piratesteve83

December 24, 2009

i still have the errors, by the way. anything else i can try?

December 19, 2009

so i followed all your instructions, and there were no files detected in the preliminary scan. so i did a full scan, and it completed without crashing with no infections detected.

December 17, 2009

hi advancedsetup, i ran dds with no problem, but i tried running GMER twice, and it crashed my computer both times. it said that the problems were caused by these two files:

C:\DOCUME~1\User\LOCALS~1\Temp\WERd57f.dir00\Mini121609-02.dmp

C:\DOCUME~1\User\LOCALS~1\Temp\WERd57f.dir00\sysdata.xml

and this is the error signature (don't know if it helps):

BCCode : 100000d1 BCP1 : 00000000 BCP2 : 0000001C BCP3 : 00000001

BCP4 : 889FD00C OSVer : 5_1_2600 SP : 3_0 Product : 768_1

i'm confused as to why it crashed, because the last time i ran GMER it worked fine. that was before i did all of the malware removal stuff on here, though.

ok, here's the DDS log:

DDS (Ver_09-12-01.01) - NTFSx86

Run by User at 22:35:05.62 on Wed 12/16/2009

Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_17

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2038.1490 [GMT -6:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\AVG\AVG9\avgchsvx.exe

C:\Program Files\AVG\AVG9\avgrsx.exe

svchost.exe

C:\Program Files\AVG\AVG9\avgcsrvx.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\AVG\AVG9\avgwdsvc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\AVG\AVG9\avgnsx.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\WINDOWS\system32\UAService7.exe

C:\Program Files\AVG\AVG9\avgemc.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\AVG\AVG9\avgcsrvx.exe

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\AGRSMMSG.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\PROGRA~1\AVG\AVG9\avgtray.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Documents and Settings\User\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.facebook.com/

uInternet Connection Wizard,ShellNext = iexplore

uInternet Settings,ProxyServer = http=127.0.0.1:5555

uInternet Settings,ProxyOverride = <local>

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll

BHO: : {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [sUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe

mRun: [RTHDCPL] RTHDCPL.EXE

mRun: [AGRSMMSG] AGRSMMSG.exe

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"

mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe

dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab

DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx2.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab

DPF: {55027008-315F-4F45-BBC3-8BE119764741} - hxxp://static.slide.com/uploader/SlideImageUploader.cab

DPF: {615F158E-D5CA-422F-A8E7-F6A5EED7063B} - hxxp://www.worldwinner.com/games/v46/bejeweled/bejeweled.cab

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} - hxxp://www.worldwinner.com/games/shared/wwlaunch.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab

DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll

Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL

Notify: avgrsstarter - avgrsstx.dll

Notify: igfxcui - igfxdev.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\wpdshserviceobj.dll

SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\user\applic~1\mozilla\firefox\profiles\ef2vcnrg.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/

FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll

FF - plugin: c:\documents and settings\user\application data\move networks\plugins\npqmp071701000002.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-12-9 333192]

R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-12-9 28424]

R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-12-9 360584]

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2009-2-17 9968]

R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-2-17 74480]

R2 avg9emc;AVG Free E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2009-12-9 906520]

R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2009-12-9 285392]

R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-2-17 7408]

S2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]

S3 CPEb;CPEB;\??\c:\windows\system32\drivers\cpeb.sys --> c:\windows\system32\drivers\CPEB.SYS [?]

=============== Created Last 30 ================

2009-12-17 02:02:31 0 d-----w- c:\program files\2Wallace And Gromit Ep1 - Fright Of The Bumblebees

2009-12-16 17:26:32 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-12-16 17:26:31 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes

2009-12-16 17:26:30 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-12-16 17:26:30 0 d-----w- c:\program files\Malwarebytes' Anti-Malware

2009-12-09 22:52:14 0 d--h--w- c:\windows\msdownld.tmp

2009-12-09 22:32:15 0 d-----w- c:\program files\eMule

2009-12-09 17:11:47 0 d--h--w- C:\$AVG

2009-12-09 17:11:36 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys

2009-12-09 17:11:36 12464 ----a-w- c:\windows\system32\avgrsstx.dll

2009-12-09 17:11:28 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys

2009-12-09 17:11:19 0 d-----w- c:\windows\system32\drivers\Avg

2009-12-09 17:11:02 0 d-----w- c:\program files\AVG

2009-12-09 17:11:00 0 d-----w- c:\docume~1\alluse~1\applic~1\avg9

2009-12-09 06:26:40 270336 ------w- c:\windows\system32\dllcache\oakley.dll

2009-12-09 06:26:34 75776 ------w- c:\windows\system32\dllcache\strmfilt.dll

2009-12-09 06:26:34 265728 ------w- c:\windows\system32\dllcache\http.sys

2009-12-09 06:26:34 25088 ------w- c:\windows\system32\dllcache\httpapi.dll

2009-12-09 06:26:27 79872 ------w- c:\windows\system32\dllcache\raschap.dll

2009-12-09 06:26:27 149504 ------w- c:\windows\system32\dllcache\rastls.dll

2009-12-09 05:33:52 260096 ----a-w- c:\windows\PEV.exe

2009-12-01 01:49:24 0 d-----w- c:\program files\Windows Resource Kits

2009-11-29 18:29:24 0 ----a-w- c:\documents and settings\user\defogger_reenable

2009-11-28 02:21:19 73728 ----a-w- c:\windows\system32\javacpl.cpl

2009-11-27 03:12:55 0 d-----w- c:\program files\Panda Security

2009-11-26 21:30:18 0 d-----w- c:\program files\ESET

2009-11-26 04:02:30 15360 ----a-w- c:\windows\system32\dllcache\ctfmon.exe

2009-11-26 04:02:30 15360 ------w- c:\windows\system32\ctfmon.exe

2009-11-26 01:15:12 50176 ----a-w- c:\windows\system32\proquota.exe

2009-11-26 01:15:12 50176 ----a-w- c:\windows\system32\dllcache\proquota.exe

2009-11-26 01:09:59 0 d-sha-r- C:\cmdcons

2009-11-24 20:21:16 0 d-----w- c:\docume~1\user\applic~1\QuickScan

2009-11-24 19:36:57 0 d-----w- c:\program files\Trend Micro

==================== Find3M ====================

2009-12-02 05:15:45 96512 ----a-w- c:\windows\system32\dllcache\atapi.sys

2009-12-02 05:15:45 96512 ------w- c:\windows\system32\drivers\atapi.sys

2009-11-28 02:20:59 411368 ----a-w- c:\windows\system32\deploytk.dll

2009-10-29 19:16:58 3598336 ----a-w- c:\windows\system32\dllcache\mshtml.dll

2009-10-28 14:36:11 70656 ----a-w- c:\windows\system32\dllcache\ie4uinit.exe

2009-10-28 14:36:11 13824 ----a-w- c:\windows\system32\dllcache\ieudinit.exe

2009-10-28 06:54:16 634632 ----a-w- c:\windows\system32\dllcache\iexplore.exe

2009-10-28 06:52:46 161792 ----a-w- c:\windows\system32\dllcache\ieakui.dll

2009-10-21 05:38:36 75776 ----a-w- c:\windows\system32\strmfilt.dll

2009-10-21 05:38:36 25088 ----a-w- c:\windows\system32\httpapi.dll

2009-10-20 16:20:16 265728 ----a-w- c:\windows\system32\drivers\http.sys

2009-10-13 10:30:16 270336 ----a-w- c:\windows\system32\oakley.dll

2009-10-12 13:38:19 149504 ----a-w- c:\windows\system32\rastls.dll

2009-10-12 13:38:18 79872 ----a-w- c:\windows\system32\raschap.dll

2008-05-21 20:00:34 92672 ----a-w- c:\program files\KillBox.exe

2008-09-09 03:08:59 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008090820080909\index.dat

============= FINISH: 22:35:38.18 ===============

Attach.zip

December 16, 2009

exile, i went through your directions and still have the errors.

advancedsetup, i previously posted this problem on the forum you suggested. after helping me remove a major problem from my computer and still having the errors, the person who helped me there suggested that i post this problem on this forum. for review, that topic can be found here: http://www.malwarebytes.org/forums/index.p...mp;#entry170711

i'd really love to get MBAM working on this computer. i have it on another computer, and it's great. i

d appreciate any more ideas or help you can offer. i'm willing to try just about anything

December 16, 2009

none of these did the trick. in case it helps to know: when i install, i get the error messages right before the progress bar is finished. when i uninstall, i get the same errors right at the beginning of the progress bar.

December 15, 2009

alright, thanks

December 15, 2009

Malwarebytes will not open, but instead gives me two error messages, the first window being titled "vbAccelerator SGrid II Control" with the message "runtime error '0'" and the second being a window titled "Malwarebytes' Anti-Malware" with the message "runtime error '440' automation error". i uninstalled Malwarebytes and reinstalled it and i got the same two error messages at the end of the installation process, and again when i tried to open it. it still wouldn't open, so i followed the instructions on this page: http://www.malwarebytes.org/forums/index.php?showtopic=10138. it still gave me the same errors and would not open. So i posted this on the Malwarebytes malware removal forum and they helped me clean my computer of a backdoor trojan, but i still am getting the two errors just like before, so the moderator suggested I post my problem again here. I'd really love to use MBAM, as i have it on another computer and it works great. Please help!

December 14, 2009

i still have the same errrors and can't open malwarebytes. is there anything else to be done? i'd really like to use MBAM if i can, as i have it on another computer and it works great.

December 13, 2009

DDS Log:

DDS (Ver_09-11-29.01) - NTFSx86

Run by User at 11:08:39.10 on Sun 12/13/2009

Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_17

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2038.1448 [GMT -6:00]