Page 2 of 3

PostPosted: Wed Jun 15, 2011 4:24 pm
by Toby B.
Any idea why Malwarebytes makes windows xp mad when I use it and reboot? Why won't it restart properly after using Malwarebytes?
Please be more specific. I used MalwareBytes for quite a while on XP and never ran into that big of a problem.

Malwarebytes makes windows mad

PostPosted: Thu Jun 16, 2011 11:47 am
by OneSpirit
When I run Malwarebytes and let it do it's thing ... it found a couple of things and I tell it to remove them ... then malwarebytes says it has to reboot ... when it does windows won't start ... I get a quick flash of a blue screen then widows starts to reboot itself with no prompting. After it starts rebooting it gives me an option of going back to the last know good configuration ... and I'm still left with the same problems as before. Could it be the nasties are causing it?

I went to the site evasive posted and it was just one of those scams where they find all kinds of made up crap then ask you to buy the software ... no thanks.

PostPosted: Thu Jun 16, 2011 12:07 pm
by Mr T
Yes, thats why I said, note down where they are and try manually deleting them... It wouldn't hurt to download and run CrapCleaner... Run the registry fix tool there too, it may resolve the issue...

All can be got from Filehippo.com...

Better Performance

PostPosted: Sat Jun 18, 2011 9:21 am
by OneSpirit
I did the Panda scan again and made note of the virus location in java ... I believe T stated in another thread that these virus can get through to java ... will I moved/deleted the bad files rebooted and ran ace utilites to clean and fix the registry ... thing are loading up again normally, instead of slow ... hopefully I've got the main bug ... AVG and Comodo have found and got rid of some of the trojans too.

Will post again if more to report ...

Update

PostPosted: Sat Jun 18, 2011 11:00 am
by OneSpirit
Okay I am still getting tabs that are opening taking me to sites like "quiztakeonline" ... "mymoneyonline" ... and when I do a search and click on the link to go to particular sites I'm still getting redirected to pages I don't want to go do ... some times I have to keep clicking and closing the link when redirected until I get to the site I want to see ... so the computer is not operating slow anymore, but I'm still getting these annoying tabs opening ... not all the time ... sometimes ... and the redirecting ... not all the time ... sometimes ...

I'd like to try malwarebytes again, but not for that problem of windows getting mad and not restarting, but keeps rebooting until I tell it to go back to the last known good configuration. When that happen I think that all malwarebytes did was undone ... anyone can clarify on that?

PostPosted: Sat Jun 18, 2011 11:30 am
by Toby B.
I'd like to try malwarebytes again, but not for that problem of windows getting mad and not restarting, but keeps rebooting until I tell it to go back to the last known good configuration. When that happen I think that all malwarebytes did was undone ... anyone can clarify on that?
Typically will happen with most reliable programs. If a "nasty" is attached to a vital file the said program will try and clean or quarantine it thus causing windows to puke on itself cause its not able to access the needed file.

Hence why evasive said reinstall originally.

PostPosted: Sat Jun 18, 2011 4:23 pm
by OneSpirit
Are you saying the only way to get rid of the nasty is to reinstall?

PostPosted: Sun Jun 19, 2011 6:50 am
by Toby B.
OneSpirit wrote:Are you saying the only way to get rid of the nasty is to reinstall?
Its the best, easiest and fastest way yes.

Its not the only way, but less time consuming.

PostPosted: Sun Jun 19, 2011 8:26 am
by Mr T
After the time you have spent, a reinstall is probably best... I give myself 2 hours too clear a visru, before a back up and reformat... On a customers PC - straight reformat - (backup optional extra).. Saves time and guarantees virus is gone...

Hijack this file report ...

PostPosted: Sun Jun 19, 2011 10:25 am
by OneSpirit
Mr T wrote:After the time you have spent, a reinstall is probably best... I give myself 2 hours too clear a visru, before a back up and reformat... On a customers PC - straight reformat - (backup optional extra).. Saves time and guarantees virus is gone...


I know T ... but, I really want to learn more about clearing viruses ... this is more a learning experience ... if I have to do a reinstall I will, but I like to see if I can clear it out ... since it's my machine and no one is waiting on it ... I figure I got the time to see what I can learn from all this ...

I ran hijack this ... I don't know if this is the right place to post it if not please direct me to the right place ... are there hijack readers on this forum? This is the log I got ... I ran this today. The slowness returned and programs not opening ... the machines sometimes just sits with it thumb up it's @$$. Have to hit the reset button to wake it back up.

Comodo is reporting a lot of trojanware in the windows temp files, it says it clean it, but it keeps coming back and I don't see any of it when I manually search the temp files

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 2:14:30 PM, on 6/19/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\IObit\Smart Defrag 2\SmartDefrag.exe
C:\Program Files\Google\Update\1.3.21.57\GoogleCrashHandler.exe
C:\Program Files\AGI\core\3.1\AGCoreService.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\RAMpage\RAMpage.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\WINDOWS\vVX3000.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\program files\real\realplayer\update\realsched.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\PROGRA~1\Webshots\315~1.761\Webshots.scr
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Program Files\AVG\AVG10\avgemcx.exe
C:\Program Files\AVG\AVG10\avgchsvx.exe
C:\Program Files\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.pbase.com/clubdiva78/rude_smileys
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8081
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll
R3 - URLSearchHook: (no name) - {ecdee021-0d17-467f-a1ff-c7a115230949} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: agcore.AGUtils - {0bc6e3fa-78ef-4886-842c-5a1258c4455a} - mscoree.dll (file missing)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [LXCFCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCFtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [RAMpage] "C:\Program Files\RAMpage\RAMpage.exe" R=450 T=300 A P="C:\Program Files\RAMpage\RAMpageConfig.exe"
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\program files\real\realplayer\update\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\3.1.5.7613\Launcher.exe
O8 - Extra context menu item: &Search - ?s=100000337&p=ZUfox000&si=&a=CV3I0IdGxEPr77WO.HsJAg&n=2010122111
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CS1\Services\Tcpip\..\{400EA44C-5B61-41FE-9EFA-C1B1F36FA005}: NameServer = 156.154.70.22,156.154.71.22
O17 - HKLM\System\CS3\Services\Tcpip\..\{400EA44C-5B61-41FE-9EFA-C1B1F36FA005}: NameServer = 156.154.70.22,156.154.71.22
O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: AG Core Services (AGCoreService) - AG Interactive - C:\Program Files\AGI\core\3.1\AGCoreService.exe
O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgwdsvc.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft Limited - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: lxcf_device - - C:\WINDOWS\system32\lxcfcoms.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 9335 bytes