Need Help, Cannot Install MBAM, Posting Logs

[spkshelp]

DDS (Ver_09-12-01.01) - NTFSx86 NETWORK

Run by Owner at 19:18:08.12 on Thu 03/04/2010

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_15

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1499 [GMT -8:00]

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\system32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

C:\WINDOWS\Explorer.EXE

C:\Documents and Settings\Owner\Local Settings\Application Data\av.exe

C:\DOCUME~1\Owner\LOCALS~1\Temp\install.exe

C:\DOCUME~1\Owner\LOCALS~1\Temp\user.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\DOCUME~1\Owner\LOCALS~1\Temp\msinits.exe

C:\Documents and Settings\Owner\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/

mWinlogon: SfcDisable=-99 (0xffffff9d)

mWinlogon: Taskman=c:\recycler\s-1-5-21-1308747404-8539434458-111970312-0028\msimfo32.exe

BHO: c:\windows\system32\h88ci.dll: {a3ba40a2-74f0-42bd-f434-00b15a2c8953} - c:\windows\system32\h88ci.dll

TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll

TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - c:\program files\adobe\/Adobe Contribute CS4/contributeieplugin.dll

TB: Viewpoint Toolbar: {f8ad5aa5-d966-4667-9daf-2561d68b2012} - c:\program files\common files\viewpoint\toolbar runtime\3.9.0\IEViewBar.dll

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [Google Update] "c:\documents and settings\owner\local settings\application data\google\update\GoogleUpdate.exe" /c

uRun: [LogitechSoftwareUpdate] "c:\program files\logitech\video\ManifestEngine.exe" boot

uRun: [bitTorrent DNA] "c:\program files\dna\btdna.exe"

uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden

uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\Wcescomm.exe"

uRun: [Remote System Protection] rundll32.exe c:\windows\system32\h88ci.dll, HUI_proc

uRun: [uishf9wuifwuh387fh3wufinhjfdwefe] c:\docume~1\owner\locals~1\temp\jvls408.exe

uRun: [asg984jgkfmgasi8ug98jgkfgfb] c:\docume~1\owner\locals~1\temp\user.exe

mRun: [iMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC

mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName

mRun: [CoolSwitch] c:\windows\system32\taskswitch.exe

mRun: [startCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun

mRun: [RTHDCPL] RTHDCPL.EXE

mRun: [Alcmtr] ALCMTR.EXE

mRun: [LVCOMSX] c:\windows\system32\LVCOMSX.EXE

mRun: [LogitechVideoRepair] c:\program files\logitech\video\ISStart.exe

mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin

mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"

mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe"

mRun: [Adobe_ID0ENQBO] c:\progra~1\common~1\adobe\adobev~1\server\bin\VERSIO~2.EXE

mRun: [PDVD9LanguageShortcut] "c:\program files\cyberlink\powerdvd9\language\Language.exe"

mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"

mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min

mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logon

mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon

mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [msnfo32] c:\windows\system32\msnfo32.exe

dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE

dRunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wirele~1.lnk - c:\program files\802.11 wireless lan\802.11n wireless usb adapter hw.17\WlanCU.exe

uPolicies-explorer: NoFolderOptions = 1 (0x1)

uPolicies-system: DisableRegistryTools = 1 (0x1)

mPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)

mPolicies-explorer: ForceClassicControlPanel = 1 (0x1)

mPolicies-explorer: MaxRecentDocs = 18 (0x12)

mPolicies-explorer: NoSMConfigurePrograms = 1 (0x1)

mPolicies-explorer: NoRecentDocsNetHood = 1 (0x1)

mPolicies-explorer: MemCheckBoxInRunDlg = 1 (0x1)

IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll

IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll

IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll

Notify: AtiExtEvent - Ati2evxx.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

STS: c:\windows\system32\h88ci.dll: {a3ba40a2-74f0-42bd-f434-00b15a2c8953} - c:\windows\system32\h88ci.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\d7ns6sth.default\

FF - prefs.js: browser.startup.homepage - www.slickdeals.net

FF - plugin: c:\documents and settings\owner\application data\mozilla\plugins\npgoogletalk.dll

FF - plugin: c:\documents and settings\owner\local settings\application data\google\update\1.2.183.17\npGoogleOneClick8.dll

FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nppl3260.dll

FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nprpjplug.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npPandoWebInst.dll

FF - plugin: c:\program files\quicktime alternative\plugins\npqtplugin.dll

FF - plugin: c:\program files\quicktime alternative\plugins\npqtplugin2.dll

FF - plugin: c:\program files\quicktime alternative\plugins\npqtplugin3.dll

FF - plugin: c:\program files\quicktime alternative\plugins\npqtplugin4.dll

FF - plugin: c:\program files\quicktime alternative\plugins\npqtplugin5.dll

FF - plugin: c:\program files\quicktime alternative\plugins\npqtplugin6.dll

FF - plugin: c:\program files\quicktime alternative\plugins\npqtplugin7.dll

FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll

FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint_.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-7-24 64160]

R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-7-3 1029456]

S1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-7-24 11608]

S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-7-24 108289]

S2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-7-24 185089]

S2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-7-24 56816]

S2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [2009-6-14 38144]

S2 SBKUPNT;SBKUPNT;c:\windows\system32\drivers\SBKUPNT.SYS [2010-1-1 14976]

S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2009-6-27 24652]

S2 WLNdis50;Wireless Lan NDIS Protocol I/O Control;c:\windows\system32\drivers\WLNdis50.sys [2009-6-14 20480]

S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\common files\adobe\adobe version cue cs4\server\bin\VersionCueCS4.exe [2008-8-15 288112]

S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\ambfilt.sys [2009-6-14 1684736]

S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files\dragon age\bin_ship\daupdatersvc.service.exe [2009-12-7 25832]

S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2010-1-1 13192]

S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\eugdidrv.sys [2010-1-1 8456]

S3 RTL8192u;Realtek RTL8192U Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\drivers\rtl8192u.sys [2009-6-14 436864]

=============== Created Last 30 ================

2010-03-05 03:14:57 176 ----a-w- c:\documents and settings\owner\defogger_reenable

2010-03-05 02:58:42 15688 ----a-w- c:\windows\system32\lsdelete.exe

2010-03-05 00:07:59 67584 ----a-w- c:\documents and settings\owner\nah_pykm.exe

2010-03-05 00:07:46 43008 ----a-w- c:\windows\system32\msnfo32.exe

2010-03-05 00:07:46 183296 ----a-w- c:\windows\system32\msnfo32 .exe

2010-03-05 00:07:45 20000 ----a-w- c:\windows\system32\h88ci.dll

2010-02-10 03:57:07 33280 ------w- c:\windows\system32\dllcache\csrsrv.dll

2010-02-10 03:57:05 474112 ------w- c:\windows\system32\dllcache\shlwapi.dll

2010-02-10 03:57:03 17920 ------w- c:\windows\system32\dllcache\msyuv.dll

2010-02-10 03:57:00 8704 ------w- c:\windows\system32\dllcache\tsbyuv.dll

2010-02-10 03:57:00 48128 ------w- c:\windows\system32\dllcache\iyuv_32.dll

2010-02-10 03:57:00 28672 ------w- c:\windows\system32\dllcache\msvidc32.dll

2010-02-10 03:57:00 11264 ------w- c:\windows\system32\dllcache\msrle32.dll

2010-02-10 03:56:57 353792 ------w- c:\windows\system32\dllcache\srv.sys

2010-02-10 03:56:37 456832 ------w- c:\windows\system32\dllcache\mrxsmb.sys

==================== Find3M ====================

2010-03-05 02:55:59 43008 ----a-w- c:\windows\system32\lvcomsx.exe

2010-03-05 02:55:54 43008 ----a-w- c:\windows\system32\taskswitch.exe

2010-03-05 00:08:04 43008 ----a-w- c:\windows\system32\ctfmon.exe

2009-12-21 13:19:18 173056 ------w- c:\windows\system32\dllcache\ie4uinit.exe

2009-12-14 07:08:23 33280 ----a-w- c:\windows\system32\csrsrv.dll

2009-12-09 05:53:44 726528 ------w- c:\windows\system32\dllcache\jscript.dll

2009-08-25 17:59:41 25 ----a-w- c:\program files\popcinfot.dat

2009-06-12 08:46:56 245760 --sha-w- c:\windows\system32\config\systemprofile\ietldcache\index.dat

============= FINISH: 19:18:45.68 ===============

MBAM.zip

[Elise]

Hello and welcome to Malwarebytes forum!

That looks quite infected B) Lets see if we can get rid of some stuff with more powerful means.

COMBOFIX

---------------

Please download ComboFix from one of these locations:

Bleepingcomputer
ForoSpyware

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  
• Double click on Combofix.exe and follow the prompts.
  
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  

**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

[Elise]

Hello, are you still there?

[Maurice Naggar]

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!