Jump to content

theinvulnerable

Members
 View Profile  See their activity

  • Posts

    17

  • Joined

  • Last visited

 Content Type 

Everything posted by theinvulnerable

  1. theinvulnerable
    Ouch you did not tell me disabling resident anti-virus before uninstalling combo fix . I uninstalled it without disable my anti-virus, is that still ok? BTW I still found Combo-Fix folder with CF8564 CFFXE file, mbr CFFXE file, and mbr text document inside it. Is it safe to delete it? How about these files cmldr File and Boot.bak Bak File, should they remain? Once again thank you very much for your help sir.
  2. theinvulnerable
    The computer run fast and seems no more problem, malwarebytes also is fine now. And I don't saw any other problem when I saw my event viewer, no error at all. Even networks attack I didn't have.
  3. theinvulnerable
    Ok here is the MBAM quick scan logs: Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 4219 Windows 5.1.2600 Service Pack 2 Internet Explorer 6.0.2900.2180 6/21/2010 3:17:26 AM mbam-log-2010-06-21 (03-17-26).txt Scan type: Quick scan Objects scanned: 130064 Time elapsed: 5 minute(s), 55 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)
  4. theinvulnerable
    Ok then what's next? I hope not complete scanning again I'm tired of waiting the scan to finished.
  5. theinvulnerable
    Opsss wait a minute after I reboot the computer, I can now open and update the malwarebytes. Please disregard my post earlier stated that still won't work after running fix.exe. BTW, could you tell how to remove combo fix after it is used. Because I guess it is uninstalled after you use it but I don't know how. Same for Dr.Web if it has installed files in the computer. Thanks...
  6. theinvulnerable
    When it shows ready. in lower left corner of fix.exe is it means done? Then what should I do next when I closed it? If you like me to try to open malwarebytes after I closed fix.exe, sad but still won't open same error exist.
  7. theinvulnerable
    I do what you said in step by step procedure that you gave but unfortunately same things happen again and again. Do you think my system has a missing windows file or anything?
  8. theinvulnerable
    As I said before the computer running fast seems no problem at all, except that malwarebytes won't open no matter what I tried. Like uninstalling malwarebytes then reboot run malwarebytes cleaner then delete all malwarebytes left over in C:\Document and setting\user account or all user account, in the C:\Program files, and in the regedit if ever it has by using ccleaner. And then install it again but when you run the malwarebytes installer this error popout MBAM_ERROR_EXPANDING_VARIABLES (0,9) then ok/closed it will still continuing installing malwarebytes but when you reach the malwarebytes installed successfully then launch malwarebytes and update. The malwarebytes GUI won't show and then the update continues but after that still won't open and those three error in my other thread popout again and again everytime when you want to open malwarebytes. I tried to brought back internet explorer from add/remove windows component because they said malwarebytes needed it but still not solve. BTW how to remove the combo-fix in my system, is it still in use? And the Dr.WebIT move smithfraudfix in the location that I could not found how can I retreive that? Or just how to remove Dr.WebIT in my system? And all left overs.
  9. theinvulnerable
    HJT logs: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 8:51:55 PM, on 6/20/2010 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast5\AvastSvc.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Net Studio\USB FireWall\USB FireWall.exe C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://dt-updates.com/activate?query=cOatK...eL7p08aGGubY%3d O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [uSBFW] C:\Program Files\Net Studio\USB FireWall\USB FireWall.exe O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{F53B9980-3A2B-4F03-96C3-7BE5D4354419}: NameServer = 202.78.97.41 210.4.2.61 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing) -- End of file - 4497 bytes Dr.Web logs SmitfraudFix.exe\SmitfraudFix\Process.exe;D:\Softwares\SmitFraudFix\SmitfraudFix.exe;Tool.Killproc.3;; SmitfraudFix.exe\SmitfraudFix\restart.exe;D:\Softwares\SmitFraudFix\SmitfraudFix.exe;Tool.ShutDown.14;; SmitfraudFix.exe;D:\Softwares\SmitFraudFix;Archive contains infected objects;Moved.; A0418551.exe\SmitfraudFix\Process.exe;D:\System Volume Information\_restore{04E784B9-E228-4CBE-AF0D-5DBD1BC4ECDA}\RP167\A0418551.exe;Tool.Killproc.3;; A0418551.exe\SmitfraudFix\restart.exe;D:\System Volume Information\_restore{04E784B9-E228-4CBE-AF0D-5DBD1BC4ECDA}\RP167\A0418551.exe;Tool.ShutDown.14;; A0418551.exe;D:\System Volume Information\_restore{04E784B9-E228-4CBE-AF0D-5DBD1BC4ECDA}\RP167;Archive contains infected objects;Moved.; But could it be just a false positive? It is a tool by S!RI, i used it last 3 weeks ago. To remove some network attacks on my computer because I feel the computer is infected with hidden malware that gmer could not found. And indeed works as of now. But of course I need your second thoughts on this matter.
  10. theinvulnerable
    Fresh HJT logs: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:07:08 AM, on 6/20/2010 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast5\AvastSvc.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Net Studio\USB FireWall\USB FireWall.exe C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://dt-updates.com/activate?query=cOatK...eL7p08aGGubY%3d O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [uSBFW] C:\Program Files\Net Studio\USB FireWall\USB FireWall.exe O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{F53B9980-3A2B-4F03-96C3-7BE5D4354419}: NameServer = 202.78.97.41 210.4.2.61 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing) -- End of file - 4403 bytes Combo fix logs: ComboFix 10-06-18.03 - Admiral X 06/19/2010 23:54:23.1.2 - x86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1535.992 [GMT 8:00] Running from: c:\documents and settings\Admiral X\Desktop\Combo-Fix.exe AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\tmp.reg . ((((((((((((((((((((((((( Files Created from 2010-05-19 to 2010-06-19 ))))))))))))))))))))))))))))))) . 2010-06-18 18:43 . 2010-06-18 18:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2010-06-18 18:43 . 2010-04-29 07:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-06-18 18:43 . 2010-06-19 10:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-06-18 18:43 . 2010-04-29 07:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-06-18 17:15 . 2010-05-06 20:39 164048 ----a-w- c:\windows\system32\drivers\aswSP.sys 2010-06-18 17:15 . 2010-05-06 20:33 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2010-06-17 01:23 . 2010-06-18 16:19 -------- d-----w- c:\program files\Audacity 2010-06-16 22:59 . 2010-06-16 22:59 53632 ----a-w- c:\documents and settings\Admiral X\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe 2010-06-12 14:13 . 2010-06-19 11:12 -------- d-----w- c:\program files\Garena 2010-06-12 14:12 . 2010-06-12 14:12 -------- d-----w- c:\documents and settings\Admiral X\Local Settings\Application Data\Mozilla 2010-06-09 21:32 . 2010-06-09 21:32 -------- d-----w- c:\program files\Common Files\Java 2010-06-09 21:32 . 2010-06-09 21:32 503808 ----a-w- c:\documents and settings\Admiral X\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-1918f39f-n\msvcp71.dll 2010-06-09 21:32 . 2010-06-09 21:32 499712 ----a-w- c:\documents and settings\Admiral X\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-1918f39f-n\jmc.dll 2010-06-09 21:32 . 2010-06-09 21:32 348160 ----a-w- c:\documents and settings\Admiral X\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-1918f39f-n\msvcr71.dll 2010-06-09 21:32 . 2010-06-09 21:32 61440 ----a-w- c:\documents and settings\Admiral X\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-2e24ffe7-n\decora-sse.dll 2010-06-09 21:32 . 2010-06-09 21:32 12800 ----a-w- c:\documents and settings\Admiral X\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-2e24ffe7-n\decora-d3d.dll 2010-06-09 21:32 . 2010-06-09 21:31 411368 ----a-w- c:\windows\system32\deployJava1.dll 2010-06-09 21:31 . 2010-06-09 21:31 -------- d-----w- c:\program files\Java 2010-06-08 10:49 . 2010-06-08 10:49 -------- d-----w- c:\program files\Trend Micro 2010-06-03 18:31 . 2010-06-03 18:31 -------- d-----w- c:\program files\Speccy 2010-06-03 16:10 . 2010-06-03 16:10 -------- d-----w- c:\program files\Defraggler 2010-05-22 13:21 . 2010-05-22 13:21 57344 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.dll 2010-05-22 13:19 . 2010-05-22 13:19 54629 ----a-w- c:\documents and settings\All Users\Application Data\DivX\TranscodeEngine\Uninstaller.exe 2010-05-22 13:19 . 2010-05-22 13:19 54101 ----a-w- c:\documents and settings\All Users\Application Data\DivX\MPEG2Plugin\Uninstaller.exe 2010-05-22 13:19 . 2010-05-22 13:19 57409 ----a-w- c:\documents and settings\All Users\Application Data\DivX\ControlPanel\Uninstaller.exe 2010-05-22 13:19 . 2010-05-22 13:19 52963 ----a-w- c:\documents and settings\All Users\Application Data\DivX\MSVC80CRTRedist\Uninstaller.exe 2010-05-22 13:19 . 2010-05-22 13:19 54073 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Qt4.5\Uninstaller.exe 2010-05-22 13:19 . 2010-05-22 13:19 56969 ----a-w- c:\documents and settings\All Users\Application Data\DivX\ASPEncoder\Uninstaller.exe 2010-05-22 13:14 . 2010-05-22 13:20 -------- d-----w- c:\program files\DivX 2010-05-22 13:14 . 2010-05-22 13:14 144696 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.exe 2010-05-22 13:13 . 2010-05-22 13:21 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-06-19 15:34 . 2009-09-14 09:15 -------- d-----w- c:\program files\Warcraft III 2010-06-19 10:51 . 2009-09-21 01:34 -------- d-----w- c:\program files\Replay Media Catcher 2010-06-19 10:42 . 2009-09-21 01:37 156672 ----a-w- c:\windows\system32\rmc_fixasf.exe 2010-06-19 10:42 . 2009-09-21 01:37 237568 ----a-w- c:\windows\system32\rmc_rtspdl.dll 2010-06-19 10:42 . 2009-09-21 01:36 323584 ----a-w- c:\windows\system32\AUDIOGENIE2.DLL 2010-06-18 18:33 . 2009-12-03 05:03 -------- d-----w- c:\program files\SpeedFan 2010-06-18 17:15 . 2010-06-18 17:15 -------- d-----w- c:\program files\Alwil Software 2010-06-18 17:15 . 2010-06-18 17:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software 2010-06-16 22:59 . 2009-09-23 11:09 -------- d-----w- c:\program files\Common Files\Adobe AIR 2010-06-14 20:18 . 2009-09-26 20:57 -------- d-----w- c:\program files\Nuclear Coffee 2010-06-14 06:31 . 2009-11-25 08:58 -------- d-----w- c:\documents and settings\Admiral X\Application Data\LimeWire 2010-06-09 09:55 . 2009-09-20 21:30 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet 2010-06-07 03:37 . 2010-01-21 16:19 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2010-05-30 16:51 . 2009-09-14 06:25 -------- d-----w- c:\program files\CCleaner 2010-05-30 16:48 . 2010-03-16 20:02 -------- d-----w- c:\documents and settings\Admiral X\Application Data\Free Download Manager 2010-05-26 06:12 . 2010-02-25 03:57 -------- d-----w- c:\program files\War Chess 2010-05-26 04:02 . 2009-11-25 08:55 -------- d-----w- c:\program files\LimeWire 2010-05-26 01:00 . 2010-05-22 13:20 -------- d-----w- c:\documents and settings\Admiral X\Application Data\DivX 2010-05-06 20:59 . 2010-06-18 17:15 38848 ----a-w- c:\windows\system32\avastSS.scr 2010-05-06 20:59 . 2010-06-18 17:15 165032 ----a-w- c:\windows\system32\aswBoot.exe 2010-05-06 20:39 . 2010-06-18 17:15 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2010-05-06 20:34 . 2010-06-18 17:15 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2010-05-06 20:33 . 2010-06-18 17:15 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys 2010-05-06 20:33 . 2010-06-18 17:15 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys 2010-05-06 20:33 . 2010-06-18 17:15 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys 2010-05-01 09:45 . 2009-09-14 09:02 -------- d-----w- c:\program files\Red Alert 2 Yuri's Revenge 2010-04-25 20:01 . 2009-09-14 09:48 -------- d-----w- c:\program files\EA GAMES 2010-03-31 01:58 . 2010-05-22 13:20 9200 ------w- c:\windows\system32\drivers\cdralw2k.sys 2010-03-31 01:58 . 2010-05-22 13:20 9072 ------w- c:\windows\system32\drivers\cdr4_xp.sys 2010-03-31 01:58 . 2010-05-22 13:20 44944 ------w- c:\windows\system32\drivers\PxHelp20.sys 2010-03-31 01:58 . 2010-05-22 13:20 133616 ------w- c:\windows\system32\pxafs.dll 2010-03-31 01:58 . 2010-05-22 13:20 125424 ------w- c:\windows\system32\pxinsi64.exe 2010-03-31 01:58 . 2010-05-22 13:20 123888 ------w- c:\windows\system32\pxcpyi64.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-04-19 7700480] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-04-19 86016] "USBFW"="c:\program files\Net Studio\USB FireWall\USB FireWall.exe" [2008-09-01 1330688] "avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-05-06 2815192] [HKLM\~\startupfolder\C:^Documents and Settings^Admiral X^Start Menu^Programs^Startup^MagicDisc.lnk] path=c:\documents and settings\Admiral X\Start Menu\Programs\Startup\MagicDisc.lnk backup=c:\windows\pss\MagicDisc.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr] 2005-05-03 10:43 69632 ------r- c:\windows\Alcmtr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent] 2004-08-03 22:56 110592 ----a-w- c:\windows\system32\bthprops.cpl [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gainward] 2007-06-26 06:58 2165272 ----a-w- c:\program files\VDOTool\TBPANEL.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor] 2006-10-26 16:47 31016 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)] 2009-05-26 13:06 4351216 ----a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] 2007-04-19 05:26 1626112 ----a-w- c:\windows\system32\nwiz.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL] 2006-12-19 03:12 16062464 ------r- c:\windows\RTHDCPL.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel] 2006-05-16 10:04 2879488 ------r- c:\windows\SkyTel.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\USBFW] 2008-09-01 00:44 1330688 ----a-w- c:\program files\Net Studio\USB FireWall\USB FireWall.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "ose"=3 (0x3) "odserv"=3 (0x3) "Microsoft Office Groove Audit Service"=3 (0x3) "NVSvc"=2 (0x2) "npggsvc"=3 (0x3) "FLEXnet Licensing Service"=3 (0x3) "Bonjour Service"=2 (0x2) "Capture Device Service"=2 (0x2) "UleadBurningHelper"=2 (0x2) "JavaQuickStarterService"=2 (0x2) "WMPNetworkSvc"=3 (0x3) "Autorun CDROM Monitor"=2 (0x2) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\Program Files\\Garena\\Garena.exe"= "c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\WINDOWS\\system32\\sessmgr.exe"= "c:\\Program Files\\EA GAMES\\Need For Speed Underground\\Speed.exe"= "c:\\Program Files\\EA GAMES\\Need for Speed Most Wanted\\speed.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "c:\\Program Files\\Red Alert 2 Yuri's Revenge\\gamemd.exe"= "c:\\Program Files\\Level Up Game\\Rohan Giants\\rohanclient.exe"= "c:\\Program Files\\BitLord\\BitLord.exe"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= "c:\\Program Files\\Java\\jre6\\bin\\java.exe"= "c:\\Sierra\\Half-Life\\hl.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "5353:TCP"= 5353:TCP:*:Disabled:Adobe CSI CS4 R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [6/19/2010 1:15 AM 164048] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [6/19/2010 1:15 AM 19024] S3 aswArKrn;aswArKrn;\??\c:\docume~1\ADMIRA~1\LOCALS~1\Temp\aswArKrn.sys --> c:\docume~1\ADMIRA~1\LOCALS~1\Temp\aswArKrn.sys [?] S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\ADMIRA~1\LOCALS~1\Temp\NKO1.tmp --> c:\docume~1\ADMIRA~1\LOCALS~1\Temp\NKO1.tmp [?] S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?] S4 Autorun CDROM Monitor;Autorun CDROM Monitor;c:\windows\system32\SupportAppXL\cdrom_mon.exe [4/12/2010 8:46 PM 81920] S4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys --> c:\windows\system32\Drivers\sptd.sys [?] --- Other Services/Drivers In Memory --- *NewlyCreated* - GARENAPENGINE . . ------- Supplementary Scan ------- . uInternet Connection Wizard,ShellNext = hxxp://dt-updates.com/activate?query=cOatKioV4USqxdmTAODE9XmH2xTG0FTTCBycRX6Htped2cdj2aYCJ28D%2biJ%2f6Itc2NIm6jZzHEO3l6ZCl005BD8IY1Mjj%2fIiJEQ4TFLfkVOc9LnqUYY43VZ1nyVae3Bfw0ruE7Z%2f2yHA5uW2jGyN2qVWgFWueOzrOkVnjmqI4brh6wF7Fo2SrXddtTfNsSviB7rpd9o58WHc%2fRQ8QCJUaM78nHbY%2boNEU9wKo0wXOe9j4EZFooE1S3s08fsRHZ3jHvFUeeseks21GJWTkm%2b8m9YuV1Y0t5LeL7p08aGGubY%3d IE: Download all with Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm IE: Download selected with Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm IE: Download video with Free Download Manager - file://c:\program files\Free Download Manager\dlfvideo.htm IE: Download with Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 TCP: {F53B9980-3A2B-4F03-96C3-7BE5D4354419} = 202.78.97.41 210.4.2.61 FF - ProfilePath - c:\documents and settings\Admiral X\Application Data\Mozilla\Firefox\Profiles\fy2kvdf0.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr ef", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); . ************************************************************************** scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet024\Services\GarenaPEngine] "ImagePath"="\??\c:\docume~1\ADMIRA~1\LOCALS~1\Temp\NKO1.tmp" [HKEY_LOCAL_MACHINE\System\ControlSet024\Services\npggsvc] "ImagePath"="c:\windows\system32\GameMon.des -service" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(728) c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll . Completion time: 2010-06-19 23:58:22 ComboFix-quarantined-files.txt 2010-06-19 15:58 Pre-Run: 17,656,520,704 bytes free Post-Run: 17,613,406,208 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect - - End Of File - - 1145B72AD0270509D9EACAC50B688F5E
  11. theinvulnerable
    Refer to this thread http://forums.malwarebytes.org/index.php?showtopic=54397. BTW your right the computers seems no symptoms at all. It is running fast and I had full scan it with my newly installed avast5 and nothing found. And by malwarebytes last 3 days ago before it won't open yesterday when I want to update it. But last week I remove Internet Explorer browser in Add/Remove windows component and I don't know if it has to do with it before it won't open, you may observe that it is not the cause because of the time difference before it happened. BTW ill give you again HJT list because of some changes I maked, because I tried system restore but I undo it again because it cannot solve the problem. And I update avast 4.8 to avast 5. And I tried to replace my HJT log post here but unfortunately I guess you don't have edit option here. So here it is the new HJT logs: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 02:35:44 AM, on 6/19/2010 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast5\AvastSvc.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Net Studio\USB FireWall\USB FireWall.exe C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://dt-updates.com/activate?query=cOatK...eL7p08aGGubY%3d R3 - URLSearchHook: (no name) - {F08555B0-9CC3-11D2-AA8E-000000000567} - (no file) O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [uSBFW] C:\Program Files\Net Studio\USB FireWall\USB FireWall.exe O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{F53B9980-3A2B-4F03-96C3-7BE5D4354419}: NameServer = 202.78.97.41 210.4.2.61 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL O18 - Filter hijack: text/html - {30f890cc-2725-49fb-8daf-c7c0f38d1be4} - (no file) O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing) -- End of file - 4360 bytes
  12. theinvulnerable
    1.) Is malwarebytes using or needed an msvideo.dll? Because I deleted it two days ago when avast found a virus on it win32 malware gen. 2.) Is malwarebytes needed the internet explorer browser? Because I unchecked it in add/remove windows components last week ago.
  13. theinvulnerable
    Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:37:52 PM, on 6/18/2010 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Net Studio\USB FireWall\USB FireWall.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://dt-updates.com/activate?query=cOatK...eL7p08aGGubY%3d R3 - URLSearchHook: (no name) - {F08555B0-9CC3-11D2-AA8E-000000000567} - (no file) O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [uSBFW] C:\Program Files\Net Studio\USB FireWall\USB FireWall.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{F53B9980-3A2B-4F03-96C3-7BE5D4354419}: NameServer = 202.78.97.41 210.4.2.61 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL O18 - Filter hijack: text/html - {30f890cc-2725-49fb-8daf-c7c0f38d1be4} - (no file) O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing) -- End of file - 4850 bytes
  14. theinvulnerable
    Still problem exist, those errors still popping out. Is it possible it was a bug in the malwarebytes?
  15. theinvulnerable
    I'm just using windows xp pro sp2 and avast 4.8 antivirus (free version). I really don't know why this is happened. I've just not open and update it just two days, and when I decided to open it and update today but unfortunately it won't open that's why I reinstall it. And as a matter of fact before it is running fine even if it was not excluded in my antivirus and windows firewall. So it is really so strange. BTW, should I still perform excluding it in my antivirus? What if it won't work, I delete the excluded file again?
  16. theinvulnerable
    I do what you said but still those error pop out. BTW i'm just using free version, and im confused because the error tell that mbamswissarmy.sys is missing but actually it is in C:\Windows\system32\driver.
  17. theinvulnerable
    This error pop out whenever I tried to open malwarebytes free edition and even if I uninstalled and installed it again when I finished the setup and says launch malwarebytes and updates, malwarebytes won't open but it can update and still can't see malwarebytes GUI. This the error message: An error has occured. Please report this error code to our support team. MBAM_ERROR_EXPANDING_VARIABLES (0,9) This the error after update: An error has occured. Please report this error code to our support team. MBAM_ERROR_LOAD_DATABASE (3,0) The system cannot find the path specified. And this one when I am continuing press ok button: An error has occured. Please report this error code to our support team. MBAM_ERROR_MISSING_FILE (3,0, mbamswissarmy.sys) The system cannot find the path specified.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.