Malwarebytes doesnt open

[bandj61508]

i started doing the 8 steps and when i got to step 4 it saved to my computer but it wont open. you see the hour glass but nothing ever happens.. so i went to step 5 to see what happened there and same thing. step 6 worked but step 7 did the same thing. all these icons are on my desktop but they wont open... i dont think i did anything wrong.. i tried uninstalling and installing them again and same problems over and over again.. please help me im so lost.

 

[ComputerGuy55]

Hey, I had the same type of issue on a computer today. Easy fix I find is to go to the folder where Malwarebytes opens (ex. C:\Program Files\Malwarebytes) then find the mbam.exe and just rename it to anything other then that.

Theres a rootkit that is called something like gxvx****** and it is embeded into the registry to stop antivirus programs from running, and mbam is one of them, so is spybot, avg, some firewalls. Eitherway, if you find a program not running properly, firstly try and rename it. Though mbam did not seem to get rid of the problem for me completely, I then downloaded Superanti spyware and it got rid of all the registry's but not the file in the system 32. There are possible ways to manually delete system32 protected files, but I don't recommend it, incase it causes problems.

But after all the scans, programs cannot delete it because it all comes down to it being a protected file. If you want to know how to MANUALLY take over and delete this file, private message me or e-mail me at kchiddle@hotmail.com I do not want to post a command on how to do this on the forums incase it is against the rules or could possibly cause problems to others who mind find this useful to them, and go deleting very important files.

I searched up the file that mbam and superanti spyware found and it does not seem to be a system core file or something that is needed, just a file placed there and protected from deletion. Anyways I'm off to my afterschool job, update here or e-mail/private message me and I will get back to you after 9:00pm EST. Hope I helped.

 

[Technique101]

man you guys really know what you're doin around here

 

[Technique101]

lol Im such a geek I wish I knew what I was doing!!!

 

[ComputerGuy55]

Lol, well you have to know this stuff if you wanna give an answer right? I'm studying this stuff for college and I'm currently co-oping at a local computer store that fixes as well as sells, I do tech work so.

Anyways, try some of those things, try just switching the name for now and continueing with that 8 step process.

 

[bandj61508]

now what???

i went back and decided to just TRY doing malwarebytes again and it spontaniously worked. so did superantivirus and hijackthis.... i also have downloaded dr cure it. here are my logs i really hope you guys can help because now i am in safe mode because otherwise everything freezes. please help. im going to run everything and come back and look for a reply and try to launch windows in regular mode to see what happens then if i have anychanges i will let you know thanks so much.
it will not let me post my logs so i will try again in the next one

 

[bandj61508]

ok i need 5 posts to post links and images... so here is number 3... oh yeah im not in safe mode anymore.... but regular mode is SUPER SLOW not freezing this time tho!

 

[bandj61508]

it sucks that i have to do this but how else will i be able to post my logs so you can see?

 

[bandj61508]

Drwebcureit

gxvxchylqjkckbaoyorduodbvdohhmttfqjot.sys;c:\windows\system32\drivers;BackDoor.Tdss.223;Deleted.;
gxvxceevcvxdlmlgubxyxxohvxdyoulvsqjpc.dll;C:\WINDOWS\system32;BackDoor.Tdss.223;Deleted.;
gxvxcomkafrqpvsygtqsnrvfkqpimkeffoybi.dll;C:\WINDOWS\system32;BackDoor.Tdss.223;Deleted.;


SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 06/10/2009 at 05:05 PM

Application Version : 4.26.1004

Core Rules Database Version : 3933
Trace Rules Database Version: 1876

Scan type : Complete Scan
Total Scan Time : 00:28:19

Memory items scanned : 458
Memory threats detected : 0
Registry items scanned : 5654
Registry threats detected : 24
File items scanned : 10174
File threats detected : 84

Adware.Tracking Cookie
C:\Documents and Settings\Owner\Cookies\owner@pro-market[2].txt
C:\Documents and Settings\Owner\Cookies\owner@cdn4.specificclick[2].txt
C:\Documents and Settings\Owner\Cookies\owner@www.shopica[1].txt
C:\Documents and Settings\Owner\Cookies\owner@advertising[2].txt
C:\Documents and Settings\Owner\Cookies\owner@wachovia.112.2o7[1].txt
C:\Documents and Settings\Owner\Cookies\owner@imrworldwide[2].txt
C:\Documents and Settings\Owner\Cookies\owner@exoclick[1].txt
C:\Documents and Settings\Owner\Cookies\owner@admarketplace[1].txt
C:\Documents and Settings\Owner\Cookies\owner@enhance[1].txt
C:\Documents and Settings\Owner\Cookies\owner@bs.serving-sys[2].txt
C:\Documents and Settings\Owner\Cookies\owner@bidsystem.adknowledge[2].txt
C:\Documents and Settings\Owner\Cookies\owner@questionmarket[2].txt
C:\Documents and Settings\Owner\Cookies\owner@toseeka[2].txt
C:\Documents and Settings\Owner\Cookies\owner@publishers.clickbooth[2].txt
C:\Documents and Settings\Owner\Cookies\owner@media6degrees[2].txt
C:\Documents and Settings\Owner\Cookies\owner@realmedia[1].txt
C:\Documents and Settings\Owner\Cookies\owner@tacoda[1].txt
C:\Documents and Settings\Owner\Cookies\owner@stopzilla[2].txt
C:\Documents and Settings\Owner\Cookies\owner@statcounter[2].txt
C:\Documents and Settings\Owner\Cookies\owner@clickbank[1].txt
C:\Documents and Settings\Owner\Cookies\owner@2o7[2].txt
C:\Documents and Settings\Owner\Cookies\owner@cb.adbureau[2].txt
C:\Documents and Settings\Owner\Cookies\owner@specificclick[2].txt
C:\Documents and Settings\Owner\Cookies\owner@zedo[1].txt
C:\Documents and Settings\Owner\Cookies\owner@www.stopzilla[1].txt
C:\Documents and Settings\Owner\Cookies\owner@apmebf[1].txt
C:\Documents and Settings\Owner\Cookies\owner@c7.zedo[1].txt
C:\Documents and Settings\Owner\Cookies\owner@paypal.112.2o7[1].txt
C:\Documents and Settings\Owner\Cookies\owner@fastclick[2].txt
C:\Documents and Settings\Owner\Cookies\owner@www.toseeka[2].txt
C:\Documents and Settings\Owner\Cookies\owner@oneclickresolution[2].txt
C:\Documents and Settings\Owner\Cookies\owner@interclick[1].txt
C:\Documents and Settings\Owner\Cookies\owner@revsci[2].txt
C:\Documents and Settings\Owner\Cookies\owner@at.atwola[1].txt
C:\Documents and Settings\Owner\Cookies\owner@atdmt[1].txt
C:\Documents and Settings\Owner\Cookies\owner@collective-media[2].txt
C:\Documents and Settings\Owner\Cookies\owner@linksynergy[1].txt
C:\Documents and Settings\Owner\Cookies\owner@msnportal.112.2o7[1].txt
C:\Documents and Settings\Owner\Cookies\owner@adbrite[1].txt
C:\Documents and Settings\Owner\Cookies\owner@bridge1.admarketplace[1].txt
C:\Documents and Settings\Owner\Cookies\owner@specificmedia[2].txt
C:\Documents and Settings\Owner\Cookies\owner@trafficmp[1].txt
C:\Documents and Settings\Owner\Cookies\owner@ads.pointroll[1].txt
C:\Documents and Settings\Owner\Cookies\owner@ads.right-ads[2].txt
C:\Documents and Settings\Owner\Cookies\owner@mediaplex[1].txt
C:\Documents and Settings\Owner\Cookies\owner@casalemedia[2].txt
C:\Documents and Settings\Owner\Cookies\owner@adknowledge[1].txt
C:\Documents and Settings\Owner\Cookies\owner@findology[2].txt
C:\Documents and Settings\Owner\Cookies\owner@atwola[1].txt
C:\Documents and Settings\Owner\Cookies\owner@overture[2].txt
C:\Documents and Settings\Owner\Cookies\owner@stats.paypal[2].txt
C:\Documents and Settings\Owner\Cookies\owner@xml.trafficengine[1].txt
C:\Documents and Settings\Owner\Cookies\owner@shopica[2].txt
C:\Documents and Settings\Owner\Cookies\owner@doubleclick[1].txt
C:\Documents and Settings\Owner\Cookies\owner@ad.yieldmanager[1].txt
C:\Documents and Settings\Owner\Cookies\owner@serving-sys[2].txt
C:\Documents and Settings\LocalService\Cookies\system@ads.bootcampmedia[1].txt
C:\Documents and Settings\LocalService\Cookies\system@ads.financialcontent[1].txt
C:\Documents and Settings\LocalService\Cookies\system@ads.gamersmedia[1].txt
C:\Documents and Settings\LocalService\Cookies\system@ads.imarketservices[1].txt
C:\Documents and Settings\LocalService\Cookies\system@ads.lucidmedia[2].txt
C:\Documents and Settings\LocalService\Cookies\system@adultadworld[2].txt
C:\Documents and Settings\LocalService\Cookies\system@affiliate.a4dtracker[2].txt
C:\Documents and Settings\LocalService\Cookies\system@banner509[2].txt
C:\Documents and Settings\LocalService\Cookies\system@bridge2.admarketplace[1].txt
C:\Documents and Settings\LocalService\Cookies\system@crackle[2].txt
C:\Documents and Settings\LocalService\Cookies\system@dc.tremormedia[1].txt
C:\Documents and Settings\LocalService\Cookies\system@dr.findlinks[1].txt
C:\Documents and Settings\LocalService\Cookies\system@hornymatches[1].txt
C:\Documents and Settings\LocalService\Cookies\system@linotraffic[1].txt
C:\Documents and Settings\LocalService\Cookies\system@lxtrack[1].txt
C:\Documents and Settings\LocalService\Cookies\system@lynxtrack[1].txt
C:\Documents and Settings\LocalService\Cookies\system@media6degrees[1].txt
C:\Documents and Settings\LocalService\Cookies\system@mediatraffic[1].txt
C:\Documents and Settings\LocalService\Cookies\system@primetrafficsite[1].txt
C:\Documents and Settings\LocalService\Cookies\system@reduxmedia[1].txt
C:\Documents and Settings\LocalService\Cookies\system@serw.clicksor[1].txt
C:\Documents and Settings\LocalService\Cookies\system@webads.hookedmediagroup[2].txt
C:\Documents and Settings\LocalService\Cookies\system@websponsors[1].txt
C:\Documents and Settings\LocalService\Cookies\system@www.crackle[1].txt
C:\Documents and Settings\LocalService\Cookies\system@www.findstuff[1].txt
C:\Documents and Settings\LocalService\Cookies\system@xml.trafficengine[1].txt
C:\Documents and Settings\Owner\Cookies\owner@collective-media[1].txt
C:\Documents and Settings\Owner\Cookies\owner@windowsmedia[1].txt

Rootkit.Agent/Gen-GXServ
HKLM\Software\gxvxc
HKLM\Software\gxvxc\disallowed
HKLM\Software\gxvxc\disallowed#avp.exe
HKLM\Software\gxvxc\disallowed#klif.sys
HKLM\Software\gxvxc\disallowed#mrt.exe
HKLM\Software\gxvxc\disallowed#spybotsd.exe
HKLM\Software\gxvxc\disallowed#sasdifsv.sys
HKLM\Software\gxvxc\disallowed#saskutil.sys
HKLM\Software\gxvxc\disallowed#sasenum.sys
HKLM\Software\gxvxc\disallowed#superantispyware.exe
HKLM\Software\gxvxc\disallowed#szkg.sys
HKLM\Software\gxvxc\disallowed#szserver.exe
HKLM\Software\gxvxc\disallowed#mbam.exe
HKLM\Software\gxvxc\disallowed#mbamswissarmy.sys
HKLM\Software\gxvxc\disallowed#pctssvc.sys
HKLM\Software\gxvxc\disallowed#pctcore.sys
HKLM\Software\gxvxc\disallowed#mchinjdrv.sys
HKLM\Software\gxvxc\disallowed#avgfwdx.sys
HKLM\Software\gxvxc\disallowed#avgldx86.sys
HKLM\Software\gxvxc\disallowed#avgmfx86.sys
HKLM\Software\gxvxc\disallowed#avgrkx86.sys
HKLM\Software\gxvxc\disallowed#avgtdix.sys
HKLM\Software\gxvxc\disallowed#hijackthis.exe
HKLM\Software\gxvxc\disallowed#combofix.exe

 

[mflynn]

Do it in Safe Mode networking (there you have internet conectivity) and post the logs.

After cleaning with MBAM and SAS once reboot back to Safe mode networking and run both again attach these logs also.

When both MBAM and SAS logs are clean boot back to normal and let us know, then we will go to next step!

Mike

EDIT: OK you posted while I was composing. So run Cureit mbam and sas as directed untill they find no more. And get HJT log!

 

[bandj61508]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:39:17 PM, on 6/10/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\d1e70865-3ee0-4ba9-b870-1b2f858db32b.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://safesearch.cyberdefender.com/smallsearch.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.live.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Google Quick Search Box] "C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AntiVirus_ProNET] C:\AntiVirus_Pro\AntiVirus_Pro.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\d1e70865-3ee0-4ba9-b870-1b2f858db32b.exe
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: PowerReg Scheduler.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~4\GOEC62~1.DLL C:\WINDOWS\system32\guard32.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: Google Desktop Manager 5.8.811.4345 (GoogleDesktopManager-110408-113106) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate1c9de27ed22b620) (gupdate1c9de27ed22b620) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
--

 

[bandj61508]

Malwarebytes' Anti-Malware 1.37
Database version: 2259
Windows 5.1.2600 Service Pack 3

6/10/2009 8:08:40 PM
mbam-log-2009-06-10 (20-08-40).txt

Scan type: Full Scan (C:\|)
Objects scanned: 115735
Time elapsed: 19 minute(s), 35 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\antivirus_pronet (Rogue.AntiVirusPro) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Documents and Settings\All Users\AVP 2009 (Malware.Trace) -> Quarantined and deleted successfully.

Files Infected:
c:\WINDOWS\Tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job (Trojan.FakeAlert) -> Quarantined and deleted successfully.

 

[mflynn]

Ok doin good!

Let us know when all 3 of these come up with clean logs!

Attach logs instead of pasting into the thread!

Mike

 

[bandj61508]

it wouldnt let me attach until i had 5 posts and by then i forgot i could attach!! sorry... lol

 

[mflynn]

It would give me more time to study the logs if you would go ahead and post them.

Mike