Malwarebytes will not update...

[Chad711]

States that I need to be connected to the internet to update. I am connected. I am on that laptop now typing this message in Firefox!

Any ideas?

Also the spyware removal guide has links to downloads in it and when I control click them they will not open. States the internet server proxy cannot be found. This started happening in the middle of the guide. Maybe I did something to cause this? Firefox seems to work. I just installed it manually from a memory stick that I put the exe on.

Edit: This is on a laptop of a friends that ask me to fix it. This thing was a mess! LOL

Edit 2: Sorry I thought I posted this in the correct forum but I see I didn't. Mod please move. I will post hijackthis log shortly. Which is why I was in here first...

 

[Osiris]

Go ahead and post a hijackthis log if you can, maybe we can remove some entries so you can connect properly

 

[Chad711]

Wow I just ran that malwarebytes program and it found all kinds of stuff! I did the remove and restart. I am going to run it again and post that log too. Maybe it didn't remove everything? There was all kinds of bad stuff! What do people do on computers? LOL I never have these problems!!

Here is the log from hijackthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:42:03 PM, on 4/28/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = Yahoo!
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:7171
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
O1 - Hosts: ::1 localhost
O1 - Hosts: 91.212.65.122 browser-security.microsoft.com
O1 - Hosts: 91.212.65.122 antiwareprotect.com
O1 - Hosts: 91.212.65.122 Spyware Protect 2009 - Powerfull PC Protection !
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: 179223 helper - {B3FA56CF-B3F9-4328-9802-CFAACEA86646} - C:\WINDOWS\system32\179223\179223.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by115fd.bay115.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://excelerations.webex.com/client/T26L/support/ieatgpc.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: karna.dat
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Image Converter video recording monitor for VAIO Entertainment - Sony Corporation - C:\Program Files\Sony\Image Converter 2\IcVzMon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 8549 bytes

 

[Osiris]

Remove

O1 - Hosts: 91.212.65.122 browser-security.microsoft.com

O1 - Hosts: 91.212.65.122 antiwareprotect.com

O1 - Hosts: 91.212.65.122 Spyware Protect 2009 - Powerfull PC Protection !

O2 - BHO: 179223 helper - {B3FA56CF-B3F9-4328-9802-CFAACEA86646} - C:\WINDOWS\system32\179223\179223.dll

O20 - AppInit_DLLs: karna.dat

Now run Combofix and post its log

 

[Chad711]

Here is the malware log. Looks like it quarantined a lot of it instead of getting rid of it. I still cannot update malwarebytes.

Malwarebytes' Anti-Malware 1.36
Database version: 1945
Windows 5.1.2600 Service Pack 2

4/28/2009 9:25:24 PM
mbam-log-2009-04-28 (21-25-16).txt

Scan type: Full Scan (C:\|)
Objects scanned: 111007
Time elapsed: 17 minute(s), 7 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 12
Registry Values Infected: 3
Registry Data Items Infected: 8
Folders Infected: 1
Files Infected: 20

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2046c389-25ca-4d87-9c16-7120da1f51a9} (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\iiwlqnmx (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{2046c389-25ca-4d87-9c16-7120da1f51a9} (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{abd45510-9b22-41cd-9acd-8182a2da7c63} (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{abd45510-9b22-41cd-9acd-8182a2da7c63} (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{f7d09218-46d7-4d3d-9b7f-315204cd0836} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{e63648f7-3933-440e-b4f6-a8584dd7b7eb} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{e7f15ac4-e0a9-43f0-921b-70dfea621220} (Trojan.BHO) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{e7f15ac4-e0a9-43f0-921b-70dfea621220} (Trojan.BHO) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e7f15ac4-e0a9-43f0-921b-70dfea621220} (Trojan.BHO) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{abd45510-9b22-41cd-9acd-8182a2da7c63} (Trojan.BHO) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\AvScan (Malware.Trace) -> No action taken.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\UID (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\Control Panel\don't load\scui.cpl (Hijack.SecurityCenter) -> No action taken.
HKEY_CURRENT_USER\Control Panel\don't load\wscui.cpl (Hijack.SecurityCenter) -> No action taken.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.FakeAlert) -> Data: c:\windows\system32\sdra64.exe -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.UserInit) -> Bad: (C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sdra64.exe,) Good: (userinit.exe) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Folders Infected:
C:\WINDOWS\system32\lowsec (Spyware.StolenData) -> No action taken.

Files Infected:
c:\WINDOWS\system32\dukcwru.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\iehelper.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\796525\796525.dll (Trojan.BHO) -> No action taken.
C:\WINDOWS\system32\lowsec\local(2)(2).ds (Spyware.StolenData) -> No action taken.
C:\WINDOWS\system32\lowsec\local(3)(2).ds (Spyware.StolenData) -> No action taken.
C:\WINDOWS\system32\lowsec\local(4)(2).ds (Spyware.StolenData) -> No action taken.
C:\WINDOWS\system32\lowsec\local(5)(2).ds (Spyware.StolenData) -> No action taken.
C:\WINDOWS\system32\lowsec\local.ds (Spyware.StolenData) -> No action taken.
C:\WINDOWS\system32\lowsec\user(2)(2).ds (Spyware.StolenData) -> No action taken.
C:\WINDOWS\system32\lowsec\user(2)(3).ds (Spyware.StolenData) -> No action taken.
C:\WINDOWS\system32\lowsec\user(2)(4).ds (Spyware.StolenData) -> No action taken.
C:\WINDOWS\system32\lowsec\user(3)(2).ds (Spyware.StolenData) -> No action taken.
C:\WINDOWS\system32\lowsec\user(3)(3).ds (Spyware.StolenData) -> No action taken.
C:\WINDOWS\system32\lowsec\user.ds (Spyware.StolenData) -> No action taken.
C:\WINDOWS\t55ft2688f44.dat (Trojan.KoobFace) -> No action taken.
C:\WINDOWS\system32\dll32.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\MSVolume.dll (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\sysguard.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\sdra64.exe (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\ld08.exe (Trojan.KoobFace) -> No action taken.

 

[Chad711]

I deleted what you stated however that PowerPC 2009 was no longer there when I ran the scan again. Maybe the spyware run I did earlier removed it? Any way I removed the others. What is combofix? I'm lost there...

Thank you

Edit: nevermind I found combofix. Installing now..

 

[Chad711]

Here is the log from ComboFix

ComboFix 09-04-28.02 - Wilson 04/28/2009 22:06.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1014.535 [GMT -5:00]
Running from: c:\documents and settings\Wilson\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\DRIVERS\beep.sys
c:\windows\setup.exe
c:\windows\system32\nfr.assembly
c:\windows\system32\nfr.gpref

.
((((((((((((((((((((((((( Files Created from 2009-05-28 to 2009-4-29 )))))))))))))))))))))))))))))))
.

2009-04-29 02:35 . 2009-04-29 02:35 10520 ----a-w c:\windows\system32\avgrsstx.dll
2009-04-29 02:35 . 2009-04-29 02:35 108552 ----a-w c:\windows\system32\drivers\avgtdix.sys
2009-04-29 02:34 . 2009-04-29 02:34 325640 ----a-w c:\windows\system32\drivers\avgldx86.sys
2009-04-29 02:34 . 2009-04-29 02:37 -------- d-----w c:\windows\system32\drivers\Avg
2009-04-29 02:34 . 2009-04-29 02:34 -------- d-----w c:\program files\AVG
2009-04-29 02:34 . 2009-04-29 02:34 -------- d-----w c:\documents and settings\All Users\Application Data\avg8
2009-04-29 02:06 . 2009-04-29 02:06 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-29 01:02 . 2009-04-29 01:02 -------- d-----w c:\program files\VS Revo Group
2009-04-29 00:58 . 2009-04-29 00:58 0 ----a-w c:\windows\nsreg.dat
2009-04-29 00:58 . 2009-04-29 00:58 -------- d-----w c:\documents and settings\Wilson\Local Settings\Application Data\Mozilla
2009-04-29 00:08 . 2009-04-29 00:08 -------- d-----w c:\program files\CCleaner
2009-04-29 00:02 . 2009-04-29 00:02 -------- d-----w c:\program files\CleanUp!
2009-04-28 23:46 . 2009-04-28 23:46 -------- d-----w c:\program files\MSConfig CleanUp
2009-04-28 03:29 . 2009-04-29 02:25 -------- d-----w c:\windows\system32\796525
2009-04-24 09:14 . 2009-04-24 09:14 -------- d-----w c:\documents and settings\NetworkService\Application Data\Webroot
2009-04-24 09:00 . 2009-04-24 09:06 -------- d-----w c:\program files\SmitFraudFixPro
2009-04-24 08:34 . 2009-04-24 08:34 -------- d-----w c:\documents and settings\Wilson\Application Data\Webroot
2009-04-24 08:34 . 2009-04-24 08:34 -------- d-----w c:\documents and settings\All Users\Application Data\Webroot
2009-04-24 08:34 . 2009-04-24 08:34 -------- d-----w c:\program files\Webroot
2009-04-24 08:34 . 2009-04-24 08:34 -------- d-----w c:\documents and settings\LocalService\Application Data\Webroot
2009-04-24 08:33 . 2009-04-24 08:33 -------- d-----w c:\program files\Sony Pictures Games
2009-04-24 08:33 . 2009-04-24 08:33 -------- d-----w c:\documents and settings\Wilson\Local Settings\Application Data\Kodak EasyShare Gallery Software
2009-04-24 02:02 . 2009-04-24 02:02 -------- d-----w c:\documents and settings\All Users\Application Data\K7 Computing
2009-04-24 02:02 . 2009-04-24 08:36 -------- d-----w c:\program files\K7 Computing
2009-04-23 21:32 . 2009-04-24 08:35 -------- d-----w c:\program files\Microsoft Windows OneCare Live
2009-04-23 20:52 . 2009-04-29 02:56 -------- d-----w c:\windows\system32\179223

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-29 02:01 . 2006-03-07 14:59 -------- d-----w c:\program files\Trend Micro
2009-04-28 23:39 . 2007-02-03 06:32 -------- d-----w c:\program files\Yahoo!
2009-04-28 23:35 . 2006-12-01 01:10 -------- d-----w c:\program files\LimeWire
2009-04-24 08:34 . 2006-07-22 17:57 -------- d-----w c:\program files\IrfanView
2009-04-24 07:57 . 2007-05-22 02:03 -------- d-----w c:\program files\MSN Games
2009-04-24 07:48 . 2006-03-07 14:46 -------- d-----w c:\program files\Common Files\AOL
2009-04-16 18:51 . 2006-07-22 17:57 -------- d-----w c:\program files\Google
2009-04-06 20:32 . 2008-11-26 02:22 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-06 20:32 . 2008-11-26 02:22 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2008-11-24 03:16 . 2008-11-24 03:16 12345 ----a-w c:\program files\Common Files\ovihyryhel._dl
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-04-29 1932568]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-04-29 02:35 10520 ----a-w c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2005-05-21 01:42 73728 ----a-w c:\windows\system32\VESWinlogon.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=

R2 fkesccbm;Remote Access NDIS WAN Helper;c:\windows\System32\svchost.exe [2004-08-04 14336]
R3 SQLAgent$VAIO_VEDB;SQLAgent$VAIO_VEDB;c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE [2002-12-18 311872]
S0 SSFS041A;Spy Sweeper File System Filer Driver: 041A;c:\windows\SYSTEM32\Drivers\SSFS041A.SYS [2006-07-07 13824]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2009-04-29 325640]
S1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2009-04-29 108552]
S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-04-29 298264]
S2 MSSQL$VAIO_VEDB;MSSQL$VAIO_VEDB;c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe [2002-12-18 7520337]
S2 NwSapAgent;SAP Agent;c:\windows\system32\svchost.exe [2004-08-04 14336]


--- Other Services/Drivers In Memory ---

*NewlyCreated* - AVG8WD
*NewlyCreated* - AVGLDX86
*NewlyCreated* - AVGMFX86
*NewlyCreated* - AVGTDIX

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
fkesccbm
.
Contents of the 'Scheduled Tasks' folder

2008-07-26 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 22:57]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local;<local>
uInternet Settings,ProxyServer = http=localhost:7171
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*Yahoo!
FF - ProfilePath - c:\documents and settings\Wilson\Application Data\Mozilla\Firefox\Profiles\nqymfcp3.default\
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - plugin: c:\progra~1\Yahoo!\Common\npyaxmpb.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJPI150_06.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPOJI610.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-28 22:07
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(676)
c:\windows\system32\VESWinlogon.dll
c:\windows\system32\WRLogonNTF.dll
.
Completion time: 2009-04-29 22:08
ComboFix-quarantined-files.txt 2009-04-29 03:08

Pre-Run: 54,411,776,000 bytes free
Post-Run: 54,447,980,544 bytes free

139 --- E O F --- 2008-11-24 03:39

 

[Osiris]

Now this

VundoFix by Atribune

 

[Chad711]

Done. No infections found. Next?

btw I still cannot update malwarebytes. Firefox works but I cannot update this app still

edit: I tried to open IE and use it. Doesn't work. After trying to go to google it states it is not found. then I see in the address bar http:/// (3 back slashes)

edit 2: fixed that quickly. went to IE options and saw proxy settings were enabled. Disabled those and working now. Also malwarebytes is updating too!

edit 3: AVG found a trojanhorse. BackDoor.Delf.BVF It's asking me to Heal, Move to Vault or Ignore. Guess I will try to Heal for now. Not sure how to get rid of this one.

 

[Osiris]

Cool

After it updates, run it and post its new log