Jump to content

vbAccelerator SGrid II Control error


Recommended Posts

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 6:58:52 PM, on 7/15/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Executive Software\Diskeeper\DkService.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\HPZipm12.exe

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\ehome\ehtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe

C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe

C:\Program Files\Apoint\Apoint.exe

C:\Program Files\Apoint\Apntex.exe

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\eHome\ehmsas.exe

C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\AVG\AVG8\avgtray.exe

C:\Program Files\AVG\AVG8\avgrsx.exe

C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

C:\Program Files\AVG\AVG8\avgcsrvx.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll

O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [intelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"

O4 - HKLM\..\Run: [intelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless

O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe

O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe

O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.1_07\bin\npjpi141_07.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.1_07\bin\npjpi141_07.dll

O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} (Pearson Installation Assistant 2) - http://asp.mathxl.com/books/_Players/PearsonInstallAsst2.cab

O16 - DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} (Pearson MathXL Player) - http://asp.mathxl.com/books/_Players/MathPlayer.cab

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe

O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

O23 - Service: Google Update Service (gupdate1ca057150e0f4a6) (gupdate1ca057150e0f4a6) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--

End of file - 6749 bytes

Link to post
Share on other sites

  • Root Admin

Please visit this webpage for instructions for downloading ComboFix to your
DESKTOP
:
how-to-use-combofix

Please ensure you read this guide carefully and install the Recovery Console first.

NOTE!!:

You must save and run
ComboFix.exe
on your DESKTOP and not from any other folder.

Also,
DO NOT
click the mouse or launch any other applications while this is running or it may stall the program

Additional links to download the tool:

Note:

The
Windows Recovery Console
will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once installed, you should see a blue screen prompt that says:

The Recovery Console was successfully installed.

Please continue as follows:
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Click
    Yes
    to allow ComboFix to continue scanning for malware.

  • When the tool is finished, it will produce a report for you.

  • Please post the
    C:\ComboFix.txt
    along with a
    new HijackThis log
    so we may continue cleaning the system.

Link to post
Share on other sites

Please visit this webpage for instructions for downloading ComboFix to your
DESKTOP
:

Please ensure you read this guide carefully and install the Recovery Console first.

NOTE!!:
You must save and run
ComboFix.exe
on your DESKTOP and not from any other folder.
Also,
DO NOT
click the mouse or launch any other applications while this is running or it may stall the program

Additional links to download the tool:

Note:
The
Windows Recovery Console
will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.
Once installed, you should see a blue screen prompt that says:

The Recovery Console was successfully installed.
Please continue as follows:
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

  • Click
    Yes
    to allow ComboFix to continue scanning for malware.

  • When the tool is finished, it will produce a report for you.

  • Please post the
    C:\ComboFix.txt
    along with a
    new HijackThis log
    so we may continue cleaning the system.

Thank you for your attention to this issue. I ran Combofix as instructed, and will include that log as well as a new HJT log.

ComboFix 09-07-14.08 - Stacia Haley 07/16/2009 7:26.2.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.503.184 [GMT -5:00]

Running from: c:\documents and settings\Stacia Haley\Desktop\ComboFix.exe

AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\windows\Installer\eb768.msi

c:\windows\system32\tmp.reg

.

((((((((((((((((((((((((( Files Created from 2009-06-16 to 2009-07-16 )))))))))))))))))))))))))))))))

.

2009-07-15 23:15 . 2009-07-15 23:15 -------- d-----w- c:\program files\VS Revo Group

2009-07-15 22:37 . 2009-07-15 22:45 11952 ----a-w- c:\windows\system32\avgrsstx.dll

2009-07-15 22:37 . 2009-07-15 22:45 327688 ----a-w- c:\windows\system32\drivers\avgldx86.sys

2009-07-15 22:37 . 2009-07-15 22:45 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys

2009-07-15 22:37 . 2009-07-16 11:36 -------- d-----w- c:\windows\system32\drivers\Avg

2009-07-15 22:37 . 2009-07-15 22:46 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8

2009-07-15 21:54 . 2009-04-30 21:22 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll

2009-07-15 21:54 . 2009-04-30 21:22 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll

2009-07-15 21:54 . 2009-04-30 21:22 1985024 -c----w- c:\windows\system32\dllcache\iertutil.dll

2009-07-15 21:54 . 2009-04-30 21:22 11064832 -c----w- c:\windows\system32\dllcache\ieframe.dll

2009-07-15 20:36 . 2009-07-15 20:36 -------- d-----w- c:\program files\Alwil Software

2009-07-15 19:32 . 2009-07-15 19:32 -------- d-----w- c:\windows\system32\drivers\AU_Backup

2009-07-15 19:32 . 2009-05-22 05:58 287608 ----a-w- c:\windows\system32\drivers\Tmfilter.sys

2009-07-15 19:28 . 2009-07-15 23:58 -------- d-----w- c:\program files\Trend Micro

2009-07-15 19:01 . 2004-08-04 05:56 116224 -c--a-w- c:\windows\system32\dllcache\xrxwiadr.dll

2009-07-15 19:01 . 2001-08-18 03:36 23040 -c--a-w- c:\windows\system32\dllcache\xrxwbtmp.dll

2009-07-15 19:01 . 2001-08-18 03:36 17408 -c--a-w- c:\windows\system32\dllcache\xrxscnui.dll

2009-07-15 19:01 . 2001-08-18 03:37 27648 -c--a-w- c:\windows\system32\dllcache\xrxftplt.exe

2009-07-15 19:01 . 2001-08-18 03:37 4608 -c--a-w- c:\windows\system32\dllcache\xrxflnch.exe

2009-07-15 18:59 . 2001-08-18 03:37 99865 -c--a-w- c:\windows\system32\dllcache\xlog.exe

2009-07-15 18:58 . 2001-08-17 17:11 16970 -c--a-w- c:\windows\system32\dllcache\xem336n5.sys

2009-07-15 18:58 . 2004-08-04 03:29 19455 -c--a-w- c:\windows\system32\dllcache\wvchntxx.sys

2009-07-15 18:58 . 2004-08-04 03:29 12063 -c--a-w- c:\windows\system32\dllcache\wsiintxx.sys

2009-07-15 18:58 . 2004-08-04 05:56 8192 -c--a-w- c:\windows\system32\dllcache\wshirda.dll

2009-07-15 18:58 . 2004-08-04 04:07 8832 -c--a-w- c:\windows\system32\dllcache\wmiacpi.sys

2009-07-15 18:58 . 2004-08-04 03:31 154624 -c--a-w- c:\windows\system32\dllcache\wlluc48.sys

2009-07-15 18:58 . 2001-08-17 17:12 34890 -c--a-w- c:\windows\system32\dllcache\wlandrv2.sys

2009-07-15 18:57 . 2001-08-17 18:28 771581 -c--a-w- c:\windows\system32\dllcache\winacisa.sys

2009-07-15 18:57 . 2001-08-18 03:36 53760 -c--a-w- c:\windows\system32\dllcache\wiamsmud.dll

2009-07-15 18:57 . 2001-08-18 03:36 87040 -c--a-w- c:\windows\system32\dllcache\wiafbdrv.dll

2009-07-15 18:57 . 2001-08-17 18:28 701386 -c--a-w- c:\windows\system32\dllcache\wdhaalba.sys

2009-07-15 18:57 . 2004-08-04 03:29 23615 -c--a-w- c:\windows\system32\dllcache\wch7xxnt.sys

2009-07-15 18:57 . 2004-08-04 04:08 31744 -c--a-w- c:\windows\system32\dllcache\wceusbsh.sys

2009-07-15 18:57 . 2001-08-17 17:10 35871 -c--a-w- c:\windows\system32\dllcache\wbfirdma.sys

2009-07-15 18:57 . 2004-08-04 03:29 25471 -c--a-w- c:\windows\system32\dllcache\watv10nt.sys

2009-07-15 18:57 . 2004-08-04 03:29 22271 -c--a-w- c:\windows\system32\dllcache\watv06nt.sys

2009-07-15 18:57 . 2004-08-04 03:29 33599 -c--a-w- c:\windows\system32\dllcache\watv04nt.sys

2009-07-15 18:55 . 2001-08-17 17:14 249402 -c--a-w- c:\windows\system32\dllcache\vinwm.sys

2009-07-15 18:55 . 2001-08-17 18:49 24576 -c--a-w- c:\windows\system32\dllcache\viairda.sys

2009-07-15 18:55 . 2004-08-04 03:59 5376 -c--a-w- c:\windows\system32\dllcache\viaide.sys

2009-07-15 18:55 . 2004-08-04 04:07 42240 -c--a-w- c:\windows\system32\dllcache\viaagp.sys

2009-07-15 18:55 . 2004-08-04 05:56 11325 -c--a-w- c:\windows\system32\dllcache\vchnt5.dll

2009-07-15 18:55 . 2001-08-17 18:28 687999 -c--a-w- c:\windows\system32\dllcache\usrwdxjs.sys

2009-07-15 18:55 . 2001-08-17 18:28 765884 -c--a-w- c:\windows\system32\dllcache\usrti.sys

2009-07-15 18:55 . 2001-08-17 18:28 113762 -c--a-w- c:\windows\system32\dllcache\usrpda.sys

2009-07-15 18:55 . 2001-08-17 18:28 7556 -c--a-w- c:\windows\system32\dllcache\usroslba.sys

2009-07-15 18:55 . 2001-08-17 18:28 224802 -c--a-w- c:\windows\system32\dllcache\usr1807a.sys

2009-07-15 18:55 . 2001-08-17 18:28 794399 -c--a-w- c:\windows\system32\dllcache\usr1806v.sys

2009-07-15 18:55 . 2001-08-17 18:28 793598 -c--a-w- c:\windows\system32\dllcache\usr1806.sys

2009-07-15 18:55 . 2001-08-17 18:28 794654 -c--a-w- c:\windows\system32\dllcache\usr1801.sys

2009-07-15 18:54 . 2004-08-04 04:10 78464 -c--a-w- c:\windows\system32\dllcache\usbvideo.sys

2009-07-15 18:54 . 2004-08-04 04:08 25600 -c--a-w- c:\windows\system32\dllcache\usbser.sys

2009-07-15 18:54 . 2004-08-04 04:08 17024 -c--a-w- c:\windows\system32\dllcache\usbohci.sys

2009-07-15 18:54 . 2004-08-04 04:04 12672 -c--a-w- c:\windows\system32\dllcache\usb8023x.sys

2009-07-15 18:54 . 2004-08-04 03:31 32384 -c--a-w- c:\windows\system32\dllcache\usb101et.sys

2009-07-15 18:54 . 2001-08-18 03:36 94720 -c--a-w- c:\windows\system32\dllcache\umaxud32.dll

2009-07-15 18:54 . 2001-08-18 03:36 28160 -c--a-w- c:\windows\system32\dllcache\umaxu40.dll

2009-07-15 18:54 . 2001-08-18 03:36 26624 -c--a-w- c:\windows\system32\dllcache\umaxu22.dll

2009-07-15 18:54 . 2001-08-18 03:36 69632 -c--a-w- c:\windows\system32\dllcache\umaxu12.dll

2009-07-15 18:54 . 2001-08-18 03:36 50688 -c--a-w- c:\windows\system32\dllcache\umaxscan.dll

2009-07-15 18:54 . 2001-08-17 18:58 22912 -c--a-w- c:\windows\system32\dllcache\umaxpcls.sys

2009-07-15 18:54 . 2001-08-18 03:36 50176 -c--a-w- c:\windows\system32\dllcache\umaxp60.dll

2009-07-15 18:53 . 2001-08-18 03:36 47616 -c--a-w- c:\windows\system32\dllcache\umaxcam.dll

2009-07-15 18:53 . 2001-08-18 03:36 211968 -c--a-w- c:\windows\system32\dllcache\um54scan.dll

2009-07-15 18:53 . 2001-08-18 03:36 216064 -c--a-w- c:\windows\system32\dllcache\um34scan.dll

2009-07-15 18:53 . 2001-08-17 18:52 36736 -c--a-w- c:\windows\system32\dllcache\ultra.sys

2009-07-15 18:53 . 2004-08-04 04:07 44672 -c--a-w- c:\windows\system32\dllcache\uagp35.sys

2009-07-15 18:53 . 2001-08-17 18:48 11520 -c--a-w- c:\windows\system32\dllcache\twotrack.sys

2009-07-15 18:53 . 2001-08-17 17:51 166784 -c--a-w- c:\windows\system32\dllcache\tridxpm.sys

2009-07-15 18:53 . 2001-08-18 03:36 525568 -c--a-w- c:\windows\system32\dllcache\tridxp.dll

2009-07-15 18:53 . 2001-08-17 17:51 159232 -c--a-w- c:\windows\system32\dllcache\tridkbm.sys

2009-07-15 18:53 . 2001-08-17 19:56 440576 -c--a-w- c:\windows\system32\dllcache\tridkb.dll

2009-07-15 18:53 . 2001-08-17 17:51 222336 -c--a-w- c:\windows\system32\dllcache\trid3dm.sys

2009-07-15 18:52 . 2001-08-17 19:56 315520 -c--a-w- c:\windows\system32\dllcache\trid3d.dll

2009-07-15 18:52 . 2001-08-17 17:12 34375 -c--a-w- c:\windows\system32\dllcache\tpro4.sys

2009-07-15 18:52 . 2001-08-18 03:35 42496 -c--a-w- c:\windows\system32\dllcache\tp4res.dll

2009-07-15 18:52 . 2004-08-04 05:56 82432 -c--a-w- c:\windows\system32\dllcache\tp4mon.exe

2009-07-15 18:52 . 2001-08-18 03:36 31744 -c--a-w- c:\windows\system32\dllcache\tp4.dll

2009-07-15 18:52 . 2001-08-17 18:51 4992 -c--a-w- c:\windows\system32\dllcache\toside.sys

2009-07-15 18:52 . 2001-08-17 19:02 230912 -c--a-w- c:\windows\system32\dllcache\tosdvd03.sys

2009-07-15 18:52 . 2001-08-17 19:01 241664 -c--a-w- c:\windows\system32\dllcache\tosdvd02.sys

2009-07-15 18:52 . 2001-08-17 17:10 28232 -c--a-w- c:\windows\system32\dllcache\tos4mo.sys

2009-07-15 18:52 . 2001-08-17 17:14 123995 -c--a-w- c:\windows\system32\dllcache\tjisdn.sys

2009-07-15 18:52 . 2001-08-17 17:51 138528 -c--a-w- c:\windows\system32\dllcache\tgiulnt5.sys

2009-07-15 18:51 . 2001-08-17 19:56 81408 -c--a-w- c:\windows\system32\dllcache\tgiul50.dll

2009-07-15 18:51 . 2004-08-04 04:00 149376 -c--a-w- c:\windows\system32\dllcache\tffsport.sys

2009-07-15 18:51 . 2001-08-17 17:13 17129 -c--a-w- c:\windows\system32\dllcache\tdkcd31.sys

2009-07-15 18:51 . 2001-08-17 17:13 37961 -c--a-w- c:\windows\system32\dllcache\tdk100b.sys

2009-07-15 18:51 . 2001-08-17 18:49 30464 -c--a-w- c:\windows\system32\dllcache\tbatm155.sys

2009-07-15 18:51 . 2001-08-17 18:52 7040 -c--a-w- c:\windows\system32\dllcache\tandqic.sys

2009-07-15 18:51 . 2001-08-17 17:50 36640 -c--a-w- c:\windows\system32\dllcache\t2r4mini.sys

2009-07-15 18:51 . 2001-08-17 19:56 172768 -c--a-w- c:\windows\system32\dllcache\t2r4disp.dll

2009-07-15 18:51 . 2001-08-17 19:07 32640 -c--a-w- c:\windows\system32\dllcache\symc8xx.sys

2009-07-15 18:51 . 2001-08-17 19:07 16256 -c--a-w- c:\windows\system32\dllcache\symc810.sys

2009-07-15 18:51 . 2001-08-17 19:07 30688 -c--a-w- c:\windows\system32\dllcache\sym_u3.sys

2009-07-15 18:50 . 2001-08-17 19:07 28384 -c--a-w- c:\windows\system32\dllcache\sym_hi.sys

2009-07-15 18:50 . 2001-08-18 03:36 94293 -c--a-w- c:\windows\system32\dllcache\sxports.dll

2009-07-15 18:50 . 2001-08-17 18:50 103936 -c--a-w- c:\windows\system32\dllcache\sx.sys

2009-07-15 18:50 . 2001-08-17 19:02 3968 -c--a-w- c:\windows\system32\dllcache\swusbflt.sys

2009-07-15 18:50 . 2001-08-18 03:36 10240 -c--a-w- c:\windows\system32\dllcache\swpidflt.dll

2009-07-15 18:50 . 2001-08-18 03:36 10240 -c--a-w- c:\windows\system32\dllcache\swpdflt2.dll

2009-07-15 18:50 . 2001-08-18 03:36 53760 -c--a-w- c:\windows\system32\dllcache\sw_wheel.dll

2009-07-15 18:50 . 2001-08-18 03:36 41472 -c--a-w- c:\windows\system32\dllcache\sw_effct.dll

2009-07-15 18:50 . 2001-08-18 03:36 155648 -c--a-w- c:\windows\system32\dllcache\stlnprop.dll

2009-07-15 18:50 . 2001-08-18 03:36 53248 -c--a-w- c:\windows\system32\dllcache\stlncoin.dll

2009-07-15 18:50 . 2001-08-17 17:18 285760 -c--a-w- c:\windows\system32\dllcache\stlnata.sys

2009-07-15 18:50 . 2001-08-17 18:51 16896 -c--a-w- c:\windows\system32\dllcache\stcusb.sys

2009-07-15 18:49 . 2001-08-17 17:11 48736 -c--a-w- c:\windows\system32\dllcache\srwlnd5.sys

2009-07-15 18:49 . 2001-08-18 03:36 99328 -c--a-w- c:\windows\system32\dllcache\srusd.dll

2009-07-15 18:49 . 2001-08-18 03:36 24660 -c--a-w- c:\windows\system32\dllcache\spxupchk.dll

2009-07-15 18:49 . 2001-08-17 18:51 61824 -c--a-w- c:\windows\system32\dllcache\speed.sys

2009-07-15 18:49 . 2001-08-18 03:36 106584 -c--a-w- c:\windows\system32\dllcache\spdports.dll

2009-07-15 18:49 . 2001-08-17 19:07 19072 -c--a-w- c:\windows\system32\dllcache\sparrow.sys

2009-07-15 18:49 . 2001-08-17 18:56 7552 -c--a-w- c:\windows\system32\dllcache\sonypvu1.sys

2009-07-15 18:49 . 2001-08-17 17:51 37040 -c--a-w- c:\windows\system32\dllcache\sonypi.sys

2009-07-15 18:49 . 2001-08-18 03:36 114688 -c--a-w- c:\windows\system32\dllcache\sonypi.dll

2009-07-15 18:49 . 2001-08-17 17:51 20752 -c--a-w- c:\windows\system32\dllcache\sonync.sys

2009-07-15 18:47 . 2001-08-18 03:36 28672 -c--a-w- c:\windows\system32\dllcache\sma0w.dll

2009-07-15 18:46 . 2001-08-17 17:50 68608 -c--a-w- c:\windows\system32\dllcache\sis6306p.sys

2009-07-15 18:46 . 2001-08-17 19:56 252032 -c--a-w- c:\windows\system32\dllcache\sis300iv.dll

2009-07-15 18:46 . 2001-08-17 17:50 101760 -c--a-w- c:\windows\system32\dllcache\sis300ip.sys

2009-07-15 18:46 . 2004-08-04 05:56 3901 -c--a-w- c:\windows\system32\dllcache\siint5.dll

2009-07-15 18:46 . 2001-07-21 19:29 161568 -c--a-w- c:\windows\system32\dllcache\sgsmusb.sys

2009-07-15 18:46 . 2001-07-21 19:29 18400 -c--a-w- c:\windows\system32\dllcache\sgsmld.sys

2009-07-15 18:46 . 2001-08-17 17:51 98080 -c--a-w- c:\windows\system32\dllcache\sgiulnt5.sys

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-07-15 17:27 . 2006-01-08 20:05 -------- d-----w- c:\program files\Google

2009-07-15 17:18 . 2009-07-15 17:18 -------- d-----w- c:\program files\Common Files\snp2std

2009-07-15 17:18 . 2005-12-08 02:47 -------- d--h--w- c:\program files\InstallShield Installation Information

2009-07-15 16:14 . 2005-12-26 05:35 -------- d-----w- c:\program files\Yahoo!

2009-07-15 13:12 . 2005-12-26 03:13 -------- d-----w- c:\program files\AOD

2009-07-15 02:29 . 2009-07-14 15:13 24908 --sha-w- c:\windows\system32\drivers\fidbox.idx

2009-07-15 02:29 . 2009-07-14 15:13 1940 --sha-w- c:\windows\system32\drivers\fidbox2.idx

2009-07-04 23:56 . 2006-02-07 17:55 -------- d-----w- c:\documents and settings\Stacia Haley\Application Data\Apple Computer

2009-07-01 19:18 . 2009-07-01 19:18 360320 ----a-w- c:\windows\system32\drivers\TCPIP.SYS.ORIGINAL

2009-07-01 17:56 . 2006-12-04 04:07 -------- d-----w- c:\program files\Apple Software Update

2009-06-16 14:55 . 2004-08-10 11:00 82432 ----a-w- c:\windows\system32\fontsub.dll

2009-06-16 14:55 . 2004-08-10 11:00 119808 ----a-w- c:\windows\system32\t2embed.dll

2009-06-03 19:24 . 2004-08-10 11:00 1291264 ----a-w- c:\windows\system32\quartz.dll

2009-06-01 13:22 . 2009-07-15 19:32 9070 ----a-w- c:\windows\system32\drivers\tmfilter.cat

2009-05-22 06:03 . 2009-07-15 19:32 3444 ----a-w- c:\windows\system32\drivers\tmpreflt.inf

2009-05-22 06:03 . 2009-07-15 19:32 2583 ----a-w- c:\windows\system32\drivers\tmxpflt.inf

2009-05-22 05:46 . 2009-07-15 19:32 2544 ----a-w- c:\windows\system32\drivers\vsapint.inf

2009-05-13 05:15 . 2004-08-10 11:00 915456 ----a-w- c:\windows\system32\wininet.dll

2009-05-07 15:44 . 2004-08-10 11:00 344064 ----a-w- c:\windows\system32\localspl.dll

2006-01-08 20:05 . 2006-01-08 20:05 774144 ----a-w- c:\program files\RngInterstitial.dll

2009-04-30 15:54 . 2009-01-09 18:08 134648 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-10 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]

"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-10-14 94208]

"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-10-14 77824]

"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-10-14 114688]

"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-11-10 667718]

"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-11-10 602182]

"Apoint"="c:\program files\Apoint\Apoint.exe" [2004-09-13 155648]

"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-07-15 1948440]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2009-07-15 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2009-07-15 15:54 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]

2009-07-15 22:45 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk

backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ExifLauncher2.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\ExifLauncher2.lnk

backup=c:\windows\pss\ExifLauncher2.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^F1U201.401.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\F1U201.401.lnk

backup=c:\windows\pss\F1U201.401.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk

backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk

backup=c:\windows\pss\HP Image Zone Fast Start.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"UpdatesDisableNotify"=dword:00000001

"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [7/15/2009 5:37 PM 327688]

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [10/10/2006 1:53 PM 9968]

R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2/27/2007 12:39 PM 55024]

R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [7/15/2009 5:37 PM 298776]

R2 NwSapAgent;SAP Agent;c:\windows\system32\svchost.exe -k netsvcs [8/10/2004 6:00 AM 14336]

S2 gupdate1ca057150e0f4a6;Google Update Service (gupdate1ca057150e0f4a6);c:\program files\Google\Update\GoogleUpdate.exe [7/15/2009 12:25 PM 133104]

S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [1/8/2006 3:05 PM 29744]

S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2/16/2006 5:51 PM 4096]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]

"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

.

Contents of the 'Scheduled Tasks' folder

2009-07-14 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2009-07-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-15 17:25]

2009-07-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-15 17:25]

2009-07-16 c:\windows\Tasks\User_Feed_Synchronization-{1F43B247-0DC3-47FA-9C2C-882D7CF6C161}.job

- c:\windows\system32\msfeedssync.exe [2009-03-08 09:31]

.

.

------- Supplementary Scan -------

.

FF - ProfilePath - c:\documents and settings\Stacia Haley\Application Data\Mozilla\Firefox\Profiles\0zh1zc82.default\

FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll

FF - plugin: c:\program files\Java\j2re1.4.1_07\bin\NPJava11.dll

FF - plugin: c:\program files\Java\j2re1.4.1_07\bin\NPJava12.dll

FF - plugin: c:\program files\Java\j2re1.4.1_07\bin\NPJava13.dll

FF - plugin: c:\program files\Java\j2re1.4.1_07\bin\NPJava32.dll

FF - plugin: c:\program files\Java\j2re1.4.1_07\bin\NPJPI141_07.dll

FF - plugin: c:\program files\Java\j2re1.4.1_07\bin\NPOJI610.dll

FF - plugin: c:\program files\Real\RealArcade\Plugins\Mozilla\npracplug.dll

FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-07-16 07:32

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\INTEL\Wireless\Folders\0* 2*]

"Path"="c:\\WINDOWS\\system32\\config\\systemprofile\\Application Data\\Intel\\Wireless\\"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1008)

c:\program files\SUPERAntiSpyware\SASWINLO.DLL

c:\windows\system32\WININET.dll

.

Completion time: 2009-07-16 7:34

ComboFix-quarantined-files.txt 2009-07-16 12:34

ComboFix2.txt 2009-07-14 04:31

Pre-Run: 21,784,985,600 bytes free

Post-Run: 21,797,916,672 bytes free

273 --- E O F --- 2009-07-16 11:18

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 8:09:13 AM, on 7/16/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Executive Software\Diskeeper\DkService.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\PROGRA~1\AVG\AVG8\avgrsx.exe

C:\WINDOWS\eHome\ehSched.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\ehome\ehtray.exe

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe

C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Apoint\Apoint.exe

C:\PROGRA~1\AVG\AVG8\avgtray.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Apoint\Apntex.exe

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\eHome\ehmsas.exe

C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe

C:\Program Files\internet explorer\iexplore.exe

C:\Program Files\internet explorer\iexplore.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll

O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [intelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"

O4 - HKLM\..\Run: [intelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless

O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe

O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.1_07\bin\npjpi141_07.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.1_07\bin\npjpi141_07.dll

O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} (Pearson Installation Assistant 2) - http://asp.mathxl.com/books/_Players/PearsonInstallAsst2.cab

O16 - DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} (Pearson MathXL Player) - http://asp.mathxl.com/books/_Players/MathPlayer.cab

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe

O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

O23 - Service: Google Update Service (gupdate1ca057150e0f4a6) (gupdate1ca057150e0f4a6) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--

End of file - 6541 bytes

Link to post
Share on other sites

  • Root Admin

STEP 01

Download but do not yet run ComboFix

If you have a previous version of Combofix.exe, delete it and download a fresh copy.

Download it to your DESKTOP - it MUST run from the Desktop

download.bleepingcomputer.com/sUBs/ComboFix.exe

subs.geekstogo.com/ComboFix.exe

Using your mouse, Highlight and then Right-click | Copy the entire contents of the Code box below, including blank lines

KILLALL::
DDS::
FF - plugin: c:\program files\Java\j2re1.4.1_07\bin\NPJava11.dll
FF - plugin: c:\program files\Java\j2re1.4.1_07\bin\NPJava12.dll
FF - plugin: c:\program files\Java\j2re1.4.1_07\bin\NPJava13.dll
FF - plugin: c:\program files\Java\j2re1.4.1_07\bin\NPJava32.dll
FF - plugin: c:\program files\Java\j2re1.4.1_07\bin\NPJPI141_07.dll
FF - plugin: c:\program files\Java\j2re1.4.1_07\bin\NPOJI610.dll
FF - plugin: c:\program files\Real\RealArcade\Plugins\Mozilla\npracplug.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll


RegLock::
[HKEY_LOCAL_MACHINE\software\INTEL\Wireless\Folders\0* 2*]
RegNull::
[HKEY_LOCAL_MACHINE\software\INTEL\Wireless\Folders\0* 2*]
RegLock::
[HKEY_LOCAL_MACHINE\software\INTEL\Wireless\Folders\0* 2*]

Open a new Notepad session (Do not use a Word Processor or WordPad). Click "Format" and be certain that Word Wrap is not enabled. Right-click | Paste the Code box contents from above into Notepad. Click File, Save as..., and set the location to your Desktop, and enter (including quotation marks) as the filename: "CFscript.txt" .

Using your mouse, drag the new file CFscript.txt and drop it on the Combo-Fix.exe icon as shown:

CFScript.gif

  • Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.
  • Disconnect from the Internet.
  • Disable your Antivirus software. If it has Script Blocking features, please disable these as well.
  • A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix.
  • It may identify that Recovery Console is not installed. Please accept when asked if you wish it to be installed.
    When the scan completes Notepad will open with with your results log open. Do a File, Exit.

A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

Post back the Combofix log on your next reply.

STEP 02

Please go into the Control Panel, Add/Remove and for now remove ALL versions of JAVA

Then run this tool to help cleanup any left over Java

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.

Please download JavaRa and unzip it to your desktop.

***Please close any instances of Internet Explorer (or other web browser) before continuing!***

  • Double-click on JavaRa.exe to start the program.
  • From the drop-down menu, choose English and click on Select.
  • JavaRa will open; click on Remove Older Versions to remove the older versions of Java installed on your computer.
  • Click Yes when prompted. When JavaRa is done, a notice will appear that a logfile has been produced. Click OK.
  • A logfile will pop up. Please save it to a convenient location and post it back when you reply
    Then look for the following Java folders and if found delete them.
    C:\Program Files\Java
    C:\Program Files\Common Files\Java
    C:\Windows\Sun
    C:\Documents and Settings\All Users\Application Data\Java
    C:\Documents and Settings\All Users\Application Data\Sun\Java
    C:\Documents and Settings\username\Application Data\Java
    C:\Documents and Settings\username\Application Data\Sun\Java

STEP 03

    Download and install CCleaner
  • CCleaner
  • Double-click on the downloaded file "ccsetup220_slim.exe" and install the application.
  • Keep the default installation folder "C:\Program Files\CCleaner"
  • Click finish when done and close ALL PROGRAMS
  • Start the CCleaner program.
  • Click on Registry and Uncheck Registry Integrity so that it does not run (basically the very top, uncheck it)
  • Click on Options - Advanced and Uncheck "Only delete files in Windows Temp folders older than 48 hours"
  • Click back to Cleaner and under SYSTEM uncheck the Memory Dumps and Windows Log Files
  • Click on Run Cleaner button on the bottom right side of the program.
  • Click OK to any prompts

STEP 04

Please download and run these tools which are designed to restore some standard policy settings. They are not harmful.

    VArestorepolicies.INF
  • Download this INF repair file from here: VArestorepolicies.zip by MS-MVP Miekiemoes
  • Unzip or open the file VArestorepolicies.zip
  • Open the folder VArestorepolicies and Right-click the file inside, VArestorepolicies.INF and choose Install
    FixPolicies.exe
  • Download this self-extracting ZIP archive from here: FixPolicies.exe by MS-MVP Bill Castner and save it to your desktop.
  • Double-click FixPolicies.exe
  • Click the "Install" button on the bottom toolbar of the box that will open
  • The program will create a new Folder called FixPolicies
  • Double-click to Open the new Folder, and then double-click the file within: Fix_Policies.cmd
  • A black box will briefly appear and then close
  • These fixes may prove temporary. Active malware may revert these changes on your next startup. You can safely run these utilities again.

STEP 05

Click on START - RUN and copy / paste the entry below into the run line and click OK

CMD /C NETSH FIREWALL RESET

Click on START - RUN and copy / paste the entry below into the run line and click OK

CMD /C NETSH int ip reset c:\resetlog.txt

STEP 06

You may have corrupted files on your disk. Please try running the following.

First close ALL Applications as this routine will automatically restart your computer.

Click on START - RUN and copy / paste the following entry into the box and click OK

CMD /C ECHO Y|CHKDSK C: /F | SHUTDOWN /R /T 30

STEP 07

Download and Update Java Runtime

The most current version of Sun Java is: Java Runtime Environment (JRE) 6 Update 14.

  • Go to http://java.sun.com/javase/downloads/index.jsp
  • Go to Java Runtime Environment (JRE) 6 Update 14 about half way down the page and click on the Download button.
  • In Platform box choose Windows.
  • Check the box to Accept License Agreement and click Continue.
  • Click on Windows Offline Installation, click on the link under it which says jre-6u14-windows-i586.exe and save the downloaded file to your desktop.
  • Install the new version by running the newly-downloaded file with the java icon which will be on your desktop, and follow the on-screen instructions.
  • Uncheck the Toolbar button (unless you want the toolbar)
  • Reboot your computer

STEP 08

Update and Scan with Malwarebytes' Anti-Malware

  • Start MalwareBytes AntiMalware (Vista users must Right click and choose RunAs Admin)
  • Please DO NOT run MBAM in Safe Mode unless requested to, you MUST run it in normal Windows mode.
    • Update Malwarebytes' Anti-Malware
    • Select the Update tab
    • Click Update

    [*]When the update is complete, select the Scanner tab

    [*]Select Perform quick scan, then click Scan.

    [*]When the scan is complete, click OK, then Show Results to view the results.

    [*]Be sure that everything is checked, and click Remove Selected.

    [*]When completed, a log will open in Notepad. please copy and paste the log into your next reply

    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Then post back the MBAM log on your next reply.

STEP 09

Please disable your current Anti-Virus and run this Online AV scanner

Run Eset NOD32 Online AntiVirus

Note: You will need to use Internet Explorer for this scan.

  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Disable your current Antivirus software. You can usually do this with its Notfication Tray icon near the clock.
  • Click Start
  • Make sure that the option "Remove found threats" is Un-checked, and the option "Scan unwanted applications" is checked
  • Click Scan
  • Wait for the scan to finish
  • Re-enable your Anvirisus software.
  • A logfile is created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.
Link to post
Share on other sites

Thanks AdvancedSetup! I followed each step to the letter, and a couple of notes here: I can not include a Malwarebytes' log, as it still will not run after installation. In fact, just before the installation completes, I get these error messages: 1. vbAccelerator SGrid II Control Run-time error "0"

2. Malwarebytes' Anti-Malware Automation error

3. #1 repeats in identical fashion

4. Malwarebytes' Anti-Malware Run-time error "440" Automation error

Any attempt to start the newly installed program is instead prevented by these same error messages....

Here are the Combofix, JavaRa, and ESET logs as requested. Thanks for your efforts, as I know you are extremely busy. I will await futher instructions.

ComboFix 09-07-14.08 - Stacia Haley 07/17/2009 8:40.3.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1015.626 [GMT -5:00]

Running from: c:\documents and settings\Stacia Haley\Desktop\ComboFix.exe

Command switches used :: c:\documents and settings\Stacia Haley\Desktop\CFscript.txt

AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

.

((((((((((((((((((((((((( Files Created from 2009-06-17 to 2009-07-17 )))))))))))))))))))))))))))))))

.

2009-07-16 13:03 . 2009-07-17 13:04 -------- d--h--w- C:\$AVG8.VAULT$

2009-07-16 12:45 . 2009-07-15 22:45 760600 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgscanx.exe

2009-07-16 12:45 . 2009-07-15 22:45 338712 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgscanx.dll

2009-07-15 22:37 . 2009-07-17 13:12 -------- d-----w- c:\windows\system32\drivers\Avg

2009-07-15 22:37 . 2009-07-15 22:46 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8

2009-07-15 21:54 . 2009-04-30 21:22 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll

2009-07-15 21:54 . 2009-04-30 21:22 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll

2009-07-15 21:54 . 2009-04-30 21:22 1985024 -c----w- c:\windows\system32\dllcache\iertutil.dll

2009-07-15 21:54 . 2009-04-30 21:22 11064832 -c----w- c:\windows\system32\dllcache\ieframe.dll

2009-07-15 20:36 . 2009-07-15 20:36 -------- d-----w- c:\program files\Alwil Software

2009-07-15 19:32 . 2009-07-15 19:32 -------- d-----w- c:\windows\system32\drivers\AU_Backup

2009-07-15 19:32 . 2009-05-22 05:58 287608 ----a-w- c:\windows\system32\drivers\Tmfilter.sys

2009-07-15 19:28 . 2009-07-15 23:58 -------- d-----w- c:\program files\Trend Micro

2009-07-15 19:01 . 2004-08-04 05:56 116224 -c--a-w- c:\windows\system32\dllcache\xrxwiadr.dll

2009-07-15 19:01 . 2001-08-18 03:36 23040 -c--a-w- c:\windows\system32\dllcache\xrxwbtmp.dll

2009-07-15 19:01 . 2001-08-18 03:36 17408 -c--a-w- c:\windows\system32\dllcache\xrxscnui.dll

2009-07-15 19:01 . 2001-08-18 03:37 27648 -c--a-w- c:\windows\system32\dllcache\xrxftplt.exe

2009-07-15 19:01 . 2001-08-18 03:37 4608 -c--a-w- c:\windows\system32\dllcache\xrxflnch.exe

2009-07-15 18:59 . 2001-08-18 03:37 99865 -c--a-w- c:\windows\system32\dllcache\xlog.exe

2009-07-15 18:58 . 2001-08-17 17:11 16970 -c--a-w- c:\windows\system32\dllcache\xem336n5.sys

2009-07-15 18:58 . 2004-08-04 03:29 19455 -c--a-w- c:\windows\system32\dllcache\wvchntxx.sys

2009-07-15 18:58 . 2004-08-04 03:29 12063 -c--a-w- c:\windows\system32\dllcache\wsiintxx.sys

2009-07-15 18:58 . 2004-08-04 05:56 8192 -c--a-w- c:\windows\system32\dllcache\wshirda.dll

2009-07-15 18:58 . 2004-08-04 04:07 8832 -c--a-w- c:\windows\system32\dllcache\wmiacpi.sys

2009-07-15 18:58 . 2004-08-04 03:31 154624 -c--a-w- c:\windows\system32\dllcache\wlluc48.sys

2009-07-15 18:58 . 2001-08-17 17:12 34890 -c--a-w- c:\windows\system32\dllcache\wlandrv2.sys

2009-07-15 18:57 . 2001-08-17 18:28 771581 -c--a-w- c:\windows\system32\dllcache\winacisa.sys

2009-07-15 18:57 . 2001-08-18 03:36 53760 -c--a-w- c:\windows\system32\dllcache\wiamsmud.dll

2009-07-15 18:57 . 2001-08-18 03:36 87040 -c--a-w- c:\windows\system32\dllcache\wiafbdrv.dll

2009-07-15 18:57 . 2001-08-17 18:28 701386 -c--a-w- c:\windows\system32\dllcache\wdhaalba.sys

2009-07-15 18:57 . 2004-08-04 03:29 23615 -c--a-w- c:\windows\system32\dllcache\wch7xxnt.sys

2009-07-15 18:57 . 2004-08-04 04:08 31744 -c--a-w- c:\windows\system32\dllcache\wceusbsh.sys

2009-07-15 18:57 . 2001-08-17 17:10 35871 -c--a-w- c:\windows\system32\dllcache\wbfirdma.sys

2009-07-15 18:57 . 2004-08-04 03:29 25471 -c--a-w- c:\windows\system32\dllcache\watv10nt.sys

2009-07-15 18:57 . 2004-08-04 03:29 22271 -c--a-w- c:\windows\system32\dllcache\watv06nt.sys

2009-07-15 18:57 . 2004-08-04 03:29 33599 -c--a-w- c:\windows\system32\dllcache\watv04nt.sys

2009-07-15 18:55 . 2001-08-17 17:14 249402 -c--a-w- c:\windows\system32\dllcache\vinwm.sys

2009-07-15 18:55 . 2001-08-17 18:49 24576 -c--a-w- c:\windows\system32\dllcache\viairda.sys

2009-07-15 18:55 . 2004-08-04 03:59 5376 -c--a-w- c:\windows\system32\dllcache\viaide.sys

2009-07-15 18:55 . 2004-08-04 04:07 42240 -c--a-w- c:\windows\system32\dllcache\viaagp.sys

2009-07-15 18:55 . 2004-08-04 05:56 11325 -c--a-w- c:\windows\system32\dllcache\vchnt5.dll

2009-07-15 18:55 . 2001-08-17 18:28 687999 -c--a-w- c:\windows\system32\dllcache\usrwdxjs.sys

2009-07-15 18:55 . 2001-08-17 18:28 765884 -c--a-w- c:\windows\system32\dllcache\usrti.sys

2009-07-15 18:55 . 2001-08-17 18:28 113762 -c--a-w- c:\windows\system32\dllcache\usrpda.sys

2009-07-15 18:55 . 2001-08-17 18:28 7556 -c--a-w- c:\windows\system32\dllcache\usroslba.sys

2009-07-15 18:55 . 2001-08-17 18:28 224802 -c--a-w- c:\windows\system32\dllcache\usr1807a.sys

2009-07-15 18:55 . 2001-08-17 18:28 794399 -c--a-w- c:\windows\system32\dllcache\usr1806v.sys

2009-07-15 18:55 . 2001-08-17 18:28 793598 -c--a-w- c:\windows\system32\dllcache\usr1806.sys

2009-07-15 18:55 . 2001-08-17 18:28 794654 -c--a-w- c:\windows\system32\dllcache\usr1801.sys

2009-07-15 18:54 . 2004-08-04 04:10 78464 -c--a-w- c:\windows\system32\dllcache\usbvideo.sys

2009-07-15 18:54 . 2004-08-04 04:08 25600 -c--a-w- c:\windows\system32\dllcache\usbser.sys

2009-07-15 18:54 . 2004-08-04 04:08 17024 -c--a-w- c:\windows\system32\dllcache\usbohci.sys

2009-07-15 18:54 . 2004-08-04 04:04 12672 -c--a-w- c:\windows\system32\dllcache\usb8023x.sys

2009-07-15 18:54 . 2004-08-04 03:31 32384 -c--a-w- c:\windows\system32\dllcache\usb101et.sys

2009-07-15 18:54 . 2001-08-18 03:36 94720 -c--a-w- c:\windows\system32\dllcache\umaxud32.dll

2009-07-15 18:54 . 2001-08-18 03:36 28160 -c--a-w- c:\windows\system32\dllcache\umaxu40.dll

2009-07-15 18:54 . 2001-08-18 03:36 26624 -c--a-w- c:\windows\system32\dllcache\umaxu22.dll

2009-07-15 18:54 . 2001-08-18 03:36 69632 -c--a-w- c:\windows\system32\dllcache\umaxu12.dll

2009-07-15 18:54 . 2001-08-18 03:36 50688 -c--a-w- c:\windows\system32\dllcache\umaxscan.dll

2009-07-15 18:54 . 2001-08-17 18:58 22912 -c--a-w- c:\windows\system32\dllcache\umaxpcls.sys

2009-07-15 18:54 . 2001-08-18 03:36 50176 -c--a-w- c:\windows\system32\dllcache\umaxp60.dll

2009-07-15 18:53 . 2001-08-18 03:36 47616 -c--a-w- c:\windows\system32\dllcache\umaxcam.dll

2009-07-15 18:53 . 2001-08-18 03:36 211968 -c--a-w- c:\windows\system32\dllcache\um54scan.dll

2009-07-15 18:53 . 2001-08-18 03:36 216064 -c--a-w- c:\windows\system32\dllcache\um34scan.dll

2009-07-15 18:53 . 2001-08-17 18:52 36736 -c--a-w- c:\windows\system32\dllcache\ultra.sys

2009-07-15 18:53 . 2004-08-04 04:07 44672 -c--a-w- c:\windows\system32\dllcache\uagp35.sys

2009-07-15 18:53 . 2001-08-17 18:48 11520 -c--a-w- c:\windows\system32\dllcache\twotrack.sys

2009-07-15 18:53 . 2001-08-17 17:51 166784 -c--a-w- c:\windows\system32\dllcache\tridxpm.sys

2009-07-15 18:53 . 2001-08-18 03:36 525568 -c--a-w- c:\windows\system32\dllcache\tridxp.dll

2009-07-15 18:53 . 2001-08-17 17:51 159232 -c--a-w- c:\windows\system32\dllcache\tridkbm.sys

2009-07-15 18:53 . 2001-08-17 19:56 440576 -c--a-w- c:\windows\system32\dllcache\tridkb.dll

2009-07-15 18:53 . 2001-08-17 17:51 222336 -c--a-w- c:\windows\system32\dllcache\trid3dm.sys

2009-07-15 18:52 . 2001-08-17 19:56 315520 -c--a-w- c:\windows\system32\dllcache\trid3d.dll

2009-07-15 18:52 . 2001-08-17 17:12 34375 -c--a-w- c:\windows\system32\dllcache\tpro4.sys

2009-07-15 18:52 . 2001-08-18 03:35 42496 -c--a-w- c:\windows\system32\dllcache\tp4res.dll

2009-07-15 18:52 . 2004-08-04 05:56 82432 -c--a-w- c:\windows\system32\dllcache\tp4mon.exe

2009-07-15 18:52 . 2001-08-18 03:36 31744 -c--a-w- c:\windows\system32\dllcache\tp4.dll

2009-07-15 18:52 . 2001-08-17 18:51 4992 -c--a-w- c:\windows\system32\dllcache\toside.sys

2009-07-15 18:52 . 2001-08-17 19:02 230912 -c--a-w- c:\windows\system32\dllcache\tosdvd03.sys

2009-07-15 18:52 . 2001-08-17 19:01 241664 -c--a-w- c:\windows\system32\dllcache\tosdvd02.sys

2009-07-15 18:52 . 2001-08-17 17:10 28232 -c--a-w- c:\windows\system32\dllcache\tos4mo.sys

2009-07-15 18:52 . 2001-08-17 17:14 123995 -c--a-w- c:\windows\system32\dllcache\tjisdn.sys

2009-07-15 18:52 . 2001-08-17 17:51 138528 -c--a-w- c:\windows\system32\dllcache\tgiulnt5.sys

2009-07-15 18:51 . 2001-08-17 19:56 81408 -c--a-w- c:\windows\system32\dllcache\tgiul50.dll

2009-07-15 18:51 . 2004-08-04 04:00 149376 -c--a-w- c:\windows\system32\dllcache\tffsport.sys

2009-07-15 18:51 . 2001-08-17 17:13 17129 -c--a-w- c:\windows\system32\dllcache\tdkcd31.sys

2009-07-15 18:51 . 2001-08-17 17:13 37961 -c--a-w- c:\windows\system32\dllcache\tdk100b.sys

2009-07-15 18:51 . 2001-08-17 18:49 30464 -c--a-w- c:\windows\system32\dllcache\tbatm155.sys

2009-07-15 18:51 . 2001-08-17 18:52 7040 -c--a-w- c:\windows\system32\dllcache\tandqic.sys

2009-07-15 18:51 . 2001-08-17 17:50 36640 -c--a-w- c:\windows\system32\dllcache\t2r4mini.sys

2009-07-15 18:51 . 2001-08-17 19:56 172768 -c--a-w- c:\windows\system32\dllcache\t2r4disp.dll

2009-07-15 18:51 . 2001-08-17 19:07 32640 -c--a-w- c:\windows\system32\dllcache\symc8xx.sys

2009-07-15 18:51 . 2001-08-17 19:07 16256 -c--a-w- c:\windows\system32\dllcache\symc810.sys

2009-07-15 18:51 . 2001-08-17 19:07 30688 -c--a-w- c:\windows\system32\dllcache\sym_u3.sys

2009-07-15 18:50 . 2001-08-17 19:07 28384 -c--a-w- c:\windows\system32\dllcache\sym_hi.sys

2009-07-15 18:50 . 2001-08-18 03:36 94293 -c--a-w- c:\windows\system32\dllcache\sxports.dll

2009-07-15 18:50 . 2001-08-17 18:50 103936 -c--a-w- c:\windows\system32\dllcache\sx.sys

2009-07-15 18:50 . 2001-08-17 19:02 3968 -c--a-w- c:\windows\system32\dllcache\swusbflt.sys

2009-07-15 18:50 . 2001-08-18 03:36 10240 -c--a-w- c:\windows\system32\dllcache\swpidflt.dll

2009-07-15 18:50 . 2001-08-18 03:36 10240 -c--a-w- c:\windows\system32\dllcache\swpdflt2.dll

2009-07-15 18:50 . 2001-08-18 03:36 53760 -c--a-w- c:\windows\system32\dllcache\sw_wheel.dll

2009-07-15 18:50 . 2001-08-18 03:36 41472 -c--a-w- c:\windows\system32\dllcache\sw_effct.dll

2009-07-15 18:50 . 2001-08-18 03:36 155648 -c--a-w- c:\windows\system32\dllcache\stlnprop.dll

2009-07-15 18:50 . 2001-08-18 03:36 53248 -c--a-w- c:\windows\system32\dllcache\stlncoin.dll

2009-07-15 18:50 . 2001-08-17 17:18 285760 -c--a-w- c:\windows\system32\dllcache\stlnata.sys

2009-07-15 18:50 . 2001-08-17 18:51 16896 -c--a-w- c:\windows\system32\dllcache\stcusb.sys

2009-07-15 18:49 . 2001-08-17 17:11 48736 -c--a-w- c:\windows\system32\dllcache\srwlnd5.sys

2009-07-15 18:49 . 2001-08-18 03:36 99328 -c--a-w- c:\windows\system32\dllcache\srusd.dll

2009-07-15 18:49 . 2001-08-18 03:36 24660 -c--a-w- c:\windows\system32\dllcache\spxupchk.dll

2009-07-15 18:49 . 2001-08-17 18:51 61824 -c--a-w- c:\windows\system32\dllcache\speed.sys

2009-07-15 18:49 . 2001-08-18 03:36 106584 -c--a-w- c:\windows\system32\dllcache\spdports.dll

2009-07-15 18:49 . 2001-08-17 19:07 19072 -c--a-w- c:\windows\system32\dllcache\sparrow.sys

2009-07-15 18:49 . 2001-08-17 18:56 7552 -c--a-w- c:\windows\system32\dllcache\sonypvu1.sys

2009-07-15 18:49 . 2001-08-17 17:51 37040 -c--a-w- c:\windows\system32\dllcache\sonypi.sys

2009-07-15 18:49 . 2001-08-18 03:36 114688 -c--a-w- c:\windows\system32\dllcache\sonypi.dll

2009-07-15 18:49 . 2001-08-17 17:51 20752 -c--a-w- c:\windows\system32\dllcache\sonync.sys

2009-07-15 18:47 . 2001-08-18 03:36 28672 -c--a-w- c:\windows\system32\dllcache\sma0w.dll

2009-07-15 18:46 . 2001-08-17 17:50 68608 -c--a-w- c:\windows\system32\dllcache\sis6306p.sys

2009-07-15 18:46 . 2001-08-17 19:56 252032 -c--a-w- c:\windows\system32\dllcache\sis300iv.dll

2009-07-15 18:46 . 2001-08-17 17:50 101760 -c--a-w- c:\windows\system32\dllcache\sis300ip.sys

2009-07-15 18:46 . 2004-08-04 05:56 3901 -c--a-w- c:\windows\system32\dllcache\siint5.dll

2009-07-15 18:46 . 2001-07-21 19:29 161568 -c--a-w- c:\windows\system32\dllcache\sgsmusb.sys

2009-07-15 18:46 . 2001-07-21 19:29 18400 -c--a-w- c:\windows\system32\dllcache\sgsmld.sys

2009-07-15 18:46 . 2001-08-17 17:51 98080 -c--a-w- c:\windows\system32\dllcache\sgiulnt5.sys

2009-07-15 18:46 . 2001-08-18 03:36 386560 -c--a-w- c:\windows\system32\dllcache\sgiul50.dll

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-07-16 12:45 . 2009-07-15 22:37 11952 ----a-w- c:\windows\system32\avgrsstx.dll

2009-07-16 12:45 . 2009-07-15 22:37 327688 ----a-w- c:\windows\system32\drivers\avgldx86.sys

2009-07-16 12:45 . 2009-07-15 22:37 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys

2009-07-15 23:15 . 2009-07-15 23:15 -------- d-----w- c:\program files\VS Revo Group

2009-07-15 17:27 . 2006-01-08 20:05 -------- d-----w- c:\program files\Google

2009-07-15 17:18 . 2009-07-15 17:18 -------- d-----w- c:\program files\Common Files\snp2std

2009-07-15 17:18 . 2005-12-08 02:47 -------- d--h--w- c:\program files\InstallShield Installation Information

2009-07-15 16:14 . 2005-12-26 05:35 -------- d-----w- c:\program files\Yahoo!

2009-07-15 13:12 . 2005-12-26 03:13 -------- d-----w- c:\program files\AOD

2009-07-15 02:29 . 2009-07-14 15:13 24908 --sha-w- c:\windows\system32\drivers\fidbox.idx

2009-07-15 02:29 . 2009-07-14 15:13 1940 --sha-w- c:\windows\system32\drivers\fidbox2.idx

2009-07-04 23:56 . 2006-02-07 17:55 -------- d-----w- c:\documents and settings\Stacia Haley\Application Data\Apple Computer

2009-07-01 19:18 . 2009-07-01 19:18 360320 ----a-w- c:\windows\system32\drivers\TCPIP.SYS.ORIGINAL

2009-07-01 17:56 . 2006-12-04 04:07 -------- d-----w- c:\program files\Apple Software Update

2009-06-16 14:55 . 2004-08-10 11:00 82432 ----a-w- c:\windows\system32\fontsub.dll

2009-06-16 14:55 . 2004-08-10 11:00 119808 ----a-w- c:\windows\system32\t2embed.dll

2009-06-03 19:24 . 2004-08-10 11:00 1291264 ----a-w- c:\windows\system32\quartz.dll

2009-06-01 13:22 . 2009-07-15 19:32 9070 ----a-w- c:\windows\system32\drivers\tmfilter.cat

2009-05-22 06:03 . 2009-07-15 19:32 3444 ----a-w- c:\windows\system32\drivers\tmpreflt.inf

2009-05-22 06:03 . 2009-07-15 19:32 2583 ----a-w- c:\windows\system32\drivers\tmxpflt.inf

2009-05-22 05:46 . 2009-07-15 19:32 2544 ----a-w- c:\windows\system32\drivers\vsapint.inf

2009-05-13 05:15 . 2004-08-10 11:00 915456 ----a-w- c:\windows\system32\wininet.dll

2009-05-07 15:44 . 2004-08-10 11:00 344064 ----a-w- c:\windows\system32\localspl.dll

2006-01-08 20:05 . 2006-01-08 20:05 774144 ----a-w- c:\program files\RngInterstitial.dll

2009-04-30 15:54 . 2009-01-09 18:08 134648 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-10 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]

"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-10-14 94208]

"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-10-14 77824]

"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-10-14 114688]

"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-11-10 667718]

"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-11-10 602182]

"Apoint"="c:\program files\Apoint\Apoint.exe" [2004-09-13 155648]

"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-07-16 1948440]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2009-07-15 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2009-07-15 15:54 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]

2009-07-16 12:45 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk

backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ExifLauncher2.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\ExifLauncher2.lnk

backup=c:\windows\pss\ExifLauncher2.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^F1U201.401.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\F1U201.401.lnk

backup=c:\windows\pss\F1U201.401.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk

backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk

backup=c:\windows\pss\HP Image Zone Fast Start.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"UpdatesDisableNotify"=dword:00000001

"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [7/15/2009 5:37 PM 327688]

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [10/10/2006 1:53 PM 9968]

R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2/27/2007 12:39 PM 55024]

R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [7/15/2009 5:37 PM 298776]

R2 NwSapAgent;SAP Agent;c:\windows\system32\svchost.exe -k netsvcs [8/10/2004 6:00 AM 14336]

S2 gupdate1ca057150e0f4a6;Google Update Service (gupdate1ca057150e0f4a6);c:\program files\Google\Update\GoogleUpdate.exe [7/15/2009 12:25 PM 133104]

S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [1/8/2006 3:05 PM 29744]

S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2/16/2006 5:51 PM 4096]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]

"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

.

Contents of the 'Scheduled Tasks' folder

2009-07-14 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2009-07-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-15 17:25]

2009-07-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-15 17:25]

2009-07-17 c:\windows\Tasks\User_Feed_Synchronization-{1F43B247-0DC3-47FA-9C2C-882D7CF6C161}.job

- c:\windows\system32\msfeedssync.exe [2009-03-08 09:31]

.

.

------- Supplementary Scan -------

.

FF - ProfilePath - c:\documents and settings\Stacia Haley\Application Data\Mozilla\Firefox\Profiles\0zh1zc82.default\

FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll

FF - plugin: c:\program files\Java\j2re1.4.1_07\bin\NPJava11.dll

FF - plugin: c:\program files\Java\j2re1.4.1_07\bin\NPJava12.dll

FF - plugin: c:\program files\Java\j2re1.4.1_07\bin\NPJava13.dll

FF - plugin: c:\program files\Java\j2re1.4.1_07\bin\NPJava32.dll

FF - plugin: c:\program files\Java\j2re1.4.1_07\bin\NPJPI141_07.dll

FF - plugin: c:\program files\Java\j2re1.4.1_07\bin\NPOJI610.dll

FF - plugin: c:\program files\Real\RealArcade\Plugins\Mozilla\npracplug.dll

FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-07-17 08:47

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\INTEL\Wireless\Folders\0* 2*]

"Path"="c:\\WINDOWS\\system32\\config\\systemprofile\\Application Data\\Intel\\Wireless\\"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1008)

c:\program files\SUPERAntiSpyware\SASWINLO.DLL

c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(2912)

c:\windows\system32\WININET.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Intel\Wireless\Bin\EvtEng.exe

c:\program files\Intel\Wireless\Bin\S24EvMon.exe

c:\program files\Intel\Wireless\Bin\WLKEEPER.exe

c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\Executive Software\Diskeeper\DkService.exe

c:\windows\ehome\ehrecvr.exe

c:\windows\ehome\ehSched.exe

c:\windows\system32\HPZipm12.exe

c:\program files\Intel\Wireless\Bin\RegSrvc.exe

c:\windows\ehome\mcrdsvc.exe

c:\program files\AVG\AVG8\avgrsx.exe

c:\windows\system32\dllhost.exe

c:\windows\ehome\ehmsas.exe

c:\windows\system32\igfxsrvc.exe

c:\program files\Apoint\ApntEx.exe

c:\progra~1\Intel\Wireless\Bin\Dot1XCfg.exe

.

**************************************************************************

.

Completion time: 2009-07-17 8:51 - machine was rebooted

ComboFix-quarantined-files.txt 2009-07-17 13:51

ComboFix2.txt 2009-07-16 12:34

ComboFix3.txt 2009-07-14 04:31

Pre-Run: 21,660,618,752 bytes free

Post-Run: 21,636,505,600 bytes free

298 --- E O F --- 2009-07-16 11:18

JavaRa 1.15 Removal Log.

Report follows after line.

------------------------------------

The JavaRa removal process was started on Fri Jul 17 09:03:21 2009

------------------------------------

Finished reporting.

ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

# version=6

# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)

# OnlineScanner.ocx=1.0.0.5886

# api_version=3.0.2

# EOSSerial=e5df5f52e39c324db649dafb3ac183ca

# end=finished

# remove_checked=false

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2009-07-17 05:04:37

# local_time=2009-07-17 12:04:37 (-0600, Central Daylight Time)

# country="United States"

# lang=9

# osver=5.1.2600 NT Service Pack 2

# compatibility_mode=1026 37 83 100 1019269218750

# scanned=60315

# found=0

# cleaned=0

# scan_time=1997

Link to post
Share on other sites

Please download and run the following file to repair file and registry permissions

fixacl.exe

Then see if you can run or install MBAM

Thank you once again for your atention to my issue! I downloaded the file and I still have the same issue, with the same error messages when I attempt to install Malwarebytes' Anti-Malware...I'll wait to hear your next instructions. Thanks again.

Link to post
Share on other sites

  • Root Admin

Disable your Anti-Virus and then please uninstall the current MBAM v1.39 and reboot, then download this installer that will modify all the registry and file locations to ensure that Administrators have full rights to these locations.

This is an older installer that your ID/KEY will not match. Do not try to enable the Protection Module

DO NOT check for updates. Just run the scanner as is if it will run. It will also create a random name shortcut to run it.

Then if this scanner works go ahead and run a quick scan and then uninstall it and reboot, then look in the main program folder and delete any left over files.

fixmbam.exe

Then once again try to install the latest version from here

Link to post
Share on other sites

Disable your Anti-Virus and then please uninstall the current MBAM v1.39 and reboot, then download this installer that will modify all the registry and file locations to ensure that Administrators have full rights to these locations.

This is an older installer that your ID/KEY will not match. Do not try to enable the Protection Module

DO NOT check for updates. Just run the scanner as is if it will run. It will also create a random name shortcut to run it.

Then if this scanner works go ahead and run a quick scan and then uninstall it and reboot, then look in the main program folder and delete any left over files.

fixmbam.exe

Then once again try to install the latest version from here

Disabled anti-Virus, uninstalled current version, ( note* for what it's worth, the same error messages are displayed when uninstalling too), loaded that installer, rebooted, launched the ramdom name shortcut, and the same error messages are displayed...I did not get to run a scan...how's your patience with this one?...I'm going to wait to hear your next move...I'm all ears!

Link to post
Share on other sites

  • Root Admin

Well that's quite odd as that installer normally always runs. Its not up to date but it normally runs.

Please try to uninstall IE8 for now and go back to IE7 or IE6 if you can and if you can then run the following. If you can not roll back to IE7or IE6 then don't run it.

Please download and run this program: Dial-a-fix

dialafix.png

Link to post
Share on other sites

Well that's quite odd as that installer normally always runs. Its not up to date but it normally runs.

Please try to uninstall IE8 for now and go back to IE7 or IE6 if you can and if you can then run the following. If you can not roll back to IE7or IE6 then don't run it.

Please download and run this program: Dial-a-fix

dialafix.png

AdvancedSetup, Thank you for your persistence and patience...I uninstalled IE8, and it rolled back to IE6...I ran the Dial a fix, and downloaded the latest version, installed it, and it WORKED. Iupdated it, and I plan to run a FULL SCAN in a moment. Thank you sir.

Link to post
Share on other sites

  • Root Admin

Please run the following and post back the log.

Update and Scan with Malwarebytes' Anti-Malware

  • Start MalwareBytes AntiMalware (Vista users must Right click and choose RunAs Admin)
  • Please DO NOT run MBAM in Safe Mode unless requested to, you MUST run it in normal Windows mode.
    • Update Malwarebytes' Anti-Malware
    • Select the Update tab
    • Click Update

    [*]When the update is complete, select the Scanner tab

    [*]Select Perform quick scan, then click Scan.

    [*]When the scan is complete, click OK, then Show Results to view the results.

    [*]Be sure that everything is checked, and click Remove Selected.

    [*]When completed, a log will open in Notepad. please copy and paste the log into your next reply

    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Then post back the MBAM log

Link to post
Share on other sites

  • Root Admin

Due to the lack of feedback this Topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

The fixes and advice in this thread are for this machine only. Do not apply the instructions from this thread to your own machine. Please start a new thread describing your issue and someone will be along to assist you.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.