Malwarebytes and HiJackThis both crash and return permissions errors...

Page 1 of 2 1, 2  Next

View previous topic View next topic Go down

Malwarebytes and HiJackThis both crash and return permissions errors...

Post by Drenji on Sat 11 Sep 2010, 1:21 am

My friends laptop had Eco Antivirus on it and I thought I had removed it successfully but when I try to run Malwarebytes on it, the scan crashes after about 2-3 seconds and then returns a permissions error if I try and run it again. I was reading some of the other posts about this searching for an answer and saw where at first people were running SystemLook and HJT and showing the logs for you to look at. I tried running HJT to get the log and it crashed returning the same permissions error as Malwarebytes. I did however get the SystemLook log... here is that

SystemLook 04.09.10 by jpshortstuff
Log created at 08:58 on 10/09/2010 by matt
Administrator - Elevation successful

========== filefind ==========

Searching for "scecli.dll"
C:\WINDOWS\System32\scecli.dll --a---- 177152 bytes [04:45 24/09/2009] [06:28 11/04/2009] 8FC182167381E9915651267044105EE1
C:\WINDOWS\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll --a---- 177152 bytes [02:24 21/01/2008] [02:24 21/01/2008] 28B84EB538F7E8A0FE8B9299D591E0B9
C:\WINDOWS\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll --a---- 177152 bytes [04:45 24/09/2009] [06:28 11/04/2009] 8FC182167381E9915651267044105EE1

Searching for "netlogon.dll"
C:\WINDOWS\System32\netlogon.dll --a---- 592896 bytes [04:45 24/09/2009] [06:28 11/04/2009] 95DAECF0FB120A7B5DA679CC54E37DDE
C:\WINDOWS\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll --a---- 592384 bytes [02:24 21/01/2008] [02:24 21/01/2008] A8EFC0B6E75B789F7FD3BA5025D4E37F
C:\WINDOWS\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll --a---- 592896 bytes [04:45 24/09/2009] [06:28 11/04/2009] 95DAECF0FB120A7B5DA679CC54E37DDE

Searching for "eventlog.dll"
C:\Program Files\CyberLink\PowerDirector\EventLog.dll --a---- 7216 bytes [05:30 13/01/2007] [05:30 13/01/2007] C2A279A458A06DE2C83D842AA042B5A8

Searching for "cngaudit.dll"
C:\WINDOWS\System32\cngaudit.dll --a---- 61952 bytes [08:43 02/11/2006] [09:46 02/11/2006] (Unable to calculate MD5)
C:\WINDOWS\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll --a---- 11776 bytes [08:43 02/11/2006] [09:46 02/11/2006] 7F15B4953378C8B5161D65C26D5FED4D

-= EOF =-

Hopefully and Patiently awaiting help...
Drenji

Drenji

Newbie Surfer
Newbie Surfer

Posts : 24
Joined : 2010-09-10
Operating System : Win 7 Pro

View user profile

Back to top Go down

Re: Malwarebytes and HiJackThis both crash and return permissions errors...

Post by Belahzur on Sat 11 Sep 2010, 11:45 am

Hello.


  1. Download Win32kDiag from any of the following locations and save it to your Desktop.

    • Download Win32kDiag (Win32kDiag.exe) - #1
    • Download Win32kDiag (Win32kDiag.exe) - #2
    • Download Win32kDiag (Win32kDiag.exe) - #3

  • Double-click Win32kDiag.exe to run Win32kDiag and let it finish.
  • When it states "Finished! Press any key to exit...", press any key on your keyboard to close the program.
  • Double-click on the Win32kDiag.txt file that is located on your Desktop and post the entire contents of that log as a reply to this topic.


  • @RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


    Belahzur

    Manager | Tech Officer
    Manager | Tech Officer

    Posts : 34917
    Joined : 2008-08-04
    Operating System : XP SP3 Media Centre

    View user profile

    Back to top Go down

    Re: Malwarebytes and HiJackThis both crash and return permissions errors...

    Post by Drenji on Tue 14 Sep 2010, 1:19 am

    Ok, I ran the Win32kDiag.exe, would it be ok to attach the log file, or do you want me to make multiple posts to fit it all... I go into -45000 range when I post this fully. Ha.

    Just wondering if it would be ok. Tell me what ya want.

    Drenji

    Newbie Surfer
    Newbie Surfer

    Posts : 24
    Joined : 2010-09-10
    Operating System : Win 7 Pro

    View user profile

    Back to top Go down

    Re: Malwarebytes and HiJackThis both crash and return permissions errors...

    Post by Belahzur on Tue 14 Sep 2010, 8:17 am

    Yeah it's fine to attach it.


    @RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


    Belahzur

    Manager | Tech Officer
    Manager | Tech Officer

    Posts : 34917
    Joined : 2008-08-04
    Operating System : XP SP3 Media Centre

    View user profile

    Back to top Go down

    Re: Malwarebytes and HiJackThis both crash and return permissions errors...

    Post by Drenji on Thu 16 Sep 2010, 12:20 am

    Tried to attach the file and it is apparently to big as well... I put it up on RapidShare for you to download if that's ok. Here is that link


    [You must be registered and logged in to see this link.]

    Drenji

    Newbie Surfer
    Newbie Surfer

    Posts : 24
    Joined : 2010-09-10
    Operating System : Win 7 Pro

    View user profile

    Back to top Go down

    Re: Malwarebytes and HiJackThis both crash and return permissions errors...

    Post by Belahzur on Thu 16 Sep 2010, 11:16 am

    Hello.

    1. Please download The Avenger by Swandog46 to your Desktop
    Link: HERE

    • Click on Avenger.zip to open the file
    • Extract avenger.exe to your desktop
    2. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):


    Files to delete:
    C:\WINDOWS\System32\cngaudit.dll

    Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.


    3. Now, start The Avenger program by clicking on its icon on your desktop.

    • Under "Input script here:", paste in the script from the quote box above.
    • Leave the ticked box "Scan for rootkit" ticked.
    • Then tick "Disable any rootkits found"
    • Now click on the Execute to begin execution of the script.
    • Answer "Yes" twice when prompted.

      The Avenger will automatically do the following:

    • It will Restart your computer.
    • On reboot, it will briefly open a black command window on your desktop, this is normal.
    • After the restart, it creates a log file that should open with the results of Avengerís actions. This log file will be located at C:\avenger.txt
    • The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
    4. Please copy/paste the content of c:\avenger.txt into your reply.


    @RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


    Belahzur

    Manager | Tech Officer
    Manager | Tech Officer

    Posts : 34917
    Joined : 2008-08-04
    Operating System : XP SP3 Media Centre

    View user profile

    Back to top Go down

    Re: Malwarebytes and HiJackThis both crash and return permissions errors...

    Post by Drenji on Fri 17 Sep 2010, 12:53 am

    I downloaded it to the desktop and when I try to open the zip folder, I get an error about *The Compressed (zipped) Folder "C:\Users\matt\Desktop\avenger.zip" is invalid.*

    Drenji

    Newbie Surfer
    Newbie Surfer

    Posts : 24
    Joined : 2010-09-10
    Operating System : Win 7 Pro

    View user profile

    Back to top Go down

    Re: Malwarebytes and HiJackThis both crash and return permissions errors...

    Post by Belahzur on Fri 17 Sep 2010, 3:58 am

    Hello.

    Download OTL by OldTimer to your Desktop.

    • Close all windows and double click OTL.exe
    • Click Run Scan and let the program run uninterrupted
    • It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
    • You may need to use two posts to get it all.


    @RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


    Belahzur

    Manager | Tech Officer
    Manager | Tech Officer

    Posts : 34917
    Joined : 2008-08-04
    Operating System : XP SP3 Media Centre

    View user profile

    Back to top Go down

    Re: Malwarebytes and HiJackThis both crash and return permissions errors...

    Post by Drenji on Fri 17 Sep 2010, 4:27 am

    The only log I ever got was the regular OTL log, not the extras one... but here is that log

    OTL logfile created on: 9/16/2010 12:11:21 PM - Run 2
    OTL by OldTimer - Version 3.2.12.1 Folder = C:\Users\matt\Desktop
    Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18943)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 67.00% Memory free
    6.00 Gb Paging File | 5.00 Gb Available in Paging File | 86.00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 174.56 Gb Total Space | 96.49 Gb Free Space | 55.28% Space Free | Partition Type: NTFS
    Drive D: | 11.75 Gb Total Space | 1.42 Gb Free Space | 12.12% Space Free | Partition Type: NTFS
    E: Drive not present or media not loaded
    Drive F: | 7.45 Gb Total Space | 7.37 Gb Free Space | 98.87% Space Free | Partition Type: FAT32
    G: Drive not present or media not loaded
    H: Drive not present or media not loaded
    I: Drive not present or media not loaded

    Computer Name: DAWN-PC
    Current User Name: matt
    Logged in as Administrator.

    Current Boot Mode: Normal
    Scan Mode: Current user
    Company Name Whitelist: Off
    Skip Microsoft Files: Off
    File Age = 30 Days
    Output = Standard

    ========== Processes (SafeList) ==========

    PRC - [2010/09/16 12:06:42 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\matt\Desktop\OTL.exe
    PRC - [2009/09/27 00:06:55 | 000,028,762 | ---- | M] (MyWebSearch.com) -- C:\Program Files\MyWebSearch\bar\1.bin\MWSSVC.EXE
    PRC - [2009/04/11 01:27:58 | 001,169,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\sdclt.exe
    PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
    PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe


    ========== Modules (SafeList) ==========

    MOD - [2010/09/16 12:06:42 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\matt\Desktop\OTL.exe
    MOD - [2009/04/11 01:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll
    MOD - [2008/01/20 21:24:37 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msscript.ocx


    ========== Win32 Services (SafeList) ==========

    SRV - File not found [Unknown | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
    SRV - [2009/09/27 00:06:55 | 000,028,762 | ---- | M] (MyWebSearch.com) [Auto | Running] -- C:\Program Files\MyWebSearch\bar\1.bin\MWSSVC.EXE -- (MyWebSearchService)
    SRV - [2009/09/24 20:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\FntCache.dll -- (FontCache)
    SRV - [2009/09/04 13:17:00 | 000,447,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
    SRV - [2009/09/04 13:16:54 | 005,893,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
    SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
    SRV - [2007/03/05 12:30:06 | 000,110,592 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Stopped] -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe -- (Com4Qlb)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\SymIM.sys -- (SymIMMP)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
    DRV - [2009/04/10 23:42:52 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\winusb.sys -- (WinUSB)
    DRV - [2009/03/20 20:03:36 | 000,032,408 | ---- | M] (Smith Micro Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Verizon Wireless\VZAccess Manager\SMSIVZAM5.sys -- (SMSIVZAM5)
    DRV - [2008/12/04 04:42:00 | 007,606,688 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
    DRV - [2008/07/07 13:23:56 | 000,020,480 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\NwUsbCdFil.sys -- (NWUSBCDFIL)
    DRV - [2008/06/02 17:28:50 | 000,222,720 | ---- | M] (Novatel Wireless Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\NWADIenum.sys -- (NWADI)
    DRV - [2008/05/09 12:08:40 | 000,174,336 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\nwusbser2.sys -- (NWUSBPort2)
    DRV - [2008/05/09 12:08:40 | 000,174,336 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\nwusbser.sys -- (NWUSBPort)
    DRV - [2008/05/09 12:08:40 | 000,174,336 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\nwusbmdm.sys -- (NWUSBModem)
    DRV - [2008/03/11 17:58:56 | 000,059,776 | ---- | M] (DEVGURU Co,LTD.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\PTDUWWAN.sys -- (PTDUWWAN)
    DRV - [2008/03/11 17:58:50 | 000,039,936 | ---- | M] (DEVGURU Co,LTD.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\PTDUVsp.sys -- (PTDUVsp)
    DRV - [2008/03/11 17:58:48 | 000,041,344 | ---- | M] (DEVGURU Co,LTD.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\PTDUMdm.sys -- (PTDUMdm)
    DRV - [2008/03/11 17:58:44 | 000,029,824 | ---- | M] (DEVGURU Co,LTD.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\PTDUBus.sys -- (PTDUBus)
    DRV - [2008/01/20 21:23:27 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
    DRV - [2008/01/20 21:23:27 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
    DRV - [2008/01/20 21:23:27 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
    DRV - [2008/01/20 21:23:26 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
    DRV - [2008/01/20 21:23:26 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
    DRV - [2008/01/20 21:23:26 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
    DRV - [2008/01/20 21:23:25 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
    DRV - [2008/01/20 21:23:25 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
    DRV - [2008/01/20 21:23:24 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
    DRV - [2008/01/20 21:23:24 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
    DRV - [2008/01/20 21:23:24 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
    DRV - [2008/01/20 21:23:23 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
    DRV - [2008/01/20 21:23:23 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
    DRV - [2008/01/20 21:23:23 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
    DRV - [2008/01/20 21:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
    DRV - [2008/01/20 21:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
    DRV - [2008/01/20 21:23:23 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
    DRV - [2008/01/20 21:23:22 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
    DRV - [2008/01/20 21:23:22 | 000,200,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\VSTAZL3.SYS -- (HSFHWAZL)
    DRV - [2008/01/20 21:23:21 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
    DRV - [2008/01/20 21:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
    DRV - [2008/01/20 21:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
    DRV - [2008/01/20 21:23:20 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
    DRV - [2008/01/20 21:23:00 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
    DRV - [2008/01/20 21:23:00 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
    DRV - [2008/01/20 21:23:00 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
    DRV - [2008/01/18 06:31:26 | 000,196,784 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\SynTP.sys -- (SynTP)
    DRV - [2007/12/06 15:40:14 | 000,761,856 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\athr.sys -- (athr)
    DRV - [2007/09/09 17:12:28 | 000,176,640 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\CHDART.sys -- (HdAudAddService)
    DRV - [2007/07/11 12:30:22 | 000,007,168 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\HpqRemHid.sys -- (HpqRemHid)
    DRV - [2007/07/10 09:27:56 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\XAudio.sys -- (XAudio)
    DRV - [2007/06/20 06:29:56 | 000,984,064 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\HSX_DPV.sys -- (HSF_DPV)
    DRV - [2007/06/20 06:28:34 | 000,208,896 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\HSXHWAZL.sys -- (HSXHWAZL)
    DRV - [2007/06/20 06:28:22 | 000,660,480 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\HSX_CNXT.sys -- (winachsf)
    DRV - [2007/06/18 19:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
    DRV - [2007/03/22 00:02:04 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\rixdptsk.sys -- (rismxdp)
    DRV - [2007/03/06 21:15:58 | 001,059,112 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\nvmfdx32.sys -- (NVENETFD)
    DRV - [2007/02/24 16:42:22 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\rimmptsk.sys -- (rimmptsk)
    DRV - [2007/02/16 16:50:32 | 000,012,032 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\nvsmu.sys -- (nvsmu)
    DRV - [2007/01/23 18:40:20 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\rimsptsk.sys -- (rimsptsk)
    DRV - [2006/11/02 04:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
    DRV - [2006/11/02 04:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
    DRV - [2006/11/02 04:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
    DRV - [2006/11/02 04:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
    DRV - [2006/11/02 04:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
    DRV - [2006/11/02 04:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
    DRV - [2006/11/02 04:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
    DRV - [2006/11/02 04:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
    DRV - [2006/11/02 04:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
    DRV - [2006/11/02 04:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
    DRV - [2006/11/02 04:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
    DRV - [2006/11/02 03:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
    DRV - [2006/11/02 03:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
    DRV - [2006/11/02 03:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
    DRV - [2006/11/02 03:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
    DRV - [2006/11/02 03:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
    DRV - [2006/11/02 03:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
    DRV - [2006/11/02 02:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
    DRV - [2006/11/02 02:30:53 | 000,464,384 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\BCMWL6.SYS -- (BCM43XV)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [You must be registered and logged in to see this link.] [binary data]
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
    IE - HKCU\..\URLSearchHook: {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\bar\1.bin\MWSSRCAS.DLL (MyWebSearch.com)
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2009/10/04 00:16:54 | 000,000,000 | ---D | M]


    O1 HOSTS File: ([2006/09/18 16:41:30 | 000,000,761 | ---- | M]) - C:\WINDOWS\System32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O1 - Hosts: ::1 localhost
    O2 - BHO: (MyWebSearch Search Assistant BHO) - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\bar\1.bin\MWSSRCAS.DLL (MyWebSearch.com)
    O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
    O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll (Yahoo! Inc)
    O3 - HKLM\..\Toolbar: (My Web Search) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL (MyWebSearch.com)
    O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll (Microsoft Corp.)
    O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (MyPoints Toolbar 2.0) - {89A2510A-B4B6-4683-BEC9-1B96700BC7F1} - C:\Program Files\MyPoints Toolbar 2.0\Toolbar.dll ()
    O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
    O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [calc] C:\Windows\System32\calc.DLL (Microsoft)
    O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
    O4 - HKLM..\Run: [My Web Search Bar Search Scope Monitor] C:\Program Files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE (MyWebSearch.com)
    O4 - HKLM..\Run: [MyWebSearch Email Plugin] C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE (MyWebSearch.com)
    O4 - HKLM..\Run: [MyWebSearch Plugin] C:\Program Files\MyWebSearch\bar\1.bin\M3PLUGIN.DLL (MyWebSearch.com)
    O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
    O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
    O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe (Sun Microsystems, Inc.)
    O4 - HKLM..\Run: [UCam_Menu] C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
    O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe File not found
    O4 - HKLM..\Run: [Zune Launcher] c:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)
    O4 - Startup: C:\Users\matt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\scandisk.dll (Microsoft)
    O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll (Sun Microsystems, Inc.)
    O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
    O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O13 - gopher Prefix: missing
    O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
    O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} [You must be registered and logged in to see this link.] (Shockwave ActiveX Control)
    O16 - DPF: {75A6AEA3-F26E-4608-AE9B-8DA78C87576E} [You must be registered and logged in to see this link.] (Wizard101GameLauncher)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_02)
    O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_02)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_02)
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} [You must be registered and logged in to see this link.] (PopCapLoader Object)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.104.6.1
    O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\img22.jpg
    O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\img22.jpg
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2008/04/24 21:23:11 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O32 - AutoRun File - [2005/09/11 10:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    ========== Files/Folders - Created Within 30 Days ==========

    [2010/09/16 12:06:41 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\matt\Desktop\OTL.exe
    [2010/09/10 08:56:38 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
    [2010/09/09 09:45:32 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
    [2010/09/09 09:43:39 | 000,000,000 | ---D | C] -- C:\Users\matt\AppData\Roaming\Macromedia
    [2010/09/09 03:08:57 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe
    [2010/09/09 03:08:57 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll
    [2010/09/09 03:08:57 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll
    [2010/09/08 10:14:18 | 000,081,920 | ---- | C] (Radius Inc.) -- C:\Windows\System32\iccvid.dll
    [2010/09/08 10:14:17 | 000,420,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
    [2010/09/08 10:14:10 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
    [2010/09/08 10:14:09 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
    [2010/09/08 10:13:12 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
    [2010/09/08 09:45:12 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
    [2010/09/08 09:45:11 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
    [2010/09/08 09:45:11 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
    [2010/09/08 09:45:11 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
    [2010/09/08 09:45:11 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
    [2010/09/08 09:45:11 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
    [2010/09/08 09:45:09 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
    [2010/09/08 09:45:09 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
    [2010/09/08 09:45:09 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
    [2010/09/08 09:45:08 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
    [2010/09/08 09:45:08 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
    [2010/09/08 09:45:07 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
    [2010/09/08 09:45:07 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
    [2010/09/08 09:45:06 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
    [2010/09/08 09:45:06 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
    [2010/09/08 09:44:58 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\asycfilt.dll
    [2010/09/08 09:44:08 | 002,037,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
    [2010/09/08 09:44:05 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rtutils.dll
    [2010/09/08 09:43:30 | 000,289,792 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
    [2010/09/08 09:43:30 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
    [2010/09/08 09:43:03 | 003,600,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
    [2010/09/08 09:43:03 | 003,548,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
    [2010/09/08 09:42:56 | 000,220,672 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codecp.acm
    [2010/09/08 09:42:56 | 000,062,464 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codeca.acm
    [2010/09/01 15:11:57 | 000,000,000 | ---D | C] -- C:\Users\matt\AppData\Roaming\Malwarebytes
    [2010/08/31 11:37:55 | 000,000,000 | ---D | C] -- C:\Users\matt\AppData\Roaming\Verizon Wireless
    [2010/08/30 17:05:34 | 000,000,000 | ---D | C] -- C:\Users\matt\Desktop\Anatomy
    [2010/08/30 16:33:22 | 000,000,000 | ---D | C] -- C:\Users\matt\AppData\Roaming\WildTangent
    [2010/08/28 00:29:36 | 000,000,000 | ---D | C] -- C:\Users\matt\AppData\Local\Apple
    [2010/08/27 16:41:57 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch
    [2010/08/27 16:40:29 | 000,000,000 | ---D | C] -- C:\Users\matt\AppData\Roaming\CyberLink
    [2010/08/26 22:42:51 | 000,000,000 | ---D | C] -- C:\Users\matt\AppData\Roaming\Yahoo!
    [2010/08/26 22:42:16 | 000,000,000 | ---D | C] -- C:\Users\matt\Documents\Youcam
    [2010/08/26 22:31:50 | 000,000,000 | ---D | C] -- C:\Users\matt\AppData\Local\Hewlett-Packard
    [2010/08/26 22:19:31 | 000,000,000 | ---D | C] -- C:\Users\matt\Desktop\little league matt
    [2010/08/26 21:44:33 | 000,000,000 | ---D | C] -- C:\Users\matt\AppData\Roaming\Hewlett-Packard
    [2010/08/26 21:44:16 | 000,000,000 | ---D | C] -- C:\Users\matt\AppData\Roaming\Adobe
    [2010/08/26 21:44:15 | 000,000,000 | ---D | C] -- C:\Users\matt\AppData\Roaming\HP
    [2010/08/26 21:29:36 | 000,000,000 | ---D | C] -- C:\Users\matt\AppData\Local\QuickPlay
    [2010/08/26 21:29:23 | 000,000,000 | R--D | C] -- C:\Users\matt\Searches
    [2010/08/26 21:29:13 | 000,000,000 | ---D | C] -- C:\Users\matt\AppData\Roaming\Identities
    [2010/08/26 21:29:10 | 000,000,000 | R--D | C] -- C:\Users\matt\Contacts
    [2010/08/26 21:29:08 | 000,000,000 | ---D | C] -- C:\Users\matt\AppData\Local\VirtualStore
    [2010/08/26 21:29:03 | 000,000,000 | -HSD | C] -- C:\Users\matt\AppData\Local\Temporary Internet Files
    [2010/08/26 21:29:03 | 000,000,000 | -HSD | C] -- C:\Users\matt\Templates
    [2010/08/26 21:29:03 | 000,000,000 | -HSD | C] -- C:\Users\matt\Start Menu
    [2010/08/26 21:29:03 | 000,000,000 | -HSD | C] -- C:\Users\matt\SendTo
    [2010/08/26 21:29:03 | 000,000,000 | -HSD | C] -- C:\Users\matt\Recent
    [2010/08/26 21:29:03 | 000,000,000 | -HSD | C] -- C:\Users\matt\PrintHood
    [2010/08/26 21:29:03 | 000,000,000 | -HSD | C] -- C:\Users\matt\NetHood
    [2010/08/26 21:29:03 | 000,000,000 | -HSD | C] -- C:\Users\matt\Documents\My Videos
    [2010/08/26 21:29:03 | 000,000,000 | -HSD | C] -- C:\Users\matt\Documents\My Pictures
    [2010/08/26 21:29:03 | 000,000,000 | -HSD | C] -- C:\Users\matt\Documents\My Music
    [2010/08/26 21:29:03 | 000,000,000 | -HSD | C] -- C:\Users\matt\My Documents
    [2010/08/26 21:29:03 | 000,000,000 | -HSD | C] -- C:\Users\matt\Local Settings
    [2010/08/26 21:29:03 | 000,000,000 | -HSD | C] -- C:\Users\matt\AppData\Local\History
    [2010/08/26 21:29:03 | 000,000,000 | -HSD | C] -- C:\Users\matt\Cookies
    [2010/08/26 21:29:03 | 000,000,000 | -HSD | C] -- C:\Users\matt\Application Data
    [2010/08/26 21:29:03 | 000,000,000 | -HSD | C] -- C:\Users\matt\AppData\Local\Application Data
    [2010/08/26 21:29:01 | 000,000,000 | --SD | C] -- C:\Users\matt\AppData\Roaming\Microsoft
    [2010/08/26 21:29:01 | 000,000,000 | R--D | C] -- C:\Users\matt\Videos
    [2010/08/26 21:29:01 | 000,000,000 | R--D | C] -- C:\Users\matt\Saved Games
    [2010/08/26 21:29:01 | 000,000,000 | R--D | C] -- C:\Users\matt\Pictures
    [2010/08/26 21:29:01 | 000,000,000 | R--D | C] -- C:\Users\matt\Music
    [2010/08/26 21:29:01 | 000,000,000 | R--D | C] -- C:\Users\matt\Links
    [2010/08/26 21:29:01 | 000,000,000 | R--D | C] -- C:\Users\matt\Favorites
    [2010/08/26 21:29:01 | 000,000,000 | R--D | C] -- C:\Users\matt\Downloads
    [2010/08/26 21:29:01 | 000,000,000 | R--D | C] -- C:\Users\matt\Documents
    [2010/08/26 21:29:01 | 000,000,000 | R--D | C] -- C:\Users\matt\Desktop
    [2010/08/26 21:29:01 | 000,000,000 | -H-D | C] -- C:\Users\matt\AppData
    [2010/08/26 21:29:01 | 000,000,000 | ---D | C] -- C:\Users\matt\AppData\Local\Temp
    [2010/08/26 21:29:01 | 000,000,000 | ---D | C] -- C:\Users\matt\AppData\Local\Microsoft Help
    [2010/08/26 21:29:01 | 000,000,000 | ---D | C] -- C:\Users\matt\AppData\Local\Microsoft
    [2010/08/26 21:29:01 | 000,000,000 | ---D | C] -- C:\Users\matt\AppData\Roaming\Media Center Programs
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2010/09/16 12:13:00 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{7FC831C4-4D0E-4D5A-BA3D-44268E92C10E}.job
    [2010/09/16 12:11:07 | 000,690,960 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
    [2010/09/16 12:11:07 | 000,595,684 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2010/09/16 12:11:07 | 000,101,350 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2010/09/16 12:11:04 | 000,786,432 | -HS- | M] () -- C:\Users\matt\ntuser.dat
    [2010/09/16 12:06:42 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\matt\Desktop\OTL.exe
    [2010/09/16 12:05:50 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{AB0D9DAC-B339-4772-9064-12E1E262BA0A}.job
    [2010/09/16 12:05:50 | 000,000,230 | -H-- | M] () -- C:\Windows\tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job
    [2010/09/16 12:05:44 | 000,000,190 | -H-- | M] () -- C:\Windows\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
    [2010/09/16 12:05:18 | 000,027,744 | ---- | M] () -- C:\ProgramData\nvModes.001
    [2010/09/16 12:05:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2010/09/16 09:22:32 | 000,939,956 | ---- | M] () -- C:\Users\matt\Desktop\7z465.exe
    [2010/09/16 09:20:24 | 000,000,258 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini
    [2010/09/16 09:19:55 | 003,266,369 | ---- | M] (Macromedia, Inc.) -- C:\Users\Public\Documents\DVD.exe
    [2010/09/16 09:19:06 | 000,000,224 | ---- | M] () -- C:\Windows\tasks\AlphaAnt.job
    [2010/09/16 09:18:14 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2010/09/16 09:18:13 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2010/09/16 09:18:05 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
    [2010/09/16 09:18:00 | 000,000,000 | ---- | M] () -- C:\Windows\win32k.sys
    [2010/09/16 09:17:29 | 3152,879,616 | -HS- | M] () -- C:\hiberfil.sys
    [2010/09/16 09:11:15 | 000,524,288 | -HS- | M] () -- C:\Users\matt\ntuser.dat{3359c88f-b784-11df-a6db-001e688a2e09}.TMContainer00000000000000000002.regtrans-ms
    [2010/09/16 09:11:15 | 000,524,288 | -HS- | M] () -- C:\Users\matt\ntuser.dat{3359c88f-b784-11df-a6db-001e688a2e09}.TMContainer00000000000000000001.regtrans-ms
    [2010/09/16 09:11:15 | 000,065,536 | -HS- | M] () -- C:\Users\matt\ntuser.dat{3359c88f-b784-11df-a6db-001e688a2e09}.TM.blf
    [2010/09/16 08:58:49 | 000,677,998 | ---- | M] () -- C:\Users\matt\Desktop\avenger.zip
    [2010/09/15 10:47:41 | 000,002,521 | ---- | M] () -- C:\Users\matt\Desktop\HiJackThis.lnk
    [2010/09/13 08:54:02 | 000,047,616 | ---- | M] () -- C:\Users\matt\Desktop\Win32kDiag.exe
    [2010/09/09 08:48:47 | 000,000,818 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
    [2010/09/09 03:31:29 | 000,312,336 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
    [2010/09/03 13:10:51 | 000,027,744 | ---- | M] () -- C:\ProgramData\nvModes.dat
    [2010/09/03 12:51:40 | 000,524,288 | -HS- | M] () -- C:\Users\matt\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
    [2010/09/03 12:51:40 | 000,065,536 | -HS- | M] () -- C:\Users\matt\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
    [2010/09/03 12:44:09 | 002,015,181 | -H-- | M] () -- C:\Users\matt\AppData\Local\IconCache.db
    [2010/09/03 11:04:48 | 000,000,680 | ---- | M] () -- C:\Users\matt\AppData\Local\d3d9caps.dat
    [2010/09/03 09:10:40 | 000,003,584 | ---- | M] () -- C:\Users\matt\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2010/08/30 17:06:05 | 000,002,627 | ---- | M] () -- C:\Users\matt\Desktop\Microsoft Office Word 2007.lnk
    [2010/08/27 16:48:01 | 000,000,813 | -HS- | M] () -- C:\Users\matt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\scandisk.lnk
    [2010/08/26 22:42:48 | 000,000,943 | ---- | M] () -- C:\Users\matt\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
    [2010/08/26 22:23:15 | 000,000,944 | ---- | M] () -- C:\Users\matt\Desktop\Windows Media Player.lnk
    [2010/08/26 22:02:54 | 000,000,938 | ---- | M] () -- C:\Users\matt\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
    [2010/08/26 21:30:01 | 000,077,136 | ---- | M] () -- C:\Users\matt\AppData\Local\GDIPFONTCACHEV1.DAT
    [2010/08/26 21:29:03 | 000,000,020 | -HS- | M] () -- C:\Users\matt\ntuser.ini
    [2010/08/26 21:29:02 | 000,524,288 | -HS- | M] () -- C:\Users\matt\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2010/09/16 09:22:28 | 000,939,956 | ---- | C] () -- C:\Users\matt\Desktop\7z465.exe
    [2010/09/16 08:49:26 | 000,677,998 | ---- | C] () -- C:\Users\matt\Desktop\avenger.zip
    [2010/09/16 08:47:22 | 000,000,420 | -H-- | C] () -- C:\Windows\tasks\User_Feed_Synchronization-{AB0D9DAC-B339-4772-9064-12E1E262BA0A}.job
    [2010/09/13 08:54:01 | 000,047,616 | ---- | C] () -- C:\Users\matt\Desktop\Win32kDiag.exe
    [2010/09/10 08:56:38 | 000,002,521 | ---- | C] () -- C:\Users\matt\Desktop\HiJackThis.lnk
    [2010/09/09 08:29:30 | 000,524,288 | -HS- | C] () -- C:\Users\matt\ntuser.dat{3359c88f-b784-11df-a6db-001e688a2e09}.TMContainer00000000000000000002.regtrans-ms
    [2010/09/09 08:29:30 | 000,524,288 | -HS- | C] () -- C:\Users\matt\ntuser.dat{3359c88f-b784-11df-a6db-001e688a2e09}.TMContainer00000000000000000001.regtrans-ms
    [2010/09/09 08:29:30 | 000,065,536 | -HS- | C] () -- C:\Users\matt\ntuser.dat{3359c88f-b784-11df-a6db-001e688a2e09}.TM.blf
    [2010/09/03 11:04:48 | 000,000,680 | ---- | C] () -- C:\Users\matt\AppData\Local\d3d9caps.dat
    [2010/09/03 09:10:40 | 000,003,584 | ---- | C] () -- C:\Users\matt\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2010/09/03 08:58:14 | 3152,879,616 | -HS- | C] () -- C:\hiberfil.sys
    [2010/09/01 15:09:38 | 000,000,818 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
    [2010/08/26 22:42:48 | 000,000,943 | ---- | C] () -- C:\Users\matt\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
    [2010/08/26 22:23:15 | 000,000,944 | ---- | C] () -- C:\Users\matt\Desktop\Windows Media Player.lnk
    [2010/08/26 22:02:54 | 000,000,938 | ---- | C] () -- C:\Users\matt\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
    [2010/08/26 21:51:11 | 000,002,627 | ---- | C] () -- C:\Users\matt\Desktop\Microsoft Office Word 2007.lnk
    [2010/08/26 21:30:04 | 000,000,000 | ---- | C] () -- C:\Users\matt\AppData\Local\QSwitch.txt
    [2010/08/26 21:30:04 | 000,000,000 | ---- | C] () -- C:\Users\matt\AppData\Local\DSwitch.txt
    [2010/08/26 21:30:04 | 000,000,000 | ---- | C] () -- C:\Users\matt\AppData\Local\AtStart.txt
    [2010/08/26 21:29:03 | 000,000,020 | -HS- | C] () -- C:\Users\matt\ntuser.ini
    [2010/08/26 21:29:02 | 000,524,288 | -HS- | C] () -- C:\Users\matt\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms
    [2010/08/26 21:29:02 | 000,524,288 | -HS- | C] () -- C:\Users\matt\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
    [2010/08/26 21:29:02 | 000,262,144 | -H-- | C] () -- C:\Users\matt\ntuser.dat.LOG1
    [2010/08/26 21:29:02 | 000,065,536 | -HS- | C] () -- C:\Users\matt\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
    [2010/08/26 21:29:02 | 000,000,000 | -H-- | C] () -- C:\Users\matt\ntuser.dat.LOG2
    [2010/08/26 21:29:01 | 000,786,432 | -HS- | C] () -- C:\Users\matt\ntuser.dat
    [2010/08/26 21:29:01 | 000,000,934 | ---- | C] () -- C:\Users\matt\Desktop\Cyberlink YouCam.lnk
    [2010/08/26 21:29:01 | 000,000,258 | ---- | C] () -- C:\Users\matt\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
    [2010/08/26 21:29:01 | 000,000,240 | ---- | C] () -- C:\Users\matt\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
    [2010/03/11 22:28:58 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
    [2009/11/21 23:30:05 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
    [2009/11/21 17:44:08 | 000,534,528 | ---- | C] () -- C:\Windows\System32\ExplorerImages.dll
    [2009/11/21 03:59:23 | 000,000,000 | ---- | C] () -- C:\Windows\win32k.sys
    [2009/09/23 23:45:58 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
    [2009/09/18 11:23:04 | 000,027,744 | ---- | C] () -- C:\ProgramData\nvModes.001
    [2009/09/18 11:23:03 | 000,027,744 | ---- | C] () -- C:\ProgramData\nvModes.dat
    [2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
    [2008/06/28 16:23:52 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
    [2008/04/24 21:38:18 | 000,002,493 | ---- | C] () -- C:\ProgramData\hpzinstall.log
    [2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
    [2006/11/02 03:43:04 | 000,061,952 | ---- | C] () -- C:\Windows\System32\logevent.dll
    [2006/11/02 03:43:04 | 000,061,952 | ---- | C] () -- C:\Windows\System32\cngaudit.dll
    [2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
    [2006/03/09 04:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
    < End of report >

    Drenji

    Newbie Surfer
    Newbie Surfer

    Posts : 24
    Joined : 2010-09-10
    Operating System : Win 7 Pro

    View user profile

    Back to top Go down

    Re: Malwarebytes and HiJackThis both crash and return permissions errors...

    Post by Belahzur on Fri 17 Sep 2010, 4:38 am

    Hello.


    • Download combofix from here
      Link 1
    1. If you are using Firefox, make sure that your download settings are as follows:

    * Tools->Options->Main tab
    * Set to "Always ask me where to Save the files".

    2. During the download, rename Combofix to svchost as follows:





    3. It is important you rename Combofix during the download, but not after.
    4. Please do not rename Combofix to other names, but only to the one indicated.
    5. Close any open browsers.
    6. We need to disable your local AV (Anti-virus) before running Combofix.

    • See HERE for how to disable your AV.
    • Double click on svchost.exe.
    • Follow the prompts. NOTE:
    • Allow combofix to run
    • Post C:\combofix.txt back here.

      Note:
      Do not mouse click combofix's window whilst it's running. That may cause it to stall.


    @RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


    Belahzur

    Manager | Tech Officer
    Manager | Tech Officer

    Posts : 34917
    Joined : 2008-08-04
    Operating System : XP SP3 Media Centre

    View user profile

    Back to top Go down

    Re: Malwarebytes and HiJackThis both crash and return permissions errors...

    Post by Drenji on Sat 18 Sep 2010, 3:02 am

    ComboFix looks like it is starting to run, loads that little starting bar all the way and then nothing after that. That bar disappears and I get no log or anything. Beginning to think this computer is really messed up. Oh, also found AlphaAntivirus on the computer today. It doesn't seem to be running at all though.

    And by the looks of it there is no other anti-virus program running on the computer, and windows defender is stuck off anyway so....

    What to do?

    Drenji

    Drenji

    Newbie Surfer
    Newbie Surfer

    Posts : 24
    Joined : 2010-09-10
    Operating System : Win 7 Pro

    View user profile

    Back to top Go down

    Re: Malwarebytes and HiJackThis both crash and return permissions errors...

    Post by Belahzur on Sat 18 Sep 2010, 3:03 am

    Please download and run this tool.

    Download Malwarebytes' Anti-Malware from Here

    Double Click mbam-setup.exe to install the application.

    • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select "Perform Quick Scan", then click Scan.
    • The scan may take some time to finish,so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    Note:
    If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
    Click OK to either and let MBAM proceed with the disinfection process.
    If asked to restart the computer, please do so immediately.


    Post the contents of the MBAM Log.


    @RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


    Belahzur

    Manager | Tech Officer
    Manager | Tech Officer

    Posts : 34917
    Joined : 2008-08-04
    Operating System : XP SP3 Media Centre

    View user profile

    Back to top Go down

    Re: Malwarebytes and HiJackThis both crash and return permissions errors...

    Post by Drenji on Sat 18 Sep 2010, 3:12 am

    Malwarebytes updates, starts to run, starts the scan, then crashes after about 3 seconds... Try to run it again it gives me the permissions error again.

    "Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access the item."

    Drenji

    Newbie Surfer
    Newbie Surfer

    Posts : 24
    Joined : 2010-09-10
    Operating System : Win 7 Pro

    View user profile

    Back to top Go down

    Re: Malwarebytes and HiJackThis both crash and return permissions errors...

    Post by Belahzur on Sat 18 Sep 2010, 3:18 am

    Hello.

      Please download LockSearch to your Desktop.

    1. A window will pop up, Press 2 and then Enter. A scan will start, let it run uninterrupted. It should only take a few minutes.
    2. A log will appear when it is finished, it will also be saved in the same location as LockSearch, which should be on your desktop. Post the contents of the log in your reply.


    @RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


    Belahzur

    Manager | Tech Officer
    Manager | Tech Officer

    Posts : 34917
    Joined : 2008-08-04
    Operating System : XP SP3 Media Centre

    View user profile

    Back to top Go down

    Re: Malwarebytes and HiJackThis both crash and return permissions errors...

    Post by Drenji on Sat 18 Sep 2010, 3:36 am

    I run the LockSearch and it gets to the creating log part and then I get the "LockSearch has stopped working, windows is searching for a solution" part, but here is what of the log I got...

    LockSearch by jpshortstuff (05.11.09.1)
    Log created at 11:32 on 17/09/2010 (matt)
    Scanning C:\


    C:\hiberfil.sys
    -------------------------


    C:\pagefile.sys
    -------------------------


    C:\Program Files\AlphaAnt\alpha.exe
    -------------------------


    C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
    -------------------------


    C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
    -------------------------


    C:\Users\matt\Desktop\OTL.exe
    -------------------------


    C:\WINDOWS\System32\cngaudit.dll
    -------------------------
    C:\Windows\System32\cngaudit.dll [Unable to get md5 : 1998120061 bytes]
    C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll [7F15B4953378C8B5161D65C26D5FED4D : 11776 bytes]


    C:\WINDOWS\System32\mrt.exe
    -------------------------
    C:\Windows\System32\mrt.exe [Unable to get md5 : 31648712 bytes]
    C:\Windows\winsxs\x86_microsoft-windows-malwareremovaltool_31bf3856ad364e35_6.0.6001.18000_none_d3909ca1dd6bb475\mrt.exe [77733CAF4F96DC546E87363B6EA688B5 : 52696 bytes]

    Drenji

    Newbie Surfer
    Newbie Surfer

    Posts : 24
    Joined : 2010-09-10
    Operating System : Win 7 Pro

    View user profile

    Back to top Go down

    Re: Malwarebytes and HiJackThis both crash and return permissions errors...

    Post by Belahzur on Sat 18 Sep 2010, 4:07 am

    Hello.

    Please download inherit.exe

    Download it to your Desktop, but do not run it just yet.

    Now open a new notepad file.
    Input this into the notepad file:

    @echo off
    "inherit.exe" "C:\Program Files\AlphaAnt\alpha.exe"
    "inherit.exe" "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"
    "inherit.exe" "C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe"
    "inherit.exe" "C:\WINDOWS\System32\cngaudit.dll"
    "inherit.exe" "C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll "
    "inherit.exe" "C:\Windows\System32\mrt.exe"
    "inherit.exe" "C:\Windows\winsxs\x86_microsoft-windows-malwareremovaltool_31bf3856ad364e35_6.0.6001.18000_none_d3909ca1dd6bb475\mrt.exe "
    del fix.bat
    exit

    Save this as fix.bat, save it to your desktop.
    Double click fix.bat and the black cmd window will open and close, this is normal.

    Now try running MBAM again, this malware is capable of messing around with files and locked them so we can't use them, but the above fix unlocks it.


    @RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


    Belahzur

    Manager | Tech Officer
    Manager | Tech Officer

    Posts : 34917
    Joined : 2008-08-04
    Operating System : XP SP3 Media Centre

    View user profile

    Back to top Go down

    Re: Malwarebytes and HiJackThis both crash and return permissions errors...

    Post by Drenji on Sat 18 Sep 2010, 5:03 am

    it allowed me to restart malwarebytes again, but it still crashed after about 6 seconds this time...

    and then it is back to the error again.

    Drenji

    Newbie Surfer
    Newbie Surfer

    Posts : 24
    Joined : 2010-09-10
    Operating System : Win 7 Pro

    View user profile

    Back to top Go down

    Re: Malwarebytes and HiJackThis both crash and return permissions errors...

    Post by Belahzur on Sat 18 Sep 2010, 5:08 am

    Hello

    We need to run the tool with the following command to fix some malware related changes.

    Click on Start->Run, and copy-paste the following command (the bolded text) into the "Open" box, and click OK:

    "%userprofile%\desktop\win32kdiag.exe" -f -r

    When it's finished, there will be a log called Win32kDiag.txt on your
    desktop. Please open it with notepad and post the contents here.


    @RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


    Belahzur

    Manager | Tech Officer
    Manager | Tech Officer

    Posts : 34917
    Joined : 2008-08-04
    Operating System : XP SP3 Media Centre

    View user profile

    Back to top Go down

    Re: Malwarebytes and HiJackThis both crash and return permissions errors...

    Post by Drenji on Sat 18 Sep 2010, 5:38 am

    Ok. It's to big to post again so here is the rapidshare address.

    [You must be registered and logged in to see this link.]

    Drenji

    Newbie Surfer
    Newbie Surfer

    Posts : 24
    Joined : 2010-09-10
    Operating System : Win 7 Pro

    View user profile

    Back to top Go down

    Re: Malwarebytes and HiJackThis both crash and return permissions errors...

    Post by Belahzur on Sat 18 Sep 2010, 7:08 am

    Okay, re-run the bat script again, then try running Combofix.


    @RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


    Belahzur

    Manager | Tech Officer
    Manager | Tech Officer

    Posts : 34917
    Joined : 2008-08-04
    Operating System : XP SP3 Media Centre

    View user profile

    Back to top Go down

    Re: Malwarebytes and HiJackThis both crash and return permissions errors...

    Post by Drenji on Sat 18 Sep 2010, 7:12 am

    It's still doing the same thing with combofix as before...

    Drenji

    Newbie Surfer
    Newbie Surfer

    Posts : 24
    Joined : 2010-09-10
    Operating System : Win 7 Pro

    View user profile

    Back to top Go down

    Re: Malwarebytes and HiJackThis both crash and return permissions errors...

    Post by Belahzur on Sat 18 Sep 2010, 7:18 am

    Okay, try MBAM now.


    @RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


    Belahzur

    Manager | Tech Officer
    Manager | Tech Officer

    Posts : 34917
    Joined : 2008-08-04
    Operating System : XP SP3 Media Centre

    View user profile

    Back to top Go down

    Re: Malwarebytes and HiJackThis both crash and return permissions errors...

    Post by Drenji on Sat 18 Sep 2010, 7:19 am

    Its still the same as well. I tried MBAM right afterwords just to see.

    Drenji

    Newbie Surfer
    Newbie Surfer

    Posts : 24
    Joined : 2010-09-10
    Operating System : Win 7 Pro

    View user profile

    Back to top Go down

    Re: Malwarebytes and HiJackThis both crash and return permissions errors...

    Post by Belahzur on Sat 18 Sep 2010, 7:26 am

    Did you re-do this script?

    [You must be registered and logged in to see this link.]


    @RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


    Belahzur

    Manager | Tech Officer
    Manager | Tech Officer

    Posts : 34917
    Joined : 2008-08-04
    Operating System : XP SP3 Media Centre

    View user profile

    Back to top Go down

    Re: Malwarebytes and HiJackThis both crash and return permissions errors...

    Post by Drenji on Sat 18 Sep 2010, 7:41 am

    yes

    Drenji

    Newbie Surfer
    Newbie Surfer

    Posts : 24
    Joined : 2010-09-10
    Operating System : Win 7 Pro

    View user profile

    Back to top Go down

    Re: Malwarebytes and HiJackThis both crash and return permissions errors...

    Post by Sponsored content Today at 6:19 am


    Sponsored content


    Back to top Go down

    Page 1 of 2 1, 2  Next

    View previous topic View next topic Back to top


     
    Permissions in this forum:
    You cannot reply to topics in this forum