HijackThis Won't load

G

Glliw

Member
Hey guys, I have a stinking feeling I need to run a HijackThis log on my desktop, but I can't get it to work. I download the .exe, run it, and it opens. But once I start the scan, it gets about 2 seconds into it and then it crap out and crashes and seems to become uninstalled. What's going on?

Dunno if this will help any but I ran in safe mode and it didn't change anything really. Still crashes. Was able to grab this screen capture though...probably doesn't help much but its something at least.

untitled-1.jpg
 
Last edited:
Malware bytes does the exact same thing that hijackthis is doing.

EDIT: Same thing as well happens when using runscanner and RSIT
 
Last edited:
Put your drive in another system and scan it using a fully updated virus program. Then put it back in your system and see if it will run correctly.
 
That's not a viable option.

I've scanned with avira, avast, and avg and all come up with nothing to solve it.
 
Thank god that ran all the way through. Here's the log:

ComboFix 09-09-22.02 - Administrator 09/22/2009 20:22.1.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3327.2736 [GMT -4:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
AV: avast! antivirus 4.8.1351 [VPS 090922-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\HijackThis.exe
c:\program files\driver
c:\windows\msa.exe
c:\windows\msb.exe

Infected copy of c:\windows\system32\eventlog.dll was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\eventlog.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED}


((((((((((((((((((((((((( Files Created from 2009-08-23 to 2009-09-23 )))))))))))))))))))))))))))))))
.

2009-09-22 22:12 . 2009-09-22 22:12 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Runscanner.net
2009-09-22 22:11 . 2009-09-22 22:12 -------- d-----w- C:\Runscanner
2009-09-22 22:10 . 2009-09-22 22:10 -------- d-----w- C:\rsit
2009-09-22 21:26 . 2009-09-22 21:29 -------- d-----w- c:\program files\Darkest of Days
2009-09-22 21:23 . 2009-09-22 21:23 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-09-22 21:23 . 2009-09-10 18:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-22 21:23 . 2009-09-22 21:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-09-22 21:23 . 2009-09-22 21:23 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-22 21:23 . 2009-09-10 18:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-22 19:18 . 2009-09-22 19:18 -------- d-----w- c:\program files\fumble
2009-09-22 19:14 . 2009-09-22 22:10 -------- d-----w- c:\program files\Trend Micro
2009-09-22 16:26 . 2009-08-17 16:04 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-09-22 16:26 . 2009-08-17 16:04 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-09-22 16:26 . 2009-08-17 16:03 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-09-22 16:26 . 2009-08-17 16:02 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-09-22 16:26 . 2009-08-17 16:06 93392 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-09-22 16:26 . 2009-08-17 16:06 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-09-22 16:26 . 2009-08-17 16:05 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-09-22 16:26 . 2009-08-17 16:05 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-09-22 16:26 . 2009-08-17 16:10 1279456 ----a-w- c:\windows\system32\aswBoot.exe
2009-09-22 16:26 . 2003-03-18 21:20 1060864 ----a-w- c:\windows\system32\MFC71.dll
2009-09-22 16:26 . 2003-02-21 03:42 348160 ----a-w- c:\windows\system32\MSVCR71.dll
2009-09-22 16:26 . 2009-09-22 16:26 -------- d-----w- c:\program files\Alwil Software
2009-09-22 16:23 . 2009-07-28 20:33 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-09-22 16:23 . 2009-03-30 14:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-09-22 16:23 . 2009-02-13 16:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2009-09-22 16:23 . 2009-02-13 16:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2009-09-22 16:23 . 2009-09-22 16:23 -------- d-----w- c:\program files\Avira
2009-09-22 16:23 . 2009-09-22 16:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2009-09-22 16:17 . 2009-09-22 16:17 -------- d-----w- c:\program files\CCleaner
2009-09-22 16:08 . 2009-09-22 16:08 105400 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-09-22 15:55 . 2009-09-22 15:55 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple
2009-09-22 03:48 . 2009-09-22 19:27 -------- d-----w- c:\documents and settings\Administrator\Application Data\SolidWorks
2009-09-22 03:37 . 2009-09-22 03:37 -------- d-----w- c:\windows\system32\GroupPolicy
2009-09-22 03:37 . 2009-09-22 03:37 -------- d-----w- C:\Solidworks Data
2009-09-22 03:31 . 2009-09-22 19:25 0 ----a-r- c:\windows\win32k.sys
2009-09-22 03:27 . 2009-09-22 03:27 -------- d-----w- c:\documents and settings\Administrator\Application Data\EDrawings
2009-09-22 03:14 . 2009-09-22 03:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Macrovision
2009-09-22 03:11 . 2008-02-11 19:55 586240 ----a-w- c:\windows\system32\drivers\hardlock.sys
2009-09-22 03:11 . 2009-09-22 03:11 -------- d-----w- c:\program files\Common Files\Aladdin Shared
2009-09-22 03:11 . 2008-03-19 16:30 2558464 ----a-w- c:\windows\system32\hasplms.exe
2009-09-22 03:11 . 2008-03-19 16:30 2558464 ----a-w- c:\windows\system32\aksllmtp.exe
2009-09-22 03:11 . 2008-03-18 19:09 350720 ----a-w- c:\windows\system32\drivers\aksfridge.sys
2009-09-22 03:11 . 2009-09-22 03:11 -------- d-----w- c:\windows\system32\RNBOSENT
2009-09-22 03:11 . 1999-07-20 09:38 73216 ----a-w- c:\windows\system32\drivers\SENTINEL.SYS
2009-09-22 03:11 . 1999-07-20 09:38 47616 ----a-w- c:\windows\system32\SNTI386.DLL
2009-09-22 03:11 . 1999-07-20 09:38 17920 ----a-w- c:\windows\system32\RNBOVDD.DLL
2009-09-22 03:10 . 2009-09-23 00:19 -------- d-----w- c:\program files\SolidWorks SolidNetWork License Manager
2009-09-22 03:03 . 2009-09-22 03:03 -------- d-----w- c:\documents and settings\Administrator\Application Data\DWGeditor
2009-09-22 03:03 . 2009-09-22 03:04 -------- d-----w- c:\program files\DWGeditor
2009-09-20 11:02 . 2008-10-16 18:06 268648 ----a-w- c:\windows\system32\mucltui.dll
2009-09-20 11:02 . 2008-10-16 18:06 208744 ----a-w- c:\windows\system32\muweb.dll
2009-09-20 06:47 . 2009-09-20 06:47 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\PCHealth
2009-09-20 06:45 . 2009-09-20 06:46 -------- d-----w- c:\documents and settings\Administrator\Contacts
2009-09-20 06:43 . 2009-09-20 06:43 -------- d-----w- c:\documents and settings\All Users\Application Data\WindowsLiveInstaller
2009-09-20 06:43 . 2009-09-20 06:44 -------- d-----w- c:\program files\Windows Live
2009-09-20 06:43 . 2009-09-20 06:43 -------- d-----w- c:\documents and settings\All Users\Application Data\WLInstaller
2009-09-19 14:45 . 2009-09-19 14:45 -------- d-----w- c:\program files\RVL Hacker
2009-09-16 21:51 . 2009-09-17 11:48 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-09-14 14:53 . 2009-09-18 03:41 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\LastPass
2009-09-13 21:29 . 2009-09-13 21:29 -------- d-----w- c:\documents and settings\Administrator\Application Data\OpenOffice.org
2009-09-13 21:02 . 2009-09-13 21:02 -------- d-----w- c:\program files\JRE
2009-09-13 21:02 . 2009-09-13 21:02 -------- d-----w- c:\program files\OpenOffice.org 3
2009-09-13 20:59 . 2009-09-13 20:59 -------- d-----w- c:\program files\Rico Software
2009-09-13 20:30 . 2009-09-13 20:30 -------- d-----w- c:\program files\PingPlotter Standard
2009-09-10 18:32 . 2009-09-10 18:34 -------- d-----w- c:\program files\Unit Conversion Tool
2009-09-10 01:41 . 2009-09-22 21:27 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2009-09-10 01:41 . 2009-09-22 21:27 -------- d-----w- c:\program files\OpenAL
2009-09-10 01:41 . 2009-09-22 21:27 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2009-09-10 01:39 . 2009-09-10 01:39 -------- d-----w- c:\program files\Futuremark
2009-09-10 01:11 . 2009-09-10 01:21 -------- d-----w- c:\documents and settings\Administrator\Application Data\NationRed
2009-09-10 00:51 . 2009-09-10 00:51 -------- d-----w- c:\windows\system32\Futuremark
2009-09-10 00:51 . 2009-09-10 00:51 -------- d-----w- c:\program files\Common Files\Futuremark Shared
2009-09-10 00:51 . 2008-09-17 18:14 27672 ----a-r- c:\windows\system32\drivers\Entech.sys
2009-09-09 03:19 . 2009-06-21 21:44 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2009-09-01 03:31 . 2009-09-01 03:31 -------- d-----w- c:\program files\FFXiBench3
2009-08-24 15:13 . 2009-08-24 15:13 -------- d-----w- c:\documents and settings\Administrator\Application Data\NeatImage SL
2009-08-24 15:13 . 2009-08-24 15:13 -------- d-----w- c:\program files\Neat Image

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-22 21:28 . 2009-07-14 16:56 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-09-22 21:28 . 2009-07-14 20:41 -------- d-----w- c:\program files\AGEIA Technologies
2009-09-22 21:26 . 2009-07-14 16:00 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-09-22 20:45 . 2009-07-14 21:33 -------- d-----w- c:\program files\Steam
2009-09-22 19:41 . 2009-08-07 12:46 -------- d-----w- c:\program files\SolidWorks
2009-09-22 19:39 . 2009-08-07 12:46 -------- d-----w- c:\program files\Common Files\eDrawings2009
2009-09-22 19:39 . 2009-08-07 12:46 -------- d-----w- c:\program files\Common Files\SolidWorks Shared
2009-09-22 16:46 . 2009-07-14 22:12 138064 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-09-22 16:46 . 2009-07-14 22:12 189184 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-09-22 16:44 . 2009-07-14 20:39 36192 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-22 03:14 . 2009-07-15 17:44 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet
2009-09-13 21:02 . 2009-08-04 00:49 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-09-12 08:30 . 2009-09-13 20:30 44 ---h--w- c:\program files\7d737e76.tmp
2009-08-29 18:30 . 2009-07-14 21:54 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-08-29 18:30 . 2009-07-14 21:54 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-08-29 18:30 . 2009-07-14 21:54 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-08-26 14:37 . 2009-08-06 02:37 -------- d-----w- c:\documents and settings\Administrator\Application Data\uTorrent
2009-08-22 06:32 . 2009-08-22 06:32 -------- d-----w- c:\program files\MSBuild
2009-08-22 06:32 . 2009-08-22 06:32 -------- d-----w- c:\program files\Reference Assemblies
2009-08-07 19:32 . 2009-08-07 19:32 -------- d-----w- c:\program files\MSXML 4.0
2009-08-06 02:38 . 2009-08-06 02:38 -------- d-----w- c:\program files\uTorrent
2009-08-05 09:01 . 2003-03-31 12:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-04 23:12 . 2009-08-04 00:49 -------- d-----w- c:\program files\Java
2009-08-04 03:11 . 2009-08-04 03:11 -------- d-----w- c:\documents and settings\Administrator\Application Data\acccore
2009-08-04 03:11 . 2009-08-04 03:10 -------- d-----w- c:\program files\AIM6
2009-08-04 03:10 . 2009-08-04 03:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint
2009-08-04 03:10 . 2009-08-04 03:10 -------- d-----w- c:\program files\Viewpoint
2009-08-04 03:10 . 2009-08-04 03:10 -------- d-----w- c:\documents and settings\All Users\Application Data\acccore
2009-08-04 03:10 . 2009-08-04 03:10 -------- d-----w- c:\documents and settings\All Users\Application Data\AOL OCP
2009-08-04 03:10 . 2009-08-04 03:10 -------- d-----w- c:\documents and settings\All Users\Application Data\AOL
2009-08-04 03:10 . 2009-08-04 03:10 -------- d-----w- c:\program files\Common Files\AOL
2009-08-04 02:59 . 2009-08-04 02:58 -------- d-----w- c:\program files\QuickTime
2009-08-04 02:58 . 2009-08-04 02:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-08-04 02:58 . 2009-08-04 02:58 -------- d-----w- c:\program files\Apple Software Update
2009-08-04 02:58 . 2009-08-04 02:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-08-04 00:48 . 2009-08-04 00:48 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-08-01 05:10 . 2009-08-01 05:10 -------- d-----w- c:\program files\Electronic Arts
2009-07-30 03:05 . 2009-07-30 03:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Wayward Gamers
2009-07-27 22:04 . 2009-07-19 22:18 -------- d-----w- c:\program files\FFXIP
2009-07-26 23:26 . 2009-07-26 23:26 98304 ----a-w- c:\windows\system32CmdLineExt.dll
2009-07-21 17:50 . 2009-07-14 22:12 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2009-07-21 00:24 . 2009-07-21 00:24 20747 ----a-w- c:\windows\system32\drivers\AegisP.sys
2009-07-20 13:34 . 2009-07-20 13:34 70936 ----a-w- c:\windows\system32\PhysXLoader.dll
2009-07-19 21:11 . 2009-07-19 21:11 4096 ----a-w- c:\windows\d3dx.dat
2009-07-17 19:01 . 2003-03-31 12:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-14 22:12 . 2009-07-14 22:12 22328 ----a-w- c:\documents and settings\Administrator\Application Data\PnkBstrK.sys
2009-07-14 22:12 . 2009-07-14 22:12 682280 ----a-w- c:\windows\system32\pbsvc.exe
2009-07-14 21:54 . 2009-07-14 21:54 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-07-14 16:56 . 2009-07-14 16:56 0 ----a-w- c:\windows\nsreg.dat
2009-07-14 16:02 . 2009-07-14 16:02 315392 ----a-w- c:\windows\HideWin.exe
2009-07-14 15:46 . 2009-07-14 15:46 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2009-07-12 16:21 . 2009-07-14 20:36 233472 ------w- c:\windows\system32\wmpdxm.dll
2009-07-03 14:49 . 2009-07-14 21:20 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-07-03 14:49 . 2009-07-23 21:44 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-06-26 16:50 . 2003-03-31 12:00 666624 ----a-w- c:\windows\system32\wininet.dll
2009-06-26 16:50 . 2009-07-14 20:36 81920 ------w- c:\windows\system32\ieencode.dll
2004-07-22 14:51 . 2004-07-22 14:51 3432656 ----a-w- c:\program files\ManagedDX.CAB
2004-07-20 02:58 . 2004-07-20 02:58 1156363 ----a-w- c:\program files\BDANT.cab
2004-07-20 02:53 . 2004-07-20 02:53 976020 ----a-w- c:\program files\BDAXP.cab
2004-07-09 18:17 . 2004-07-09 18:17 13265040 ----a-w- c:\program files\dxnt.cab
2004-07-09 13:13 . 2004-07-09 13:13 15493481 ----a-w- c:\program files\DirectX.cab
2004-07-09 13:13 . 2004-07-09 13:13 703080 ----a-w- c:\program files\BDA.cab
2004-07-09 08:08 . 2004-07-09 08:08 472576 ----a-w- c:\program files\dxsetup.exe
2004-07-09 08:08 . 2004-07-09 08:08 2242560 ----a-w- c:\program files\dsetup32.dll
2004-07-09 07:03 . 2004-07-09 07:03 62976 ----a-w- c:\program files\DSETUP.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1090816]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-07-24 13:55 1090816 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1090816]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1090816]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files\Steam\Steam.exe" [2009-07-14 1217784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-06-10 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-06-10 13758464]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-08-29 2007832]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-09-13 149280]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2007-04-10 16126464]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2009-06-10 1657376]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-29 18:30 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Steam\\steamapps\\glliw\\insurgency\\hl2.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\PlayOnline\\SquareEnix\\PlayOnlineViewer\\pol.exe"=
"c:\\Program Files\\Electronic Arts\\Crytek\\Crysis SP Demo\\Bin32\\Crysis.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\nation red demo\\NationRed.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\america's army 3\\Binaries\\AA3Game.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaW.exe"=
"c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaWmp.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\baboinvasion_trial\\BaboInvasionTrial.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"1947:TCP"= 1947:TCP:HASP SRM
"1947:UDP"= 1947:UDP:HASP SRM

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [7/14/2009 5:20 PM 64160]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [9/22/2009 12:26 PM 114768]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [7/14/2009 5:54 PM 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [7/14/2009 5:54 PM 108552]
R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [7/14/2009 11:58 AM 13696]
R1 BS_I2cIo;BS_I2cIo;c:\windows\system32\drivers\BS_I2cIo.sys [7/14/2009 10:54 PM 17024]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [9/22/2009 12:23 PM 108289]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [9/22/2009 12:26 PM 20560]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [8/29/2009 2:30 PM 297752]
R2 hasplms;HASP License Manager;c:\windows\system32\hasplms.exe -run --> c:\windows\system32\hasplms.exe -run [?]
R2 SolidWorks SolidNetWork License Manager;SolidWorks SolidNetWork License Manager;c:\program files\SolidWorks SolidNetWork License Manager\lmgrd.exe [5/11/2007 1:08 PM 1372160]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [8/3/2009 11:10 PM 24652]
S2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [8/29/2009 2:30 PM 908056]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [7/3/2009 10:49 AM 1029456]
S3 AODDriver;AODDriver;c:\program files\AMD\OverDrive\i386\AODDriver.sys [8/4/2008 7:48 AM 6656]
S3 AODService;AODService;c:\program files\AMD\OverDrive\AODAssist --> c:\program files\AMD\OverDrive\AODAssist [?]
S3 cpuz130;cpuz130;\??\c:\docume~1\ADMINI~1\LOCALS~1\Temp\cpuz130\cpuz_x32.sys --> c:\docume~1\ADMINI~1\LOCALS~1\Temp\cpuz130\cpuz_x32.sys [?]
S3 cpuz132;cpuz132;c:\windows\system32\drivers\cpuz132_x32.sys [7/14/2009 12:57 PM 12672]
S3 PciCon;PciCon;\??\d:\pcicon.sys --> d:\PciCon.sys [?]
.
Contents of the 'Scheduled Tasks' folder

2009-09-22 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-07-03 14:49]

2009-09-22 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]
.
.
------- Supplementary Scan -------
.
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\9to7dqw9.default\
FF - component: c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\9to7dqw9.default\extensions\[email protected]\platform\WINNT_x86-msvc\components\WeaveCrypto.dll
FF - component: c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\9to7dqw9.default\extensions\[email protected]\platform\WINNT_x86-msvc\components\lpxpcom.dll
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-22 20:28
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AODService]
"ImagePath"="c:\program files\AMD\OverDrive\AODAssist"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(628)
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\windows\system32\hasplms.exe
c:\windows\system32\rundll32.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\program files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
c:\program files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
.
**************************************************************************
.
Completion time: 2009-09-23 20:32 - machine was rebooted
ComboFix-quarantined-files.txt 2009-09-23 00:32

Pre-Run: 374,288,011,264 bytes free
Post-Run: 374,377,152,512 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

337 --- E O F --- 2009-09-21 00:23
 
Whatever combofix did, took care of it i think...hijackthis works now. Here's a log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:51:05 PM, on 9/22/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\hasplms.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\SolidWorks SolidNetWork License Manager\lmgrd.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\SolidWorks SolidNetWork License Manager\lmgrd.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\taskmgr.exe
C:\dgfh\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: AODService - Unknown owner - C:\Program.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: HASP License Manager (hasplms) - Aladdin Knowledge Systems Ltd. - C:\WINDOWS\system32\hasplms.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Unknown owner - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe
O23 - Service: SolidWorks SolidNetWork License Manager - Macrovision Corporation - C:\Program Files\SolidWorks SolidNetWork License Manager\lmgrd.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe
O23 - Service: WMP54Gv4SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe

--
End of file - 7564 bytes
 
Now please try running Malwarebytes and posting a fresh hijackthis log afterwards.

Edit... hold on, checking your log.
 
Cool man, thanks a bunch. Must've download something eerie. Glad combofix came to the rescue like that, and you as well. heh
 
Your welcome. You may now uninstall combofix by doing the following...

Click on start, click on run, type "combofix /u" without the quotes and click ok and it will unistall. It will actually look like its running again but its not. Combofix is updated constantly, so whenever you need to run it again, you will need to redownload the file.
 
You have Avast; Avira and AVG installed all at the same time

Please run the AVG Remover Tool: http://www.avg.com/download-tools
Or direct download here > http://www.avg.com/filedir/util/avg_arm_sup_____.dir/avgremover.exe

Restart

Uninstall Avast from Add/Remove Programs

Update Avira Antivirus (note due the other Antiviruses installed you may need to uninstall Avira as well, then re-download it from HERE, and install/Update it again)

I would highly suggest you run a full updated scan with Avira Antivirus
Please note you can only have 1 Antivirus installed at a time ;)
It may be a good idea to then update Malwarebytes again (there is one update available) and then do another full scan with that as well

Then restart
Run CCleaner
And possibly provide details on what happened with the Antivirus and Malwarebytes scan
And if you are very determined a new HJT log again
 
You must log in or register to reply here.
Back
Top