21st

lichking21st

    Authentic Member

  • Authentic Member
  • PipPip
  • 89 posts

Posted 16 October 2009 - 10:52 PM

Ok Windows Defender was deactivated but i cannot uninstall it (came with vista) It isn't there on the processes list or services DDS (Ver_09-10-13.01) - NTFSx86 Run by OEM at 17:43:51.32 on Sat 17/10/2009 Internet Explorer: 8.0.6001.18828 BrowserJavaVersion: 1.6.0_16 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.64.1033.18.3326.1702 [GMT 13:00] SP: Spybot - Search and Destroy *enabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9} SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} ============== Running Processes =============== C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k rpcss C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\SLsvc.exe C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\atieclxx.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\taskeng.exe C:\Windows\system32\svchost.exe -k apphost C:\Windows\system32\inetsrv\inetinfo.exe C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe C:\Program Files\McAfee\SiteAdvisor\McSACore.exe C:\Program Files\Common Files\Motive\McciCMService.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Windows\system32\rundll32.exe C:\Windows\system32\mqsvc.exe C:\Windows\system32\taskeng.exe C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\IoctlSvc.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\PSIService.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\system32\svchost.exe -k iissvcs C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE A:\Program Files\Portable Apps\PortableApps\PortableApps.com\PortableAppsPlatform.exe C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Alwil Software\Avast4\ashDisp.exe C:\Windows\vsnpstd.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\ATI Technologies\HydraVision\HydraGrd.exe C:\Program Files\ATI Technologies\HydraVision\HydraMD.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files\ATI Technologies\HydraVision\HydraDM.exe C:\Windows\ehome\ehtray.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Windows\system32\mqtgsvc.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\ATnotes\ATnotes.exe C:\Program Files\DAP\DAP.EXE C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Program Files\DAEMON Tools Lite\daemon.exe C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\ViGlance\ViGlance.exe C:\Program Files\Windows Live\Contacts\wlcomm.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\system32\SearchIndexer.exe C:\program files\Mozilla Firefox\firefox.exe C:\Users\OEM\AppData\Roaming\CBS Interactive\CNET TechTracker\TechTracker.exe C:\Windows\System32\svchost.exe -k swprv A:\Fixes\dds.pif C:\Windows\system32\DllHost.exe C:\Windows\system32\conime.exe C:\Windows\system32\wbem\wmiprvse.exe ============== Pseudo HJT Report =============== uSearch Page = uStart Page = hxxp://www.dvdcopyrip.com uSearch Bar = mWindow Title = Your a sucker if you like IE mSearchAssistant = uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll BHO: Octh Class: {000123b4-9b42-4900-b3f7-f4b073efc214} - c:\program files\orbitdownloader\orbitcth.dll BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: DAPIELoader Class: {ff6c3cf0-4b15-11d1-abed-709549c10000} - c:\progra~1\dap\DAPIEL~1.DLL TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll TB: Grab Pro: {c55bbcd6-41ad-48ad-9953-3609c48eacc7} - c:\program files\orbitdownloader\GrabPro.dll uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe uRun: [Grid] "c:\program files\ati technologies\hydravision\HydraGrd.exe" uRun: [HydraVisionMDEngine] "c:\program files\ati technologies\hydravision\HydraMD.exe" uRun: [HydraVisionDesktopManager] "c:\program files\ati technologies\hydravision\HydraDM.exe" uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun mRun: [RtHDVCpl] RtHDVCpl.exe mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe mRun: [snpstd] c:\windows\vsnpstd.exe mRun: [StartupDelayer] "c:\program files\r2 studios\startup delayer\Startup Launcher GUI.exe" mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript StartupFolder: c:\users\oem\appdata\roaming\micros~1\windows\startm~1\programs\startup\cnette~1.lnk - c:\users\oem\appdata\roaming\cbs interactive\cnet techtracker\TechTracker.exe mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0) mPolicies-system: EnableLUA = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: &Clean Traces - c:\program files\dap\privacy package\dapcleanerie.htm IE: &Download by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/201 IE: &Download with &DAP - c:\program files\dap\dapextie.htm IE: &Grab video by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/204 IE: &Save Flash In This Page by Flash Saver - c:\progra~1\flashs~1\save.htm IE: Do&wnload selected by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/203 IE: Down&load all by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/202 IE: Download &all with DAP - c:\program files\dap\dapextie2.htm IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000 IE: {09EA1F80-F40A-11D1-B792-444553540001} - c:\progra~1\flashs~1\save.htm IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} - hxxp://download.gigabyte.com.tw/object/Dldrv.ocx DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll ================= FIREFOX =================== FF - ProfilePath - c:\users\oem\appdata\roaming\mozilla\firefox\profiles\u888yq2a.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.windowsxlive.net/ FF - prefs.js: keyword.URL - hxxp://search.speedbit.com/searchresults.asp?src=default&q= FF - component: c:\program files\dap\dapfirefox\components\DAPFireFox.dll FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll FF - component: c:\users\oem\appdata\roaming\mozilla\firefox\profiles\u888yq2a.default\extensions\bluepojo@gmail.com\components\dwmxpcom.dll FF - component: c:\users\oem\appdata\roaming\mozilla\firefox\profiles\u888yq2a.default\extensions\piclens@cooliris.com\components\coolirisstub.dll FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll FF - plugin: c:\program files\google\update\1.2.183.7\npGoogleOneClick8.dll FF - plugin: c:\program files\microsoft\office live\npOLW.dll FF - plugin: c:\program files\opera 10 beta\program\plugins\NPOFFICE.DLL FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll FF - plugin: c:\users\oem\appdata\roaming\mozilla\firefox\profiles\u888yq2a.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp071303000006.dll FF - plugin: c:\users\oem\appdata\roaming\mozilla\firefox\profiles\u888yq2a.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll FF - plugin: c:\users\oem\appdata\roaming\mozilla\firefox\profiles\u888yq2a.default\extensions\yyginstantplay@yoyogames.com\plugins\NPYYGInstantPlay.dll FF - plugin: c:\users\oem\appdata\roaming\mozilla\plugins\npcoolirisplugin.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\ FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} ---- FIREFOX POLICIES ---- FF - user.js: browser.cache.memory.capacity - 65536 FF - user.js: browser.chrome.favicons - fales FF - user.js: browser.display.show_image_placeholders - true FF - user.js: browser.turbo.enabled - true FF - user.js: browser.urlbar.autocomplete.enabled - true FF - user.js: browser.urlbar.autofill - true FF - user.js: content.interrupt.parsing - true FF - user.js: content.max.tokenizing.time - 2250000 FF - user.js: content.notify.backoffcount - 5 FF - user.js: content.notify.interval - 750000 FF - user.js: content.notify.ontimer - true FF - user.js: content.switch.threshold - 750000 FF - user.js: network.http.max-connections - 48 FF - user.js: network.http.max-connections-per-server - 16 FF - user.js: network.http.max-persistent-connections-per-proxy - 16 FF - user.js: network.http.max-persistent-connections-per-server - 8 FF - user.js: network.http.pipelining - true FF - user.js: network.http.pipelining.firstrequest - true FF - user.js: network.http.pipelining.maxrequests - 8 FF - user.js: network.http.proxy.pipelining - true FF - user.js: network.http.request.max-start-delay - 0 FF - user.js: nglayout.initialpaint.delay - 0 FF - user.js: plugin.expose_full_path - true FF - user.js: ui.submenuDelay - 0 ============= SERVICES / DRIVERS =============== R0 hotcore3;hc3ServiceName;c:\windows\system32\drivers\hotcore3.sys [2009-10-10 40560] R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-9-13 114768] R1 StarPortLite;StarPort Storage Controller (Lite);c:\windows\system32\drivers\StarPortLite.sys [2009-4-19 95592] R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-7-3 176128] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-9-13 20560] R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2009-9-13 53328] R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2009-6-19 92296] R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0;c:\program files\common files\nero\nero backitup 4\NBService.exe [2009-7-20 935208] R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2009-4-16 1153368] R2 wlidsvc;Windows Live ID Sign-in Assistant;c:\program files\common files\microsoft shared\windows live\WLIDSVC.EXE [2009-3-30 1533808] R3 AtiHdmiService;ATI Function Driver for HDMI Service;c:\windows\system32\drivers\AtiHdmi.sys [2009-6-5 97808] S2 gupdate1c9be63ae08ecb0;Google Update Service (gupdate1c9be63ae08ecb0);c:\program files\google\update\GoogleUpdate.exe [2009-4-16 133104] S2 NeroRegInCDSrv;Nero Registry InCD Service;c:\program files\nero\nero 7\incd\nbhregincdsrv.exe --> c:\program files\nero\nero 7\incd\NBHRegInCDSrv.exe [?] S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2009-9-15 9728] S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2009-9-15 3072] S3 getPlus® Helper;getPlus® Helper;c:\program files\nos\bin\getPlus_HelperSvc.exe [2009-4-17 33176] S3 MsDepSvc;Web Deployment Agent Service;c:\program files\iis\microsoft web deploy\MsDepSvc.exe [2009-9-9 55176] S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?] S3 tap0901;TAP-Win32 Adapter V9;c:\windows\system32\drivers\tap0901.sys [2009-7-23 28592] =============== Created Last 30 ================ 2009-10-17 16:10 <DIR> -cd----- c:\users\oem\appdata\roaming\CBS Interactive 2009-10-16 16:41 <DIR> -cd----- c:\program files\ESET 2009-10-15 16:24 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys 2009-10-15 16:24 19,160 a------- c:\windows\system32\drivers\mbam.sys 2009-10-15 16:24 <DIR> -cd----- c:\program files\Malwarebytes' Anti-Malware 2009-10-15 16:18 <DIR> -cd----- c:\program files\ViGlance 2009-10-14 17:45 218,624 a------- c:\windows\system32\msv1_0.dll 2009-10-14 17:43 604,672 a------- c:\windows\system32\WMSPDMOD.DLL 2009-10-11 16:13 742,220 a------- c:\windows\system32\xvidcore.dll 2009-10-11 16:13 139,264 a------- c:\windows\system32\xvidvfw.dll 2009-10-11 16:13 53,248 a------- c:\windows\system32\xvid.ax 2009-10-10 14:33 <DIR> --d----- c:\programdata\Paragon 2009-10-10 14:33 <DIR> --d----- c:\progra~2\Paragon 2009-10-10 14:10 40,560 a------- c:\windows\system32\drivers\hotcore3.sys 2009-10-09 19:43 <DIR> -cd----- c:\users\oem\appdata\roaming\Malwarebytes 2009-10-09 19:43 <DIR> --d----- c:\programdata\Malwarebytes 2009-10-09 19:43 <DIR> --d----- c:\progra~2\Malwarebytes 2009-10-08 15:25 4,254,224 a------- c:\windows\system32\qtp-mt334.dll 2009-10-08 15:25 249,872 a------- c:\windows\system32\prgiso.dll 2009-10-06 16:44 2,421,760 a------- c:\windows\system32\wucltux.dll 2009-10-06 16:44 87,552 a------- c:\windows\system32\wudriver.dll 2009-10-06 16:44 171,608 a------- c:\windows\system32\wuwebv.dll 2009-10-06 16:44 33,792 a------- c:\windows\system32\wuapp.exe 2009-10-05 17:51 <DIR> -cd----- c:\users\oem\appdata\roaming\Autoplay Menu Designer 2009-10-03 13:28 183 a------- c:\windows\ws_io_ups_check.ini 2009-10-03 12:54 195,440 -------- c:\windows\system32\MpSigStub.exe 2009-10-01 15:48 25,280 a------- c:\windows\system32\drivers\hamachi.sys 2009-10-01 15:48 <DIR> -cd----- c:\program files\Hamachi 2009-10-01 14:10 108,336 a------- c:\windows\system32\MSWINSCK.OCX 2009-09-30 17:55 526,184 a------- c:\windows\system32\XceedCry.dll 2009-09-30 17:55 456,536 a------- c:\windows\system32\XCEEDZIP.DLL 2009-09-30 17:55 224,016 a------- c:\windows\system32\Tabctl32.ocx 2009-09-30 17:55 110,602 a------- c:\windows\system32\xcdsfx32.bin 2009-09-29 19:24 <DIR> -cd----- c:\program files\Sierra Online 2009-09-29 19:11 <DIR> -cd----- c:\users\oem\appdata\roaming\Switchball 2009-09-29 19:11 <DIR> --d----- c:\programdata\Trymedia 2009-09-29 19:11 <DIR> --d----- c:\progra~2\Trymedia 2009-09-28 19:26 <DIR> -cd----- c:\users\oem\appdata\roaming\IObit 2009-09-28 19:26 <DIR> -cd----- c:\program files\IObit 2009-09-28 18:28 <DIR> -cd----- c:\users\oem\appdata\roaming\FreeFLVConverter 2009-09-27 15:11 <DIR> -cd----- c:\program files\Lame for Audacity 2009-09-27 11:56 <DIR> -cd----- c:\program files\IIS 2009-09-27 11:54 4,637,520 a------- c:\windows\system32\xpsrchvw.exe 2009-09-27 11:54 856,064 a------- c:\windows\system32\XpsFilt.dll 2009-09-27 11:54 74,748 a------- c:\windows\system32\xpsrchvw.xml 2009-09-27 11:54 31,444 a------- c:\windows\system32\xpsrchvw.chm 2009-09-26 22:48 48 ac------ c:\users\oem\appdata\roaming\tigersetting.dll 2009-09-26 17:15 296,960 a------- c:\windows\winhlp32.exe 2009-09-26 17:15 194,560 a------- c:\windows\system32\ftsrch.dll 2009-09-26 17:15 9,728 a------- c:\windows\system32\ftlx041e.dll 2009-09-26 17:15 9,216 a------- c:\windows\system32\ftlx0411.dll 2009-09-26 17:08 906 a------- c:\windows\COCR2.INI 2009-09-26 15:59 172,032 a------- c:\windows\system32\AniGIF.ocx 2009-09-26 15:59 <DIR> -cd----- c:\program files\DAP 2009-09-25 18:43 <DIR> -cd----- c:\users\oem\appdata\roaming\Windows Live Writer 2009-09-25 15:47 701 ac------ c:\users\oem\appdata\roaming\init.dll 2009-09-25 15:47 701 ac------ c:\users\oem\appdata\roaming\sound.dll 2009-09-25 15:46 116,736 a------- c:\windows\system32\redmonnt.dll 2009-09-25 15:46 94,274 a------- c:\windows\system32\HPBHEALR.DLL 2009-09-25 15:46 58,368 a------- c:\windows\system32\HPDOMON.DLL 2009-09-25 15:46 53,248 a------- c:\windows\system32\HPBMMON.DLL 2009-09-25 15:46 <DIR> -cd----- c:\program files\qvPDF 2009-09-23 22:04 <DIR> -cd----- c:\program files\TSoft 2009-09-23 21:55 <DIR> --d----- c:\programdata\SSScanAppDataDir 2009-09-23 21:55 <DIR> --d----- c:\progra~2\SSScanAppDataDir 2009-09-23 21:55 <DIR> --d----- c:\programdata\MSScanAppDataDir 2009-09-23 21:55 <DIR> --d----- c:\progra~2\MSScanAppDataDir 2009-09-23 16:41 33,879 a------- c:\windows\system32\drivers\Capt905c.sys 2009-09-23 16:41 24,605 a------- c:\windows\system32\drivers\Camd905c.sys 2009-09-22 19:03 <DIR> -cd----- c:\program files\ATnotes 2009-09-21 13:06 <DIR> -cd----- c:\users\oem\appdata\roaming\Any DVD Converter Professional 2009-09-21 13:06 <DIR> -cd----- c:\program files\Any DVD Converter Professional 2009-09-21 13:03 <DIR> -cd----- c:\program files\common files\DVDVideoSoft 2009-09-20 15:44 <DIR> -cd----- c:\users\oem\appdata\roaming\vexorian 2009-09-20 09:26 <DIR> -cd----- c:\users\oem\appdata\roaming\Locktime 2009-09-20 09:25 <DIR> --d----- c:\programdata\Locktime 2009-09-20 09:25 <DIR> --d----- c:\progra~2\Locktime 2009-09-19 16:06 <DIR> -cd----- c:\users\oem\.freemind 2009-09-18 21:50 299,520 a------- c:\windows\uninst.exe 2009-09-17 20:06 <DIR> --d----- C:\tmp ==================== Find3M ==================== 2009-10-15 16:11 143,360 a------- c:\windows\inf\infstrng.dat 2009-10-15 16:11 51,200 a------- c:\windows\inf\infpub.dat 2009-10-15 16:11 86,016 a------- c:\windows\inf\infstor.dat 2009-09-25 16:41 315,392 a------- c:\windows\system32\TubeFinder.exe 2009-09-14 22:29 144,896 a------- c:\windows\system32\drivers\srv2.sys 2009-09-11 23:07 615,424 a------- c:\windows\system32\themeui.dll 2009-09-10 02:18 350,830 a------- c:\windows\system32\viwc.exe 2009-09-09 22:19 146,412 a------- c:\windows\system32\vilaunch.exe 2009-09-08 19:15 16,608 a------- c:\windows\gdrv.sys 2009-09-07 17:17 24,944 a------- c:\windows\system32\drivers\GVTDrv.sys 2009-09-05 00:41 60,928 a------- c:\windows\system32\msasn1.dll 2009-09-03 19:17 2,516 a--sh--- c:\windows\system32\KGyGaAvL.sys 2009-09-03 18:52 319,456 a------- c:\windows\DIFxAPI.dll 2009-09-03 18:52 319,488 a------- c:\windows\HideWin.exe 2009-08-29 15:30 173,056 a------- c:\windows\apppatch\AcXtrnal.dll 2009-08-29 15:30 458,752 a------- c:\windows\apppatch\AcSpecfc.dll 2009-08-29 15:30 2,159,616 a------- c:\windows\apppatch\AcGenral.dll 2009-08-29 15:30 542,720 a------- c:\windows\apppatch\AcLayers.dll 2009-08-29 13:27 4,240,384 a------- c:\windows\system32\GameUXLegacyGDFs.dll 2009-08-29 13:14 28,672 a------- c:\windows\system32\Apphlpdm.dll 2009-08-27 18:22 916,480 a------- c:\windows\system32\wininet.dll 2009-08-27 18:17 109,056 a------- c:\windows\system32\iesysprep.dll 2009-08-27 18:17 71,680 a------- c:\windows\system32\iesetup.dll 2009-08-27 16:42 133,632 a------- c:\windows\system32\ieUnatt.exe 2009-08-26 18:23 78,916 a------- c:\windows\War3Unin.dat 2009-08-15 23:14 411,368 a------- c:\windows\system32\deploytk.dll 2009-08-15 04:53 17,920 a------- c:\windows\system32\netevent.dll 2009-08-15 02:49 9,728 a------- c:\windows\system32\TCPSVCS.EXE 2009-08-15 02:49 17,920 a------- c:\windows\system32\ROUTE.EXE 2009-08-15 02:49 11,264 a------- c:\windows\system32\MRINFO.EXE 2009-08-15 02:49 27,136 a------- c:\windows\system32\NETSTAT.EXE 2009-08-15 02:49 19,968 a------- c:\windows\system32\ARP.EXE 2009-08-15 02:49 8,704 a------- c:\windows\system32\HOSTNAME.EXE 2009-08-15 02:49 10,240 a------- c:\windows\system32\finger.exe 2009-08-15 02:48 105,984 a------- c:\windows\system32\netiohlp.dll 2009-08-07 20:51 15,308,424 a------- c:\windows\system32\xlive.dll 2009-08-07 20:51 13,642,888 a------- c:\windows\system32\xlivefnt.dll 2009-08-05 01:34 3,600,456 a------- c:\windows\system32\ntkrnlpa.exe 2009-08-05 01:34 3,548,216 a------- c:\windows\system32\ntoskrnl.exe 2009-08-04 19:52 1,193,832 a------- c:\windows\system32\FM20.DLL 2009-07-26 17:44 48,448 a------- c:\windows\system32\sirenacm.dll 2009-06-29 22:52 14,347,640 ac------ c:\program files\TelecomHelpAssistant.exe 2009-05-27 20:37 665,600 a------- c:\windows\inf\drvindex.dat 2009-04-24 23:17 262,144 a------- c:\progra~2\NTUSER.dat 2008-01-21 15:43 174 a--sh--- c:\program files\desktop.ini 2006-11-03 01:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat 2006-11-03 01:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat 2006-11-03 01:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat 2006-11-03 01:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat 2006-11-02 22:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat 2006-11-02 22:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat 2006-11-02 22:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat 2006-11-02 22:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat 2009-06-30 14:10 245,760 a--sh--- c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\ietldcache\index.dat 2009-06-30 00:14 16,384 a--sh--- c:\windows\system32\%appdata%\microsoft\windows\ietldcache\index.dat ============= FINISH: 17:44:19.54 =============== i need to check whether malwarebytes is still crashing...

Attached Files


No Comment is a comment...

To mess up a Linux box, you need to work at it; to mess up your Windows box, you just need to work on it

#20 lichking21st

lichking21st

    Authentic Member

  • Authentic Member
  • PipPip
  • 89 posts

Posted 16 October 2009 - 11:04 PM

its still doing it :(

Attached Thumbnails

  • Untitled.jpg

No Comment is a comment...

To mess up a Linux box, you need to work at it; to mess up your Windows box, you just need to work on it

#21 inzanity

inzanity

    ♠♠lost♠♠

  • Malware Team
  • 2,340 posts

Posted 17 October 2009 - 08:40 PM

Hi,

That may be due to Windows Defender or Spybot conflicting with MBAM when being run at full scan. I suggest you uninstall Spybot as Windows Defender is part of your Vista.

If you are having any problems with Malwarebytes' Anti-Malware protection please do the following.
  • Uninstall Malwarebytes' Anti-Malware using Add/Remove programs in the control panel.
  • Restart your computer (very important).
  • Download and run this utility.
  • It will ask to restart your computer (please allow it to).
  • After the computer restarts, install the latest version from here.
Disable Windows Defender and Spybot's Tea Timer (if you haven't uninstalled it) before going for MBAM's full scan.

How to Disable your Security Programs

--Next--

Click to download the Norton Removal Tool from HERE and save it to your desktop. You will use it later.

You may want to copy this intructions first to Notepad.

Do the following:
  • Disconnect from the internet.
  • Click on Start > Control Panel and double click on Programs and Features.
  • Locate Norton Internet Security and click on the Uninstall button to uninstall it.
  • Close Control Panel when done.

--Next--

Right click Norton Removal Tool then choose Run as Administrator to run it.
  • Follow the on-screen instructions.
  • Your computer may be restarted more than once, and you may be asked to repeat some steps after the computer restarts.
When the tool has finished, reboot, if not prompted.

Proud graduate of WTT Classroom


The help we provide here is free, however, if you wish to donate, you can do so here: http://www.whatthetech.com/donate/

ASAP and UNITE member

________________________________________________


!


#22 lichking21st

lichking21st

    Authentic Member

  • Authentic Member
  • PipPip
  • 89 posts

Posted 18 October 2009 - 12:14 AM

All done.... malwarebytes is pass the 6 min mark, ill just wait until the..... and as i was typing guess what? FAIL... do you have any good ideas or should i pass it on to malwarebytes forum? Off topic: how well would you think my computer will do with win 7 and quad cores? :pepsi: :ph34r: :unsure:
No Comment is a comment...

To mess up a Linux box, you need to work at it; to mess up your Windows box, you just need to work on it

#23 inzanity

inzanity

    ♠♠lost♠♠

  • Malware Team
  • 2,340 posts

Posted 18 October 2009 - 05:07 PM

Hi, What exactly happened with MBAM? Are there any error codes? Can you upload an image again or describe in detail what happened? Thank you.

Proud graduate of WTT Classroom


The help we provide here is free, however, if you wish to donate, you can do so here: http://www.whatthetech.com/donate/

ASAP and UNITE member

________________________________________________


!


#24 lichking21st

lichking21st

    Authentic Member

  • Authentic Member
  • PipPip
  • 89 posts

Posted 18 October 2009 - 10:37 PM

Actually, ill video the whole screen using hypercam
No Comment is a comment...

To mess up a Linux box, you need to work at it; to mess up your Windows box, you just need to work on it

#25 lichking21st

lichking21st

    Authentic Member

  • Authentic Member
  • PipPip
  • 89 posts

Posted 19 October 2009 - 01:04 AM

Here is the video- you need to uncompress it first. Ive compressed it into RAR but it saids file type not allowed so I removed the extension amd chamged to .txt

Attached Files


No Comment is a comment...

To mess up a Linux box, you need to work at it; to mess up your Windows box, you just need to work on it

    Advertisements

Register to Remove


#26 inzanity

inzanity

    ♠♠lost♠♠

  • Malware Team
  • 2,340 posts

Posted 19 October 2009 - 05:07 PM

Hi,

Did you uninstall Spybot? If not, did you disable Tea Timer and Windows Defender before using MBAM?

Let's try this:

Open Windows Defender.
Go to Tools then Advance Options.
Add the following files to the exclusion list:
  • C:\WINDOWS\system32\drivers\mbam.sys
  • C:\WINDOWS\system32\drivers\mbamswissarmy.sys
  • C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
  • C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
  • C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

Disable Tea Timer if still there. Run MBAM.

And as for win 7 and quad cores. Sorry, can't help you with that. Don't even have any of them. :lol:

Proud graduate of WTT Classroom


The help we provide here is free, however, if you wish to donate, you can do so here: http://www.whatthetech.com/donate/

ASAP and UNITE member

________________________________________________


!


#27 lichking21st

lichking21st

    Authentic Member

  • Authentic Member
  • PipPip
  • 89 posts

Posted 19 October 2009 - 11:25 PM

I cannot access defender while it is turned off so I don't think it will do anything if i turn it on and add the MBAM files, then turn it back off
No Comment is a comment...

To mess up a Linux box, you need to work at it; to mess up your Windows box, you just need to work on it

#28 inzanity

inzanity

    ♠♠lost♠♠

  • Malware Team
  • 2,340 posts

Posted 20 October 2009 - 05:35 PM

Hi,

Since Windows Defender is currently turned off, maybe Avast is the one that's conflicting with your MBAM.

Please do the following:

For the Standard Shield provider (on-access scanning):
Left click the 'a' blue icon, click on the provider icon at left and then Customize.
Go to Advanced tab and click on Add button...

For the other providers (on-demand scanning such as the screen-saver or the Simple User Interface):
Right click the 'a' blue icon, click Program Settings.
Go to Exclusions tab and click on Add button...

Add the following:
  • C:\WINDOWS\system32\drivers\mbam.sys
  • C:\WINDOWS\system32\drivers\mbamswissarmy.sys
  • C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
  • C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
  • C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

Try it again, be sure to have Windows Defender disabled first.

Since your computer is clean, let's do a little clean up,

Please delete DDS, RootRepeal and all the logs we've created.

--Next--

To manually create a new Restore Point

  • Go to Control Panel and select System and Maintenance.
  • Select System.
  • On the left select Advance System Settings and accept the warning if you get one.
  • Select System Protection Tab.
  • Select Create at the bottom.
  • Type in a name i.e. Clean.
  • Select Create.

Now we can purge the infected ones

  • Go back to the System and Maintenance page.
  • Select Performance Information and Tools.
  • On the left select Open Disk Cleanup.
  • Select Files from all users and accept the warning if you get one.
  • In the drop down box select your main drive i.e. C
  • For a few moments the system will make some calculations
  • Select the More Options tab.
  • In the System Restore and Shadow Backups select Clean up.
  • Select Delete on the pop up.
  • Select OK.
  • Select Delete.
--Next--

To keep your operating system up to date visit

Here are some tips to reduce the potential for spyware infection in the future:

1. Make your Internet Explorer More Secure
  • From within Internet Explorer click on the Tools menu and then click on Options.
  • Click once on the Security tab.
  • Click once on the Internet icon so it becomes highlighted.
  • Click once on the Custom Level button.

    • Change the Download signed ActiveX controls to Prompt.
    • Change the Download unsigned ActiveX controls to Disable.
    • Change the Initialise and script ActiveX controls not marked as safe to Disable.
    • Change the Installation of desktop items to Prompt.
    • Change the Launching programs and files in an IFRAME to Prompt.
    • Change the Navigate sub-frames across different domains to Prompt.
    • When all these settings have been made, click on the OK button.
    • If it prompts you as to whether or not you want to save the settings, press the Yes button.
  • Next press the Apply button and then the OK to exit the Internet Properties page.
2. Update your Anti-Virus Software - I can not overemphasize the need for you to update your Anti-virus application on a regular basis. With the ever increasing number of new variants of malware arriving on the scene daily, you become very susceptible to an attack without updated protection.

3. Make sure you keep your Windows OS current by visiting Windows update regularly to download and install any critical updates and service packs. Without these you are leaving the back door open.

4. Consider a custom hosts file such as MVPS HOSTS. This custom hosts file effectively blocks a wide range of unwanted ads, banners, 3rd party Cookies, 3rd party page counters, web bugs, and many hijackers.
For information on how to download and install, please read this tutorial by WinHelp2002
Note: Be sure to follow the instructions to disable the DNS Client service before installing a custom hosts file.

5. Download and install the free version of WinPatrol. This program protects your computer in a variety of ways and will work well with your existing security software. Have a look at this tutorial to help you get started with the program.

6. SpywareBlaster - Download and install SpywareBlaster. This program prevents the installation of ActiveX-based spyware and other potentially unwanted programs.

7. SpywareGuard - Download and install SpywareGuard. This provides a real-time protection solution against spyware that is a great addition to SpywareBlaster's protection method.

8. Protect your computer from internet threats with SandboxIE. This program isolates Internet Explorer from the rest of your operating system, 'sandboxing' it away - so malicious websites can't do damage to the rest of your system. There is a Getting Started guide on their website.

9. And finally, please read these excellent articles:
Malware: Help prevent the Infection by Sandi Hardmeier,
Preventing Malware - Tools and Practices for Safe Computing

For more safe computing tips please read the guide by Rorschach112 on how to prevent malware and about safe computing here.



Goodluck, happy computing and stay clean! ^_^

Proud graduate of WTT Classroom


The help we provide here is free, however, if you wish to donate, you can do so here: http://www.whatthetech.com/donate/

ASAP and UNITE member

________________________________________________


!


#29 lichking21st

lichking21st

    Authentic Member

  • Authentic Member
  • PipPip
  • 89 posts

Posted 20 October 2009 - 11:53 PM

It still isn't working, at this point I think there is nothing to be done, maybe I will ask the Malwarebytes fourms Thanks!
No Comment is a comment...

To mess up a Linux box, you need to work at it; to mess up your Windows box, you just need to work on it

#30 inzanity

inzanity

    ♠♠lost♠♠

  • Malware Team
  • 2,340 posts

Posted 20 October 2009 - 11:55 PM

Hi, Sorry about this. Please do.

Proud graduate of WTT Classroom


The help we provide here is free, however, if you wish to donate, you can do so here: http://www.whatthetech.com/donate/

ASAP and UNITE member

________________________________________________


!

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users