Jump to content

install failing with run-time error '0'


Recommended Posts

I'm getting various install errors, such as:

1. vbAccelerator SGrid II Control, "Run-time error '0'

2. Run-time error '440'; Automation error

3. regsvr32.3xe - unable to locate component; This application has failed to started because ATL.DLL was not found...

4. regsvr32.3xe - unable to locate component; This application has failed to started because MSVBVM60.DLL was not found...

I have done some research and all of the tricks have failed so far. I have a hijack this log, but I don't know what the correct protocol for this forum is, so I will await expert instruction! :lol: Thanks!

Link to post
Share on other sites

I'm still getting all the same errors after installing the Visual Basic Common Controls from Microsoft. On top of that, when I reboot, I get 'Cannot find 'C:\Program' pop up...I click OK and I can get to my desktop, but I feel like I'm on a slippery slope here. I haven't seen any of these error messages on this laptop until now and it's been running smoothly for at least over a year.

Link to post
Share on other sites

Logfile of random's system information tool 1.06 (written by random/random)

Run by cmacdona at 2009-08-25 16:30:48

Microsoft Windows XP Professional Service Pack 2

System drive C: has 10 GB (51%) free of 20 GB

Total RAM: 2038 MB (68% free)

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 4:30:51 PM, on 8/25/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

c:\Program Files\Symantec\SPA\smc.exe

c:\Program Files\Symantec\SPA\snac.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe

C:\Program Files\Symantec AntiVirus\DefWatch.exe

C:\WINDOWS\orclobi\MyDesktop\MyDesktopService.exe

C:\Program Files\Oracle\Outlook Connector\ocautoupds.exe

C:\Program Files\Oracle\ODrive\XfsSvcCon.exe

C:\WINDOWS\orclobi\MyDesktop\MyDesktopQOS.exe

C:\Program Files\Symantec AntiVirus\SavRoam.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Symantec AntiVirus\Rtvscan.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\taskswitch.exe

c:\Program Files\Symantec\SPA\SmcGui.exe

C:\WINDOWS\stsystra.exe

C:\WINDOWS\system32\hkcmd.exe

C:\Program Files\Dell\QuickSet\quickset.exe

C:\Program Files\Apoint\Apoint.exe

C:\WINDOWS\system32\dla\tfswctrl.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\PROGRA~1\SYMANT~1\VPTray.exe

C:\Program Files\Oracle\ODrive\odrive.exe

C:\Program Files\Apoint\HidFind.exe

C:\Program Files\Apoint\Apntex.exe

C:\Program Files\Oracle\ODrive\ODFWAgent.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\notepad.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Documents and Settings\TEMP\Desktop\RSIT.exe

C:\Program Files\Trend Micro\HijackThis\cmacdona.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.oracle.com;*.oracleads.com;*.us.oracle.com;*.uk.oracle.com;*.ca.oracle.com;*.o

raclecorp.com;*.oracleportal.com;<local>

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll

O2 - BHO: Oracle Drive Helper Object - {5D33B3E0-4FB3-4ED1-9106-B6EB06A3B7C2} - C:\WINDOWS\SYSTEM32\ODriveHelper.DLL

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll

O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\System32\taskswitch.exe

O4 - HKLM\..\Run: [AutoProfileRepair] "C:\Program Files\Oracle\Outlook Connector\profilerepair.exe" -msi

O4 - HKLM\..\Run: [TweakAutomaticUpdates] C:\WINDOWS\orclobi\gdswsuspatch_soon.exe /s

O4 - HKLM\..\Run: [iMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [iMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE

O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /OfficeXPHack

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe

O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe

O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe

O4 - HKLM\..\Run: [updateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r

O4 - HKLM\..\Run: [ntpgds] C:\WINDOWS\orclobi\synctime.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

O4 - HKUS\S-1-5-18\..\RunOnce: [FirefoxConfig] C:\WINDOWS\orclobi\config\firefoxconfig.exe (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [ThunderbirdConfig] C:\WINDOWS\orclobi\config\tbirdconfig.exe (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\RunOnce: [FirefoxConfig] C:\WINDOWS\orclobi\config\firefoxconfig.exe (User 'Default user')

O4 - Global Startup: Oracle Drive.lnk = C:\Program Files\Oracle\ODrive\odrive.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - D:\Program Files\AIM\aim.exe

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O14 - IERESET.INF: START_PAGE_URL=http://my.oracle.com

O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe

O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: MyDesktopService (MyDesktopWindows) - Oracle Corporation - C:\WINDOWS\orclobi\MyDesktop\MyDesktopService.exe

O23 - Service: Oracle Connector Automatic Updates Service (ocautoupds) - Oracle Corporation - C:\Program Files\Oracle\Outlook Connector\ocautoupds.exe

O23 - Service: ODrive Service (OdService) - Oracle - C:\Program Files\Oracle\ODrive\XfsSvcCon.exe

O23 - Service: QOS MyDesktop (QOSMyDesktop) - Oracle - C:\WINDOWS\orclobi\MyDesktop\MyDesktopQOS.exe

O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe

O23 - Service: Symantec Protection Agent 5.1 (SmcService) - Symantec Corporation - c:\Program Files\Symantec\SPA\smc.exe

O23 - Service: Symantec NAC Service (SNAC) - Symantec Corporation - c:\Program Files\Symantec\SPA\snac.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

--

End of file - 8375 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Weekly Incremental.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]

Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]

Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]

DriveLetterAccess - C:\WINDOWS\system32\dla\tfswshx.dll [2004-03-15 118836]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5D33B3E0-4FB3-4ED1-9106-B6EB06A3B7C2}]

ODriveAdvPropHelper Class - C:\WINDOWS\SYSTEM32\ODriveHelper.DLL [2006-09-22 86016]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]

SSVHelper Class - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll [2006-07-26 434279]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"CoolSwitch"=C:\WINDOWS\System32\taskswitch.exe [2001-10-08 45632]

"AutoProfileRepair"=C:\Program Files\Oracle\Outlook Connector\profilerepair.exe [2008-08-01 73728]

"TweakAutomaticUpdates"=C:\WINDOWS\orclobi\gdswsuspatch_soon.exe [2005-12-22 126887]

"IMJPMIG8.1"=C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2001-06-26 208949]

"IMEKRMIG6.1"=C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE [2001-06-26 44032]

"MSPY2002"=C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe [2001-06-26 77824]

"PHIME2002ASync"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2001-06-26 737357]

"PHIME2002A"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2001-06-26 737357]

"BluetoothAuthenticationAgent"=bthprops.cpl,,BluetoothAuthenticationAgent []

"SigmatelSysTrayApp"=C:\WINDOWS\stsystra.exe [2006-03-24 282624]

"igfxtray"=C:\WINDOWS\system32\igfxtray.exe [2006-07-14 94208]

"igfxhkcmd"=C:\WINDOWS\system32\hkcmd.exe [2006-07-14 77824]

"Dell QuickSet"=C:\Program Files\Dell\QuickSet\quickset.exe [2006-04-06 1032192]

"Apoint"=C:\Program Files\Apoint\Apoint.exe [2005-10-07 176128]

"dla"=C:\WINDOWS\system32\dla\tfswctrl.exe [2004-03-15 122933]

"UpdateManager"=C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe [2003-08-19 110592]

"ntpgds"=C:\WINDOWS\orclobi\synctime.exe [2003-04-07 110993]

"SunJavaUpdateSched"=C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe [2006-07-26 49263]

"ccApp"=C:\Program Files\Common Files\Symantec Shared\ccApp.exe [2007-05-29 52840]

"vptray"=C:\PROGRA~1\SYMANT~1\VPTray.exe [2007-06-06 125632]

"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2009-08-03 419088]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"ERSvc"=2

C:\Documents and Settings\All Users\Start Menu\Programs\Startup

Oracle Drive.lnk - C:\Program Files\Oracle\ODrive\odrive.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]

C:\WINDOWS\system32\igfxdev.dll [2006-07-14 139264]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon]

C:\WINDOWS\system32\NavLogon.dll [2007-06-06 43712]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\PCANotify]

C:\WINDOWS\system32\PCANotify.dll [2004-11-01 8704]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SmcService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=323

"NoDriveAutoRun"=67108863

"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveAutoRun"=

"NoDriveTypeAutoRun"=

"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 3 months======

2009-08-25 16:30:48 ----D---- C:\rsit

2009-08-25 16:27:27 ----D---- C:\Program Files\Malwarebytes' Anti-Malware

2009-08-25 16:27:27 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes

2009-08-25 16:24:15 ----D---- C:\WINDOWS\temp

2009-08-25 16:24:13 ----A---- C:\ComboFix.txt

2009-08-25 16:19:14 ----SD---- C:\ComboFix

2009-08-25 16:15:08 ----D---- C:\Program Files\Windows Installer Clean Up

2009-08-25 16:08:48 ----D---- C:\Program Files\Eusing Free Registry Cleaner

2009-08-25 11:52:29 ----RASHD---- C:\cmdcons

2009-08-25 11:48:56 ----A---- C:\WINDOWS\zip.exe

2009-08-25 11:48:56 ----A---- C:\WINDOWS\SWXCACLS.exe

2009-08-25 11:48:56 ----A---- C:\WINDOWS\SWSC.exe

2009-08-25 11:48:56 ----A---- C:\WINDOWS\SWREG.exe

2009-08-25 11:48:56 ----A---- C:\WINDOWS\sed.exe

2009-08-25 11:48:56 ----A---- C:\WINDOWS\PEV.exe

2009-08-25 11:48:56 ----A---- C:\WINDOWS\NIRCMD.exe

2009-08-25 11:48:56 ----A---- C:\WINDOWS\grep.exe

2009-08-25 11:48:52 ----D---- C:\WINDOWS\ERDNT

2009-08-25 11:48:48 ----D---- C:\Qoobox

2009-08-25 11:47:17 ----A---- C:\WINDOWS\system32\zipfldr.dll

2009-08-24 18:35:24 ----D---- C:\Program Files\Trend Micro

2009-08-17 16:07:44 ----D---- C:\Documents and Settings\TEMP\Application Data\WinRAR

2009-08-17 16:07:13 ----D---- C:\Program Files\WinRAR

2009-07-27 14:50:06 ----AD---- C:\Documents and Settings\TEMP\Application Data\.purple.bak.1

2009-07-10 14:42:46 ----D---- C:\Program Files\Yahoo SiteBuilder

2009-07-10 14:34:59 ----D---- C:\Program Files\MSECache

======List of files/folders modified in the last 3 months======

2009-08-25 16:30:32 ----D---- C:\WINDOWS\Prefetch

2009-08-25 16:29:31 ----D---- C:\Program Files\Mozilla Firefox

2009-08-25 16:27:28 ----D---- C:\WINDOWS\system32\drivers

2009-08-25 16:27:27 ----RD---- C:\Program Files

2009-08-25 16:24:15 ----D---- C:\WINDOWS\system32

2009-08-25 16:24:15 ----D---- C:\WINDOWS

2009-08-25 16:22:54 ----A---- C:\WINDOWS\system.ini

2009-08-25 16:21:57 ----D---- C:\WINDOWS\AppPatch

2009-08-25 16:21:54 ----D---- C:\Program Files\Common Files

2009-08-25 16:19:53 ----D---- C:\WINDOWS\system32\CatRoot2

2009-08-25 16:19:35 ----A---- C:\WINDOWS\SchedLgU.Txt

2009-08-25 16:19:18 ----D---- C:\WINDOWS\system32\Restore

2009-08-25 16:19:17 ----SHD---- C:\System Volume Information

2009-08-25 16:18:44 ----D---- C:\Program Files\Symantec AntiVirus

2009-08-25 16:17:56 ----SHD---- C:\WINDOWS\Installer

2009-08-25 16:15:09 ----SD---- C:\Documents and Settings\TEMP\Application Data\Microsoft

2009-08-25 14:56:02 ----SD---- C:\WINDOWS\Tasks

2009-08-25 13:18:19 ----AC---- C:\WINDOWS\system32\PerfStringBackup.INI

2009-08-25 12:05:16 ----RSHD---- C:\WINDOWS\system32\dllcache

2009-08-25 11:57:59 ----D---- C:\Program Files\Spybot - Search & Destroy

2009-08-25 11:57:01 ----D---- C:\WINDOWS\system32\config

2009-08-25 11:52:33 ----RASH---- C:\boot.ini

2009-08-25 10:15:27 ----HD---- C:\WINDOWS\inf

2009-08-18 19:10:51 ----D---- C:\WINDOWS\Help

2009-08-18 08:43:42 ----D---- C:\Program Files\Mozilla Thunderbird

2009-08-10 15:33:08 ----D---- C:\Documents and Settings\TEMP\Application Data\Jabber MomentIM

2009-08-04 08:29:57 ----SHD---- C:\WINDOWS\CSC

2009-07-29 12:26:34 ----D---- C:\Documents and Settings\TEMP\Application Data\SSH

2009-07-27 15:02:01 ----D---- C:\Documents and Settings\TEMP\Application Data\Mozilla

2009-07-27 14:50:14 ----D---- C:\Documents and Settings\TEMP\Application Data\Real

2009-07-27 14:50:14 ----D---- C:\Documents and Settings\TEMP\Application Data\Oracle

2009-07-27 14:50:06 ----D---- C:\Documents and Settings\TEMP\Application Data\Adobe

2009-07-27 14:49:51 ----D---- C:\WINDOWS\ORCLOBI

2009-07-27 14:49:50 ----D---- C:\Program Files\Pidgin

2009-07-10 16:25:44 ----D---- C:\Documents and Settings\TEMP\Application Data\gtk-2.0

2009-07-10 14:35:15 ----RSD---- C:\WINDOWS\Fonts

2009-07-10 14:35:10 ----D---- C:\Program Files\microsoft office

2009-07-10 14:35:10 ----D---- C:\Program Files\Common Files\Microsoft Shared

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 APPDRV;APPDRV; C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS [2005-08-12 16128]

R1 AW_HOST;AW_HOST; C:\WINDOWS\system32\drivers\aw_host5.sys [2003-10-23 16984]

R1 awecho;awecho; C:\WINDOWS\system32\drivers\awechomd.sys [2004-03-05 8368]

R1 awlegacy;awlegacy; C:\WINDOWS\System32\Drivers\awlegacy.sys [2003-11-17 11165]

R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys []

R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2004-08-04 36096]

R1 SAVRT;SAVRT; \??\C:\Program Files\Symantec AntiVirus\savrt.sys []

R1 SAVRTPEL;SAVRTPEL; \??\C:\Program Files\Symantec AntiVirus\Savrtpel.sys []

R1 sscdbhk5;sscdbhk5; C:\WINDOWS\system32\drivers\sscdbhk5.sys [2004-01-14 5621]

R1 ssrtln;ssrtln; C:\WINDOWS\system32\drivers\ssrtln.sys [2004-01-14 23219]

R1 TDFSD;TDFSD; C:\WINDOWS\System32\Drivers\TDFSD.sys [2006-09-22 938592]

R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2004-08-04 8832]

R1 wpsdrvnt;wpsdrvnt; \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys []

R2 CdpPacket;Cisco Discovery Protocol Packet Driver; C:\WINDOWS\system32\DRIVERS\CdpPacket.sys [2008-01-24 35692]

R2 CVPNDRVA;Cisco Systems Inc. IPSec Driver; \??\C:\WINDOWS\system32\Drivers\CVPNDRVA.sys []

R2 drvnddm;drvnddm; C:\WINDOWS\system32\drivers\drvnddm.sys [2004-02-27 40480]

R2 irda;IrDA Protocol; C:\WINDOWS\system32\DRIVERS\irda.sys [2004-08-04 87424]

R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2005-10-04 12544]

R2 tfsnboio;tfsnboio; C:\WINDOWS\system32\dla\tfsnboio.sys [2004-03-15 25685]

R2 tfsncofs;tfsncofs; C:\WINDOWS\system32\dla\tfsncofs.sys [2004-03-15 34837]

R2 tfsndrct;tfsndrct; C:\WINDOWS\system32\dla\tfsndrct.sys [2004-03-15 4117]

R2 tfsndres;tfsndres; C:\WINDOWS\system32\dla\tfsndres.sys [2004-03-15 2233]

R2 tfsnifs;tfsnifs; C:\WINDOWS\system32\dla\tfsnifs.sys [2004-03-15 85972]

R2 tfsnopio;tfsnopio; C:\WINDOWS\system32\dla\tfsnopio.sys [2004-03-15 14229]

R2 tfsnpool;tfsnpool; C:\WINDOWS\system32\dla\tfsnpool.sys [2004-03-15 6357]

R2 tfsnudf;tfsnudf; C:\WINDOWS\system32\dla\tfsnudf.sys [2004-03-15 98580]

R2 tfsnudfa;tfsnudfa; C:\WINDOWS\system32\dla\tfsnudfa.sys [2004-03-15 100597]

R2 wg3n;SyGate for NT, wg3n; C:\WINDOWS\SYSTEM32\Drivers\wg3n.sys [2007-01-10 15440]

R2 wg4n;SyGate for NT, wg4n; C:\WINDOWS\SYSTEM32\Drivers\wg4n.sys [2007-01-10 15440]

R2 wg5n;SyGate for NT, wg5n; C:\WINDOWS\SYSTEM32\Drivers\wg5n.sys [2007-01-10 15440]

R2 wg6n;SyGate for NT, wg6n; C:\WINDOWS\SYSTEM32\Drivers\wg6n.sys [2007-01-10 15440]

R2 WGX;Extend WG Protocol Driver; C:\WINDOWS\SYSTEM32\Drivers\WGX.sys [2007-01-10 26192]

R3 ApfiltrService;Alps Touch Pad Filter Driver for Windows 2000/XP; C:\WINDOWS\system32\DRIVERS\Apfiltr.sys [2005-09-28 113847]

R3 b57w2k;Broadcom NetXtreme Gigabit Ethernet; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2006-03-09 152064]

R3 BthEnum;Bluetooth Request Block Driver; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2004-08-04 17024]

R3 BthPan;Bluetooth Device (Personal Area Network); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2004-08-04 100992]

R3 BTHUSB;Bluetooth Radio USB Driver; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2004-08-04 18944]

R3 catchme;catchme; \??\C:\DOCUME~1\TEMP\LOCALS~1\Temp\catchme.sys []

R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2004-08-04 14080]

R3 DNE;Deterministic Network Enhancer Miniport; C:\WINDOWS\system32\DRIVERS\dne2000.sys [2005-08-18 110080]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys []

R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]

R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSX_DPV.sys [2005-12-01 936960]

R3 HSXHWAZL;HSXHWAZL; C:\WINDOWS\system32\DRIVERS\HSXHWAZL.sys [2005-12-01 192512]

R3 ialm;ialm; C:\WINDOWS\System32\DRIVERS\ialmnt5.sys [2006-07-14 1170140]

R3 NAVENG;NAVENG; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20090825.004\naveng.sys []

R3 NAVEX15;NAVEX15; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20090825.004\navex15.sys []

R3 NWADI;NWADI Bus Enumerator; C:\WINDOWS\system32\DRIVERS\NWADIenum.sys [2007-04-19 194048]

R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]

R3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2004-08-04 59648]

R3 SMCIRDA;SMC IrCC Miniport Device Driver; C:\WINDOWS\system32\DRIVERS\smcirda.sys [2004-10-19 38425]

R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2006-03-24 1156648]

R3 SymEvent;SymEvent; \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS []

R3 USBCCID;USB Smart Card reader; C:\WINDOWS\system32\DRIVERS\usbccid.sys [2005-05-13 28672]

R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-04 26624]

R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2004-08-04 57600]

R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2004-08-04 20480]

R3 w39n51;Intel® PRO/Wireless 3945ABG Adapter Driver; C:\WINDOWS\system32\DRIVERS\w39n51.sys [2005-12-05 1428096]

R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys [2005-12-01 669696]

S1 {6080A529-897E-4629-A488-ABA0C29B635E};Intel® Graphics Platform (SoftBIOS) Driver; C:\WINDOWS\system32\drivers\ialmsbw.sys [2002-06-21 90784]

S1 dsload;dsload; C:\WINDOWS\System32\drivers\dsload.sys [2006-01-30 10910]

S2 PMEMNT;PMEMNT; \??\C:\WINDOWS\pmemnt.sys []

S3 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91};Intel® Graphics Chipset (KCH) Driver; C:\WINDOWS\system32\drivers\ialmkchw.sys [2002-06-21 69792]

S3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2004-10-19 4816]

S3 BTHPORT;Bluetooth Port Driver; C:\WINDOWS\System32\Drivers\BTHport.sys [2004-08-04 274304]

S3 CVirtA;Cisco Systems VPN Adapter; C:\WINDOWS\system32\DRIVERS\CVirtA.sys [2005-05-17 5315]

S3 E1000;Intel® PRO/1000 Adapter Driver; C:\WINDOWS\System32\DRIVERS\e1000325.sys [2002-11-12 99840]

S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]

S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2004-06-22 51088]

S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2004-06-22 16496]

S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2004-06-22 21744]

S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]

S3 NWUSBModem;Novatel Wireless USB Modem Driver; C:\WINDOWS\system32\DRIVERS\nwusbmdm.sys [2007-04-19 99200]

S3 NWUSBPort;Novatel Wireless USB Status Port Driver; C:\WINDOWS\system32\DRIVERS\nwusbser.sys [2007-04-19 99200]

S3 SMNDIS5;SMNDIS5 NDIS Protocol Driver; \??\C:\PROGRA~1\VERIZO~1\VZACCE~1\SMNDIS5.SYS []

S3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2004-10-19 612352]

S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]

S3 SPBBCDrv;SPBBCDrv; \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys []

S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-04 59264]

S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-04 31616]

S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]

S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]

S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]

S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]

S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

S4 SysGuard;SysGuard; C:\WINDOWS\System32\Drivers\Sysguard.sys [2007-01-10 44544]

S4 SysPlant;SysPlant for NT; C:\WINDOWS\SYSTEM32\Drivers\SysPlant.sys [2007-01-10 94416]

S4 vsdatant;vsdatant; C:\WINDOWS\system32\drivers\vsdatant.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]

R2 ccEvtMgr;Symantec Event Manager; C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe [2007-05-29 192104]

R2 ccSetMgr;Symantec Settings Manager; C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe [2007-05-29 169576]

R2 CVPND;Cisco Systems, Inc. VPN Service; C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe [2005-11-04 1516584]

R2 DefWatch;Symantec AntiVirus Definition Watcher; C:\Program Files\Symantec AntiVirus\DefWatch.exe [2007-06-06 31424]

R2 Irmon;Infrared Monitor; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]

R2 MyDesktopWindows;MyDesktopService; C:\WINDOWS\orclobi\MyDesktop\MyDesktopService.exe [2009-06-26 998400]

R2 ocautoupds;Oracle Connector Automatic Updates Service; C:\Program Files\Oracle\Outlook Connector\ocautoupds.exe [2008-08-01 69632]

R2 OdService;ODrive Service; C:\Program Files\Oracle\ODrive\XfsSvcCon.exe [2006-09-22 33792]

R2 QOSMyDesktop;QOS MyDesktop; C:\WINDOWS\orclobi\MyDesktop\MyDesktopQOS.exe [2008-12-04 470016]

R2 SavRoam;SAVRoam; C:\Program Files\Symantec AntiVirus\SavRoam.exe [2007-06-06 116928]

R2 SmcService;Symantec Protection Agent 5.1; c:\Program Files\Symantec\SPA\smc.exe [2007-01-10 2508368]

R2 SNAC;Symantec NAC Service; c:\Program Files\Symantec\SPA\snac.exe [2007-01-10 222800]

R2 Symantec AntiVirus;Symantec AntiVirus; C:\Program Files\Symantec AntiVirus\Rtvscan.exe [2007-06-06 1821376]

S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-04-13 33632]

S3 awhost32;pcAnywhere Host Service; C:\Program Files\Symantec\pcAnywhere\awhost32.exe [2004-11-01 106496]

S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-04-13 68952]

S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2006-09-02 2528960]

S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2004-12-16 89136]

S3 SPBBCSvc;Symantec SPBBCSvc; C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe [2007-01-10 1160792]

S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]

S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]

-----------------EOF-----------------

Link to post
Share on other sites

You have a lot of weird things running at startup, but I will assume that some of the stranger ones are things you installed and use.

My first suggestion is to turn off your anti-virus, uninstall Malwarebytes' Anti-Malware, restart your computer, turn off your anti-virus again, download and run this utility, allow it to restart your computer, turn off your anti-virus again, and then download and install a fresh copy of Malwarebytes' Anti-Malware from this list.

Link to post
Share on other sites

  • 5 months later...

Hi, I have just experienced the sysguard.exe problem with the pop ups and tried all of the online advice to get rid except downloading so called removal tools. I then downloaded the free version of malwarebytes anti malware but it would not open giving "runtime errors" etc. I used system restore in safe mode to take the computer back one week and tried again and anti malware started no problem. I then ran it but it was unable to find any problem. I suspected a free download of cute pdf to be the offending downlaod but I have no proof, although cute pdf is no longer an option in the printers folder.

I have now upgraded and bought the full program and I am currently running a scan, but my gut feeling is that nothing will be found (nothing was found when I ran the free version) although since the system restore the computer appears to be running normally.

I hope this helps getting malwarebytes to run but I am concerned that my PC is not "clean"

Any help would be greatly appreciated.

Chris

Link to post
Share on other sites

@ chriscom dont forget to make sure and do an update to Malwarebytes before you do your quick scan.

thanks, I did the update, before I did the scan and the custom scan is now complete and did not find any problems!

Odd is'nt it. I am particularly suprised that the cute pdf writer has gone from printers. Would a system restore have lost a printer like that?

Anyway my gut feeling is that I still have an issue with this sysguard.exe file but it all seems to be working fine. Maybe it is lying low keystroke logging?

Has malwarebytes found and eliminated this problem before?

Thanks again

Chris

Link to post
Share on other sites

  • Root Admin

@cjmac27

You appear to have at least one file that is potentially a valid file but is running from the wrong location which is a good indicator of an infection.

You also appear to have ZoneAlarm or at least a portion of it still left over which can block MBAM as well.

Please follow the advice below.

We don't work on Malware removal in the general forums.

Please print out, read and follow the directions here, skipping any steps you are unable to complete. Then post a NEW topic here.

One of the expert helpers there will give you one-on-one assistance when one becomes available.

After posting your new post make sure under options that you select Track this topic and choose one of the Email options so that you're alerted when someon has replied to your post.

Alternatively, as a paying customer, you can contact the help desk at support@malwarebytes.org

@chriscom

You should not post into another user post if you want specific help. You can reference another users post but you should create your own.

If you feel you have something running still then you too should post a new log in the HJT forum and seek assistance.

I will close this post now as any futher analysis should be done via the HJT forum.

Thank you.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.