Malwarebytes Anti-Malware prevented from installing

R

RawnG

New Member
I tried downloading Malwarebytes Anti-Malware from several sources, including the four linked pages in the sticky however I could only get ONE of those to even begin the installation process, but half the files were always corrupt.
I also could not even move the mbam installer off of the usb thumbdrive to the computer itself. I had to archive the installer and move the archive to the desktop, then unarchive. However the program still would not install.

I did test the files on another computer and the installers started fine, although I didn't go through with the installation.

Hijackthis however installed just fine and here is the log file from it's running

Also I'm not experiencing any specific problems except for what I consider excessive slowness and the issue with mbam installing.

Any help would be appreciated : )
Code: 
Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 10:35:32 AM, on 10/29/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal



Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\AVG\AVG8\avgrsx.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe



R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll

O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll

O2 - BHO: (no name) - {17B1A236-31DF-6A50-AB41-69E33B94A99C} - C:\WINDOWS\System32\txhycm.dll (file missing)

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll

O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKLM\..\Policies\Explorer\Run: [system] C:\WINDOWS\csrss.exe

O8 - Extra context menu item: &Search - http://kl.bar.need2find.com/KL/menusearch.html?p=KL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll

O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/21110790e5d486986022/netzip/RdxIE601.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1137354147218

O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab

O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll

O18 - Filter hijack: text/html - (no CLSID) - (no file)

O20 - AppInit_DLLs: C:\WINDOWS\System32\tmp_sm.dll

O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll



--

End of file - 5332 bytes
 
Things are looking up : )

Ok, so I installed and ran SUPERAntiSpyware and it detected 431 threats. I selected to remove/quarantine .
I now tried to install mbam again; however it was the same as before.

I proceded to install and run ComboFix. I should note that it told me to turn off AVG 8.5 FREE but after attempting to turn it off (and failing to find a way to do so) I proceded with AVG running, which ComboFix advised against.
ComboFix did it's thing and afterwards I attempted to install mbam again and the installer now works ;) however I did not go through with installing and running it.

Following are the logs from ComboFix and a new Hijackthis log.

ComboFix

Code: 
ComboFix 09-10-28.08 - Tricia 10/29/2009 13:57.1.1 - NTFSx86

Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.255.146 [GMT -4:00]

Running from: F:\ComboFix.exe

AV: AVG Anti-Virus Free *On-access scanning enabled* (Outdated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}



WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.



(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))

.



c:\documents and settings\Robert\Local Settings\Temporary Internet Files\Ssk.log

c:\documents and settings\Tricia\Application Data\Install.dat

c:\recycler\S-1-5-21-343818398-179605362-839522115-1003

c:\windows\Downloaded Program Files\RdxIE.dll

c:\windows\hook.txt

c:\windows\ie-hook.txt

c:\windows\mcroso~1

c:\windows\system32\iDlo01

c:\windows\system32\pac.txt

c:\windows\wr.txt



.

(((((((((((((((((((((((((   Files Created from 2009-09-28 to 2009-10-29  )))))))))))))))))))))))))))))))

.



2009-10-29 16:25 . 2009-10-29 16:25	--------	d-----w-	c:\documents and settings\All Users.WINDOWS\Application Data\SUPERAntiSpyware.com

2009-10-29 16:24 . 2009-10-29 16:24	--------	d-----w-	c:\program files\SUPERAntiSpyware

2009-10-29 16:24 . 2009-10-29 16:24	--------	d-----w-	c:\documents and settings\Tricia\Application Data\SUPERAntiSpyware.com

2009-10-29 16:23 . 2009-10-29 16:23	--------	d-----w-	c:\program files\Common Files\Wise Installation Wizard

2009-10-29 14:34 . 2009-10-29 14:34	--------	d-----w-	c:\program files\Trend Micro

2009-10-29 13:44 . 2009-10-29 13:44	--------	d--h--w-	c:\windows\PIF



.

((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-09-11 14:18 . 2002-08-29 12:00	136192	----a-w-	c:\windows\system32\msv1_0.dll

2009-09-04 21:03 . 2002-08-29 12:00	58880	----a-w-	c:\windows\system32\msasn1.dll

2009-08-26 08:00 . 2002-08-29 12:00	247326	----a-w-	c:\windows\system32\strmdll.dll

2009-08-19 12:13 . 2009-07-28 03:55	11952	----a-w-	c:\windows\system32\avgrsstx.dll

2009-08-19 12:13 . 2007-05-21 03:43	27784	----a-w-	c:\windows\system32\drivers\avgmfx86.sys

2009-08-19 12:13 . 2009-07-28 03:55	335240	----a-w-	c:\windows\system32\drivers\avgldx86.sys

2009-08-06 23:24 . 2006-01-15 08:16	327896	----a-w-	c:\windows\system32\wucltui.dll

2009-08-06 23:24 . 2006-01-15 08:16	209632	----a-w-	c:\windows\system32\wuweb.dll

2009-08-06 23:24 . 2006-01-15 08:16	35552	----a-w-	c:\windows\system32\wups.dll

2009-08-06 23:24 . 2005-05-26 12:16	44768	----a-w-	c:\windows\system32\wups2.dll

2009-08-06 23:24 . 2006-01-15 04:38	53472	----a-w-	c:\windows\system32\wuauclt.exe

2009-08-06 23:24 . 2002-08-29 12:00	96480	----a-w-	c:\windows\system32\cdm.dll

2009-08-06 23:23 . 2006-01-15 08:16	575704	----a-w-	c:\windows\system32\wuapi.dll

2009-08-06 23:23 . 2006-01-16 02:40	274288	----a-w-	c:\windows\system32\mucltui.dll

2009-08-06 23:23 . 2006-01-15 04:38	1929952	----a-w-	c:\windows\system32\wuaueng.dll

2009-08-06 23:23 . 2005-05-26 12:19	215920	----a-w-	c:\windows\system32\muweb.dll

2009-08-05 09:01 . 2002-08-29 12:00	204800	----a-w-	c:\windows\system32\mswebdvd.dll

2009-08-05 00:44 . 2002-08-29 12:00	2189184	----a-w-	c:\windows\system32\ntoskrnl.exe

2009-08-04 14:20 . 2002-08-29 01:04	2066048	----a-w-	c:\windows\system32\ntkrnlpa.exe

.



(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown 

REGEDIT4



[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-10-13 2000112]



[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]



[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2009-09-03 19:21	548352	----a-w-	c:\program files\SUPERAntiSpyware\SASWINLO.dll



[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]

2009-08-19 12:13	11952	----a-w-	c:\windows\system32\avgrsstx.dll



[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]

path=c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk

backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup



[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^hp psc 2000 Series.lnk]

path=c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\hp psc 2000 Series.lnk

backup=c:\windows\pss\hp psc 2000 Series.lnkCommon Startup



[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Microsoft Office.lnk]

path=c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\Microsoft Office.lnk

backup=c:\windows\pss\Microsoft Office.lnkCommon Startup



[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^officejet 6100.lnk]

path=c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\officejet 6100.lnk

backup=c:\windows\pss\officejet 6100.lnkCommon Startup



[HKLM\~\startupfolder\C:^Documents and Settings^Tricia^Start Menu^Programs^Startup^LimeWire On Startup.lnk]

path=c:\documents and settings\Tricia\Start Menu\Programs\Startup\LimeWire On Startup.lnk

backup=c:\windows\pss\LimeWire On Startup.lnkStartup



[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"WMPNetworkSvc"=3 (0x3)

"Viewpoint Manager Service"=2 (0x2)

"Pml Driver HPZ12"=3 (0x3)

"IDriverT"=3 (0x3)

"AVGEMS"=2 (0x2)

"JavaQuickStarterService"=2 (0x2)

"idsvc"=3 (0x3)

"getPlus(R) Helper"=3 (0x3)

"ACDaemon"=2 (0x2)

"avg8wd"=2 (0x2)

"avg8emc"=2 (0x2)



[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001



[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"e:\\FrostWire\\FrostWire.exe"=

"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

"c:\\WINDOWS\\system32\\dpvsetup.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=

"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=

"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=

"c:\\WINDOWS\\system32\\ftp.exe"=



R3 kazoo;Kazoo.sys Kazoo Device driver;c:\windows\system32\Drivers\Kazoo.sys [2002-05-08 9600]

R4 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-08-19 908056]

R4 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-08-19 297752]

R4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]

S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2009-08-19 335240]

S1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2009-07-28 108552]

S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2009-10-13 9968]

S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2009-10-13 74480]

S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-10-13 7408]





--- Other Services/Drivers In Memory ---



*NewlyCreated* - CLASSPNP_2

*NewlyCreated* - MBR

*NewlyCreated* - PCIIDEX_2

*Deregistered* - CLASSPNP_2

*Deregistered* - mbr

*Deregistered* - PCIIDEX_2

.

Contents of the 'Scheduled Tasks' folder



2009-10-29 c:\windows\Tasks\{F897AA24-BDC3-11D1-B85B-00C04FB93981}_PATRICIA_Tricia.job

- c:\windows\system32\mobsync.exe [2002-08-29 00:12]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.yahoo.com

uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7

mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html

uInternet Connection Wizard,ShellNext = iexplore

uInternet Settings,ProxyOverride = 127.0.0.1

uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com

IE: &Search - http://kl.bar.need2find.com/KL/menusearch.html?p=KL

DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab

DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab

FF - ProfilePath - c:\documents and settings\Tricia\Application Data\Mozilla\Firefox\Profiles\crxyqcj3.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=

FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/

FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p=

FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll

FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll

FF - plugin: c:\documents and settings\Tricia\Application Data\Mozilla\Firefox\Profiles\crxyqcj3.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071303000006.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll

FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

.

.

------- File Associations -------

.

.

- - - - ORPHANS REMOVED - - - -



BHO-{17B1A236-31DF-6A50-AB41-69E33B94A99C} - c:\windows\System32\txhycm.dll

AddRemove-AOLAntivirus - c:\program files\mcafee.com\antivirus\uninst.exe







**************************************************************************



catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-10-29 14:10

Windows 5.1.2600 Service Pack 3 NTFS



scanning hidden processes ...  



scanning hidden autostart entries ... 



scanning hidden files ...  



scan completed successfully

hidden files: 0



**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------



- - - - - - - > 'winlogon.exe'(524)

c:\program files\SUPERAntiSpyware\SASWINLO.dll

c:\windows\system32\WININET.dll

.

Completion time: 2009-10-29 14:14

ComboFix-quarantined-files.txt  2009-10-29 18:14



Pre-Run: 1,755,217,920 bytes free

Post-Run: 2,649,722,880 bytes free



- - End Of File - - B5140A81740A3D72935DEAFCF13144A6

Hijackthis

Code: 
Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 2:16:31 PM, on 10/29/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal



Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\explorer.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe



R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll

O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll

O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll

O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

O8 - Extra context menu item: &Search - http://kl.bar.need2find.com/KL/menusearch.html?p=KL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1137354147218

O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab

O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll



--

End of file - 4473 bytes

Thanks for the help.
 
You have one more thing to get rid of. Please rerun hijackthis and place a check next to this item.

O8 - Extra context menu item: &Search - http://kl.bar.need2find.com/KL/menusearch.html?p=KL

Then click on fix checked at the bottom.

Do you still have the slowness as mentioned before? You can download and run Ccleaner to clean up all your old temp files, empty recycle bin and such. Don't let it touch the registry though. Just let it do the cleaning of old files.
 
O8 - Extra context menu item: &Search - http://kl.bar.need2find.com/KL/menusearch.html?p=KL
has been deleted.

I will install and run Ccleaner however the computer is alerady noticeably faster and more responsive (it's only got 256 mb of ram).

I'd like to mention that I am very impressed with ComboFix for finding and removing what ever was keeping mbam from installing. Even when the installer was renamed I could not move it off of the usb thumb drive to the computer.

Thanks for all of your help, I really appreciate it! :D
 
I'm glad everything worked out then.

If your system only has 256mb of memory, then I would suggest upgrading to at least 1gb if you can. You will notice a big difference just in boot time to where it gets your desktop loaded.
 
Yeah I know that's a tiny ammount of ram -.-
It's actually my aunts comp and it's Old (needs DDR). She actually brought it to me to upgrade the ram and some other things but I was disgusted with the viruses and slowness and decided to try and take care of it.
I'm glad you and this forum were around to help :D
 
No problem.

Please note for future reference that its actually easier to read a posters log if it is just copied and pasted into a reply instead of using a code box to post it.
 
You must log in or register to reply here.
Back
Top