anti-malware full scan will not run, quick scan ran ok

[AdvancedSetup]

Great, okay then if the system is now able to run MBAM doing a Full Scan that is an improvement for sure.

Please post back the recent MBAM log.

Then run this scanner.

Download

DDS

and save it to your desktop

http://download.bleepingcomputer.com/sUBs/dds.scr

Disable any script blocker if your Anti-Virus/Anti-Malware has it.

Once downloaded you can disconnect from the Internet and disable your Ant-Virus temporarily if needed.

Then double click

dds.scr

to run the tool.

When done, the

DDS.txt

will open.

Click Yes at the next prompt for Optional Scan.

When done, DDS will open two (2) logs:

1. DDS.txt
2. Attach.txt
   
   

• Save both reports to your desktop
• Please include the following logs in your next reply:
  DDS.txt
  and
  Attach.txt
  
  

[mnalep]

Here is the mbam log: (I'll look at that DDS next):

Malwarebytes' Anti-Malware 1.38

Database version: 2299

Windows 5.0.2195 Service Pack 4

6/30/2009 11:50:18 AM

mbam-log-2009-06-30 (11-50-18).txt

Scan type: Full Scan (C:\|)

Objects scanned: 261743

Time elapsed: 31 minute(s), 33 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

c:\documents and settings\administrator\local settings\Temp\pft7~tmp\pp\ccinstaller.exe (Trojan.Agent) -> Quarantined and deleted successfully.

[mnalep]

I unstalled Avira, I could not get it run a second time on PC. I kept getting an Explorer.exe Application error, and then my system locks up.

The error msg is " an instruction at 0x77fb7964 referenced memory at 0x0000000, and the memory could not be read".

Here is DDS.txt:

DDS (Ver_09-06-26.01) - FAT32x86

Run by Administrator at 15:14:58.50 on Tue 06/30/2009

Internet Explorer: 6.0.2800.1106 BrowserJavaVersion: 1.6.0_13

Microsoft Windows 2000 Professional 5.0.2195.4.1252.1.1033.18.510.236 [GMT -4:00]

============== Running Processes ===============

C:\WINNT\system32\spoolsv.exe

C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINNT\System32\CTsvcCDA.exe

C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINNT\LogWatNT.exe

c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe

c:\ora8i\BIN\TNSLSNR.exe

c:\ora8i\bin\ORACLE.EXE

c:\ora8i\BIN\OWASTSVR.EXE

C:\WINNT\system32\regsvc.exe

C:\WINNT\system32\MSTask.exe

C:\Program Files\Dell\Resolution Assistant\Common\bin\RxMon.exe

C:\WINNT\system32\stisvc.exe

C:\WINNT\wanmpsvc.exe

C:\WINNT\System32\WBEM\WinMgmt.exe

C:\WINNT\System32\mspmspsv.exe

C:\WINNT\Explorer.EXE

C:\WINNT\system32\devldr32.exe

C:\Program Files\Dell\Resolution Assistant\MotiveAssistant\bin\mad.exe

C:\PROGRA~1\Adaptec\DirectCD\directcd.exe

C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe

C:\WINNT\system32\taskmgr.exe

C:\WINNT\system32\LVComsX.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Logitech\Video\AlbumDB2.exe

C:\Program Files\Logitech\Video\FxSvr2.exe

C:\Download\DDS SCAN\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://google.com/

uWindow Title = Microsoft Internet Explorer provided by America Online

uInternet Settings,ProxyOverride = 127.0.0.1;localhost

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: {0494D0D9-F8E0-41AD-92A3-14154ECE70AC} - No File

TB: Microsoft CommBand: {4d5c8c2a-d075-11d0-b416-00c04fb90376} - %SystemRoot%\system32\browseui.dll

TB: {4C4E7CDB-5BFC-4D74-83E2-8AE659B7EDA2} - No File

EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File

EB: Media Band: {32683183-48a0-441b-a342-7c2a440a9478} - %SystemRoot%\system32\browseui.dll

EB: {BE8D0059-D24D-4919-B76F-99F4A2203647} - No File

EB: {E2BF1BF3-1FDB-4C93-8874-0B09E71C594C} - No File

mRun: [madexe] c:\program files\dell\resolution assistant\motiveassistant\bin\mad.exe

mRun: [synchronization Manager] mobsync.exe /logon

mRun: [Adaptec DirectCD] c:\progra~1\adaptec\directcd\directcd.exe

mRun: [AVP] "c:\program files\kaspersky lab\kaspersky anti-virus 7.0\avp.exe"

dRunOnce: [^SetupICWDesktop] c:\program files\internet explorer\connection wizard\icwconn1.exe /desktop

IE: {6224f700-cba3-4071-b251-47cb894244cd} - c:\program files\icq\ICQ.exe

IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe

IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}

IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}

IE: {7F9DB11C-E358-4ca6-A83D-ACC663939424} - {9999A076-A9E2-4C99-8A2B-632FC9429223} - c:\program files\bonjour\ExplorerPlugin.dll

Trusted Zone: bcbsm.com

Trusted Zone: ca.com\www3

Trusted Zone: freshchoicetobacco.com

Trusted Zone: ibm.com\www.elink.ibmlink

Trusted Zone: investorvillage.com\www

Trusted Zone: investorvillage.com\www1

Trusted Zone: live.com\safety

Trusted Zone: mibcn.com\www

Trusted Zone: microsoft.com\update

Trusted Zone: microsoft.com\v4.windowsupdate

Trusted Zone: microsoft.com\www.update

Trusted Zone: novastarmortgage.com\www

Trusted Zone: ryomagazine.com\www

Trusted Zone: universalorlando.com\www

Trusted Zone: universalstudios.com\secure

DPF: DirectAnimation Java Classes - file://c:\winnt\java\classes\dajava.cab

DPF: Microsoft WFC Forms Designer - file://d:\vj98\wfcforms.cab

DPF: Microsoft XML Parser for Java - file://c:\winnt\java\classes\xmldso.cab

DPF: Visual Studio 6 Extensibility Libraries - file://d:\vj98\vstudio6.cab

DPF: {0000000A-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/d/4/4/d446e8a9-3a86-4b59-bb19-f5bd11b40367/wmavax.CAB

DPF: {00000075-9980-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/voxacm.CAB

DPF: {00000161-0000-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/msaudio.cab

DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204

DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} - hxxp://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab

DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper2007261.dll

DPF: {31564D57-0000-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/wmvax.cab

DPF: {32564D57-9980-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/wmv8dmo.cab

DPF: {3334504D-0000-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/mpeg4ax.cab

DPF: {33363249-0000-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/i263_32.cab

DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB

DPF: {38F5F92F-BD40-40DF-A569-6C1FCB638190} - hxxp://www.powerleap.com/cab_files/InSPECS3_0.cab

DPF: {41F17733-B041-4099-A042-B518BB6A408C} - hxxp://a1540.g.akamai.net/7/1540/52/20020323/qtinstall.info.apple.com/qt505/us/win/QuickTimeInstaller.exe

DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} - hxxp://www.linkedin.com/cab/LinkedInContactFinderControl.cab

DPF: {56393399-041A-4650-94C7-13DFCB1F4665} - hxxp://www3.ca.com/securityadvisor/pestscan/pestscan.cab

DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} - hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1241481548992

DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader.cab

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1155667012657

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1164479759409

DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} - hxxp://www.ca.com/us/securityadvisor/virusinfo/webscan.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab

DPF: {CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-1_4_1_01-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

Handler: ic32pp - {BBCA9F81-8F4F-11D2-90FF-0080C83D3571} - c:\winnt\wc98pp.dll

Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll

SEH: Microsoft.AntiSpyware.ShellExecuteHook.1: {9ef34ff2-3396-4527-9d27-04c8c1c67806} - c:\program files\microsoft antispyware\shellextension.dll

SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

LSA: Authentication Packages = msv1_0 c:\winnt\system32\opnkiHBR

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\admini~1\applic~1\mozilla\firefox\profiles\6ip6a61p.default\

FF - plugin: c:\ign\download manager\npfpdlm.dll

FF - plugin: c:\program files\netscape\communicator\program\plugins\np32dsw.dll

FF - plugin: c:\program files\netscape\communicator\program\plugins\npaudio.dll

FF - plugin: c:\program files\netscape\communicator\program\plugins\npavi32.dll

FF - plugin: c:\program files\netscape\communicator\program\plugins\npbeatnk.dll

FF - plugin: c:\program files\netscape\communicator\program\plugins\npdrmv2.dll

FF - plugin: c:\program files\netscape\communicator\program\plugins\npdsplay.dll

FF - plugin: c:\program files\netscape\communicator\program\plugins\NPJava11.dll

FF - plugin: c:\program files\netscape\communicator\program\plugins\NPJava12.dll

FF - plugin: c:\program files\netscape\communicator\program\plugins\NPJava13.dll

FF - plugin: c:\program files\netscape\communicator\program\plugins\NPJava32.dll

FF - plugin: c:\program files\netscape\communicator\program\plugins\NPJPI141_01.dll

FF - plugin: c:\program files\netscape\communicator\program\plugins\NPMAsst41.dll

FF - plugin: c:\program files\netscape\communicator\program\plugins\npnul32.dll

FF - plugin: c:\program files\netscape\communicator\program\plugins\nppdf32.dll

FF - plugin: c:\program files\netscape\communicator\program\plugins\nppl3260.dll

FF - plugin: c:\program files\netscape\communicator\program\plugins\nprfxins.dll

FF - plugin: c:\program files\netscape\communicator\program\plugins\nprjplug.dll

FF - plugin: c:\program files\netscape\communicator\program\plugins\nprpjplug.dll

FF - plugin: c:\program files\netscape\communicator\program\plugins\npswf32.dll

FF - plugin: c:\program files\netscape\communicator\program\plugins\npwmsdrm.dll

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R0 aaatimeo;aaatimeo;c:\winnt\system32\drivers\AAATIMEO.SYS [1980-1-1 4928]

R1 Cdudf;Cdudf;c:\winnt\system32\drivers\CDUDF.SYS [2001-5-10 221376]

R1 cmosa;cmosa;c:\winnt\system32\drivers\cmosa.sys [2001-5-10 29344]

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-5-26 9968]

R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-5-26 72944]

R2 AVP;Kaspersky Anti-Virus 7.0;c:\program files\kaspersky lab\kaspersky anti-virus 7.0\avp.exe [2008-2-8 227856]

R2 IntuitUpdateService;Intuit Update Service;c:\program files\common files\intuit\update service\IntuitUpdateService.exe [2008-10-10 13088]

R2 LogWatch;Event Log Watch;c:\winnt\LogWatNT.exe [2000-6-8 50976]

R2 Oracleora8iTNSListener;Oracleora8iTNSListener;c:\ora8i\bin\tnslsnr --> c:\ora8i\bin\TNSLSNR [?]

R2 OracleServiceORA8I;OracleServiceORA8I;c:\ora8i\bin\oracle.exe ora8i --> c:\ora8i\bin\ORACLE.EXE ORA8I [?]

R2 OracleWebAssistant1;OracleWebAssistant1;c:\ora8i\bin\OWASTSVR.EXE [1999-1-20 117248]

R3 lne100v5;Linksys LNE100TX(v5) Fast Ethernet Adapter;c:\winnt\system32\drivers\lne100v5.sys [2006-8-1 36013]

S0 cda1000;cda1000;c:\winnt\system32\drivers\CDA1000.SYS [1980-1-1 281024]

S3 EL90BC;3Com EtherLink XL B/C Adapter Driver;c:\winnt\system32\drivers\el90xbc5.sys [1999-10-23 61712]

S3 ISD200;USB Storage Adapter V2;c:\winnt\system32\drivers\ISD200.SYS [2004-1-10 26930]

S3 Oracleora8iAgent;Oracleora8iAgent;c:\ora8i\bin\DBSNMP.EXE [2003-6-12 18944]

S3 Oracleora8iClientCache;Oracleora8iClientCache;c:\ora8i\bin\ONRSD.EXE [1999-2-11 99328]

S3 Oracleora8iDataGatherer;Oracleora8iDataGatherer;c:\ora8i\bin\vppdc.exe [2003-6-12 51200]

S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-5-26 7408]

=============== Created Last 30 ================

2009-06-30 15:14 16,384 a------- c:\winnt\system32\Perflib_Perfdata_438.dat

2009-06-30 13:21 16,384 a------- c:\winnt\system32\Perflib_Perfdata_280.dat

2009-06-30 13:11 16,384 a------- c:\winnt\system32\Perflib_Perfdata_250.dat

2009-06-30 12:55 16,384 a------- c:\winnt\system32\Perflib_Perfdata_4bc.dat

2009-06-30 12:50 <DIR> --d----- c:\program files\PowerTools Lite

2009-06-30 12:40 16,384 a------- c:\winnt\system32\Perflib_Perfdata_284.dat

2009-06-30 10:07 <DIR> --d----- C:\FOUND.002

2009-06-30 09:18 16,384 a------- c:\winnt\system32\Perflib_Perfdata_390.dat

2009-06-29 22:22 <DIR> --d----- C:\FOUND.001

2009-06-29 21:03 16,384 a------- c:\winnt\system32\Perflib_Perfdata_59c.dat

2009-06-29 16:35 16,384 a------- c:\winnt\system32\Perflib_Perfdata_51c.dat

2009-06-29 16:34 16,384 a------- c:\winnt\system32\Perflib_Perfdata_2e4.dat

2009-06-29 15:57 16,384 a------- c:\winnt\system32\Perflib_Perfdata_2e0.dat

2009-06-29 15:50 112,144 a------- c:\winnt\system32\drivers\kl1.sys

2009-06-29 15:22 <DIR> --d----- c:\program files\Kaspersky Lab

2009-06-29 15:22 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Kaspersky Lab

2009-06-29 13:51 16,384 a------- c:\winnt\system32\Perflib_Perfdata_2d8.dat

2009-06-29 12:10 16,384 a------- c:\winnt\system32\Perflib_Perfdata_2d0.dat

2009-06-29 10:45 65,240 a------- c:\winnt\system32\drivers\avgntflt.sys

2009-06-29 10:21 16,384 a------- c:\winnt\system32\Perflib_Perfdata_49c.dat

2009-06-29 10:21 16,384 a------- c:\winnt\system32\Perflib_Perfdata_290.dat

2009-06-29 09:41 16,384 a------- c:\winnt\system32\Perflib_Perfdata_2b0.dat

2009-06-28 22:30 16,384 a------- c:\winnt\system32\Perflib_Perfdata_2b8.dat

2009-06-27 12:09 <DIR> --d----- c:\program files\XoftSpySE

2009-06-26 20:04 <DIR> --d----- c:\program files\CCleaner

2009-06-25 19:36 16,384 a------- c:\winnt\system32\Perflib_Perfdata_2c0.dat

2009-06-25 19:17 16,384 a------- c:\winnt\system32\Perflib_Perfdata_2cc.dat

2009-06-25 18:44 16,384 a------- c:\winnt\system32\Perflib_Perfdata_868.dat

2009-06-25 18:44 410,984 a------- c:\winnt\system32\deploytk.dll

2009-06-25 18:44 73,728 a------- c:\winnt\system32\javacpl.cpl

2009-06-25 16:04 210,944 a------- C:\EDS GrayEagles Directory 06 16 2009.xls

2009-06-23 18:16 369,630 ----h--- c:\winnt\ShellIconCache

2009-06-23 14:22 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com

2009-06-23 14:21 <DIR> --d----- c:\program files\SUPERAntiSpyware

2009-06-23 14:21 <DIR> --d----- c:\docume~1\admini~1\applic~1\SUPERAntiSpyware.com

2009-06-23 14:20 <DIR> --d----- c:\program files\common files\Wise Installation Wizard

2009-06-19 12:06 <DIR> --d----- C:\FOUND.000

2009-06-17 22:11 <DIR> --d----- C:\Rooter$

2009-06-17 21:24 0 a------- c:\winnt\system32\chkdsk

2009-06-17 21:12 <DIR> --d----- c:\program files\Trend Micro

2009-06-16 21:21 1,154 a------- C:\reregisterie.cmd

2009-06-15 11:38 1,022 a------- c:\winnt\AWMODEM.INF

2009-06-11 18:02 <DIR> --d----- C:\FOUND.062

2009-06-10 10:45 <DIR> --d----- C:\FOUND.061

2009-06-07 20:23 <DIR> --d----- C:\FOUND.060

==================== Find3M ====================

2009-06-17 11:27 38,160 a------- c:\winnt\system32\drivers\mbamswissarmy.sys

2009-06-17 11:27 18,456 a------- c:\winnt\system32\drivers\mbam.sys

2009-05-13 13:18 16,384 a------- c:\winnt\system32\Perflib_Perfdata_47c.dat

2009-05-07 02:41 263,440 a------- c:\winnt\system32\LOCALSPL.DLL

2009-05-07 02:41 263,440 -------- c:\winnt\system32\dllcache\localspl.dll

2009-05-01 11:28 462,336 a------- c:\winnt\system32\dllcache\URLMON.DLL

2009-04-24 05:54 95,504 a------- c:\winnt\system32\WIN32SPL.DLL

2009-04-24 05:54 95,504 a------- c:\winnt\system32\dllcache\win32spl.dll

2009-04-22 09:38 437,008 a------- c:\winnt\system32\rpcrt4.dll

2009-04-22 09:38 437,008 -------- c:\winnt\system32\dllcache\rpcrt4.dll

2009-04-21 16:10 132,096 a------- c:\winnt\system32\dllcache\MSRATING.DLL

2009-04-21 16:10 143,360 a------- c:\winnt\system32\dllcache\CDFVIEW.DLL

2009-04-21 16:10 1,018,368 a------- c:\winnt\system32\dllcache\BROWSEUI.DLL

2009-04-21 16:10 1,340,416 a------- c:\winnt\system32\dllcache\SHDOCVW.DLL

2009-04-21 16:10 402,944 a------- c:\winnt\system32\dllcache\SHLWAPI.DLL

2009-04-21 15:15 576,512 a------- c:\winnt\system32\WININET.DLL

2009-04-21 15:15 576,512 a------- c:\winnt\system32\dllcache\WININET.DLL

2009-04-21 15:15 12,288 a------- c:\winnt\system32\dllcache\JSPROXY.DLL

2009-04-21 15:15 69,632 a------- c:\winnt\system32\dllcache\INSENG.DLL

2009-04-21 15:14 236,032 a------- c:\winnt\system32\dllcache\IEPEERS.DLL

2009-04-21 15:14 2,707,456 a------- c:\winnt\system32\dllcache\MSHTML.DLL

2009-04-21 15:14 34,816 a------- c:\winnt\system32\dllcache\PNGFILT.DLL

2009-04-21 15:14 351,744 a------- c:\winnt\system32\dllcache\DXTMSFT.DLL

2009-04-21 15:14 192,512 a------- c:\winnt\system32\dllcache\DXTRANS.DLL

2009-04-21 15:14 498,176 a------- c:\winnt\system32\dllcache\MSTIME.DLL

2009-04-17 01:04 1,645,072 a------- c:\winnt\system32\WIN32K.SYS

2009-04-17 01:04 1,645,072 -------- c:\winnt\system32\dllcache\win32k.sys

2007-11-19 15:43 9 a------- c:\program files\install_log.dat

2003-09-28 13:52 21,952 a---h--- c:\program files\FOLDER.HTT

2003-09-28 13:52 271 a---h--- c:\program files\DESKTOP.INI

2002-06-05 17:20 7,432 a------- c:\program files\Pxu2.exe

2001-05-04 13:58 114,688 a------- c:\documents and settings\administrator\Fport.exe

2001-04-10 07:58 271 a---h--- c:\program files\common files\DESKTOP.INI

2000-07-26 17:00 32,528 a------- c:\winnt\inf\wbfirdma.sys

============= FINISH: 15:15:28.81 ===============

AND HERE IS ATTACH.TXT:

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-06-26.01)

Microsoft Windows 2000 Professional

Boot Device: \Device\Harddisk0\Partition1

Install Date:

System Uptime: 6/30/2009 10:38:34 AM (5 hours ago)

Motherboard: Intel Corporation | | CA810E

Processor: Intel Pentium III processor | J5H1 | 996/133mhz

==== Disk Partitions =========================

A: is Removable

C: is FIXED (FAT32) - 112 GiB total, 78.784 GiB free.

D: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4D36E97D-E325-11CE-BFC1-08002BE10318}

Description: Logical Disk Manager

Device ID: ROOT\DMIO\0001

Manufacturer: (Standard system devices)

Name: Logical Disk Manager

PNP Device ID: ROOT\DMIO\0001

Service: dmio

==== System Restore Points ===================

No restore point in system.

==== Installed Programs ======================

Absolute Poker

Actual Spy 3.0

Ad-aware 6 Personal

Adaptec DirectCD

Adobe Acrobat 5.0

Adobe Flash Player 10 ActiveX

Adobe Flash Player 10 Plugin

Adobe Reader 7.0.5 Language Support

Adobe Reader 7.0.8

Adobe Shockwave Player 11.5

Adobe

[mnalep]

I tried again to run a FULL SCAN with AnitMalware, and it locked up again with the "application error in mbam.exe - the instruction at 0x77fb7964 referenced mem0ry at 0x00000002 - the memory cannot be read"

Why does this happen. Is it a problem with mbam.exe?

[AdvancedSetup]

STEP 00

YOUR VERSION:

Malwarebytes' Anti-Malware 1.38

Database version: 2299

CURRENT VERSION:

Malwarebytes' Anti-Malware 1.38

Database version: 2357

Make sure you get an UPDATE

Update and Scan with Malwarebytes' Anti-Malware

• Start MalwareBytes AntiMalware (Vista users must Right click and choose RunAs Admin)
  
• Please DO NOT run MBAM in Safe Mode unless requested to, you MUST run it in normal Windows mode.
  
  • Update Malwarebytes' Anti-Malware
  • Select the Update tab
    
  • Click Update
    

  [*]When the update is complete, select the Scanner tab

  [*]Select Perform quick scan, then click Scan.

  [*]When the scan is complete, click OK, then Show Results to view the results.

  [*]Be sure that everything is checked, and click Remove Selected.

  [*]When completed, a log will open in Notepad. please copy and paste the log into your next reply

  • If you accidently close it, the log file is saved here and will be named like this:
    
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
    

Then post back the MBAM log and a new Hijackthis log.

STEP 01

I would recommend you remove the Adaptec DirectCD and if you need a disk burning application try: http://www.imgburn.com/

STEP 02

These versions of software are old and need to be either removed or updated.

Adobe Reader 7.0.5 Language Support

Adobe Reader 7.0.8

Netscape Communicator 4.79

STEP 03

This is Peer2Peer software and can easily get you infected from files that are shared and infected. You should uninstall it.

LimeWire 4.14.10

STEP 04

Please go into the Control Panel, Add/Remove and for now remove ALL versions of JAVA

J2SE Runtime Environment 5.0 Update 3

Java 2 Runtime Environment, SE v1.4.0

Java 2 Runtime Environment, SE v1.4.1_01

Java 2 SDK, SE v1.4.0

Java Web Start

Java

[mnalep]

I Updated Anti-Malware, and it found acouple dozen files. It actually looks like anothre Malware tool my gf told me to run called Malwarebot. It seems that might actually be malware posing as anti-malware? Have you heard of it before?

Here is the log:

Malwarebytes' Anti-Malware 1.38

Database version: 2358

Windows 5.0.2195 Service Pack 4

7/1/2009 11:59:50 AM

mbam-log-2009-07-01 (11-59-50).txt

Scan type: Quick Scan

Objects scanned: 114310

Time elapsed: 10 minute(s), 59 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 1

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 5

Files Infected: 22

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_CURRENT_USER\SOFTWARE\MalwareBot (Rogue.MalwareBot) -> Quarantined and deleted successfully.

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

C:\Program Files\MalwareBot (Rogue.MalwareBot) -> Quarantined and deleted successfully.

c:\documents and settings\All Users\Start Menu\Programs\MalwareBot (Rogue.MalwareBot) -> Quarantined and deleted successfully.

c:\documents and settings\Administrator\Application Data\MalwareBot (Rogue.MalwareBot) -> Quarantined and deleted successfully.

c:\documents and settings\administrator\application data\malwarebot\Log (Rogue.MalwareBot) -> Quarantined and deleted successfully.

c:\documents and settings\administrator\application data\malwarebot\Settings (Rogue.MalwareBot) -> Quarantined and deleted successfully.

Files Infected:

c:\program files\malwarebot\unins000.dat (Rogue.MalwareBot) -> Quarantined and deleted successfully.

c:\program files\malwarebot\unins000.exe (Rogue.MalwareBot) -> Quarantined and deleted successfully.

c:\program files\malwarebot\license.rtf (Rogue.MalwareBot) -> Quarantined and deleted successfully.

c:\program files\malwarebot\MalwareBot.exe (Rogue.MalwareBot) -> Quarantined and deleted successfully.

c:\program files\malwarebot\MalwareBot.url (Rogue.MalwareBot) -> Quarantined and deleted successfully.

c:\program files\malwarebot\DataBase.ref (Rogue.MalwareBot) -> Quarantined and deleted successfully.

c:\documents and settings\all users\start menu\Programs\malwarebot\MalwareBot.lnk (Rogue.MalwareBot) -> Quarantined and deleted successfully.

c:\documents and settings\all users\start menu\Programs\malwarebot\MalwareBot on the Web.lnk (Rogue.MalwareBot) -> Quarantined and deleted successfully.

c:\documents and settings\all users\start menu\Programs\malwarebot\Uninstall MalwareBot.lnk (Rogue.MalwareBot) -> Quarantined and deleted successfully.

c:\documents and settings\administrator\application data\malwarebot\rs.dat (Rogue.MalwareBot) -> Quarantined and deleted successfully.

c:\documents and settings\administrator\application data\malwarebot\Log\2009 Jun 30 - 05_40_51 PM_853.log (Rogue.MalwareBot) -> Quarantined and deleted successfully.

c:\documents and settings\administrator\application data\malwarebot\Log\2009 Jun 30 - 05_53_35 PM_991.log (Rogue.MalwareBot) -> Quarantined and deleted successfully.

c:\documents and settings\administrator\application data\malwarebot\Log\2009 Jun 30 - 06_14_44 PM_596.log (Rogue.MalwareBot) -> Quarantined and deleted successfully.

c:\documents and settings\administrator\application data\malwarebot\Log\2009 Jun 30 - 07_31_43 PM_893.log (Rogue.MalwareBot) -> Quarantined and deleted successfully.

c:\documents and settings\administrator\application data\malwarebot\Log\2009 Jun 30 - 07_53_40 PM_379.log (Rogue.MalwareBot) -> Quarantined and deleted successfully.

c:\documents and settings\administrator\application data\malwarebot\Log\2009 Jun 30 - 08_52_16 PM_168.log (Rogue.MalwareBot) -> Quarantined and deleted successfully.

c:\documents and settings\administrator\application data\malwarebot\Log\2009 Jun 30 - 10_33_43 PM_636.log (Rogue.MalwareBot) -> Quarantined and deleted successfully.

c:\documents and settings\administrator\application data\malwarebot\Log\2009 Jul 01 - 03_00_02 AM_943.log (Rogue.MalwareBot) -> Quarantined and deleted successfully.

c:\documents and settings\administrator\application data\malwarebot\Log\2009 Jul 01 - 03_00_04 AM_035.log (Rogue.MalwareBot) -> Quarantined and deleted successfully.

c:\documents and settings\administrator\application data\malwarebot\Log\2009 Jul 01 - 09_20_57 AM_737.log (Rogue.MalwareBot) -> Quarantined and deleted successfully.

c:\documents and settings\administrator\application data\malwarebot\Settings\ScanResults.pie (Rogue.MalwareBot) -> Quarantined and deleted successfully.

c:\WINNT\TASKS\MalwareBot Scheduled Scan.job (Rogue.MalwareBot) -> Quarantined and deleted successfully.

[mnalep]

I rebooted after running AntiMalware, and ran HijackThis, and here is that log:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 12:21:07 PM, on 7/1/2009

Platform: Windows 2000 SP4 (WinNT 5.00.2195)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Boot mode: Normal

Running processes:

C:\WINNT\System32\smss.exe

C:\WINNT\system32\winlogon.exe

C:\WINNT\system32\services.exe

C:\WINNT\system32\lsass.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\system32\spoolsv.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINNT\System32\CTsvcCDA.exe

C:\WINNT\System32\svchost.exe

C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINNT\LogWatNT.exe

c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe

C:\Program Files\McAfee\SiteAdvisor\McSACore.exe

C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe

c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

c:\ora8i\bin\ORACLE.EXE

c:\ora8i\BIN\OWASTSVR.EXE

C:\WINNT\system32\regsvc.exe

C:\WINNT\system32\MSTask.exe

C:\Program Files\Dell\Resolution Assistant\Common\bin\RxMon.exe

C:\WINNT\system32\stisvc.exe

C:\WINNT\wanmpsvc.exe

C:\WINNT\System32\WBEM\WinMgmt.exe

C:\WINNT\System32\mspmspsv.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\Explorer.EXE

c:\PROGRA~1\mcafee.com\agent\mcagent.exe

C:\WINNT\system32\devldr32.exe

C:\Program Files\Dell\Resolution Assistant\MotiveAssistant\bin\mad.exe

C:\PROGRA~1\Adaptec\DirectCD\directcd.exe

C:\Program Files\QuickTime\qttask.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

C:\WINNT\system32\taskmgr.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

C:\WINNT\system32\LVComsX.exe

C:\Program Files\Mozilla Firefox\firefox.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://*.bcbsm.com

O15 - Trusted Zone: http://*.freshchoicetobacco.com

O15 - Trusted Zone: http://*.mcafee.com

O15 - Trusted Zone: http://www.mibcn.com

O15 - Trusted Zone: http://www.novastarmortgage.com

O15 - Trusted Zone: http://www.ryomagazine.com

O15 - Trusted Zone: http://www.universalorlando.com

O15 - Trusted Zone: http://secure.universalstudios.com

O16 - DPF: Microsoft WFC Forms Designer - file://D:\VJ98\wfcforms.cab

O16 - DPF: Visual Studio 6 Extensibility Libraries - file://D:\VJ98\vstudio6.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200203...meInstaller.exe

O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.update.microsoft.com/v7/sit...b?1241481548992

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1155667012657

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1164479759409

O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINNT\System32\CTsvcCDA.exe

O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe

O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: Kodak Camera Connection Software (KodakCCS) - Unknown owner - C:\WINNT\system32\drivers\KodakCCS.exe (file missing)

O23 - Service: Event Log Watch (LogWatch) - Unknown owner - C:\WINNT\LogWatNT.exe

O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe

O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe

O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe

O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe

O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe

O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

O23 - Service: Oracle%ORACLE_HOME_SERVICE%ClientCache80 - Unknown owner - C:\ORANT\BIN\ONRSD80.EXE

O23 - Service: Oracleora8iAgent - oracle - c:\ora8i\bin\dbsnmp.exe

O23 - Service: Oracleora8iClientCache - Unknown owner - c:\ora8i\BIN\ONRSD.EXE

O23 - Service: Oracleora8iDataGatherer - Unknown owner - c:\ora8i\bin\vppdc.exe

O23 - Service: Oracleora8iTNSListener - Unknown owner - c:\ora8i\BIN\TNSLSNR.exe

O23 - Service: OracleServiceORA8I - Oracle Corporation - c:\ora8i\bin\ORACLE.EXE

O23 - Service: OracleWebAssistant1 - Oracle Corporation - c:\ora8i\BIN\OWASTSVR.EXE

O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\System32\HPZipm12.exe

O23 - Service: Service Request Monitor - Dell Computer Corporation - C:\Program Files\Dell\Resolution Assistant\Common\bin\RxMon.exe

O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINNT\wanmpsvc.exe

--

End of file - 10260 bytes

[AdvancedSetup]

I'm sorry but I just had too many other things to do tonight and I'm out of time. I'll pick back up on this tomorrow.

[AdvancedSetup]

I provided you with 7 steps to follow. Please respond and provide feedback on the results, outcome, or decision of each one so that I know where we're at.

Thank you.

[mnalep]

Hi Ron,

I had to put this down for a bit also, I had a car problem.

So far I have done step 0, and I have removed Limewire (step 3). I am getting the Adobe updates now (step 2). I will do the other steps afterwards.

Regarding step 1 - is there a problem with Adaptec DirectCD, and is that why I should remove and replace it?

Thanks,

Matt

[AdvancedSetup]

There are numerous complaints about it on the Web causing problems. They sold out to Roxio for that software years ago. You can keep it if you really want it, but it is ancient and not too many use it anymore due to all the problems it had.

[mnalep]

Ron,

Regarding these three items:

Adobe Reader 7.0.5 Language Support

Adobe Reader 7.0.8

Netscape Communicator 4.79

I upgraded Adobe Reader, and I don't see Reader 7.0.5 Language support in my list of programs any longer? I guess it's gone with the update?

Also, the Adobe Reader update put a program icon called Adobe AIR on my desktop. Looks like a programming tool, and I don't think I requested it with the Reader upgrade, any idea if I need it?

Also, I was trying to uninstall Netscape Communicator in Add/Remove Programs, but it does not want to complete. It starts loading the Install Shield application, get 99% done and then hangs. When I get tired of waiting, and kill the application in Task Manager, an error box displays sayin gsomething about System error - the request to end the selcted 16 bit task has timed out. Press OK to terminate the Win 16 Subsytem or Cancel to leave it running. What does that mean, and is there a way for me to just manually remove that Netscape application?

[AdvancedSetup]

Yeah I don't care for the AIR download from Adobe myself and it even caused some errors for one of our work computers so I remove it now days. It should be listed as a separate item to remove in the Add/Remove without affecting the Reader.

For the Netscape removal please see if a demo run of Total Uninstall helps to remove that and let me know.

[mnalep]

Ron, A quick question while i finish your item list, is "Explorer.EXE" the same as "explorer.exe"?

[AdvancedSetup]

Yes its the same

[AdvancedSetup]

Please post a status update on this. Thanks.

[AdvancedSetup]

Hi there, are you still with us? Please post an update.

Thanks.

[mnalep]

Hi Ron,

Yes, I am still here.

I had a radiator hose bust on my car yesterday afternoon, and I've been fixing that. I got the hoses on, but have a misfire now, soIi'm trying to figure that out. I'll get back on this soon.

Thanks,

Matt

[AdvancedSetup]

You probably either have water in the spark plug holes and the spark plug wires are not sufficiently insulated to keep out the water which then causes a premature spark to the head instead of the tip of the spark plug. If it's an older vehicle you could also have water in the distributor cap. Open it and try to dry it or spray it with WD-40 which will disperse the water and prevent arcing in the distributor cap.

[AdvancedSetup]

Hi Matt,

Just checking back to see how things are going so I don't lose track of you.

[AdvancedSetup]

Well not sure where you are or what's going on so I'll go ahead and close the post for now. If you do still need help then please send me a Private Message when you're ready to take another look at it and I'll help you out.

Hope all is going okay for you, take care.

Ron