Pending: Malwarebytes wont load up - Page 11

Crush · 06-04-2009

Gallorg,

Profuse apologies for the VERY delayed post.

Download OTMoveIt3 from here: http://oldtimer.geekstogo.com/OTMoveIt3.exe

Go to the location where you saved OTMoveIT3 and double click it. (If you're using Vista, right click on it and choose Run as Administrator).
Copy all the information found below. Highlight all of it, right click it and choose Copy.

Code:

:Files
c:\windows\system32\gxvxcrevmhxmiqbdihesbxuoppfkhndqafasf.dll 
C:\Windows\system32\drivers\gxvxcmppkbmiqjxjcxnriqowehwtkyxmpfulg.sys
C:\Windows\System32\Drivers\gxvxcserv.sys

:Services
gxvxcserv


:Commands
[purity]
[emptytemp]

Next, return to OTMoveIt3 and right click in the "Paste List of Files/Patterns to Search For and Move" window.

Important: Paste only into the bottom input panel (under the yellow bar). The top panel will not help you. Then just right click and choose Paste.
Now, click the red MoveIt button and wait several minutes. When it's finished, look in the large right hand panel that says Results. You should see that at least the principal infector files were deleted and whichever applicable registry changes were made. (They may not all apply in your case). Close OTMoveIt3 when it has finished.

Note: If a file or folder cannot be moved immediately, you may be asked to reboot your computer to finish the move process. If you're asked to reboot, simply choose Yes.

Now, double click and open OTMoveIt3 again. Click the green Clean Up! button at the top. (Note: It will need to access the Internet to download a small script file, so please allow your firewall to do so).

When it finishes, it will have deleted all of its quarantines, as well as, the OTMoveIt3 program and all the folders it created. Then just reboot your computer to finish up.

Post the contents of the OTMoveIt log and a new HJT log in your next reply please

gallorg · 06-04-2009

Hi Crush,

heres the OTE log, will try to load HJT

cheers

Files moved on Reboot...
File move failed. C:\DOCUME~1\OWNER~1.XP-\LOCALS~1\Temp\hpodvd09.log scheduled to be moved on reboot.
C:\DOCUME~1\OWNER~1.XP-\LOCALS~1\Temp\~DF249A.tmp moved successfully.
C:\DOCUME~1\OWNER~1.XP-\LOCALS~1\Temp\~DF3C0B.tmp moved successfully.
C:\DOCUME~1\OWNER~1.XP-\LOCALS~1\Temp\~DFA2E7.tmp moved successfully.
File C:\DOCUME~1\OWNER~1.XP-\LOCALS~1\Temp\~DFCD68.tmp not found!
File C:\DOCUME~1\OWNER~1.XP-\LOCALS~1\Temp\~DFCD77.tmp not found!

gallorg · 06-04-2009

Crush

HJT Log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:56:57, on 04/06/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Kontiki\KService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\Program Files\VIA\RAID\vialogsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Wireless Device\Wireless Keyboard\Magickey.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\DesktopEarth\DesktopEarth.exe
C:\Program Files\Wireless Device\Wireless Keyboard\osd.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Spyware Doctor\TFEngine\TFService.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\uTorrent\utorrent.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\Documents and Settings\Owner.XP-58EAC36466C1\Desktop\yyy.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = BBC - Homepage
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\s wg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInsta nce.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: (no name) - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe 1
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: DesktopEarth AutoStart.lnk = ?
O4 - Global Startup: Enable Wireless Keyboard Driver.lnk = C:\Program Files\Wireless Device\Wireless Keyboard\Magickey.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1C3DE665-D259-4C72-9D7D-C51FCB4CCFB9} (Panasonic Network Camera) - http://81.130.200.130/SysCamInst.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/actives.../as2stubie.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1231710039125
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://62.218.59.202/activex/AxisCamControl.cab
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} (Java Plug-in 1.6.0_01) -
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} (Java Plug-in 1.6.0_03) -
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} (Java Plug-in 1.6.0_05) -
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} (Java Plug-in 1.6.0_07) -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: ThreatFire - PC Tools - C:\Program Files\Spyware Doctor\TFEngine\TFService.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe
O23 - Service: VRAID Log Service - Unknown owner - C:\Program Files\VIA\RAID\vialogsv.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O24 - Desktop Component 0: C:\Program Files\DesktopEarth\current.bmp - C:\Program Files\DesktopEarth\current.bmp
--
End of file - 9257 bytes

Crush · 06-05-2009

Hey Gallorg,

Can I please have a new set of ActiveScan logs and a new Avenger.txt as per my instructions in post #50?

gallorg · 06-05-2009

Crush,

Here's the Avenger log, i will post the Panda log when ready

Logfile of The Avenger Version 2.0, (c) by Swandog46
Swandog46's Public Anti-Malware Tools
Platform: Windows XP
*******************
Script file opened successfully.
Script file read successfully.
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
Rootkit scan active.
Hidden driver "gxvxcserv.sys" found!
ImagePath: \systemroot\system32\drivers\gxvxcmppkbmiqjxjcxnri qowehwtkyxmpfulg.sys
Start Type: 1 (System)
Rootkit scan completed.

Error: file "C:\WINDOWS\PEV.exe" not found!
Deletion of file "C:\WINDOWS\PEV.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Error: could not open file "G:\autorun.inf"
Deletion of file "G:\autorun.inf" failed!
Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)
--> bad path / the parent directory does not exist

Error: file "D:\autorun.inf" not found!
Deletion of file "D:\autorun.inf" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Completed script processing.
*******************
Finished! Terminate.

gallorg · 06-05-2009

Morning Crush,

Here's the Active scan

Cheers

;************************************************* ************************************************** ************************************************** ******************************
ANALYSIS: 2009-06-05 07:45:43
PROTECTIONS: 2
MALWARE: 1
SUSPECTS: 1
;************************************************* ************************************************** ************************************************** ******************************
PROTECTIONS
Description Version Active Updated
;================================================= ================================================== ================================================== ==============================
Spyware Doctor with AntiVirus 6.1.0.49 Yes Yes
AntiVir Desktop 9.0.1.26 Yes Yes
;================================================= ================================================== ================================================== ==============================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;================================================= ================================================== ================================================== ==============================
00997672 Trj/Redbind.C Virus/Trojan Yes 2 Yes No globalroot\systemroot\system32\gxvxcrevmhxmiqbdihe sbxuoppfkhndqafasf.dll
;================================================= ================================================== ================================================== ==============================
SUSPECTS
Sent Location
;================================================= ================================================== ================================================== ==============================
No globalroot\systemroot\system32\gxvxclthvavkvxexyvb qjpmngxvdlfteolthn.dll
;================================================= ================================================== ================================================== ==============================
VULNERABILITIES
Id Severity Description
;================================================= ================================================== ================================================== ==============================
;================================================= ================================================== ================================================== ==============================

gallorg · 06-05-2009

Crush,

My Pc shut down again because of this Blue screen error caused by a device or driver

Are all these problems that I am having associated with whatever bug I got?

thanks

06-04-2009	#71
Crush Tech Support Team Join Date: Sep 2008 Location: Caldwell, New Jersey Posts: 10,660 PC Experience: Always Learning New Things	Re: Malwarebytes wont load up Gallorg, Profuse apologies for the VERY delayed post. Download OTMoveIt3 from here: http://oldtimer.geekstogo.com/OTMoveIt3.exe Go to the location where you saved OTMoveIT3 and double click it. (If you're using Vista, right click on it and choose Run as Administrator). Copy all the information found below. Highlight all of it, right click it and choose Copy. Code: :Files c:\windows\system32\gxvxcrevmhxmiqbdihesbxuoppfkhndqafasf.dll C:\Windows\system32\drivers\gxvxcmppkbmiqjxjcxnriqowehwtkyxmpfulg.sys C:\Windows\System32\Drivers\gxvxcserv.sys :Services gxvxcserv :Commands [purity] [emptytemp] Next, return to OTMoveIt3 and right click in the "Paste List of Files/Patterns to Search For and Move" window. Important: Paste only into the bottom input panel (under the yellow bar). The top panel will not help you. Then just right click and choose Paste. Now, click the red MoveIt button and wait several minutes. When it's finished, look in the large right hand panel that says Results. You should see that at least the principal infector files were deleted and whichever applicable registry changes were made. (They may not all apply in your case). Close OTMoveIt3 when it has finished. Note: If a file or folder cannot be moved immediately, you may be asked to reboot your computer to finish the move process. If you're asked to reboot, simply choose Yes. Now, double click and open OTMoveIt3 again. Click the green Clean Up! button at the top. (Note: It will need to access the Internet to download a small script file, so please allow your firewall to do so). When it finishes, it will have deleted all of its quarantines, as well as, the OTMoveIt3 program and all the folders it created. Then just reboot your computer to finish up. Post the contents of the OTMoveIt log and a new HJT log in your next reply please __________________ Crush aka Chris [Prework][Afterwork][PCHF Rules][BSOD's][SFC][Screenshots][PC Specs][Donate] I am in fact, quite cool. My graphing calculator confirms this

06-04-2009	#72
gallorg PCHF VIP Join Date: Jan 2008 Posts: 275 PC Experience: Beginner	Re: Malwarebytes wont load up Hi Crush, heres the OTE log, will try to load HJT cheers Files moved on Reboot... File move failed. C:\DOCUME~1\OWNER~1.XP-\LOCALS~1\Temp\hpodvd09.log scheduled to be moved on reboot. C:\DOCUME~1\OWNER~1.XP-\LOCALS~1\Temp\~DF249A.tmp moved successfully. C:\DOCUME~1\OWNER~1.XP-\LOCALS~1\Temp\~DF3C0B.tmp moved successfully. C:\DOCUME~1\OWNER~1.XP-\LOCALS~1\Temp\~DFA2E7.tmp moved successfully. File C:\DOCUME~1\OWNER~1.XP-\LOCALS~1\Temp\~DFCD68.tmp not found! File C:\DOCUME~1\OWNER~1.XP-\LOCALS~1\Temp\~DFCD77.tmp not found!

06-04-2009	#73
gallorg PCHF VIP Join Date: Jan 2008 Posts: 275 PC Experience: Beginner	Re: Malwarebytes wont load up Crush HJT Log Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 23:56:57, on 04/06/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16827) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Kontiki\KService.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Spyware Doctor\pctsAuxs.exe C:\Program Files\Spyware Doctor\pctsSvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\TUProgSt.exe C:\Program Files\VIA\RAID\vialogsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Spyware Doctor\pctsTray.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Wireless Device\Wireless Keyboard\Magickey.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\DesktopEarth\DesktopEarth.exe C:\Program Files\Wireless Device\Wireless Keyboard\osd.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\Spyware Doctor\TFEngine\TFService.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\system32\HPZipm12.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\uTorrent\utorrent.exe C:\Program Files\WinRAR\WinRAR.exe C:\Documents and Settings\Owner.XP-58EAC36466C1\Desktop\yyy.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = BBC - Homepage R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\s wg.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInsta nce.dll O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file) O3 - Toolbar: (no name) - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - (no file) O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe 1 O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user') O4 - Startup: DesktopEarth AutoStart.lnk = ? O4 - Global Startup: Enable Wireless Keyboard Driver.lnk = C:\Program Files\Wireless Device\Wireless Keyboard\Magickey.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {1C3DE665-D259-4C72-9D7D-C51FCB4CCFB9} (Panasonic Network Camera) - http://81.130.200.130/SysCamInst.cab O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/actives.../as2stubie.cab O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1231710039125 O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://62.218.59.202/activex/AxisCamControl.cab O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} (Java Plug-in 1.6.0_01) - O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} (Java Plug-in 1.6.0_03) - O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} (Java Plug-in 1.6.0_05) - O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} (Java Plug-in 1.6.0_07) - O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe O23 - Service: ThreatFire - PC Tools - C:\Program Files\Spyware Doctor\TFEngine\TFService.exe O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe O23 - Service: VRAID Log Service - Unknown owner - C:\Program Files\VIA\RAID\vialogsv.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe O24 - Desktop Component 0: C:\Program Files\DesktopEarth\current.bmp - C:\Program Files\DesktopEarth\current.bmp -- End of file - 9257 bytes

06-05-2009	#74
Crush Tech Support Team Join Date: Sep 2008 Location: Caldwell, New Jersey Posts: 10,660 PC Experience: Always Learning New Things	Re: Malwarebytes wont load up Hey Gallorg, Can I please have a new set of ActiveScan logs and a new Avenger.txt as per my instructions in post #50? __________________ Crush aka Chris [Prework][Afterwork][PCHF Rules][BSOD's][SFC][Screenshots][PC Specs][Donate] I am in fact, quite cool. My graphing calculator confirms this

06-05-2009	#75
gallorg PCHF VIP Join Date: Jan 2008 Posts: 275 PC Experience: Beginner	Re: Malwarebytes wont load up Crush, Here's the Avenger log, i will post the Panda log when ready Logfile of The Avenger Version 2.0, (c) by Swandog46 Swandog46's Public Anti-Malware Tools Platform: Windows XP ***************** Script file opened successfully. Script file read successfully. Backups directory opened successfully at C:\Avenger *************** Beginning to process script file: Rootkit scan active. Hidden driver "gxvxcserv.sys" found! ImagePath: \systemroot\system32\drivers\gxvxcmppkbmiqjxjcxnri qowehwtkyxmpfulg.sys Start Type: 1 (System) Rootkit scan completed. Error: file "C:\WINDOWS\PEV.exe" not found! Deletion of file "C:\WINDOWS\PEV.exe" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: could not open file "G:\autorun.inf" Deletion of file "G:\autorun.inf" failed! Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND) --> bad path / the parent directory does not exist Error: file "D:\autorun.inf" not found! Deletion of file "D:\autorun.inf" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Completed script processing. ***************** Finished! Terminate.

06-05-2009	#76
gallorg PCHF VIP Join Date: Jan 2008 Posts: 275 PC Experience: Beginner	Re: Malwarebytes wont load up Morning Crush, Here's the Active scan Cheers ;*********************************************** ********************************************** ********************************************** ************************** ANALYSIS: 2009-06-05 07:45:43 PROTECTIONS: 2 MALWARE: 1 SUSPECTS: 1 ;********************************************* ********************************************** ********************************************** **************************** PROTECTIONS Description Version Active Updated ;================================================= ================================================== ================================================== ============================== Spyware Doctor with AntiVirus 6.1.0.49 Yes Yes AntiVir Desktop 9.0.1.26 Yes Yes ;================================================= ================================================== ================================================== ============================== MALWARE Id Description Type Active Severity Disinfectable Disinfected Location ;================================================= ================================================== ================================================== ============================== 00997672 Trj/Redbind.C Virus/Trojan Yes 2 Yes No globalroot\systemroot\system32\gxvxcrevmhxmiqbdihe sbxuoppfkhndqafasf.dll ;================================================= ================================================== ================================================== ============================== SUSPECTS Sent Location ;================================================= ================================================== ================================================== ============================== No globalroot\systemroot\system32\gxvxclthvavkvxexyvb qjpmngxvdlfteolthn.dll ;================================================= ================================================== ================================================== ============================== VULNERABILITIES Id Severity Description ;================================================= ================================================== ================================================== ============================== ;================================================= ================================================== ================================================== ==============================

Similar discussions...
Thread	Thread Starter	Forum	Replies	Last Post
Pending: Malwarebytes does not load anymore...	Volman145	Spyware / AdWare	2	10-19-2009 04:07 PM
Pending: Windows wont load	tdocta	Windows XP/2000	4	10-05-2009 04:24 AM
Solved: PC wont load windows, first time around	Zantutzuken	Blue Screen Errors	5	05-10-2009 08:06 PM
Solved: windows wont load	Tyenot	Graphics	15	09-26-2008 12:52 AM
Pending: HDD Wont load XP	winds	Windows XP/2000	3	09-16-2008 10:00 AM

Thread Tools	Search this Thread
Show Printable Version Email this Page	Search this Thread: Advanced Search
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode