piratesteve83
-
Posts
18 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by piratesteve83
-
-
so i followed all your instructions, and there were no files detected in the preliminary scan. so i did a full scan, and it completed without crashing with no infections detected.
-
hi advancedsetup, i ran dds with no problem, but i tried running GMER twice, and it crashed my computer both times. it said that the problems were caused by these two files:
C:\DOCUME~1\User\LOCALS~1\Temp\WERd57f.dir00\Mini121609-02.dmp
C:\DOCUME~1\User\LOCALS~1\Temp\WERd57f.dir00\sysdata.xml
and this is the error signature (don't know if it helps):
BCCode : 100000d1 BCP1 : 00000000 BCP2 : 0000001C BCP3 : 00000001
BCP4 : 889FD00C OSVer : 5_1_2600 SP : 3_0 Product : 768_1
i'm confused as to why it crashed, because the last time i ran GMER it worked fine. that was before i did all of the malware removal stuff on here, though.
ok, here's the DDS log:
DDS (Ver_09-12-01.01) - NTFSx86
Run by User at 22:35:05.62 on Wed 12/16/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2038.1490 [GMT -6:00]
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
svchost.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\UAService7.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\User\Desktop\dds.scr
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.facebook.com/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride = <local>
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: : {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [sUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx2.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
DPF: {55027008-315F-4F45-BBC3-8BE119764741} - hxxp://static.slide.com/uploader/SlideImageUploader.cab
DPF: {615F158E-D5CA-422F-A8E7-F6A5EED7063B} - hxxp://www.worldwinner.com/games/v46/bejeweled/bejeweled.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} - hxxp://www.worldwinner.com/games/shared/wwlaunch.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\wpdshserviceobj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\user\applic~1\mozilla\firefox\profiles\ef2vcnrg.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/
FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\user\application data\move networks\plugins\npqmp071701000002.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
============= SERVICES / DRIVERS ===============
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-12-9 333192]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-12-9 28424]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-12-9 360584]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2009-2-17 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-2-17 74480]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2009-12-9 906520]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2009-12-9 285392]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-2-17 7408]
S2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
S3 CPEb;CPEB;\??\c:\windows\system32\drivers\cpeb.sys --> c:\windows\system32\drivers\CPEB.SYS [?]
=============== Created Last 30 ================
2009-12-17 02:02:31 0 d-----w- c:\program files\2Wallace And Gromit Ep1 - Fright Of The Bumblebees
2009-12-16 17:26:32 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-16 17:26:31 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-12-16 17:26:30 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-16 17:26:30 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-09 22:52:14 0 d--h--w- c:\windows\msdownld.tmp
2009-12-09 22:32:15 0 d-----w- c:\program files\eMule
2009-12-09 17:11:47 0 d--h--w- C:\$AVG
2009-12-09 17:11:36 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-12-09 17:11:36 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2009-12-09 17:11:28 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-12-09 17:11:19 0 d-----w- c:\windows\system32\drivers\Avg
2009-12-09 17:11:02 0 d-----w- c:\program files\AVG
2009-12-09 17:11:00 0 d-----w- c:\docume~1\alluse~1\applic~1\avg9
2009-12-09 06:26:40 270336 ------w- c:\windows\system32\dllcache\oakley.dll
2009-12-09 06:26:34 75776 ------w- c:\windows\system32\dllcache\strmfilt.dll
2009-12-09 06:26:34 265728 ------w- c:\windows\system32\dllcache\http.sys
2009-12-09 06:26:34 25088 ------w- c:\windows\system32\dllcache\httpapi.dll
2009-12-09 06:26:27 79872 ------w- c:\windows\system32\dllcache\raschap.dll
2009-12-09 06:26:27 149504 ------w- c:\windows\system32\dllcache\rastls.dll
2009-12-09 05:33:52 260096 ----a-w- c:\windows\PEV.exe
2009-12-01 01:49:24 0 d-----w- c:\program files\Windows Resource Kits
2009-11-29 18:29:24 0 ----a-w- c:\documents and settings\user\defogger_reenable
2009-11-28 02:21:19 73728 ----a-w- c:\windows\system32\javacpl.cpl
2009-11-27 03:12:55 0 d-----w- c:\program files\Panda Security
2009-11-26 21:30:18 0 d-----w- c:\program files\ESET
2009-11-26 04:02:30 15360 ----a-w- c:\windows\system32\dllcache\ctfmon.exe
2009-11-26 04:02:30 15360 ------w- c:\windows\system32\ctfmon.exe
2009-11-26 01:15:12 50176 ----a-w- c:\windows\system32\proquota.exe
2009-11-26 01:15:12 50176 ----a-w- c:\windows\system32\dllcache\proquota.exe
2009-11-26 01:09:59 0 d-sha-r- C:\cmdcons
2009-11-24 20:21:16 0 d-----w- c:\docume~1\user\applic~1\QuickScan
2009-11-24 19:36:57 0 d-----w- c:\program files\Trend Micro
==================== Find3M ====================
2009-12-02 05:15:45 96512 ----a-w- c:\windows\system32\dllcache\atapi.sys
2009-12-02 05:15:45 96512 ------w- c:\windows\system32\drivers\atapi.sys
2009-11-28 02:20:59 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-10-29 19:16:58 3598336 ----a-w- c:\windows\system32\dllcache\mshtml.dll
2009-10-28 14:36:11 70656 ----a-w- c:\windows\system32\dllcache\ie4uinit.exe
2009-10-28 14:36:11 13824 ----a-w- c:\windows\system32\dllcache\ieudinit.exe
2009-10-28 06:54:16 634632 ----a-w- c:\windows\system32\dllcache\iexplore.exe
2009-10-28 06:52:46 161792 ----a-w- c:\windows\system32\dllcache\ieakui.dll
2009-10-21 05:38:36 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38:36 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20:16 265728 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-13 10:30:16 270336 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:38:19 149504 ----a-w- c:\windows\system32\rastls.dll
2009-10-12 13:38:18 79872 ----a-w- c:\windows\system32\raschap.dll
2008-05-21 20:00:34 92672 ----a-w- c:\program files\KillBox.exe
2008-09-09 03:08:59 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008090820080909\index.dat
============= FINISH: 22:35:38.18 ===============
-
exile, i went through your directions and still have the errors.
advancedsetup, i previously posted this problem on the forum you suggested. after helping me remove a major problem from my computer and still having the errors, the person who helped me there suggested that i post this problem on this forum. for review, that topic can be found here: http://www.malwarebytes.org/forums/index.p...mp;#entry170711
i'd really love to get MBAM working on this computer. i have it on another computer, and it's great. i
d appreciate any more ideas or help you can offer. i'm willing to try just about anything
-
none of these did the trick. in case it helps to know: when i install, i get the error messages right before the progress bar is finished. when i uninstall, i get the same errors right at the beginning of the progress bar.
-
alright, thanks
-
Malwarebytes will not open, but instead gives me two error messages, the first window being titled "vbAccelerator SGrid II Control" with the message "runtime error '0'" and the second being a window titled "Malwarebytes' Anti-Malware" with the message "runtime error '440' automation error". i uninstalled Malwarebytes and reinstalled it and i got the same two error messages at the end of the installation process, and again when i tried to open it. it still wouldn't open, so i followed the instructions on this page: http://www.malwarebytes.org/forums/index.php?showtopic=10138. it still gave me the same errors and would not open. So i posted this on the Malwarebytes malware removal forum and they helped me clean my computer of a backdoor trojan, but i still am getting the two errors just like before, so the moderator suggested I post my problem again here. I'd really love to use MBAM, as i have it on another computer and it works great. Please help!
-
i still have the same errrors and can't open malwarebytes. is there anything else to be done? i'd really like to use MBAM if i can, as i have it on another computer and it works great.
-
DDS Log:
DDS (Ver_09-11-29.01) - NTFSx86
Run by User at 11:08:39.10 on Sun 12/13/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2038.1448 [GMT -6:00]
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
svchost.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\UAService7.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\User\Desktop\dds.scr
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.facebook.com/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride = <local>
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: : {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [sUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx2.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
DPF: {55027008-315F-4F45-BBC3-8BE119764741} - hxxp://static.slide.com/uploader/SlideImageUploader.cab
DPF: {615F158E-D5CA-422F-A8E7-F6A5EED7063B} - hxxp://www.worldwinner.com/games/v46/bejeweled/bejeweled.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} - hxxp://www.worldwinner.com/games/shared/wwlaunch.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\wpdshserviceobj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\user\applic~1\mozilla\firefox\profiles\ef2vcnrg.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/
FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\user\application data\move networks\plugins\npqmp071701000002.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
============= SERVICES / DRIVERS ===============
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-12-9 333192]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-12-9 28424]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-12-9 360584]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2009-2-17 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-2-17 74480]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2009-12-9 906520]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2009-12-9 285392]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-2-17 7408]
S2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
S3 CPEb;CPEB;\??\c:\windows\system32\drivers\cpeb.sys --> c:\windows\system32\drivers\CPEB.SYS [?]
=============== Created Last 30 ================
2009-12-09 22:52:14 0 d--h--w- c:\windows\msdownld.tmp
2009-12-09 22:32:15 0 d-----w- c:\program files\eMule
2009-12-09 17:14:41 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-09 17:14:40 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-09 17:14:40 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-09 17:14:40 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-12-09 17:11:47 0 d--h--w- C:\$AVG
2009-12-09 17:11:36 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-12-09 17:11:36 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2009-12-09 17:11:28 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-12-09 17:11:19 0 d-----w- c:\windows\system32\drivers\Avg
2009-12-09 17:11:02 0 d-----w- c:\program files\AVG
2009-12-09 17:11:00 0 d-----w- c:\docume~1\alluse~1\applic~1\avg9
2009-12-09 06:26:40 270336 ------w- c:\windows\system32\dllcache\oakley.dll
2009-12-09 06:26:34 75776 ------w- c:\windows\system32\dllcache\strmfilt.dll
2009-12-09 06:26:34 265728 ------w- c:\windows\system32\dllcache\http.sys
2009-12-09 06:26:34 25088 ------w- c:\windows\system32\dllcache\httpapi.dll
2009-12-09 06:26:27 79872 ------w- c:\windows\system32\dllcache\raschap.dll
2009-12-09 06:26:27 149504 ------w- c:\windows\system32\dllcache\rastls.dll
2009-12-09 05:33:52 98816 ----a-w- c:\windows\sed.exe
2009-12-09 05:33:52 260096 ----a-w- c:\windows\PEV.exe
2009-12-09 05:33:52 161792 ----a-w- c:\windows\SWREG.exe
2009-12-01 01:49:24 0 d-----w- c:\program files\Windows Resource Kits
2009-11-29 18:29:24 0 ----a-w- c:\documents and settings\user\defogger_reenable
2009-11-28 02:21:19 73728 ----a-w- c:\windows\system32\javacpl.cpl
2009-11-27 03:12:55 0 d-----w- c:\program files\Panda Security
2009-11-27 03:07:31 0 d-----w- C:\_OTM
2009-11-26 21:30:18 0 d-----w- c:\program files\ESET
2009-11-26 04:02:30 15360 ----a-w- c:\windows\system32\dllcache\ctfmon.exe
2009-11-26 04:02:30 15360 ------w- c:\windows\system32\ctfmon.exe
2009-11-26 01:15:12 50176 ----a-w- c:\windows\system32\proquota.exe
2009-11-26 01:15:12 50176 ----a-w- c:\windows\system32\dllcache\proquota.exe
2009-11-26 01:09:59 0 d-sha-r- C:\cmdcons
2009-11-24 20:21:16 0 d-----w- c:\docume~1\user\applic~1\QuickScan
2009-11-24 19:36:57 0 d-----w- c:\program files\Trend Micro
==================== Find3M ====================
2009-12-02 05:15:45 96512 ----a-w- c:\windows\system32\dllcache\atapi.sys
2009-12-02 05:15:45 96512 ------w- c:\windows\system32\drivers\atapi.sys
2009-11-28 02:20:59 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-10-29 19:16:58 3598336 ----a-w- c:\windows\system32\dllcache\mshtml.dll
2009-10-28 14:36:11 70656 ----a-w- c:\windows\system32\dllcache\ie4uinit.exe
2009-10-28 14:36:11 13824 ----a-w- c:\windows\system32\dllcache\ieudinit.exe
2009-10-28 06:54:16 634632 ----a-w- c:\windows\system32\dllcache\iexplore.exe
2009-10-28 06:52:46 161792 ----a-w- c:\windows\system32\dllcache\ieakui.dll
2009-10-21 05:38:36 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38:36 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20:16 265728 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-13 10:30:16 270336 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:38:19 149504 ----a-w- c:\windows\system32\rastls.dll
2009-10-12 13:38:18 79872 ----a-w- c:\windows\system32\raschap.dll
2008-05-21 20:00:34 92672 ----a-w- c:\program files\KillBox.exe
2008-09-09 03:08:59 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008090820080909\index.dat
============= FINISH: 11:09:59.56 ===============
-
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=7.00.6000.16945 (vista_gdr.091027-0049)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=676e9d531a16fc4ea6a574618b2f9a2f
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=false
# utc_time=2009-12-12 05:27:24
# local_time=2009-12-12 11:27:24 (-0600, Central Standard Time)
# country="United States"
# lang=9
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 1462317 1462317 0 0
# compatibility_mode=1024 16777175 100 0 0 0 0 0
# compatibility_mode=6143 16777215 0 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 1282716 1282716 0 0
# scanned=54280
# found=1
# cleaned=1
# scan_time=2312
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\atapi.sys.vir Win32/Olmarik.RF virus (deleted - quarantined) 820FE40B5C89DFE7A1C385B3E1ADBA0E C
-
SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 12/11/2009 at 01:42 PM
Application Version : 4.31.1000
Core Rules Database Version : 3784
Trace Rules Database Version: 1741
Scan type : Complete Scan
Total Scan Time : 01:59:21
Memory items scanned : 423
Memory threats detected : 0
Registry items scanned : 5022
Registry threats detected : 0
File items scanned : 55584
File threats detected : 2
Trojan.Downloader-Gen/Suspicious
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B485E12B-1A3B-4A2B-9CA0-45DDF94C0D34}\RP408\A0057962.EXE
C:\WINDOWS\MBR.EXE
-
i tried both things suggested there. still getting the errors
-
i still was not able to open malwarebytes, so i uninstalled it and downloaded a fresh installer. i then installed it again, and met with the same errors (mentioned in my first post) at the end of the installation and again when i tried to open it. so in a nutshell, i still can't open malwarebytes and the same problem is still there.
-
so i disabled the active shield on AVG and combofix deleted something that AVG needed to run, so i've had to reinstall AVG.
here's the combofix log:
ComboFix 09-12-08.03 - User 12/08/2009 23:38:58.4.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2038.1600 [GMT -6:00]
Running from: c:\documents and settings\User\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
Infected copy of c:\windows\system32\DRIVERS\atapi.sys was found and disinfected
Restored copy from - Kitty ate it
.
((((((((((((((((((((((((( Files Created from 2009-11-09 to 2009-12-09 )))))))))))))))))))))))))))))))
.
2009-12-01 02:29 . 2009-09-10 20:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-01 02:29 . 2009-12-01 02:29 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-01 02:29 . 2009-12-01 02:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-12-01 02:29 . 2009-09-10 20:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-01 01:49 . 2009-12-01 01:49 -------- d-----w- c:\program files\Windows Resource Kits
2009-11-28 01:52 . 2009-11-28 01:53 -------- d-----w- c:\program files\QuickTime
2009-11-27 03:12 . 2009-11-29 19:49 -------- d-----w- c:\program files\Panda Security
2009-11-27 03:07 . 2009-11-27 03:07 -------- d-----w- C:\_OTM
2009-11-26 21:30 . 2009-11-26 21:30 -------- d-----w- c:\program files\ESET
2009-11-26 04:02 . 2008-04-14 00:12 15360 ----a-w- c:\windows\system32\dllcache\ctfmon.exe
2009-11-26 04:02 . 2008-04-14 00:12 15360 ------w- c:\windows\system32\ctfmon.exe
2009-11-26 01:15 . 2008-04-14 00:12 50176 ----a-w- c:\windows\system32\proquota.exe
2009-11-26 01:15 . 2008-04-14 00:12 50176 ----a-w- c:\windows\system32\dllcache\proquota.exe
2009-11-24 20:21 . 2009-11-24 20:22 -------- d-----w- c:\documents and settings\User\Application Data\QuickScan
2009-11-24 19:36 . 2009-11-24 19:36 -------- d-----w- c:\program files\Trend Micro
2009-11-24 08:53 . 2009-11-24 08:53 79488 ----a-w- c:\documents and settings\User\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2009-11-10 17:03 . 2009-11-10 17:03 143976 ----a-w- c:\documents and settings\User\Application Data\Move Networks\uninstall.exe
2009-11-10 17:02 . 2009-11-10 17:03 1794456 ----a-w- c:\documents and settings\User\Application Data\Move Networks\MoveMediaPlayerWin_071701000002.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-09 05:37 . 2009-08-23 23:42 -------- d-----w- c:\documents and settings\User\Application Data\Azureus
2009-12-07 04:15 . 2009-10-27 20:33 -------- d-----w- c:\program files\ScummVM
2009-12-02 19:39 . 2008-06-03 06:59 -------- d-----w- c:\documents and settings\User\Application Data\Move Networks
2009-12-02 05:15 . 2004-08-04 12:00 96512 ----a-w- c:\windows\system32\drivers\atapi.sys
2009-11-29 19:52 . 2009-07-16 03:57 -------- d-----w- c:\program files\Telltale Games
2009-11-28 02:33 . 2008-08-29 18:52 -------- d-----w- c:\program files\Safari
2009-11-28 02:20 . 2009-06-04 18:46 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-11-27 03:07 . 2007-12-24 19:18 -------- d-----w- c:\program files\iTunes
2009-11-26 04:09 . 2007-07-05 17:53 -------- d-----w- c:\program files\Elantech
2009-11-26 01:56 . 2009-08-23 23:17 -------- d-----w- c:\program files\Vuze
2009-11-18 19:03 . 2008-07-20 15:43 -------- d-----w- c:\documents and settings\User\Application Data\U3
2009-11-12 18:27 . 2008-05-23 00:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-11-10 17:03 . 2009-10-15 00:50 5642688 ----a-w- c:\documents and settings\User\Application Data\Move Networks\plugins\npqmp071701000002.dll
2009-10-21 20:48 . 2007-07-05 20:45 64120 ----a-w- c:\documents and settings\User\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-17 19:55 . 2009-08-04 03:08 -------- d-----w- c:\program files\LucasArts
2009-10-17 19:48 . 2007-07-05 17:48 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-10-15 00:50 . 2009-10-15 00:50 97216 ----a-w- c:\documents and settings\User\Application Data\Move Networks\ie_bin\MovePlayerUpgrade.exe
2009-09-11 14:18 . 2004-08-04 12:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2008-05-21 20:00 . 2008-05-21 20:00 92672 ----a-w- c:\program files\KillBox.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2006-04-17 16143872]
"AGRSMMSG"="AGRSMMSG.exe" [2005-12-12 88204]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-11-26 2029336]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-11-28 149280]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 15:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-09-03 17:41 11952 ----a-w- c:\windows\system32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\SUPERAntiSpyware\\SUPERAntiSpyware.exe"=
"c:\\Program Files\\SUPERAntiSpyware\\RUNSAS.EXE"=
"%windir%\\system32\\drivers\\svchost.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [3/14/2009 8:36 PM 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [3/14/2009 8:36 PM 108552]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2009 9:43 AM 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2/17/2009 9:43 AM 55024]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [9/3/2009 11:41 AM 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [3/14/2009 8:36 PM 297752]
S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 6:19 PM 13592]
S3 CPEb;CPEB;\??\c:\windows\system32\drivers\CPEB.SYS --> c:\windows\system32\drivers\CPEB.SYS [?]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2/17/2009 9:43 AM 7408]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.facebook.com/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride = <local>
FF - ProfilePath - c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\ef2vcnrg.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\User\Application Data\Move Networks\plugins\npqmp071701000002.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -
AddRemove-ESET Online Scanner - c:\program files\ESET\ESET Online Scanner\OnlineScannerUninstaller.exe
AddRemove-Worms2 - c:\windows\IsUninst.exe -fc:\microprose\Worms2\Uninst.isu
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-08 23:44
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(620)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
.
Completion time: 2009-12-08 23:46:14
ComboFix-quarantined-files.txt 2009-12-09 05:46
ComboFix2.txt 2009-11-26 21:27
Pre-Run: 40,171,454,464 bytes free
Post-Run: 40,220,200,960 bytes free
- - End Of File - - 79114D1F5425A33200974DD19A2BF3B6
-
thank you for the information. however, i don't have any original installation discs for this computer, so i think i'd like to try cleaning it up as best as possible, and i'll just be careful what i use it for.
-
i'm still waiting for assistance. someone please help!
-
Malwarebytes will not open, but instead gives me two error messages, the first window being titled "vbAccelerator SGrid II Control" with the message "runtime error '0'" and the second being a window titled "Malwarebytes' Anti-Malware" with the message "runtime error '440' automation error". i uninstalled Malwarebytes and reinstalled it and i got the same two error messages at the end of the installation process, and again when i tried to open it. it still wouldn't open, so i followed the instructions on this page: http://www.malwarebytes.org/forums/index.php?showtopic=10138. it still gave me the same errors and would not open, so i have followed the instructions on this page: http://www.malwarebytes.org/forums/index.php?showtopic=9573
here is the DDS log:
DDS (Ver_09-11-29.01) - NTFSx86
Run by User at 12:36:10.78 on Sun 11/29/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2038.1489 [GMT -6:00]
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\UAService7.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\User\Desktop\dds.scr
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.facebook.com/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride = <local>
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: : {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [sgyoknpa] c:\documents and settings\user\local settings\application data\tyvnuo\vqcusysguard.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [sgyoknpa] c:\documents and settings\user\local settings\application data\tyvnuo\vqcusysguard.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
IE: &Search - http://edits.mywebsearch.com/toolbaredits/...arch.jhtml?p=ZC
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx2.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
DPF: {55027008-315F-4F45-BBC3-8BE119764741} - hxxp://static.slide.com/uploader/SlideImageUploader.cab
DPF: {615F158E-D5CA-422F-A8E7-F6A5EED7063B} - hxxp://www.worldwinner.com/games/v46/bejeweled/bejeweled.cab
DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} - hxxp://www.worldwinner.com/games/shared/wwlaunch.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\wpdshserviceobj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\user\applic~1\mozilla\firefox\profiles\ef2vcnrg.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\user\application data\move networks\plugins\npqmp071701000002.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
============= SERVICES / DRIVERS ===============
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-11-26 28552]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-3-14 335240]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2007-7-5 27784]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-3-14 108552]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-2-17 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-2-17 55024]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-9-3 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-3-14 297752]
S2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
S3 CPEb;CPEB;\??\c:\windows\system32\drivers\cpeb.sys --> c:\windows\system32\drivers\CPEB.SYS [?]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-2-17 7408]
=============== Created Last 30 ================
2009-11-29 18:29:24 0 ----a-w- c:\documents and settings\user\defogger_reenable
2009-11-28 02:21:19 73728 ----a-w- c:\windows\system32\javacpl.cpl
2009-11-28 01:18:38 0 d-s---w- C:\ComboFix
2009-11-27 03:14:25 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys
2009-11-27 03:12:55 0 d-----w- c:\program files\Panda Security
2009-11-27 03:07:31 0 d-----w- C:\_OTM
2009-11-26 21:30:18 0 d-----w- c:\program files\ESET
2009-11-26 04:02:30 15360 ----a-w- c:\windows\system32\dllcache\ctfmon.exe
2009-11-26 04:02:30 15360 ------w- c:\windows\system32\ctfmon.exe
2009-11-26 01:15:12 50176 ----a-w- c:\windows\system32\proquota.exe
2009-11-26 01:15:12 50176 ----a-w- c:\windows\system32\dllcache\proquota.exe
2009-11-26 01:09:59 0 d-sha-r- C:\cmdcons
2009-11-24 20:21:16 0 d-----w- c:\docume~1\user\applic~1\QuickScan
2009-11-24 19:36:57 0 d-----w- c:\program files\Trend Micro
2009-11-24 19:01:45 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-24 19:01:44 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-24 19:01:44 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-24 19:01:44 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-11-12 18:25:55 219 ----a-w- c:\windows\system32\MRT.INI
==================== Find3M ====================
2009-11-28 21:42:32 96512 ----a-w- c:\windows\system32\drivers\atapi.sys
2009-11-28 21:42:32 96512 ----a-w- c:\windows\system32\dllcache\atapi.sys
2009-11-28 02:20:59 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-10-21 04:08:54 3598336 ----a-w- c:\windows\system32\dllcache\mshtml.dll
2009-09-11 14:18:39 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-11 14:18:39 136192 ------w- c:\windows\system32\dllcache\msv1_0.dll
2009-09-04 21:03:36 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-09-04 21:03:36 58880 ------w- c:\windows\system32\dllcache\msasn1.dll
2009-09-03 17:41:51 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-09-01 17:43:07 47104 ----a-w- c:\windows\system32\KMVIDC32.DLL
2008-05-21 20:00:34 92672 ----a-w- c:\program files\KillBox.exe
2008-09-09 03:08:59 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008090820080909\index.dat
============= FINISH: 12:37:51.48 ===============
i have also attached the other two logs. someone please help me get MBAM running! thanks!
-
Malwarebytes will not open, but instead gives me two error messages, the first window being titled "vbAccelerator SGrid II Control" with the message "runtime error '0'" and the second being a window titled "Malwarebytes' Anti-Malware" with the message "runtime error '440' automation error". i uninstalled Malwarebytes and reinstalled it and i got the same two error messages at the end of the installation process, and again when i tried to open it. it still wouldn't open, so i followed the instructions on this page: http://www.malwarebytes.org/forums/index.php?showtopic=10138
it still gives me the same errors and will not open. help please!
MBAM Errors "0" and "440"
in Resolved Malware Removal Logs
Posted
i still have the errors, by the way. anything else i can try?