Avast can't delete pcaluax.dll &/or 44822b.exe

[cracker2]

I got both of them,ran avast.It detected them & I selected to delete them,but when I ran bootup to let avast scan again to be sure,one of them came up still in the scan.Pressed 1 to delete and I would get a 42111 error{the operation is not soupported for this type of archive.}.
Here is the paths they are in.
C:\windows\System32\pcaluax.dll
C:\windows\temp\44822b.exe
I think avast took care of the temp path,but the other is still in my drive I believe.

 

[johnb35]

Please download Malwarebytes' Anti-Malware from here or here and save it to your desktop.

• Double-click mbam-setup.exe and follow the prompts to install the program.
• At the end, be sure a checkmark is placed next to
  • Update Malwarebytes' Anti-Malware
  • and Launch Malwarebytes' Anti-Malware
• then click Finish.
• If an update is found, it will download and install the latest version. Please keep updating until it says you have the latest version.
• Once the program has loaded, select Perform quick scan, then click Scan.
• When the scan is complete, click OK, then Show Results to view the results.
• Be sure that everything is checked, and click Remove Selected.
• A log will be saved automatically which you can access by clicking on the Logs tab within Malwarebytes' Anti-Malware

If for some reason Malwarebytes will not install or run please download and run Rkill.scr, Rkill.exe, or Rkill.com but DO NOT reboot the system and then try installing or running Malwarebytes. If Rkill (which is a black box) appears and then disappears right away or you get a message saying rkill is infected, keep trying to run rkill until it over powers the infection and temporarily kills it. Once a log appears on the screen, you can try running malwarebytes or downloading other programs.



Download the HijackThis installer from here.
Run the installer and choose Install, indicating that you accept the licence agreement. The installer will place a shortcut on your desktop and launch HijackThis.

Click Do a system scan and save a logfile

Most of what HijackThis lists will be harmless or even essential, don't fix anything yet.

Post the logfile that HijackThis produces along with the Malwarebytes Anti-Malware log

 

[cracker2]

Thanks again john!Forgot about Malwarebytes,haven't used it in a long time.It showed I had 15 in the quick scan.Removed all.Just waiting on reboot.Hopefully it got them.Thought I onley had 2.

 

[cracker2]

Well even after the 15 found and deleted I still had something.Hijack this runs,but something is keeping it from doing a log.Said for vista(what im running,simply right click malwarebytes and run as admin.I onley have me on it so the onley option it gives is open.I looked in my avast logs I saved.And that exe it couldn't get rid of was in a zip I downloaded today.I ran a gutman shred on it.
Probably shouldn't have done it.But I believe if a gutman won't get rid of it im just going to revert to a restore point or just do a factory restore.

Edit:Well I rebooted.Idk why I didn't say this in the first place.But when I got it/them,everytime I reboot a ballon popsup and says windows has blocked some programs on startup.And I went to my security center.It shut my security center off...well disabled it.Can't turn it back on.Says windows secuirty center can't be started everytime I try.I got windows defender to run,says your computer is running normaly when scan is done lol.

 

[johnb35]

I need you to please post all the malwarebytes log you have scanned and a hijackthis log.

 

[cracker2]

im doing a full scan on malwarebytes,does it still give a log at least?i know i can't delete anything probably since its not registered.First quick scan i did,said it saved before i shut the program down.But when i opend the progarm backup my log section is clear and i couldn't find the log anywhere in my notes etc.
I tried both options that hijack this gives me everytime hijackthis startsup.Neither work.Says something about a host preventing a hijack this log from working,then shows what to do in general and what to do in vista.
Neither one changed anything where i could get logs.

 

[cracker2]

Can't find the quickscan log anywhere.Full scan completed and got a log.Still can't get hijackthis to get logs.Will keep trying though.

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6646

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19019

5/22/2011 11:55:47 PM
mbam-log-2011-05-22 (23-55-47).txt

Scan type: Full scan (C:\|)
Objects scanned: 233841
Time elapsed: 38 minute(s), 52 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

 

[cracker2]

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:10:23 AM, on 5/23/2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.19019)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Eraser\Eraser.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\IObit\Advanced SystemCare 4\ASCTray.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: Use the DivX Plus Web Player to watch web videos with less interruptions and smoother playback on supported sites - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Eraser] "C:\PROGRA~1\Eraser\Eraser.exe" --atRestart
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [Google Update] "C:\Users\cbr32\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Advanced SystemCare 4] C:\Program Files\IObit\Advanced SystemCare 4\ASCTray.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Advanced SystemCare Service (AdvancedSystemCareService) - IObit - C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: Realtek11nSU - Realtek - C:\Program Files\REALTEK\Wireless LAN Utility\RtlService.exe

--
End of file - 4439 bytes

 

[cracker2]

I think my laptop is ok now.I found out how to get rid of the ballon notification.
http://www.howtogeek.com/howto/wind...ws-has-blocked-some-startup-programs-balloon/
Then I had to hit start,type service in the search and open it up.Skim through and find my security center.Turned it back on and set it to automatic.

Thanks john:good:

 

[johnb35]

im doing a full scan on malwarebytes,does it still give a log at least?i know i can't delete anything probably since its not registered.First quick scan i did,said it saved before i shut the program down.But when i opend the progarm backup my log section is clear and i couldn't find the log anywhere in my notes etc.
I tried both options that hijack this gives me everytime hijackthis startsup.Neither work.Says something about a host preventing a hijack this log from working,then shows what to do in general and what to do in vista.
Neither one changed anything where i could get logs.

Malwarebytes doesn't need to be registered in order to remove infections. The difference between the free and the paid version is that the paid version is an active scanner to where the free version is not.

If you are running Vista or W7 then when running hijackthis, right click on the icon and click on run as admin. If the run as admin option doesn't appear then press and hold the shift key while right clicking on hijackthis to get the option to appear.

However, it seems that everything is working now correct?