Jump to content

Malwarebytes can't find 'MSVBVM60.dll'


Recommended Posts

Thanks, went to that site, but it looks as if my Vista is not one of the supported OS's. Is there a Vista version somewhere?

Visual Basic comes with Vista, so it should already be on there. Might have been corrupted.

I found the info below on this site:

The Windows Vista operating system has a problem with older versions of msvbvm60.dll. To fix this problem, you will have to go to Start, Search and type msvbvm60.dll and check its version. If the version is 6.0.88.77, you will have to replace it by visiting the Microsoft web sit here http://activex.microsoft.com/controls/vb6/vbrun60.cab and install the latest version.
Link to post
Share on other sites

OK, thanks. I downloaded it, but it's asking me what folder do I want to extract the files to. I'm assuming windows/system?

On 32-bit Vista extract to:

C:\Windows\System32

On 64-bit Vista extract to:

C:\Windows\SysWOW64

If you have a version in C:\Windows\System that you have previously tried to copy there, then delete it. Otherwise, don't mess with C:\Windows\System.

Link to post
Share on other sites

  • 2 years later...

I am having the same problem but with Windows XP here is the log:

ComboFix 11-11-05.03 - Randy 05/11/11 15:29:49.2.1 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.894.380 [GMT -4:00]

Running from: c:\documents and settings\Randy\Desktop\ComboFix.exe

AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

AV: Norton Security Suite *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}

FW: Norton Security Suite *Disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

---- Previous Run -------

.

c:\documents and settings\Randy\Application Data\PriceGong\Data\1.txt

c:\documents and settings\Randy\Application Data\PriceGong\Data\10.txt

c:\documents and settings\Randy\Application Data\PriceGong\Data\1137.txt

c:\documents and settings\Randy\Application Data\PriceGong\Data\2229.txt

c:\documents and settings\Randy\Application Data\PriceGong\Data\3578.txt

c:\documents and settings\Randy\Application Data\PriceGong\Data\40.txt

c:\documents and settings\Randy\Application Data\PriceGong\Data\420.txt

c:\documents and settings\Randy\Application Data\PriceGong\Data\4258.txt

c:\documents and settings\Randy\Application Data\PriceGong\Data\4489.txt

c:\documents and settings\Randy\Application Data\PriceGong\Data\450.txt

c:\documents and settings\Randy\Application Data\PriceGong\Data\4677.txt

c:\documents and settings\Randy\Application Data\PriceGong\Data\468.txt

c:\documents and settings\Randy\Application Data\PriceGong\Data\6784.txt

c:\documents and settings\Randy\Application Data\PriceGong\Data\946.txt

c:\documents and settings\Randy\Application Data\PriceGong\Data\a.txt

c:\documents and settings\Randy\Application Data\PriceGong\Data\b.txt

c:\documents and settings\Randy\Application Data\PriceGong\Data\c.txt

c:\documents and settings\Randy\Application Data\PriceGong\Data\d.txt

c:\documents and settings\Randy\Application Data\PriceGong\Data\e.txt

c:\documents and settings\Randy\Application Data\PriceGong\Data\f.txt

c:\documents and settings\Randy\Application Data\PriceGong\Data\g.txt

c:\documents and settings\Randy\Application Data\PriceGong\Data\h.txt

c:\documents and settings\Randy\Application Data\PriceGong\Data\i.txt

c:\documents and settings\Randy\Application Data\PriceGong\Data\j.txt

c:\documents and settings\Randy\Application Data\PriceGong\Data\k.txt

c:\documents and settings\Randy\Application Data\PriceGong\Data\l.txt

c:\documents and settings\Randy\Application Data\PriceGong\Data\m.txt

c:\documents and settings\Randy\Application Data\PriceGong\Data\mru.xml

c:\documents and settings\Randy\Application Data\PriceGong\Data\n.txt

c:\documents and settings\Randy\Application Data\PriceGong\Data\o.txt

c:\documents and settings\Randy\Application Data\PriceGong\Data\p.txt

c:\documents and settings\Randy\Application Data\PriceGong\Data\q.txt

c:\documents and settings\Randy\Application Data\PriceGong\Data\r.txt

c:\documents and settings\Randy\Application Data\PriceGong\Data\s.txt

c:\documents and settings\Randy\Application Data\PriceGong\Data\t.txt

c:\documents and settings\Randy\Application Data\PriceGong\Data\u.txt

c:\documents and settings\Randy\Application Data\PriceGong\Data\v.txt

c:\documents and settings\Randy\Application Data\PriceGong\Data\w.txt

c:\documents and settings\Randy\Application Data\PriceGong\Data\wlu.txt

c:\documents and settings\Randy\Application Data\PriceGong\Data\x.txt

c:\documents and settings\Randy\Application Data\PriceGong\Data\y.txt

c:\documents and settings\Randy\Application Data\PriceGong\Data\z.txt

D:\Autorun.inf

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Legacy_NPF

.

.

((((((((((((((((((((((((( Files Created from 2011-10-05 to 2011-11-05 )))))))))))))))))))))))))))))))

.

.

2011-11-05 16:54 . 2011-09-06 20:37 320856 ----a-w- c:\windows\system32\drivers\aswSP.sys

2011-11-05 16:54 . 2011-09-06 20:36 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2011-11-05 16:54 . 2011-09-06 20:38 442200 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2011-11-05 16:54 . 2011-09-06 20:36 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2011-11-05 16:54 . 2011-09-06 20:36 52568 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2011-11-05 16:54 . 2011-09-06 20:36 110552 ----a-w- c:\windows\system32\drivers\aswmon2.sys

2011-11-05 16:54 . 2011-09-06 20:36 104536 ----a-w- c:\windows\system32\drivers\aswmon.sys

2011-11-05 16:54 . 2011-09-06 20:33 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys

2011-11-05 16:52 . 2011-09-06 20:45 41184 ----a-w- c:\windows\avastSS.scr

2011-11-05 16:52 . 2011-09-06 20:45 199304 ----a-w- c:\windows\system32\aswBoot.exe

2011-11-05 16:50 . 2011-11-05 16:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2011-11-05 16:49 . 2011-11-05 16:49 -------- d-----w- c:\program files\AVAST Software

2011-11-05 16:49 . 2011-11-05 16:49 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software

2011-10-29 20:23 . 2011-10-31 19:39 -------- d-----w- c:\program files\AmericasCardroom

2011-10-26 00:39 . 2011-10-26 00:39 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Apple Computer

2011-10-25 22:43 . 2011-11-03 16:16 -------- d-----w- c:\windows\SxsCaPendDel

2011-10-25 22:07 . 2011-10-25 22:07 -------- d-----w- c:\documents and settings\Randy\Local Settings\Application Data\Microsoft_Corporation

2011-10-23 14:55 . 2011-10-23 15:05 -------- d-----w- c:\documents and settings\Randy\Local Settings\Application Data\NPE

2011-10-19 13:24 . 2011-10-19 13:24 -------- d-----w- c:\documents and settings\All Users\Application Data\regid.1986-12.com.adobe

2011-10-19 11:53 . 2011-11-01 23:07 -------- d-----w- c:\program files\Wise PC Engineer

2011-10-15 13:39 . 2011-10-23 14:27 -------- d-----w- c:\documents and settings\Randy\Application Data\Smart PC Solutions

2011-10-15 12:09 . 2011-10-23 14:29 -------- d-----w- c:\program files\Tournament Indicator

2011-10-12 20:30 . 2011-10-12 20:30 -------- d-----w- c:\documents and settings\Randy\Local Settings\Application Data\ArcSoft

2011-10-12 20:25 . 2011-10-12 20:32 -------- d--h--w- c:\documents and settings\All Users\Application Data\ArcSoft

2011-10-12 20:21 . 2006-11-10 19:05 18688 ----a-w- c:\windows\system32\drivers\afc.sys

2011-10-12 20:21 . 2011-10-12 20:24 -------- d-----w- c:\program files\Common Files\ArcSoft

2011-10-12 20:20 . 2011-10-20 19:54 -------- d-----w- c:\documents and settings\Randy\Application Data\ArcSoft

2011-10-12 17:03 . 2011-10-12 17:03 -------- d-----w- c:\program files\iPod

2011-10-12 17:03 . 2011-10-12 17:04 -------- d-----w- c:\program files\iTunes

2011-10-12 16:56 . 2011-10-12 16:56 -------- d-----w- c:\documents and settings\LocalService\Application Data\Apple Computer

2011-10-12 16:55 . 2011-10-12 16:55 -------- d-----w- c:\program files\Bonjour

2011-10-09 19:18 . 2011-10-15 11:31 -------- d-----w- c:\program files\PokerCrusher 5

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-10-03 09:06 . 2011-06-23 12:18 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-10-03 06:37 . 2011-06-23 12:18 73728 ----a-w- c:\windows\system32\javacpl.cpl

2011-09-26 15:41 . 2008-07-29 23:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll

2011-09-26 15:41 . 2006-02-28 12:00 220160 ----a-w- c:\windows\system32\oleacc.dll

2011-09-26 15:41 . 2006-02-28 12:00 20480 ----a-w- c:\windows\system32\oleaccrc.dll

2011-09-24 09:00 . 2011-09-22 18:30 2377696 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll

2011-09-22 18:30 . 2011-09-22 18:30 18368 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\VSA\9.0\1033\ResourceCache.dll

2011-09-09 09:12 . 2006-02-28 12:00 599040 ----a-w- c:\windows\system32\crypt32.dll

2011-09-07 13:52 . 2011-09-07 12:42 2516 --sha-w- c:\documents and settings\All Users\Application Data\KGyGaAvL.sys

2011-09-07 13:52 . 2011-09-07 12:42 88 --sh--r- c:\documents and settings\All Users\Application Data\A84BBCF008.sys

2011-09-06 13:20 . 2006-02-28 12:00 1858944 ----a-w- c:\windows\system32\win32k.sys

2011-09-05 14:30 . 2011-09-05 14:30 299008 ------w- c:\windows\Setup1.exe

2011-09-05 14:30 . 2011-09-05 14:30 73216 ----a-w- c:\windows\ST6UNST.EXE

2011-09-04 12:10 . 2011-09-04 12:11 434688 ----a-w- c:\windows\system32\ss2uinst.exe

2011-09-02 12:02 . 2011-06-22 23:56 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-08-31 03:05 . 2011-08-31 03:05 83816 ----a-w- c:\windows\system32\dns-sd.exe

2011-08-31 03:05 . 2011-08-31 03:05 73064 ----a-w- c:\windows\system32\dnssd.dll

2011-08-31 03:05 . 2011-08-31 03:05 50536 ----a-w- c:\windows\system32\jdns_sd.dll

2011-08-31 03:05 . 2011-08-31 03:05 178536 ----a-w- c:\windows\system32\dnssdX.dll

2011-08-22 23:48 . 2006-02-28 12:00 916480 ----a-w- c:\windows\system32\wininet.dll

2011-08-22 23:48 . 2006-02-28 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll

2011-08-22 23:48 . 2006-02-28 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl

2011-08-22 11:56 . 2006-02-28 12:00 385024 ----a-w- c:\windows\system32\html.iec

2011-08-20 13:06 . 2011-08-20 13:06 0 ----a-w- c:\windows\system32\ConduitEngine.tmp

2011-08-17 13:49 . 2006-02-28 12:00 138496 ----a-w- c:\windows\system32\drivers\afd.sys

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files\Yahoo!\Companion\Installs\cpn0\YTNavAssist.dll" [2011-03-16 214840]

.

[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]

[HKEY_CLASSES_ROOT\YTNavAssist.YTNavAssistPlugin.1]

[HKEY_CLASSES_ROOT\TypeLib\{A31F34A1-EBD2-45A2-BF6D-231C1B987CC8}]

[HKEY_CLASSES_ROOT\YTNavAssist.YTNavAssistPlugin]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2011-09-06 20:45 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-06-22 39408]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2007-07-23 77824]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]

"Conime"="c:\windows\system32\conime.exe" [2008-04-14 27648]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-07-05 421888]

"EKIJ5000StatusMonitor"="c:\windows\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe" [2011-03-03 2510848]

"V0500Mon.exe"="c:\windows\V0500Mon.exe" [2007-11-03 32768]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-10-09 421736]

"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-09-06 3722416]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Constant Guard.lnk - c:\program files\Constant Guard Protection Suite\IDVault.exe [2011-10-12 3604040]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GIDLogonXP]

2011-07-05 14:25 53528 ----a-w- c:\windows\system32\GIDLogonXP.dll

.

[HKLM\~\startupfolder\C:^Documents and Settings^Randy^Start Menu^Programs^Startup^ZooskMessenger.lnk]

backup=c:\windows\pss\ZooskMessenger.lnkStartup

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GIDDesktop]

2011-07-05 14:24 395528 ----a-w- c:\program files\SFT\GuardedID\GIDD.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]

2011-06-16 11:55 6276408 ----a-w- c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]

2010-04-17 02:12 3872080 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2011-07-05 22:36 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]

2006-05-12 17:50 1138688 ------w- c:\windows\SMINST\Recguard.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder]

2006-03-31 19:44 761856 ------w- c:\windows\CREATOR\Remind_XP.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]

2008-06-13 18:50 16871936 ----a-w- c:\windows\RTHDCPL.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Scheduler]

2006-07-10 15:53 872448 ------w- c:\windows\SMINST\Scheduler.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]

2008-01-21 16:17 61440 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2011-06-09 17:06 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

2011-06-22 23:53 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\V0500Mon.exe]

2007-11-03 00:00 32768 ----a-w- c:\windows\V0500Mon.exe

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\WINDOWS\\SMINST\\Scheduler.exe"=

"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

"c:\\Program Files\\uTorrent\\uTorrent.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Documents and Settings\\All Users\\Application Data\\Kodak\\Installer\\Setup.exe"=

"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"5353:UDP"= 5353:UDP:Bonjour Port 5353

.

R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0501000.01D\symds.sys [22/06/11 5:32 PM 340088]

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0501000.01D\symefa.sys [22/06/11 5:32 PM 744568]

R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [05/11/11 12:54 PM 442200]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [05/11/11 12:54 PM 320856]

R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20111027.001\BHDrvx86.sys [01/11/11 4:13 PM 818808]

R1 GIDv2;GIDv2;c:\windows\system32\drivers\gidv2.sys [22/06/11 3:58 PM 25232]

R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0501000.01D\ironx86.sys [22/06/11 5:32 PM 136312]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [05/11/11 12:54 PM 20568]

R2 BrcmMgmtAgent;Broadcom Management Agent;c:\program files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe [11/02/10 4:35 PM 103936]

R2 IDVaultSvc;CGPS Service;c:\program files\Constant Guard Protection Suite\IDVaultSvc.exe [12/10/11 4:53 PM 63048]

R2 N360;Norton Security Suite;c:\program files\Norton Security Suite\Norton Security Suite\Engine\5.1.0.29\ccsvchst.exe [22/06/11 5:32 PM 130008]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [29/07/11 2:36 PM 105592]

R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20111104.030\IDSXpx86.sys [04/11/11 7:24 PM 356280]

R3 V0500Dev;Dynex 1.3MP Webcam Driver;c:\windows\system32\drivers\V0500Vid.sys [04/09/11 10:23 AM 251264]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/10 1:16 PM 130384]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [22/06/11 7:53 PM 136176]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [22/06/11 7:53 PM 136176]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/03/10 1:16 PM 753504]

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - BASFND

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9191979D-821C-4EA8-B021-2DA1D859A7C5}-3Reg]

2011-07-05 14:26 435976 ----a-w- c:\program files\SFT\GuardedID\GIDI.exe

.

Contents of the 'Scheduled Tasks' folder

.

2011-11-02 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]

.

2011-11-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-06-22 23:53]

.

2011-11-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-06-22 23:53]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/ig?hl=en&source=mpes

uInternet Connection Wizard,ShellNext = iexplore

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html

TCP: DhcpNameServer = 192.168.1.1

DPF: {647D42B5-B9B8-4068-96B0-292F985F8A51} - hxxp://share.vzochat.com/plugin/WebClientXLib.cab

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-11-05 15:43

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net

Windows 5.1.2600

.

CreateFile("\\.\PHYSICALDRIVE0"): The process cannot access the file because it is being used by another process.

device: opened successfully

user: error reading MBR

kernel: MBR read successfully

user != kernel MBR !!!

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\N360]

"ImagePath"="\"c:\program files\Norton Security Suite\Norton Security Suite\Engine\5.1.0.29\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton Security Suite\Norton Security Suite\Engine\5.1.0.29\diMaster.dll\" /prefetch:1"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Microsoft\DbgagD\1*]

"value"="?\07\06\1e\16$\03*"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(772)

c:\windows\system32\Ati2evxx.dll

c:\windows\system32\GIDLogonXP.dll

c:\windows\system32\GIDHookLogon.dll

c:\windows\system32\GIDBIN1.dll

c:\windows\system32\WININET.dll

.

- - - - - - - > 'explorer.exe'(18092)

c:\windows\system32\WININET.dll

c:\windows\system32\msi.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

Completion time: 2011-11-05 16:00:45

ComboFix-quarantined-files.txt 2011-11-05 20:00

.

Pre-Run: 29,690,904,576 bytes free

Post-Run: 29,654,233,088 bytes free

.

- - End Of File - - E6F697193EB0CD2CE19F28F0AA44285A

Hope you can help!

Link to post
Share on other sites

Hello and welcome to MBAM, rnranimal:

Sorry you are having trouble.

A couple of things come to mind (until the experts stop by):

First, this is a REALLY old, stale topic. So, since each computer's problems are unique and for proper attention from the experts, it would be advisable to start a new thread. :)

Second, we cannot review scan logs or work on malware issues in this particular section of the forums.

Third, it's generally not advisable to run specialized cleaning tools, such as Combofix, without expert assistance; doing so could damage your system and make your data unrecoverable. Nor is it advisable to run more than 1 AV on your system -- doing so actually makes your computer less secure, not more.

Having said all that, if you think your computer may be infected, please review the following info for how to start the diagnostic/cleaning process: :)

IMPORTANT NOTE: Please do NOT use any temporary file cleaners unless requested - this can cause data loss and make recovery difficult

If you would like expert assistance with cleaning your system, there are 3 support options:

  • Option 1 -- Free, Expert advice in the Malware Removal Forum
  • Option 2 -- Free support for paying customers using MBAM PRO -- Contact MBAM Support via email
  • Option 3 -- Premium, Fee-Based Support

OPTION 1

As we don't deal with malware removal in this area of the forums, you'll need to start a topic in the Malware Removal forum so that a qualified helper can help you fix any malware-related problems/infections.

  • First, please print out, read and CAREFULLY FOLLOW the directions here, skipping any steps you are unable to complete.
  • If the infection has so crippled the computer that you cannot follow most/all of the requested steps, then please just proceed as advised below:
  • Then please post a NEW topic in the Malware Removal forum.
  • Please do NOT post in an open topic started by another member in the malware removal forum, even if the problem appears to be similar to yours.
  • When posting your new thread, under "options", make sure to select Track this topic and choose Immediate Email Notification, so that you're alerted when someone has replied to your post.
  • One of the expert helpers there will give you free, one-on-one assistance when one becomes available.

IMPORTANT NOTE: Please do NOT make any further changes to your computer such as (Install/Uninstall programs; use special fix tools; delete files; edit the registry; OR use temp file cleaners, etc...) unless advised by a malware removal helper. Doing so can result in system changes which may hinder the attempts by a helper to clean your machine.

IMPORTANT NOTE: Please DO NOT post back to your topic or "bump" it within the first 48 hours.

Replying to your own posts changes the post count from zero. Helpers are looking for topics with zero replies. If you reply to your own post, helpers may think that you're already being helped and thus may overlook your post. This will only delay your obtaining assistance.


  • o If there is no reply from any experts after 48 hours, you may reply to the topic, asking for help again.
    Or
    o You may send a Private Message to a Moderator, asking for assistance.

OPTION 2

Alternatively, as a paying customer using MBAM PRO, you can contact the help desk at support@malwarebytes.org or here.

OPTION 3

If you would like to use the Malwarebytes Premium Services (Comprehensive solutions to all your computer support needs -- from installation and set-up to troubleshooting and tune-ups), please go to the Malwarebytes Premium Services support site.

Please be patient -- someone will assist you as soon as it is possible.

Thanks very much!

daledoc1

PS: Please use the zMn2t.jpg button instead of other ones when you reply here and at the other forums, so that it will be easier to read. :)

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.