froglover

I got the combo fix to run but there was no report or log.. I still can't get the Ark program to run. Also is a new HJT file. hijackthis_6_4.txt hijackthis_6_4.txt

I am about to cry. I can't get the D.D.S to work. I get the black box up and it tells me how it's not permanent. But... with all these stupid bad image error messages I can't get anything to run. Should I uninslall the MBAM and try over? I am at my wits end here. Again, thank you for all your help. Karen

I forgot to attach the message, sorry for the dbl post. GMER 1.0.15.14972 - http://www.gmer.net Rootkit scan 2009-06-03 15:25:18 Windows 5.1.2600 Service Pack 3 ---- System - GMER 1.0.15 ---- Code 897B0610 ZwEnumerateKey Code 89A52E58 ZwFlushInstructionCache Code 897B0966 IofCallDriver Code 89778BB6 IofCompleteRequest ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs 89DC61F8 Device \FileSystem\Fastfat \Fat 893D6478 AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) AttachedDevice \Driver\Tcpip \Device\Ip sbtis.sys (Sunbelt TDI Inspection System/Sunbelt Software) AttachedDevice \Driver\Tcpip \Device\Tcp sbtis.sys (Sunbelt TDI Inspection System/Sunbelt Software) AttachedDevice \Driver\Tcpip \Device\Udp sbtis.sys (Sunbelt TDI Inspection System/Sunbelt Software) AttachedDevice \Driver\Tcpip \Device\RawIp sbtis.sys (Sunbelt TDI Inspection System/Sunbelt Software) Device \Driver\NDIS \Device\Ndis [89CD5984] NDIS.sys[.reloc] ---- Processes - GMER 1.0.15 ---- Process C:\Documents and Settings\Owner\Application Data\Google\epvhe1116163.exe (*** hidden *** ) 1220 ---- EOF - GMER 1.0.15 ----

I got down to the "ARK " scan and it said there was damage because of the anit rookit program. Some thing like Gemre? It was scanning then quit.

Hello and thanks for any help you give. I ran the Root program and saw alot of the ones you said with the wierd letters. You mentioned there would be only one sys. file , but I had several and don't know what to do. I am clearing up my disk and then will send you a c n p copy of the Root program.

I saw a forum reply that said to cut and paste the HiJack log so here it is. I can't keep clicking the error messages fast enough. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 2:43:13 PM, on 5/27/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\AVANQU~1\Fix-It\mxtask.exe J:\New Games D\iWin Games\iWinTrusted.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS C:\Program Files\Common Files\AntiVirus\SBAMSvc.exe C:\PROGRA~1\AVANQU~1\Fix-It\mxtask2.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Digital Media Reader\shwiconem.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\ALCWZRD.EXE C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\BigFix\BigFix.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.myway.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [sunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [Mixersel] C:\Program Files\Realtek\InstallShield\mixersel.exe O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u O4 - HKLM\..\Run: [sBRegRebootCleaner] C:\Program Files\Common Files\AntiVirus\SBRC.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKCU\..\Run: [cdloader] "C:\Documents and Settings\Owner\Application Data\mjusbsp\cdloader2.exe" MAGICJACK O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file://C:\Program Files\Enchanted Katya - Mystery of the Lost Wizard\Images\stg_drm.ocx O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} (PogoWebLauncher Control) - http://www.pogo.com/cdl/launcher/PogoWebLa...erInstaller.CAB O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file://C:\Program Files\Annabel\Images\armhelper.ocx O23 - Service: Fix-It Task Manager - Avanquest North America, Inc. - C:\PROGRA~1\AVANQU~1\Fix-It\mxtask.exe O23 - Service: iWinTrusted - iWin Inc. - J:\New Games D\iWin Games\iWinTrusted.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS O23 - Service: Fix-It (SBAMSvc) - Sunbelt Software - C:\Program Files\Common Files\AntiVirus\SBAMSvc.exe -- End of file - 5695 bytes Thanks for any help. I am not a pc geek but I know enough to really mess it up or follow a tech's instructions