Malwarebytes program error updating 12016

Posted by / 30-Oct-2019 11:13

Malwarebytes program error updating 12016

- C:\Program Files\Bonjour\m O23 - Service: Install Driver Table Manager (IDriver T) - Macrovision Corporation - C:\Program Files\Common Files\Install Shield\Driver\Intel 32\IDriver O23 - Service: i Pod Service - Apple Inc. strstr] C13B0003 IAT \System Root\System32\Drivers\az1ovc67. Exe" /background u Run: [TBPanel] c:\program files\vtune\/A u Run: [EA Core] "c:\program files\electronic arts\eadm\Core.exe" -silent u Run: [Comrade.exe] c:\program files\gamespy\comrade\u Run: [Bit Torrent DNA] "c:\program files\dna\btdna.exe" u Run: [DAEMON Tools Lite] "c:\program files\daemon tools lite\daemon.exe" -autorun m Run: [Smapp] c:\program files\analog devices\soundmax\m Run: [Set Refresh] c:\program files\compaq\setrefresh\Set m Run: [igfxtray] c:\windows\system32\m Run: [igfxhkcmd] c:\windows\system32\m Run: [igfxpers] c:\windows\system32\m Run: [AVG8_TRAY] c:\progra~1\avg\avg8\m Run: [Nv Cpl Daemon] RUNDLL32.- C:\Program Files\i Pod\bin\i Pod O23 - Service: NVIDIA Performance Driver Service - Unknown owner - C:\Program Files\NVIDIA Corporation\Performance Drivers\nv O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32O23 - Service: Pnk Bstr A - Unknown owner - C:\WINDOWS\system32\Pnk Bstr O23 - Service: Sound MAX Agent Service (Sound MAX Agent Service (default)) - Analog Devices, Inc. Po Set Power State] 4B8BDF8B IAT \System Root\System32\Drivers\az1ovc67. Io Open Device Registry Key] 8D3F0304 IAT \System Root\System32\Drivers\az1ovc67. Rtl Write Registry Value] CB033043 IAT \System Root\System32\Drivers\az1ovc67. _aulldiv] 0673C13B IAT \System Root\System32\Drivers\az1ovc67. EXE c:\windows\system32\Nv Cpl.dll, Nv Startup m Run: [nwiz] /install m Run: [Quick Time Task] "c:\program files\quicktime\QTTask.exe" -atboottime m Run: [Apple Sync Notifier] c:\program files\common files\apple\mobile device support\bin\Apple Sync m Run: [i Tunes Helper] "c:\program files\itunes\i Tunes Helper.exe" m Run: [Xbox Stat] "c:\program files\microsoft xbox 360 accessories\Xbox Stat.exe" silentrun m Run: [Nv Media Center] RUNDLL32.I would be glad to take a look at your log and help you with solving any malware problems. C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\n7xx419v.default\Cache\_CACHE_001_ scheduled to be deleted on reboot. C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\n7xx419v.default\Cache\_CACHE_002_ scheduled to be deleted on reboot. C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\n7xx419v.default\Cache\_CACHE_003_ scheduled to be deleted on reboot. C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\n7xx419v.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot. C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\n7xx419v.default\urlclassifier3.sqlite scheduled to be deleted on reboot. C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\n7xx419v.default\scheduled to be deleted on reboot. File C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~DFCF4not found! File C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~DFCF74not found! File C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~DFFB08not found! File C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~DFFBA9not found! C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\n7xx419v.default\Cache\_CACHE_002_ moved successfully. Mm Map Locked Pages Specify Cache] 8D52006A IAT \System Root\System32\Drivers\az1ovc67. Obf Dereference Object] 001C8886 IAT \System Root\System32\Drivers\az1ovc67. Io Get Attached Device Reference] 55E85000 IAT \System Root\System32\Drivers\az1ovc67. Io Invalidate Device State] 8B000023 IAT \System Root\System32\Drivers\az1ovc67. Zw Close] 70518B0E IAT \System Root\System32\Drivers\az1ovc67. Wdf 2008-12-25 0 a---h--- c:\windows\system32\drivers\Msft Wdf_Kernel_01001_Coinstaller_Critical.Hijack This logs can take a while to research, so please be patient and I'd be grateful if you would note the following: Double-click to run the program. C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\n7xx419v.default\Cache\_CACHE_003_ moved successfully. Ke Set Event] C4830000 IAT \System Root\System32\Drivers\az1ovc67. Io Create Symbolic Link] B05E5F04 IAT \System Root\System32\Drivers\az1ovc67. Io Get Configuration Information] E58B5B01 IAT \System Root\System32\Drivers\az1ovc67. Io Delete Symbolic Link] CCCCC35D IAT \System Root\System32\Drivers\az1ovc67. Mm Free Mapping Address] CCCCCCCC IAT \System Root\System32\Drivers\az1ovc67. Io Free Error Log Entry] 53EC8B55 IAT \System Root\System32\Drivers\az1ovc67. Io Disconnect Interrupt] 08758B56 IAT \System Root\System32\Drivers\az1ovc67. Mm Unmap Io Space] 0214BE83 IAT \System Root\System32\Drivers\az1ovc67. Ob Reference Object By Pointer] 57000000 IAT \System Root\System32\Drivers\az1ovc67. Iof Complete Request] 45C60674 IAT \System Root\System32\Drivers\az1ovc67. Rtl Compare Unicode String] 1EEB010B IAT \System Root\System32\Drivers\az1ovc67. Iof Call Driver] 020C868B IAT \System Root\System32\Drivers\az1ovc67. Mm Allocate Mapping Address] C0850000 IAT \System Root\System32\Drivers\az1ovc67. Io Allocate Error Log Entry] 808A1074 IAT \System Root\System32\Drivers\az1ovc67. Io Connect Interrupt] 00000804 IAT \System Root\System32\Drivers\az1ovc67. Io Detach Device] A03CF024 IAT \System Root\System32\Drivers\az1ovc67. Ke Wait For Single Object] 0B45950F IAT \System Root\System32\Drivers\az1ovc67. Ke Initialize Event] 45C604EB IAT \System Root\System32\Drivers\az1ovc67. Rtl Ansi String To Unicode String] 458A000B IAT \System Root\System32\Drivers\az1ovc67. Rtl Init Ansi String] 88C0840B IAT \System Root\System32\Drivers\az1ovc67. Io Build Device Io Control Request] 840F0946 IAT \System Root\System32\Drivers\az1ovc67. Io Queue Work Item] 000000C1 IAT \System Root\System32\Drivers\az1ovc67. Mm Map Io Space] 14B30E8B IAT \System Root\System32\Drivers\az1ovc67. Io Invalidate Device Relations] 1C8286C6 IAT \System Root\System32\Drivers\az1ovc67. Io Report Detected Device] 88010000 IAT \System Root\System32\Drivers\az1ovc67. Io Report Resource For Detection] 001C859E IAT \System Root\System32\Drivers\az1ovc67. Rtlx Ansi String To Unicode Size] A19E8800 IAT \System Root\System32\Drivers\az1ovc67. Nls Mb Code Page Tag] C600001C IAT \System Root\System32\Drivers\az1ovc67. Po Request Power Irp] 001C8686 IAT \System Root\System32\Drivers\az1ovc67. Ke Insert By Key Device Queue] 86C60100 IAT \System Root\System32\Drivers\az1ovc67. Po Register Device For Idle Detection] 00001CA2 IAT \System Root\System32\Drivers\az1ovc67. sprintf] 70518B01 IAT \System Root\System32\Drivers\az1ovc67. Wdf 2008-12-23 453,152 a------- c:\windows\system32\NVUNINST. EXE 2008-11-21 524,288 a------- c:\windows\system32\Div 2008-11-21 3,596,288 a------- c:\windows\system32\qt-dx3312008-11-21 129,784 a------- c:\windows\system3208-11-21 120,056 a------- c:\windows\system32\pxcpyi642008-11-21 118,520 a------- c:\windows\system32\pxinsi642008-11-21 1,044,480 a------- c:\windows\system3208-11-21 200,704 a------- c:\windows\system3208-11-21 161,096 a------- c:\windows\system32\Div XCodec Version 2008-11-21 12,288 a------- c:\windows\system32\Div XWMPExt 2008-08-17 87,608 ac------ c:\docume~1\admini~1\applic~108-08-17 47,360 ac------ c:\docume~1\admini~1\applic~1\============= FINISH: .35 =============== Still getting redirects Edited by Jackus, 09 February 2009 - PM.The Malwarebytes log: Malwarebytes' Anti-Malware 1.33 Database version: 1739 Windows 5.1.2600 Service Pack 2 09/02/2009 mbam-log-2009-02-09 (13-58-14)Scan type: Quick Scan Objects scanned: 47352 Time elapsed: 4 minute(s), 8 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 4 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Current Version\Ext\Stats\ (Trojan. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) DDS: DDS (Ver_09-02-01.01) - NTFSx86 Run by Administrator at .84 on 09/02/2009 Internet Explorer: 7.0.5730.13 Microsoft Windows XP Professional 5.1.2600.2.1252.1.10.1460 [GMT ] AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) ============== Running Processes =============== C:\WINDOWS\system32\svchost -k Dcom Launch C:\Program Files\Windows Defender\Ms Mp C:\WINDOWS\System32\-k netsvcs C:\WINDOWS\system32\C:\Program Files\Common Files\Apple\Mobile Device Support\bin\Apple Mobile Device C:\PROGRA~1\AVG\AVG8\C:\Program Files\Bonjour\m C:\Program Files\NVIDIA Corporation\Performance Drivers\nv C:\WINDOWS\system32\nvsvc32C:\WINDOWS\system32\Pnk Bstr C:\Program Files\Analog Devices\Sound MAX\C:\PROGRA~1\AVG\AVG8\C:\PROGRA~1\AVG\AVG8\C:\WINDOWS\System32\-k HTTPFilter C:\WINDOWS\system32\C:\WINDOWS\Explorer. C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\n7xx419v.default\moved successfully. Kaspersky: -------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER 7 REPORT Monday, February 9, 2009 Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600) Kaspersky Online Scanner 7 version: 7.0.25.0 Program database last update: Monday, February 09, 2009 Records in database: 1774405 -------------------------------------------------------------------------------- Scan settings: Scan using the following database: extended Scan archives: yes Scan mail databases: yes Scan area - My Computer: C:\ D:\ E:\ F:\ Scan statistics: Files scanned: 59925 Threat name: 1 Infected objects: 1 Suspicious objects: 0 Duration of the scan: File name / Threat name / Threats count C:\_OTMove It\Moved Files092009_142349\windows\system32\vir Infected: Trojan. EXE C:\WINDOWS\system32\C:\WINDOWS\System32\C:\Program Files\Analog Devices\Sound MAX\C:\Program Files\i Tunes\i Tunes C:\Program Files\Microsoft Xbox 360 Accessories\Xbox C:\WINDOWS\system32\RUNDLL32. EXE C:\WINDOWS\system32\C:\Program Files\Windows Live\Messenger\Msn Msgr. Exe C:\Program Files\Vtune\C:\Program Files\DNA\C:\Program Files\DAEMON Tools Lite\C:\Program Files\RALINK\Common\Ra C:\Program Files\i Pod\bin\i Pod C:\Program Files\Windows Live\Messenger\C:\WINDOWS\system32\C:\Program Files\Java\jre6\bin\C:\Program Files\Mozilla Firefox\C:\Program Files\Java\jre6\bin\C:\Program Files\i Tunes\i C:\Documents and Settings\Administrator\Desktop\Hi Jack R0 - HKCU\Software\Microsoft\Internet Explorer\Main, Start Page = R1 - HKLM\Software\Microsoft\Internet Explorer\Main, Default_Page_URL = Click Start DDS (Ver_09-02-01.01) - NTFSx86 Run by Administrator at .56 on 09/02/2009 Internet Explorer: 7.0.5730.13 Browser Java Version: 1.6.0_12 Microsoft Windows XP Professional 5.1.2600.2.1252.1.10.1295 [GMT ] AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) ============== Running Processes =============== C:\WINDOWS\system32\svchost -k Dcom Launch C:\Program Files\Windows Defender\Ms Mp C:\WINDOWS\System32\-k netsvcs C:\WINDOWS\system32\C:\Program Files\Common Files\Apple\Mobile Device Support\bin\Apple Mobile Device C:\PROGRA~1\AVG\AVG8\C:\Program Files\Bonjour\m C:\Program Files\NVIDIA Corporation\Performance Drivers\nv C:\WINDOWS\system32\nvsvc32C:\WINDOWS\system32\Pnk Bstr C:\Program Files\Analog Devices\Sound MAX\C:\PROGRA~1\AVG\AVG8\C:\PROGRA~1\AVG\AVG8\C:\WINDOWS\Explorer.

Wdf 2008-12-23 453,152 a------- c:\windows\system32\NVUNINST. EXE 2008-11-21 524,288 a------- c:\windows\system32\Div 2008-11-21 3,596,288 a------- c:\windows\system32\qt-dx3312008-11-21 129,784 a------- c:\windows\system3208-11-21 120,056 a------- c:\windows\system32\pxcpyi642008-11-21 118,520 a------- c:\windows\system32\pxinsi642008-11-21 1,044,480 a------- c:\windows\system3208-11-21 200,704 a------- c:\windows\system3208-11-21 161,096 a------- c:\windows\system32\Div XCodec Version 2008-11-21 12,288 a------- c:\windows\system32\Div XWMPExt 2008-08-17 87,608 ac------ c:\docume~1\admini~1\applic~108-08-17 47,360 ac------ c:\docume~1\admini~1\applic~1\============= FINISH: .12 =============== Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. In this case, after the reboot, open Notepad (Start-Open, in the File Name box enter *and press the Enter key, navigate to the C:\_OTMove It\Moved Files folder, and open the newest file present, and copy/paste the contents of that document back here in your next post. EXE C:\WINDOWS\system32\Nv Mc Tray.dll, Nv Taskbar Init O4 - HKLM\..\Run: [PWRISOVM. EXE O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [Sun Java Update Sched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\O4 - HKCU\..\Run: [Msn Msgr] "C:\Program Files\Windows Live\Messenger\Msn Msgr. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\Apple Mobile Device O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. Wdf 2008-12-23 453,152 a------- c:\windows\system32\NVUNINST. EXE 2008-11-21 524,288 a------- c:\windows\system32\Div 2008-11-21 3,596,288 a------- c:\windows\system32\qt-dx3312008-11-21 129,784 a------- c:\windows\system3208-11-21 120,056 a------- c:\windows\system32\pxcpyi642008-11-21 118,520 a------- c:\windows\system32\pxinsi642008-11-21 1,044,480 a------- c:\windows\system3208-11-21 200,704 a------- c:\windows\system3208-11-21 161,096 a------- c:\windows\system32\Div XCodec Version 2008-11-21 12,288 a------- c:\windows\system32\Div XWMPExt 2008-08-17 87,608 ac------ c:\docume~1\admini~1\applic~108-08-17 47,360 ac------ c:\docume~1\admini~1\applic~1\============= FINISH: .14 =============== No redirects in safe mode DDS: DDS (Ver_09-02-01.01) - NTFSx86 Run by Administrator at .09 on 09/02/2009 Internet Explorer: 7.0.5730.13 Browser Java Version: 1.6.0_12 Microsoft Windows XP Professional 5.1.2600.2.1252.1.10.1361 [GMT ] AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) ============== Running Processes =============== C:\WINDOWS\system32\svchost -k Dcom Launch C:\Program Files\Windows Defender\Ms Mp C:\WINDOWS\System32\-k netsvcs C:\WINDOWS\system32\C:\Program Files\Common Files\Apple\Mobile Device Support\bin\Apple Mobile Device C:\PROGRA~1\AVG\AVG8\C:\Program Files\Bonjour\m C:\Program Files\NVIDIA Corporation\Performance Drivers\nv C:\WINDOWS\system32\nvsvc32C:\WINDOWS\system32\Pnk Bstr C:\Program Files\Analog Devices\Sound MAX\C:\PROGRA~1\AVG\AVG8\C:\PROGRA~1\AVG\AVG8\C:\WINDOWS\Explorer.- C:\Program Files\Java\jre6\bin\O23 - Service: NVIDIA Performance Driver Service - Unknown owner - C:\Program Files\NVIDIA Corporation\Performance Drivers\nv O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32O23 - Service: Pnk Bstr A - Unknown owner - C:\WINDOWS\system32\Pnk Bstr O23 - Service: Sound MAX Agent Service (Sound MAX Agent Service (default)) - Analog Devices, Inc. Exe" /background u Run: [TBPanel] c:\program files\vtune\/A u Run: [EA Core] "c:\program files\electronic arts\eadm\Core.exe" -silent u Run: [Comrade.exe] c:\program files\gamespy\comrade\u Run: [Bit Torrent DNA] "c:\program files\dna\btdna.exe" u Run: [DAEMON Tools Lite] "c:\program files\daemon tools lite\daemon.exe" -autorun m Run: [Smapp] c:\program files\analog devices\soundmax\m Run: [Set Refresh] c:\program files\compaq\setrefresh\Set m Run: [igfxtray] c:\windows\system32\m Run: [igfxhkcmd] c:\windows\system32\m Run: [igfxpers] c:\windows\system32\m Run: [AVG8_TRAY] c:\progra~1\avg\avg8\m Run: [Nv Cpl Daemon] RUNDLL32.- C:\Program Files\Analog Devices\Sound MAX\-- End of file - 7993 bytes Im still getting redirects Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. M263"="msh263.drv" "vidc.mrle"="msrle32.dll" "vidc.msvc"="msvidc32.dll" "VIDC. EXE c:\windows\system32\Nv Cpl.dll, Nv Startup m Run: [nwiz] /install m Run: [Quick Time Task] "c:\program files\quicktime\QTTask.exe" -atboottime m Run: [Apple Sync Notifier] c:\program files\common files\apple\mobile device support\bin\Apple Sync m Run: [i Tunes Helper] "c:\program files\itunes\i Tunes Helper.exe" m Run: [Xbox Stat] "c:\program files\microsoft xbox 360 accessories\Xbox Stat.exe" silentrun m Run: [Nv Media Center] RUNDLL32.Do not use your computer for anything else during the scan. EXE c:\windows\system32\Nv Mc Tray.dll, Nv Taskbar Init m Run: [PWRISOVM. EXE m Run: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide m Run: [Sun Java Update Sched] "c:\program files\java\jre6\bin\jusched.exe" d Run: [CTFMON. EXE Startup Folder: c:\docume~1\alluse~1\startm~1\programs\startup\ralink~1- c:\program files\ralink\common\Ra u Policies-explorer: No Drive Type Auto Run = 145 (0x91) m Policies-system: dontdisplaylastusername = 0 (0x0) m Policies-system: legalnoticecaption = m Policies-system: legalnoticetext = m Policies-system: shutdownwithoutlogon = 1 (0x1) m Policies-system: undockwithoutlogon = 1 (0x1) d Policies-explorer: No Drive Type Auto Run = 145 (0x91) IE: - %windir%\Network Diagnostic\IE: - c:\program files\messenger\IE: - - c:\progra~1\spybot~1\LSP: %System Root%\system32\LSP: %System Root%\system32\DPF: - hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/Legit Check DPF: - hxxp:// - hxxp://Its just firefox thats redirecting System Look: System Look v1.0bb by jpshortstuff Log created at on 09/02/2009 by Administrator ========== reg ========== [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "midi"="wdmaud.drv" "MIDI1"="SYNCOR11. I420"="msh263.drv" "vidc.iv31"="ir32_32.dll" "vidc.iv32"="ir32_32.dll" "vidc.iv41"="ir41_32.ax" "vidc.iv50"="ir50_32.dll" "VIDC. 1201162107984 DPF: - hxxp://com/update/1.6.0/jinstall-1_6_0_12-windows-i586DPF: - hxxp://fpdownload.macromedia.com/get/flashplayer/current/DPF: - hxxp://com/update/1.6.0/jinstall-1_6_0_12-windows-i586DPF: - hxxp://com/update/1.6.0/jinstall-1_6_0_12-windows-i586TCP: = 192.168.0.1 Filter: application/octet-stream - - c:\windows\system32\Filter: application/x-complus - - c:\windows\system32\Filter: application/x-msdownload - - c:\windows\system32\Filter: Class Install Handler - - c:\windows\system32\Filter: deflate - - c:\windows\system32\Filter: gzip - - c:\windows\system32\Filter: lzdhtml - - c:\windows\system32\Filter: text/webviewhtml - - Handler: about - - c:\windows\system32\Handler: cdl - - c:\windows\system32\Handler: dvd - - c:\windows\system32\Handler: file - - c:\windows\system32\Handler: ftp - - c:\windows\system32\Handler: gopher - - c:\windows\system32\Handler: http - - c:\windows\system32\Handler: http[[

Wdf 2008-12-23 453,152 a------- c:\windows\system32\NVUNINST. EXE 2008-11-21 524,288 a------- c:\windows\system32\Div 2008-11-21 3,596,288 a------- c:\windows\system32\qt-dx3312008-11-21 129,784 a------- c:\windows\system32\2008-11-21 120,056 a------- c:\windows\system32\pxcpyi642008-11-21 118,520 a------- c:\windows\system32\pxinsi642008-11-21 1,044,480 a------- c:\windows\system32\2008-11-21 200,704 a------- c:\windows\system32\2008-11-21 161,096 a------- c:\windows\system32\Div XCodec Version 2008-11-21 12,288 a------- c:\windows\system32\Div XWMPExt 2008-08-17 87,608 ac------ c:\docume~1\admini~1\applic~1\2008-08-17 47,360 ac------ c:\docume~1\admini~1\applic~1\============= FINISH: .12 =============== Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. In this case, after the reboot, open Notepad (Start-Open, in the File Name box enter *and press the Enter key, navigate to the C:\_OTMove It\Moved Files folder, and open the newest file present, and copy/paste the contents of that document back here in your next post. EXE C:\WINDOWS\system32\Nv Mc Tray.dll, Nv Taskbar Init O4 - HKLM\..\Run: [PWRISOVM. EXE O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [Sun Java Update Sched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\O4 - HKCU\..\Run: [Msn Msgr] "C:\Program Files\Windows Live\Messenger\Msn Msgr. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\Apple Mobile Device O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. Wdf 2008-12-23 453,152 a------- c:\windows\system32\NVUNINST. EXE 2008-11-21 524,288 a------- c:\windows\system32\Div 2008-11-21 3,596,288 a------- c:\windows\system32\qt-dx3312008-11-21 129,784 a------- c:\windows\system32\2008-11-21 120,056 a------- c:\windows\system32\pxcpyi642008-11-21 118,520 a------- c:\windows\system32\pxinsi642008-11-21 1,044,480 a------- c:\windows\system32\2008-11-21 200,704 a------- c:\windows\system32\2008-11-21 161,096 a------- c:\windows\system32\Div XCodec Version 2008-11-21 12,288 a------- c:\windows\system32\Div XWMPExt 2008-08-17 87,608 ac------ c:\docume~1\admini~1\applic~1\2008-08-17 47,360 ac------ c:\docume~1\admini~1\applic~1\============= FINISH: .14 =============== No redirects in safe mode DDS: DDS (Ver_09-02-01.01) - NTFSx86 Run by Administrator at .09 on 09/02/2009 Internet Explorer: 7.0.5730.13 Browser Java Version: 1.6.0_12 Microsoft Windows XP Professional 5.1.2600.2.1252.1.10.1361 [GMT ] AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) ============== Running Processes =============== C:\WINDOWS\system32\svchost -k Dcom Launch C:\Program Files\Windows Defender\Ms Mp C:\WINDOWS\System32\-k netsvcs C:\WINDOWS\system32\C:\Program Files\Common Files\Apple\Mobile Device Support\bin\Apple Mobile Device C:\PROGRA~1\AVG\AVG8\C:\Program Files\Bonjour\m C:\Program Files\NVIDIA Corporation\Performance Drivers\nv C:\WINDOWS\system32\nvsvc32C:\WINDOWS\system32\Pnk Bstr C:\Program Files\Analog Devices\Sound MAX\C:\PROGRA~1\AVG\AVG8\C:\PROGRA~1\AVG\AVG8\C:\WINDOWS\Explorer.

- C:\Program Files\Java\jre6\bin\O23 - Service: NVIDIA Performance Driver Service - Unknown owner - C:\Program Files\NVIDIA Corporation\Performance Drivers\nv O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32O23 - Service: Pnk Bstr A - Unknown owner - C:\WINDOWS\system32\Pnk Bstr O23 - Service: Sound MAX Agent Service (Sound MAX Agent Service (default)) - Analog Devices, Inc. Exe" /background u Run: [TBPanel] c:\program files\vtune\/A u Run: [EA Core] "c:\program files\electronic arts\eadm\Core.exe" -silent u Run: [Comrade.exe] c:\program files\gamespy\comrade\u Run: [Bit Torrent DNA] "c:\program files\dna\btdna.exe" u Run: [DAEMON Tools Lite] "c:\program files\daemon tools lite\daemon.exe" -autorun m Run: [Smapp] c:\program files\analog devices\soundmax\m Run: [Set Refresh] c:\program files\compaq\setrefresh\Set m Run: [igfxtray] c:\windows\system32\m Run: [igfxhkcmd] c:\windows\system32\m Run: [igfxpers] c:\windows\system32\m Run: [AVG8_TRAY] c:\progra~1\avg\avg8\m Run: [Nv Cpl Daemon] RUNDLL32.

- C:\Program Files\Analog Devices\Sound MAX\-- End of file - 7993 bytes Im still getting redirects Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. M263"="msh263.drv" "vidc.mrle"="msrle32.dll" "vidc.msvc"="msvidc32.dll" "VIDC. EXE c:\windows\system32\Nv Cpl.dll, Nv Startup m Run: [nwiz] /install m Run: [Quick Time Task] "c:\program files\quicktime\QTTask.exe" -atboottime m Run: [Apple Sync Notifier] c:\program files\common files\apple\mobile device support\bin\Apple Sync m Run: [i Tunes Helper] "c:\program files\itunes\i Tunes Helper.exe" m Run: [Xbox Stat] "c:\program files\microsoft xbox 360 accessories\Xbox Stat.exe" silentrun m Run: [Nv Media Center] RUNDLL32.

Do not use your computer for anything else during the scan. EXE c:\windows\system32\Nv Mc Tray.dll, Nv Taskbar Init m Run: [PWRISOVM. EXE m Run: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide m Run: [Sun Java Update Sched] "c:\program files\java\jre6\bin\jusched.exe" d Run: [CTFMON. EXE Startup Folder: c:\docume~1\alluse~1\startm~1\programs\startup\ralink~1- c:\program files\ralink\common\Ra u Policies-explorer: No Drive Type Auto Run = 145 (0x91) m Policies-system: dontdisplaylastusername = 0 (0x0) m Policies-system: legalnoticecaption = m Policies-system: legalnoticetext = m Policies-system: shutdownwithoutlogon = 1 (0x1) m Policies-system: undockwithoutlogon = 1 (0x1) d Policies-explorer: No Drive Type Auto Run = 145 (0x91) IE: - %windir%\Network Diagnostic\IE: - c:\program files\messenger\IE: - - c:\progra~1\spybot~1\LSP: %System Root%\system32\LSP: %System Root%\system32\DPF: - hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/Legit Check DPF: - hxxp:// - hxxp://

Its just firefox thats redirecting System Look: System Look v1.0bb by jpshortstuff Log created at on 09/02/2009 by Administrator ========== reg ========== [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "midi"="wdmaud.drv" "MIDI1"="SYNCOR11. I420"="msh263.drv" "vidc.iv31"="ir32_32.dll" "vidc.iv32"="ir32_32.dll" "vidc.iv41"="ir41_32.ax" "vidc.iv50"="ir50_32.dll" "VIDC. 1201162107984 DPF: - hxxp://com/update/1.6.0/jinstall-1_6_0_12-windows-i586DPF: - hxxp://fpdownload.macromedia.com/get/flashplayer/current/DPF: - hxxp://com/update/1.6.0/jinstall-1_6_0_12-windows-i586DPF: - hxxp://com/update/1.6.0/jinstall-1_6_0_12-windows-i586TCP: = 192.168.0.1 Filter: application/octet-stream - - c:\windows\system32\Filter: application/x-complus - - c:\windows\system32\Filter: application/x-msdownload - - c:\windows\system32\Filter: Class Install Handler - - c:\windows\system32\Filter: deflate - - c:\windows\system32\Filter: gzip - - c:\windows\system32\Filter: lzdhtml - - c:\windows\system32\Filter: text/webviewhtml - - Handler: about - - c:\windows\system32\Handler: cdl - - c:\windows\system32\Handler: dvd - - c:\windows\system32\Handler: file - - c:\windows\system32\Handler: ftp - - c:\windows\system32\Handler: gopher - - c:\windows\system32\Handler: http - - c:\windows\system32\Handler: http\0x00000001 - - c:\progra~1\common~1\system\oledb~1\MSDAIPP.

||

Wdf 2008-12-23 453,152 a------- c:\windows\system32\NVUNINST. EXE 2008-11-21 524,288 a------- c:\windows\system32\Div 2008-11-21 3,596,288 a------- c:\windows\system32\qt-dx3312008-11-21 129,784 a------- c:\windows\system32\2008-11-21 120,056 a------- c:\windows\system32\pxcpyi642008-11-21 118,520 a------- c:\windows\system32\pxinsi642008-11-21 1,044,480 a------- c:\windows\system32\2008-11-21 200,704 a------- c:\windows\system32\2008-11-21 161,096 a------- c:\windows\system32\Div XCodec Version 2008-11-21 12,288 a------- c:\windows\system32\Div XWMPExt 2008-08-17 87,608 ac------ c:\docume~1\admini~1\applic~1\2008-08-17 47,360 ac------ c:\docume~1\admini~1\applic~1\============= FINISH: .12 =============== Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. In this case, after the reboot, open Notepad (Start-Open, in the File Name box enter *and press the Enter key, navigate to the C:\_OTMove It\Moved Files folder, and open the newest file present, and copy/paste the contents of that document back here in your next post. EXE C:\WINDOWS\system32\Nv Mc Tray.dll, Nv Taskbar Init O4 - HKLM\..\Run: [PWRISOVM. EXE O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [Sun Java Update Sched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\O4 - HKCU\..\Run: [Msn Msgr] "C:\Program Files\Windows Live\Messenger\Msn Msgr. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\Apple Mobile Device O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. Wdf 2008-12-23 453,152 a------- c:\windows\system32\NVUNINST. EXE 2008-11-21 524,288 a------- c:\windows\system32\Div 2008-11-21 3,596,288 a------- c:\windows\system32\qt-dx3312008-11-21 129,784 a------- c:\windows\system32\2008-11-21 120,056 a------- c:\windows\system32\pxcpyi642008-11-21 118,520 a------- c:\windows\system32\pxinsi642008-11-21 1,044,480 a------- c:\windows\system32\2008-11-21 200,704 a------- c:\windows\system32\2008-11-21 161,096 a------- c:\windows\system32\Div XCodec Version 2008-11-21 12,288 a------- c:\windows\system32\Div XWMPExt 2008-08-17 87,608 ac------ c:\docume~1\admini~1\applic~1\2008-08-17 47,360 ac------ c:\docume~1\admini~1\applic~1\============= FINISH: .14 =============== No redirects in safe mode DDS: DDS (Ver_09-02-01.01) - NTFSx86 Run by Administrator at .09 on 09/02/2009 Internet Explorer: 7.0.5730.13 Browser Java Version: 1.6.0_12 Microsoft Windows XP Professional 5.1.2600.2.1252.1.10.1361 [GMT ] AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) ============== Running Processes =============== C:\WINDOWS\system32\svchost -k Dcom Launch C:\Program Files\Windows Defender\Ms Mp C:\WINDOWS\System32\-k netsvcs C:\WINDOWS\system32\C:\Program Files\Common Files\Apple\Mobile Device Support\bin\Apple Mobile Device C:\PROGRA~1\AVG\AVG8\C:\Program Files\Bonjour\m C:\Program Files\NVIDIA Corporation\Performance Drivers\nv C:\WINDOWS\system32\nvsvc32C:\WINDOWS\system32\Pnk Bstr C:\Program Files\Analog Devices\Sound MAX\C:\PROGRA~1\AVG\AVG8\C:\PROGRA~1\AVG\AVG8\C:\WINDOWS\Explorer.- C:\Program Files\Java\jre6\bin\O23 - Service: NVIDIA Performance Driver Service - Unknown owner - C:\Program Files\NVIDIA Corporation\Performance Drivers\nv O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32O23 - Service: Pnk Bstr A - Unknown owner - C:\WINDOWS\system32\Pnk Bstr O23 - Service: Sound MAX Agent Service (Sound MAX Agent Service (default)) - Analog Devices, Inc. Exe" /background u Run: [TBPanel] c:\program files\vtune\/A u Run: [EA Core] "c:\program files\electronic arts\eadm\Core.exe" -silent u Run: [Comrade.exe] c:\program files\gamespy\comrade\u Run: [Bit Torrent DNA] "c:\program files\dna\btdna.exe" u Run: [DAEMON Tools Lite] "c:\program files\daemon tools lite\daemon.exe" -autorun m Run: [Smapp] c:\program files\analog devices\soundmax\m Run: [Set Refresh] c:\program files\compaq\setrefresh\Set m Run: [igfxtray] c:\windows\system32\m Run: [igfxhkcmd] c:\windows\system32\m Run: [igfxpers] c:\windows\system32\m Run: [AVG8_TRAY] c:\progra~1\avg\avg8\m Run: [Nv Cpl Daemon] RUNDLL32.- C:\Program Files\Analog Devices\Sound MAX\-- End of file - 7993 bytes Im still getting redirects Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. M263"="msh263.drv" "vidc.mrle"="msrle32.dll" "vidc.msvc"="msvidc32.dll" "VIDC. EXE c:\windows\system32\Nv Cpl.dll, Nv Startup m Run: [nwiz] /install m Run: [Quick Time Task] "c:\program files\quicktime\QTTask.exe" -atboottime m Run: [Apple Sync Notifier] c:\program files\common files\apple\mobile device support\bin\Apple Sync m Run: [i Tunes Helper] "c:\program files\itunes\i Tunes Helper.exe" m Run: [Xbox Stat] "c:\program files\microsoft xbox 360 accessories\Xbox Stat.exe" silentrun m Run: [Nv Media Center] RUNDLL32.Do not use your computer for anything else during the scan. EXE c:\windows\system32\Nv Mc Tray.dll, Nv Taskbar Init m Run: [PWRISOVM. EXE m Run: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide m Run: [Sun Java Update Sched] "c:\program files\java\jre6\bin\jusched.exe" d Run: [CTFMON. EXE Startup Folder: c:\docume~1\alluse~1\startm~1\programs\startup\ralink~1- c:\program files\ralink\common\Ra u Policies-explorer: No Drive Type Auto Run = 145 (0x91) m Policies-system: dontdisplaylastusername = 0 (0x0) m Policies-system: legalnoticecaption = m Policies-system: legalnoticetext = m Policies-system: shutdownwithoutlogon = 1 (0x1) m Policies-system: undockwithoutlogon = 1 (0x1) d Policies-explorer: No Drive Type Auto Run = 145 (0x91) IE: - %windir%\Network Diagnostic\IE: - c:\program files\messenger\IE: - - c:\progra~1\spybot~1\LSP: %System Root%\system32\LSP: %System Root%\system32\DPF: - hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/Legit Check DPF: - hxxp:// - hxxp://Its just firefox thats redirecting System Look: System Look v1.0bb by jpshortstuff Log created at on 09/02/2009 by Administrator ========== reg ========== [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "midi"="wdmaud.drv" "MIDI1"="SYNCOR11. I420"="msh263.drv" "vidc.iv31"="ir32_32.dll" "vidc.iv32"="ir32_32.dll" "vidc.iv41"="ir41_32.ax" "vidc.iv50"="ir50_32.dll" "VIDC. 1201162107984 DPF: - hxxp://com/update/1.6.0/jinstall-1_6_0_12-windows-i586DPF: - hxxp://fpdownload.macromedia.com/get/flashplayer/current/DPF: - hxxp://com/update/1.6.0/jinstall-1_6_0_12-windows-i586DPF: - hxxp://com/update/1.6.0/jinstall-1_6_0_12-windows-i586TCP: = 192.168.0.1 Filter: application/octet-stream - - c:\windows\system32\Filter: application/x-complus - - c:\windows\system32\Filter: application/x-msdownload - - c:\windows\system32\Filter: Class Install Handler - - c:\windows\system32\Filter: deflate - - c:\windows\system32\Filter: gzip - - c:\windows\system32\Filter: lzdhtml - - c:\windows\system32\Filter: text/webviewhtml - - Handler: about - - c:\windows\system32\Handler: cdl - - c:\windows\system32\Handler: dvd - - c:\windows\system32\Handler: file - - c:\windows\system32\Handler: ftp - - c:\windows\system32\Handler: gopher - - c:\windows\system32\Handler: http - - c:\windows\system32\Handler: http\0x00000001 - - c:\progra~1\common~1\system\oledb~1\MSDAIPP.

]]x00000001 - - c:\progra~1\common~1\system\oledb~1\MSDAIPP.

malwarebytes program error updating 12016-55malwarebytes program error updating 12016-7malwarebytes program error updating 12016-7

EXE C:\Program Files\Analog Devices\Sound MAX\C:\PROGRA~1\AVG\AVG8\C:\Program Files\i Tunes\i Tunes C:\Program Files\Microsoft Xbox 360 Accessories\Xbox C:\WINDOWS\system32\RUNDLL32. EXE C:\WINDOWS\system32\C:\Program Files\Windows Live\Messenger\Msn Msgr. Exe C:\Program Files\Vtune\C:\Program Files\DNA\C:\Program Files\DAEMON Tools Lite\C:\Program Files\i Pod\bin\i Pod C:\Program Files\RALINK\Common\Ra C:\Program Files\Mozilla Firefox\C:\Program Files\Windows Live\Messenger\C:\Documents and Settings\Administrator\Desktop\Hi Jack R0 - HKCU\Software\Microsoft\Internet Explorer\Main, Start Page = R1 - HKLM\Software\Microsoft\Internet Explorer\Main, Default_Page_URL = Wmi Complete Request] 0CB389F2 ---- Devices - GMER 1.0.14 ---- Device \File System\Ntfs \Ntfs 89BB81F8 Device \Driver\Tcpip \Device\Ip (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) Device \Driver\usbuhci \Device\USBPDO-0 89A8F1F8 Device \Driver\dmio \Device\Dm Control\Dm Io Daemon 89BBB1F8 Device \Driver\dmio \Device\Dm Control\Dm Config 89BBB1F8 Device \Driver\dmio \Device\Dm Control\Dm Pn P 89BBB1F8 Device \Driver\dmio \Device\Dm Control\Dm Info 89BBB1F8 Device \Driver\usbuhci \Device\USBPDO-1 89A8F1F8 Device \Driver\usbuhci \Device\USBPDO-2 89A8F1F8 Device \Driver\PCI_PNP9196 \Device\00000046 Device \Driver\PCI_PNP9196 \Device\00000046 Device \Driver\sptd \Device\1062285446 Device \Driver\usbuhci \Device\USBPDO-3 89A8F1F8 Device \Driver\usbehci \Device\USBPDO-4 89A5B500 Device \Driver\Tcpip \Device\Tcp (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) Device \Driver\Net BT \Device\Net BT_Tcpip_ 89824500 Device \Driver\Ftdisk \Device\Harddisk Volume1 89BBC1F8 Device \Driver\Cdrom \Device\Cd Rom0 89A49500 Device \Driver\Cdrom \Device\Cd Rom1 89A49500 Device \Driver\atapi \Device\Ide\Ide Device P0T0L0-3 89BBA1F8 Device \Driver\atapi \Device\Ide\Ide Port0 89BBA1F8 Device \Driver\atapi \Device\Ide\Ide Port1 89BBA1F8 Device \Driver\atapi \Device\Ide\Ide Port2 89BBA1F8 Device \Driver\atapi \Device\Ide\Ide Port3 89BBA1F8 Device \Driver\atapi \Device\Ide\Ide Device P2T0L0-e 89BBA1F8 Device \Driver\Net BT \Device\Net BT_Tcpip_ 89824500 Device \Driver\Net BT \Device\Net Bt_Wins_Export 89824500 Device \Driver\Net BT \Device\Netbios Smb 89824500 Device \Driver\Tcpip \Device\Udp (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) Device \Driver\Tcpip \Device\Raw Ip (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) Device \Driver\usbuhci \Device\USBFDO-0 89A8F1F8 Device \Driver\usbuhci \Device\USBFDO-1 89A8F1F8 Device \File System\MRx Smb \Device\Lanman Datagram Receiver 8970A1F8 Device \Driver\Tcpip \Device\IPMULTICAST (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) Device \Driver\usbuhci \Device\USBFDO-2 89A8F1F8 Device \File System\MRx Smb \Device\Lanman Redirector 8970A1F8 Device \Driver\usbuhci \Device\USBFDO-3 89A8F1F8 Device \Driver\usbehci \Device\USBFDO-4 89A5B500 Device \Driver\Ftdisk \Device\Ft Control 89BBC1F8 Device \Driver\az1ovc67 \Device\Scsi\az1ovc671Port4Path0Target0Lun0 89A3C1F8 Device \Driver\az1ovc67 \Device\Scsi\az1ovc671 89A3C1F8 Device \File System\Cdfs \Cdfs 89737500 ---- Registry - GMER 1.0.14 ---- Reg HKLM\SYSTEM\Current Control Set\Services\sptd\[email protected] 771343423 Reg HKLM\SYSTEM\Current Control Set\Services\sptd\[email protected] 285507792 Reg HKLM\SYSTEM\Current Control Set\Services\sptd\[email protected] 1 Reg HKLM\SYSTEM\Current Control Set\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 Reg HKLM\SYSTEM\Current Control Set\Services\sptd\Cfg\[email protected] C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\Current Control Set\Services\sptd\Cfg\[email protected] 0 Reg HKLM\SYSTEM\Current Control Set\Services\sptd\Cfg\[email protected] 0x DD 0x DE 0x BD 0x87 ...

One thought on “malwarebytes program error updating 12016”

  1. Veronica Roth When I started dating I had this kind of Romeo and Juliet, fateful romantic idea about love which was almost that you were a victim and there was a lot of pain involved and that was how it should be.