Jump to content

Spooler Subsystem App has encounted a problem...


Emi

Recommended Posts

I was suggested to post my new printer problem here after the post in HijackThisLog forum.

http://forums.malwarebytes.org/index.php?showtopic=62276

After cleaning up my pc (windows xp) according to the directions in the forum above, I hooked up my printer Oki C5300 (not printing was my original problem), and tried to re-install it following "printers and faxes" "add a printer". It stopped and gave error mssg "Spooler Subsytem App has encountered a problem and need to close. Sorry". ....? I googled that message and some said there's still a virus...? Am I supposed to download a printer driver and put it somewhere first? I'm afraid to do ANYTHING without being told now... please help, thanks...

Link to post
Share on other sites

Hi -

Did that printer come with an install CD or similar ?? -

These items (CD's) usually contain the 'drivers' for your printer - This sounds like the problem -

Thank You -

EDIT -

Please visit http://driverscollection.com/?H=C5300&By=OKI this page linked here to see if there are drivers to load -

Only use the link posted containing Download OKI C5300 Microsoft Certified Driver v.1.8.0 on that page -

Many of the others are only Advertising -

Link to post
Share on other sites

I'm back to square one...

-I put installation CD from Okidata (pretty old), and it gave error "CDinst.exe has encountered problem and need to close."

Sorry I can't remember the order I did but:

-I ran Dell diagnostics, and it fixed "Printer Service" or something.

-I followed microsoft instruction to run spooler.

-Then I can't remember exactly when but suddenly OkiC5300 icon showed up in "Printers and Faxes", I could change default printer to C5300, but when I click preferences, then it gives this mssg "Function address ox68647646 caused a protection fault. (exception code 0xc0000094), Some or all property page may not be displayed." that was the mssg I was getting before malware cleanup.

-Add Printer's Plug and Play still doesn't work no matter how many times I reboot computer and re-plug the printer. It gives "Spooler Subsystem App has encountered a problem." So I went to "Run" CDinst.exe from installation CD, then Oki's installation wizard came up and I could click "install printer driver". But then it asked me to remove "older version of driver 2.0.0.0 in order to install the "new driver 1.0.0.0" because the CD is old.

-I downloaded the new driver but that just overwrite existing files.

-I tried to print from Microsoft Word to see if it prints (it did before cleanup), which crashed, went into Microsoft Office Diagnostics, couldn't find or solve it, now it's circling error mssg "Word has encountered problem and needs to close", and try to go into safe mode, crashes and gives the same error mssg, over and over.... I need to reboot. I'll be back...

This is making me crazy!

Thanks for your help

Link to post
Share on other sites

:):)

It's printing!!!!! Thank you!!!!!

What I did after my last post was to call Okidata support, the rep told me to delete all printers and remove drivers. I had HP C4480 too and she actually said that maybe the cause. I still had "protection fault" every time I try to open "printer preferences" while I'm trying to delete the printers/drivers. So she told me to go to HP website, download "Scrubber Utility" and ran it. It went through, but then I still had problem re-installing Oki printer. So I followed your link, although "Fix It" didn't go through automatically, I manually deleted spool printer and driver files, remove registry entries. Now it's printing! I've been dealing with this for over a week, hurt my back during moving heavy printer form room to room. Now I'm back in business! Thank you!! Including all other people who helped me in other forums!

Link to post
Share on other sites

It WAS printing until today.... (spooler subsystem has encountered problems, RTC is unavailable, etc...) ????? So I did the same fix above, reinstalled printer and driver, and they seem to be in place, but this time is not working.... still application crases when print, protection fault, etc. .... Malwarebytes scan comes out clean. I can't even try to restore system this time since there is no checkpoint! Does this mean my XP is corrupt and I need to reinstall? Are there any other options before that? .... thank you for any input...!

Link to post
Share on other sites

  • Root Admin

Please run the following and post back the information requested

STEP 01

Download
DDS
and save it to your desktop

Disable any script blocker if your Anti-Virus/Anti-Malware has it.

Once downloaded you can disconnect from the Internet and disable your Ant-Virus temporarily if needed.

Then double click
dds.scr
to run the tool.

When done, the
DDS.txt
will open.

Click Yes at the next prompt for Optional Scan.

    When done, DDS will open two (2) logs:

  1. DDS.txt

  2. Attach.txt

  • Save both reports to your desktop

  • Please include the following logs in your next reply:
    DDS.txt
    and
    Attach.txt

STEP 02

Click on START - RUN and copy / paste the entry below into the run line and click OK

CMD /C NETSH FIREWALL RESET

Click on START - RUN and copy / paste the entry below into the run line and click OK

CMD /C NETSH int ip reset c:\resetlog.txt

Click on START - RUN and copy / paste the entry below into the run line and click OK

CMD /C netsh winsock reset catalog

STEP 03

    Download and install CCleaner
  • CCleaner
  • Double-click on the downloaded file "ccsetup235_slim.exe" and install the application.
  • Keep the default installation folder "C:\Program Files\CCleaner"
  • Click finish when done and close ALL PROGRAMS including your Web Browser
  • Start the CCleaner program.
  • Click on Registry and Uncheck Registry Integrity so that it does not run (basically the very top, uncheck it)
  • Click on Options - Advanced and Uncheck "Only delete files in Windows Temp folders older than 48 hours"
  • Click back to Cleaner and under SYSTEM uncheck the Memory Dumps and Windows Log Files
  • Click on Run Cleaner button on the bottom right side of the program.
  • Click OK to any prompts

STEP 04

You may have corrupted files on your disk. Please try running the following.

First close ALL Applications as this routine will automatically restart your computer.

Click on START - RUN and copy / paste the following entry into the box and click OK

CMD /C ECHO Y|CHKDSK C: /R | SHUTDOWN /R /T 30

STEP 05

SHUT DOWN and power off the printer for a couple minutes and then plug it back in.

Now rerun that tool from Microsoft and try to reinstall your printer after the reboot and let us know how things are going.

Link to post
Share on other sites

I did the above, and when rebooted, it gave "Spooler Subsystem App" error. Then I tried to add printer, and got "Spooler service is not running." From Admin Tools - Services, I started Print Spooler. Then again tried to add printer, but printer wizard didn't give me any option at "select a printer port", it was all blank. :P

Here is DDS.txt and attach.txt (am I supposed to attach this? Last time I attached it but I've been told to post it)

Thanks for your time...

DDS (Ver_10-03-17.01) - NTFSx86

Run by Master at 8:19:36.18 on 09/22/2010 Wed

Internet Explorer: 8.0.6001.18702

Microsoft Windows XP Professional 5.1.2600.3.932.81.1033.18.3061.2387 [GMT -5:00]

AV: Kaspersky Internet Security *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}

FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe

C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe

C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\FileHippo.com\UpdateChecker.exe

C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe

C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe

svchost.exe

C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe

C:\Program Files\Java\jre6\bin\jqs.exe

c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe

C:\Program Files\Microsoft SQL Server\MSSQL$SHIPWORKS\Binn\sqlservr.exe

C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe

C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe

C:\Program Files\Dell Support Center\bin\sprtsvc.exe

c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\WINDOWS\system32\wscntfy.exe

C:\Documents and Settings\Master\Desktop\dds.scr

C:\WINDOWS\system32\conime.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/

mStart Page = hxxp://www.maxiwe.com/

uInternet Settings,ProxyOverride = *.local

uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll

BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\program files\kaspersky lab\kaspersky internet security 2010\ievkbd.dll

BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - c:\program files\kaspersky lab\kaspersky internet security 2010\klwtbbho.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll

TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [FileHippo.com] "c:\program files\filehippo.com\UpdateChecker.exe" /background

mRun: [RTHDCPL] RTHDCPL.EXE

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [Dell DataSafe Online] "c:\program files\dell datasafe online\DataSafeOnline.exe" /m

mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter

mRun: [iMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

mRun: [iMEKRMIG6.1] c:\windows\ime\imkr6_1\IMEKRMIG.EXE

mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC

mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC

mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName

mRun: [Corel Photo Downloader] "c:\program files\common files\corel\corel photodownloader\Corel Photo Downloader.exe" -startup

mRun: [Corel File Shell Monitor] c:\program files\corel\corel paint shop pro photo x2\CorelIOMonitor.exe

mRun: [intuit SyncManager] c:\program files\common files\intuit\sync\IntuitSyncManager.exe startup

mRun: [avp] "c:\program files\kaspersky lab\kaspersky internet security 2010\avp.exe"

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [userFaultCheck] %systemroot%\system32\dumprep 0 -u

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\servic~1.lnk - c:\program files\microsoft sql server\80\tools\binn\sqlmangr.exe

IE: Add to Anti-Banner - c:\program files\kaspersky lab\kaspersky internet security 2010\ie_banner_deny.htm

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - {85E0B171-04FA-11D1-B7DA-00A0C90348D6} - c:\program files\kaspersky lab\kaspersky internet security 2009\SCIEPlgn.dll

IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - c:\program files\kaspersky lab\kaspersky internet security 2010\klwtbbho.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL

IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files\kaspersky lab\kaspersky internet security 2010\klwtbbho.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll

Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - c:\program files\intuit\quickbooks 2009\HelpAsyncPluggableProtocol.dll

Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll

Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll

Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll

Notify: igfxcui - igfxdev.dll

Notify: klogon - c:\windows\system32\klogon.dll

AppInit_DLLs: c:\progra~1\kasper~1\kasper~2\kloehk.dll

============= SERVICES / DRIVERS ===============

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-1-29 36880]

R1 kl1;Kl1;c:\windows\system32\drivers\kl1.sys [2009-9-1 128016]

R1 KLIF;Kaspersky Lab Driver;c:\windows\system32\drivers\klif.sys [2009-2-11 315408]

R2 AVP;Kaspersky Internet Security;c:\program files\kaspersky lab\kaspersky internet security 2010\avp.exe [2009-10-20 340520]

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\sitead~1\mcsacore.exe [2010-9-15 88176]

R2 MSSQL$SHIPWORKS;MSSQL$SHIPWORKS;c:\program files\microsoft sql server\mssql$shipworks\binn\sqlservr.exe -sshipworks --> c:\program files\microsoft sql server\mssql$shipworks\binn\sqlservr.exe -sSHIPWORKS [?]

R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\drivers\klfltdev.sys [2008-3-13 26640]

R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2009-9-14 32272]

R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2009-10-2 19472]

S3 SQLAgent$SHIPWORKS;SQLAgent$SHIPWORKS;c:\program files\microsoft sql server\mssql$shipworks\binn\sqlagent.exe -i shipworks --> c:\program files\microsoft sql server\mssql$shipworks\binn\sqlagent.EXE -i SHIPWORKS [?]

S3 Srssscatfnt;Srssscatfnt; [x]

=============== Created Last 30 ================

2010-09-15 23:28:20 0 dc----w- c:\docume~1\master\applic~1\Foxit Software

2010-09-15 23:28:19 0 dc----w- c:\docume~1\master\applic~1\Foxit

2010-09-15 23:28:10 0 dc----w- c:\program files\Foxit Software

2010-09-15 14:14:09 200 -c--a-w- c:\windows\WININIT.INI

2010-09-15 12:53:36 0 dc----w- c:\program files\common files\McAfee

2010-09-15 12:53:31 0 dc----w- c:\program files\McAfee

2010-09-15 12:40:26 0 dc----w- c:\program files\FileHippo.com

2010-09-15 01:46:45 0 dc----w- c:\program files\SpywareBlaster

2010-09-14 01:05:34 375 -c--a-w- c:\windows\OPLN.INI

2010-09-14 01:05:34 17420 -c--a-w- c:\windows\system32\OPC5300.cah

2010-09-14 01:05:34 13076 -c--a-w- c:\windows\system32\OPLN_M00.cah

2010-09-14 01:02:15 808 -c----w- c:\windows\system32\OKIPAR.DAT

2010-09-14 01:02:15 61440 -c----w- c:\windows\system32\OPPARMON.DLL

2010-09-14 01:02:15 45056 -c----w- c:\windows\system32\OPDEVACC.DLL

2010-09-14 01:02:15 36320 -c----w- c:\windows\system32\drivers\OKIPAR.SYS

2010-09-14 01:02:15 32768 -c----w- c:\windows\system32\OPLPTACC.DLL

2010-09-13 23:53:36 0 dc----w- C:\RegBack

2010-09-13 23:53:25 0 dc----w- c:\windows\system32\NtmsData

2010-09-13 23:51:57 0 dc----w- c:\program files\ACW

2010-09-13 17:21:19 531768 -c--a-w- C:\WindowsXP-KB924078-x86-ENU.exe

2010-09-11 20:44:29 0 dc----w- c:\program files\ESET

2010-09-10 18:15:49 0 dcsha-r- C:\cmdcons

2010-09-09 13:52:08 3278 -c--a-w- c:\windows\system32\wbem\Outlook_01cb5026320fbc64.mof

2010-09-08 16:12:50 0 -c--a-w- c:\documents and settings\master\defogger_reenable

2010-09-08 14:37:49 0 dc----w- c:\windows\SxsCaPendDel

2010-09-08 12:51:44 0 dc----w- c:\docume~1\master\applic~1\Malwarebytes

2010-09-08 12:51:08 38224 -c--a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-09-08 12:51:07 0 dc----w- c:\docume~1\alluse~1\applic~1\Malwarebytes

2010-09-08 12:51:06 20952 -c--a-w- c:\windows\system32\drivers\mbam.sys

2010-09-08 12:51:06 0 dc----w- c:\program files\Malwarebytes' Anti-Malware

2010-09-06 00:48:39 0 dc----w- c:\windows\system32\wbem\Repository

2010-09-05 22:33:02 0 dc----w- C:\spoolerlogs

==================== Find3M ====================

2010-09-14 13:59:20 848 -csha-w- c:\docume~1\alluse~1\applic~1\KGyGaAvL.sys

2010-09-12 13:27:59 423656 -c--a-w- c:\windows\system32\deployJava1.dll

2010-08-21 21:08:14 65792 -c-ha-w- c:\windows\system32\mlfcache.dat

2010-08-17 13:17:06 58880 -c--a-w- c:\windows\system32\spoolsv.exe

2010-07-29 15:12:49 97549 -c--a-w- c:\windows\system32\drivers\klick.dat

2010-07-29 15:12:49 113933 -c--a-w- c:\windows\system32\drivers\klin.dat

2010-07-22 15:49:15 590848 -c--a-w- c:\windows\system32\rpcrt4.dll

2010-07-22 05:57:20 5120 -c--a-w- c:\windows\system32\xpsp4res.dll

2010-06-30 12:31:35 149504 -c--a-w- c:\windows\system32\schannel.dll

2006-08-10 02:52:04 17795 -c--a-w- c:\program files\ok715.cat

2006-08-08 16:09:28 2357 -c--a-w- c:\program files\OK715.inf

2006-07-18 18:17:50 37376 -c--a-w- c:\program files\OPLXSLOC.DLL

2006-07-18 18:17:50 1604096 -c--a-w- c:\program files\OPLXRLOC.DLL

2006-05-16 21:09:02 60222 -c--a-w- c:\program files\OPLX.HLP

2006-02-27 15:27:26 241 -c--a-w- c:\program files\Oplx.dat

2006-02-27 15:26:52 205 -c--a-w- c:\program files\ok01du3c.cap

2005-11-07 14:26:14 564736 -c--a-w- c:\program files\OPLX_UI.dll

2005-11-07 14:25:56 650240 -c--a-w- c:\program files\OPLX_UM.dll

2005-10-26 21:50:02 98304 -c--a-w- c:\program files\OPLNLSCU.DLL

2005-10-21 02:33:32 27136 -c--a-w- c:\program files\oklmon64.dll

2005-10-14 20:57:36 6144 -c--a-w- c:\program files\OPLX_M00.DLL

2005-10-14 20:45:22 37376 -c--a-w- c:\program files\OPLAPP3.dll

2005-10-14 20:36:06 94720 -c--a-w- c:\program files\OPLX_F00.dll

2005-10-14 20:09:02 41 -c--a-w- c:\program files\OK715.ver

2005-08-26 22:53:30 6277 -c--a-w- c:\program files\Op53v2.dat

2004-06-10 00:42:06 7870 -c--a-w- c:\program files\OPLX_M00.DAT

2002-11-12 07:01:00 322 -c--a-w- c:\program files\Mlredi02.ASP

2002-11-01 23:05:18 228 -c--a-w- c:\program files\Okccm012.bin

2002-09-12 08:03:00 2825 -c--a-w- c:\program files\opne000e.scr

2002-06-26 16:16:08 228 -c--a-w- c:\program files\Okccm015.bin

2002-06-26 16:16:08 228 -c--a-w- c:\program files\Okccm014.bin

2002-06-26 16:16:08 228 -c--a-w- c:\program files\Okccm013.bin

2002-06-26 16:16:08 228 -c--a-w- c:\program files\Okccm011.bin

2002-06-20 16:36:38 694 -c--a-w- c:\program files\OPLX_S00.DAT

2002-06-08 01:55:46 34 -c--a-w- c:\program files\Ok048u0l.ccm

2009-11-06 14:14:17 3533856 -csha-w- c:\windows\system32\drivers\fidbox.dat

2009-11-06 14:14:17 696352 -csha-w- c:\windows\system32\drivers\fidbox2.dat

============= FINISH: 8:19:57.62 ===============

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume2

Install Date: 2/11/2009 7:07:19 PM

System Uptime: 9/22/2010 6:02:21 AM (2 hours ago)

Motherboard: Dell Inc. | | 0RY007

Processor: Intel® Core2 Duo CPU E7300 @ 2.66GHz | Socket 775 | 2660/266mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 466 GiB total, 446.251 GiB free.

D: is CDROM (CDFS)

E: is Removable

F: is Removable

G: is Removable

H: is Removable

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP1: 9/21/2010 4:34:38 PM - System Checkpoint

==== Installed Programs ======================

Adobe Flash Player 10 Plugin

Business Contact Manager for Outlook 2007

Canon CanoScan Toolbox 4.6

Corel Paint Shop Pro Photo X2

DAZzle

Dell DataSafe Online

Dell Driver Reset Tool

Dell Support Center (Support Software)

DYMO Printable Postage

ESET Online Scanner v3

EVGA Display Driver

FileHippo.com Update Checker

Foxit Reader

GoToAssist 8.0.0.514

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows XP (KB952287)

Hotfix for Windows XP (KB953955)

Hotfix for Windows XP (KB954434)

Hotfix for Windows XP (KB954550-v5)

Hotfix for Windows XP (KB954708)

Hotfix for Windows XP (KB958347)

Hotfix for Windows XP (KB959252)

Hotfix for Windows XP (KB961118)

Hotfix for Windows XP (KB970653-v3)

Hotfix for Windows XP (KB976098-v2)

Hotfix for Windows XP (KB979306)

Hotfix for Windows XP (KB981793)

Intel® Graphics Media Accelerator Driver

Intel® PRO Network Connections Drivers

Java Auto Updater

Java 6 Update 21

Jw_cad

Kaspersky Internet Security 2010

Malwarebytes' Anti-Malware

McAfee SiteAdvisor

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Security Update (KB979906)

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft Application Error Reporting

Microsoft Internationalized Domain Names Mitigation APIs

Microsoft National Language Support Downlevel APIs

Microsoft Office 2003 Web Components

Microsoft Office 2007 Primary Interop Assemblies

Microsoft Office Excel MUI (English) 2007

Microsoft Office Outlook MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Publisher MUI (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Small Business 2007

Microsoft Office Small Business Connectivity Components

Microsoft Office Word MUI (English) 2007

Microsoft Software Update for Web Folders (English) 12

Microsoft SQL Server 2005

Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)

Microsoft SQL Server Desktop Engine (SHIPWORKS)

Microsoft SQL Server Native Client

Microsoft SQL Server Setup Support Files (English)

Microsoft SQL Server VSS Writer

Microsoft Visual C++ 2005 Redistributable

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MSXML 4.0 SP2 Parser and SDK

MSXML 6.0 Parser

QuickBooks

QuickBooks Pro 2009

Realtek High Definition Audio Driver

SeaMonkey (1.1.17)

SeaMonkey (2.0.8)

Security Update for Windows Internet Explorer 7 (KB938127-v2)

Security Update for Windows Internet Explorer 7 (KB956390)

Security Update for Windows Internet Explorer 7 (KB961260)

Security Update for Windows Internet Explorer 7 (KB963027)

Security Update for Windows Internet Explorer 7 (KB969897)

Security Update for Windows Internet Explorer 8 (KB2183461)

Security Update for Windows Internet Explorer 8 (KB971961)

Security Update for Windows Internet Explorer 8 (KB974455)

Security Update for Windows Internet Explorer 8 (KB976325)

Security Update for Windows Internet Explorer 8 (KB978207)

Security Update for Windows Internet Explorer 8 (KB981332)

Security Update for Windows Internet Explorer 8 (KB982381)

Security Update for Windows Media Player (KB952069)

Security Update for Windows Media Player (KB954155)

Security Update for Windows Media Player (KB968816)

Security Update for Windows Media Player (KB973540)

Security Update for Windows Media Player (KB975558)

Security Update for Windows Media Player (KB978695)

Security Update for Windows Media Player (KB979402)

Security Update for Windows XP (KB2079403)

Security Update for Windows XP (KB2115168)

Security Update for Windows XP (KB2121546)

Security Update for Windows XP (KB2160329)

Security Update for Windows XP (KB2229593)

Security Update for Windows XP (KB2259922)

Security Update for Windows XP (KB2286198)

Security Update for Windows XP (KB2347290)

Security Update for Windows XP (KB923561)

Security Update for Windows XP (KB938464)

Security Update for Windows XP (KB946648)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB951066)

Security Update for Windows XP (KB951376-v2)

Security Update for Windows XP (KB951698)

Security Update for Windows XP (KB951748)

Security Update for Windows XP (KB952004)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB954211)

Security Update for Windows XP (KB954459)

Security Update for Windows XP (KB954600)

Security Update for Windows XP (KB955069)

Security Update for Windows XP (KB956391)

Security Update for Windows XP (KB956572)

Security Update for Windows XP (KB956744)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956803)

Security Update for Windows XP (KB956841)

Security Update for Windows XP (KB956844)

Security Update for Windows XP (KB957095)

Security Update for Windows XP (KB957097)

Security Update for Windows XP (KB958215)

Security Update for Windows XP (KB958644)

Security Update for Windows XP (KB958687)

Security Update for Windows XP (KB958690)

Security Update for Windows XP (KB958869)

Security Update for Windows XP (KB959426)

Security Update for Windows XP (KB960225)

Security Update for Windows XP (KB960714)

Security Update for Windows XP (KB960715)

Security Update for Windows XP (KB960803)

Security Update for Windows XP (KB960859)

Security Update for Windows XP (KB961371)

Security Update for Windows XP (KB961373)

Security Update for Windows XP (KB961501)

Security Update for Windows XP (KB968537)

Security Update for Windows XP (KB969059)

Security Update for Windows XP (KB969898)

Security Update for Windows XP (KB969947)

Security Update for Windows XP (KB970238)

Security Update for Windows XP (KB970430)

Security Update for Windows XP (KB971468)

Security Update for Windows XP (KB971486)

Security Update for Windows XP (KB971557)

Security Update for Windows XP (KB971633)

Security Update for Windows XP (KB971657)

Security Update for Windows XP (KB972270)

Security Update for Windows XP (KB973346)

Security Update for Windows XP (KB973354)

Security Update for Windows XP (KB973507)

Security Update for Windows XP (KB973525)

Security Update for Windows XP (KB973869)

Security Update for Windows XP (KB973904)

Security Update for Windows XP (KB974112)

Security Update for Windows XP (KB974318)

Security Update for Windows XP (KB974392)

Security Update for Windows XP (KB974571)

Security Update for Windows XP (KB975025)

Security Update for Windows XP (KB975467)

Security Update for Windows XP (KB975560)

Security Update for Windows XP (KB975561)

Security Update for Windows XP (KB975562)

Security Update for Windows XP (KB975713)

Security Update for Windows XP (KB977165)

Security Update for Windows XP (KB977816)

Security Update for Windows XP (KB977914)

Security Update for Windows XP (KB978037)

Security Update for Windows XP (KB978251)

Security Update for Windows XP (KB978262)

Security Update for Windows XP (KB978338)

Security Update for Windows XP (KB978542)

Security Update for Windows XP (KB978601)

Security Update for Windows XP (KB978706)

Security Update for Windows XP (KB979309)

Security Update for Windows XP (KB979482)

Security Update for Windows XP (KB979559)

Security Update for Windows XP (KB979683)

Security Update for Windows XP (KB980195)

Security Update for Windows XP (KB980218)

Security Update for Windows XP (KB980232)

Security Update for Windows XP (KB980436)

Security Update for Windows XP (KB981322)

Security Update for Windows XP (KB981852)

Security Update for Windows XP (KB981997)

Security Update for Windows XP (KB982214)

Security Update for Windows XP (KB982665)

Security Update for Windows XP (KB982802)

ShipWorks? 2.9.60

SpywareBlaster 4.4

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Windows Internet Explorer 8 (KB975364)

Update for Windows Internet Explorer 8 (KB976662)

Update for Windows Internet Explorer 8 (KB976749)

Update for Windows Internet Explorer 8 (KB980182)

Update for Windows XP (KB2141007)

Update for Windows XP (KB898461)

Update for Windows XP (KB951072-v2)

Update for Windows XP (KB951618-v2)

Update for Windows XP (KB951978)

Update for Windows XP (KB955759)

Update for Windows XP (KB955839)

Update for Windows XP (KB967715)

Update for Windows XP (KB968389)

Update for Windows XP (KB971737)

Update for Windows XP (KB973687)

Update for Windows XP (KB973815)

WebFldrs XP

Windows Genuine Advantage Notifications (KB905474)

Windows Internet Explorer 7

Windows Internet Explorer 8

Windows Presentation Foundation

XML Paper Specification Shared Components Pack 1.0

==== Event Viewer Messages From Past Week ========

9/21/2010 8:22:10 AM, error: MRxSmb [8003] - The master browser has received a server announcement from the computer MASTER-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{467C99D2-0EFA-4D40. The master browser is stopping or an election is being forced.

9/21/2010 7:59:59 AM, error: Service Control Manager [7034] - The Print Spooler service terminated unexpectedly. It has done this 1 time(s).

9/21/2010 12:17:36 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Fips intelppm IPSec kl1 KLIF MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip

9/21/2010 12:17:36 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.

9/21/2010 12:17:36 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.

9/21/2010 12:17:36 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.

9/21/2010 12:17:36 PM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.

9/21/2010 12:17:33 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

9/21/2010 12:16:58 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

9/21/2010 12:16:57 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

9/21/2010 12:03:33 PM, error: Service Control Manager [7023] - The HID Input Service service terminated with the following error: The specified module could not be found.

9/21/2010 12:00:26 PM, error: Service Control Manager [7034] - The Print Spooler service terminated unexpectedly. It has done this 3 time(s).

9/21/2010 11:59:04 AM, error: Service Control Manager [7034] - The Print Spooler service terminated unexpectedly. It has done this 2 time(s).

==== End Of File ===========================

Link to post
Share on other sites

Guest garybear

Hi! You are in good hands but I just want to add what I did. If AdvancedSetup can't fix it, no one can. I down loaded Microsoft Fix it and ran the printer fix. Screenshot shows what all it checked.

Garybear!post-43884-1285176962_thumb.jpg

PS I hope I'm not interfering. Please follow AdvancedSetup's advice, and just ignore my post. Fix it worked for me, but AdvancedSetup is the man, and is the one to listen to.

Link to post
Share on other sites

  • Root Admin

Let's try and run Combofix and see if it finds anything.

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

---------------------------------------------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Stay with me until given the 'all clear' even if symptoms diminish. Lack of symptoms does not always mean the job is complete.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by me or another helper at this forum.

---------------------------------------------------------------------------------------------

  1. Download ComboFix from below:
    Combofix download
    * IMPORTANT !!! Place combofix.exe on your Desktop
  2. Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
    You can get help on disabling your protection programs here
  3. Double click on combofix.exe & follow the prompts.
  4. As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
    cfRC_screen_1.png
    The Windows recovery console will allow you to boot up into a special recovery mode that allows us to help you in the case that your computer has a problem after an attempted removal of malware.
    With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal.
    Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement.
    ComboFix will now automatically install the Microsoft Windows Recovery Console onto your computer, which will show up as a new option when booting up your computer. Do not select the Microsoft Windows Recovery Console option when you start your computer unless requested to by a helper.
    Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see a message that says:
    The Recovery Console was successfully installed.
    cfRC_screen_2.png
    Click on Yes, to continue scanning for malware.
  5. Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  6. When finished, it shall produce a log for you. Post that log in your next reply
    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
    ---------------------------------------------------------------------------------------------
  7. Ensure your AntiVirus and AntiSpyware applications are re-enabled.
    ---------------------------------------------------------------------------------------------

Link to post
Share on other sites

Thanks, here it is...

ComboFix 10-09-23.01 - Master 3/2010 Thu 17:16:46.2.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.932.81.1033.18.3061.2354 [GMT -5:00]

Running from: c:\documents and settings\Master\Desktop\ComboFix.exe

AV: Kaspersky Internet Security *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}

FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}

.

((((((((((((((((((((((((( Files Created from 2010-08-23 to 2010-09-23 )))))))))))))))))))))))))))))))

.

2010-09-22 13:32 . 2010-09-22 13:32 -------- dc----w- c:\program files\CCleaner

2010-09-22 01:37 . 2010-09-22 01:37 -------- dc----w- c:\documents and settings\Master\Local Settings\Application Data\Identities

2010-09-16 14:15 . 2010-09-16 14:15 850448 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.736\updater.dll

2010-09-16 14:15 . 2010-09-16 14:15 850520 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.736\updater.dll

2010-09-15 23:28 . 2010-09-15 23:28 -------- dc----w- c:\documents and settings\Master\Application Data\Foxit Software

2010-09-15 23:28 . 2010-09-15 23:28 -------- dc----w- c:\documents and settings\Master\Application Data\Foxit

2010-09-15 23:28 . 2010-09-15 23:28 -------- dc----w- c:\program files\Foxit Software

2010-09-15 12:53 . 2010-09-15 12:53 -------- dc----w- c:\program files\Common Files\McAfee

2010-09-15 12:53 . 2010-09-16 11:38 -------- dc----w- c:\program files\McAfee

2010-09-15 12:40 . 2010-09-15 12:40 -------- dc----w- c:\program files\FileHippo.com

2010-09-15 01:46 . 2010-09-21 13:20 -------- dc--a-w- c:\documents and settings\All Users\Application Data\TEMP

2010-09-15 01:46 . 2010-09-21 13:20 -------- dc----w- c:\program files\SpywareBlaster

2010-09-14 01:19 . 2010-09-14 01:14 791856 -c--a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\Sybase10\dblgen10.dll

2010-09-14 01:17 . 2010-09-14 01:14 763184 -c--a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\Sybase10\dblib10.dll

2010-09-14 01:17 . 2010-09-14 01:14 570672 -c--a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\Sybase10\mlhttps10.dll

2010-09-14 01:17 . 2010-09-14 01:14 296240 -c--a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\Sybase10\mlsock10.dll

2010-09-14 01:17 . 2010-09-14 01:14 1152304 -c--a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\Sybase10\dbtool10.dll

2010-09-14 01:17 . 2010-09-14 01:14 398640 -c--a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\Sybase10\dbcon10.dll

2010-09-14 01:14 . 2010-09-14 01:14 856880 -c--a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\dblgen11.dll

2010-09-14 01:14 . 2010-09-14 01:14 2184496 -c--a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\iAnywhere.Data.SQLAnywhere.dll

2010-09-14 01:14 . 2010-09-14 01:14 211720 -c--a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\IntuitSyncManagerPatch.exe

2010-09-14 01:14 . 2010-09-14 01:14 24328 -c--a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\Interop.QBInstanceFinder.dll

2010-09-14 01:14 . 2010-09-14 01:14 1394440 -c--a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\IntuitSyncManager.exe

2010-09-14 01:02 . 2001-07-11 21:03 61440 -c----w- c:\windows\system32\OPPARMON.DLL

2010-09-14 01:02 . 2001-01-19 04:08 32768 -c----w- c:\windows\system32\OPLPTACC.DLL

2010-09-14 01:02 . 2001-01-16 01:35 45056 -c----w- c:\windows\system32\OPDEVACC.DLL

2010-09-14 01:02 . 2001-01-16 00:17 808 -c----w- c:\windows\system32\OKIPAR.DAT

2010-09-14 01:02 . 2000-12-23 00:40 36320 -c----w- c:\windows\system32\drivers\OKIPAR.SYS

2010-09-14 00:38 . 2010-09-14 00:38 -------- dcsh--w- c:\documents and settings\Administrator\IETldCache

2010-09-13 23:53 . 2010-09-21 13:22 -------- dc----w- C:\RegBack

2010-09-13 23:53 . 2010-09-21 13:26 -------- dc----w- c:\windows\system32\NtmsData

2010-09-13 23:51 . 2010-09-21 13:22 -------- dc----w- c:\program files\ACW

2010-09-13 17:21 . 2010-09-09 13:06 531768 -c--a-w- C:\WindowsXP-KB924078-x86-ENU.exe

2010-09-11 20:44 . 2010-09-11 20:44 -------- dc----w- c:\program files\ESET

2010-09-08 14:37 . 2010-09-08 14:43 -------- dc----w- c:\windows\SxsCaPendDel

2010-09-08 12:51 . 2010-09-08 12:51 -------- dc----w- c:\documents and settings\Master\Application Data\Malwarebytes

2010-09-08 12:51 . 2010-04-29 20:39 38224 -c--a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-09-08 12:51 . 2010-09-08 12:51 -------- dc----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2010-09-08 12:51 . 2010-09-08 12:51 -------- dc----w- c:\program files\Malwarebytes' Anti-Malware

2010-09-08 12:51 . 2010-04-29 20:39 20952 -c--a-w- c:\windows\system32\drivers\mbam.sys

2010-09-06 13:51 . 2010-09-06 13:51 -------- dc----w- c:\documents and settings\Master\Local Settings\Application Data\PCHealth

2010-09-06 03:41 . 2010-09-06 03:41 -------- dc----w- c:\documents and settings\Master\Local Settings\Application Data\Dell

2010-09-06 00:48 . 2010-09-06 00:48 -------- dc----w- c:\windows\system32\wbem\Repository

2010-09-05 22:33 . 2010-09-05 22:33 -------- dc----w- C:\spoolerlogs

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-09-23 22:24 . 2009-02-12 01:20 -------- dc----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab

2010-09-23 22:12 . 2009-11-24 13:33 -------- dc----w- c:\program files\SeaMonkey

2010-09-22 17:37 . 2009-03-12 22:18 -------- dc----w- c:\documents and settings\Master\Application Data\Canon

2010-09-21 20:06 . 2009-02-05 17:19 -------- dc----w- c:\program files\Common Files\Adobe

2010-09-21 19:43 . 2009-04-06 17:29 -------- dc----w- c:\program files\Common Files\Macromedia

2010-09-21 19:43 . 2009-02-05 17:19 -------- dc-h--w- c:\program files\InstallShield Installation Information

2010-09-21 19:42 . 2009-04-06 17:29 -------- dc----w- c:\program files\Macromedia

2010-09-20 14:59 . 2009-12-30 21:35 -------- dc----w- c:\documents and settings\Master\Application Data\DYMO Stamps

2010-09-17 13:04 . 2009-02-12 14:37 -------- dc----w- c:\program files\ShipWorks

2010-09-16 13:03 . 2009-02-15 16:14 -------- dc----w- c:\program files\JWW

2010-09-15 14:13 . 2009-02-05 17:24 -------- dc----w- c:\program files\Common Files\Roxio Shared

2010-09-15 14:12 . 2010-08-15 21:52 -------- dc----w- c:\program files\QuickTime

2010-09-15 14:12 . 2010-08-15 21:52 -------- dc----w- c:\documents and settings\All Users\Application Data\Apple Computer

2010-09-15 14:10 . 2009-09-13 00:54 -------- dc----w- c:\documents and settings\Master\Application Data\Move Networks

2010-09-15 13:56 . 2010-06-15 22:29 -------- dc----w- c:\program files\3GPplayer2010

2010-09-15 12:53 . 2009-02-05 17:21 -------- dc----w- c:\documents and settings\All Users\Application Data\McAfee

2010-09-14 13:59 . 2009-03-12 22:34 848 -csha-w- c:\documents and settings\All Users\Application Data\KGyGaAvL.sys

2010-09-14 13:59 . 2009-03-12 22:34 848 -csha-w- c:\documents and settings\All Users\Application Data\KGyGaAvL.sys

2010-09-14 01:14 . 2009-08-12 12:23 496944 -c--a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\Sybase10\mlrsa10.dll

2010-09-14 01:14 . 2009-08-12 12:23 423216 -c--a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\Sybase10\dbmlsync.exe

2010-09-14 01:14 . 2009-08-12 12:23 267568 -c--a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\Sybase10\mlcrsa10.dll

2010-09-13 23:34 . 2009-05-08 02:00 2485 -c--a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\qbbackup.sys

2010-09-13 14:45 . 2009-02-05 17:25 79784 -c--a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2010-09-13 14:35 . 2009-02-05 17:19 -------- dc----w- c:\documents and settings\All Users\Application Data\Microsoft Help

2010-09-12 13:28 . 2009-02-05 17:18 -------- dc----w- c:\program files\Common Files\Java

2010-09-12 13:27 . 2010-04-29 11:11 423656 -c--a-w- c:\windows\system32\deployJava1.dll

2010-09-12 13:15 . 2009-02-05 17:18 -------- dc----w- c:\program files\Java

2010-09-08 14:43 . 2010-04-01 10:55 -------- dc----w- c:\program files\Carbonite

2010-09-06 00:47 . 2009-02-12 01:18 -------- dc----w- c:\documents and settings\All Users\Application Data\Dell

2010-08-21 21:08 . 2010-08-21 21:08 65792 -c-ha-w- c:\windows\system32\mlfcache.dat

2010-08-18 17:19 . 2010-08-18 17:19 170584 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.736\prloader.dll

2010-08-18 17:19 . 2010-08-18 17:19 340520 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.736\avp.exe

2010-08-17 13:17 . 2008-04-25 16:16 58880 -c--a-w- c:\windows\system32\spoolsv.exe

2010-08-15 22:02 . 2010-08-15 21:54 -------- dc----w- c:\documents and settings\Master\Application Data\Apple Computer

2010-08-15 21:53 . 2010-08-15 21:53 -------- dc----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

2010-08-04 11:59 . 2010-08-04 11:59 61440 -c--a-w- c:\documents and settings\Master\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-114af051-n\decora-sse.dll

2010-08-04 11:59 . 2010-08-04 11:59 503808 -c--a-w- c:\documents and settings\Master\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-7be08023-n\msvcp71.dll

2010-08-04 11:59 . 2010-08-04 11:59 499712 -c--a-w- c:\documents and settings\Master\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-7be08023-n\jmc.dll

2010-08-04 11:59 . 2010-08-04 11:59 348160 -c--a-w- c:\documents and settings\Master\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-7be08023-n\msvcr71.dll

2010-08-04 11:59 . 2010-08-04 11:59 12800 -c--a-w- c:\documents and settings\Master\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-114af051-n\decora-d3d.dll

2010-07-29 15:12 . 2009-02-12 01:20 97549 -c--a-w- c:\windows\system32\drivers\klick.dat

2010-07-29 15:12 . 2009-02-12 01:20 113933 -c--a-w- c:\windows\system32\drivers\klin.dat

2010-07-22 15:49 . 2008-04-25 16:16 590848 -c--a-w- c:\windows\system32\rpcrt4.dll

2010-07-22 05:57 . 2009-04-16 00:11 5120 -c--a-w- c:\windows\system32\xpsp4res.dll

2010-06-30 12:31 . 2008-04-25 16:16 149504 -c--a-w- c:\windows\system32\schannel.dll

2006-08-10 02:52 . 2006-08-10 02:52 17795 -c--a-w- c:\program files\ok715.cat

2006-08-08 16:09 . 2006-08-08 16:09 2357 -c--a-w- c:\program files\OK715.inf

2006-07-18 18:17 . 2006-07-18 18:17 37376 -c--a-w- c:\program files\OPLXSLOC.DLL

2006-07-18 18:17 . 2006-07-18 18:17 1604096 -c--a-w- c:\program files\OPLXRLOC.DLL

2006-05-16 21:09 . 2006-05-16 21:09 60222 -c--a-w- c:\program files\OPLX.HLP

2006-02-27 15:27 . 2006-02-27 15:27 241 -c--a-w- c:\program files\Oplx.dat

2006-02-27 15:26 . 2006-02-27 15:26 205 -c--a-w- c:\program files\ok01du3c.cap

2005-11-07 14:26 . 2005-11-07 14:26 564736 -c--a-w- c:\program files\OPLX_UI.dll

2005-11-07 14:25 . 2005-11-07 14:25 650240 -c--a-w- c:\program files\OPLX_UM.dll

2005-10-26 21:50 . 2005-10-26 21:50 98304 -c--a-w- c:\program files\OPLNLSCU.DLL

2005-10-21 02:33 . 2005-10-21 02:33 27136 -c--a-w- c:\program files\oklmon64.dll

2005-10-14 20:57 . 2005-10-14 20:57 6144 -c--a-w- c:\program files\OPLX_M00.DLL

2005-10-14 20:45 . 2005-10-14 20:45 37376 -c--a-w- c:\program files\OPLAPP3.dll

2005-10-14 20:36 . 2005-10-14 20:36 94720 -c--a-w- c:\program files\OPLX_F00.dll

2005-10-14 20:09 . 2005-10-14 20:09 41 -c--a-w- c:\program files\OK715.ver

2005-08-26 22:53 . 2005-08-26 22:53 6277 -c--a-w- c:\program files\Op53v2.dat

2004-06-10 00:42 . 2004-06-10 00:42 7870 -c--a-w- c:\program files\OPLX_M00.DAT

2002-11-12 07:01 . 2002-11-12 07:01 322 -c--a-w- c:\program files\Mlredi02.ASP

2002-11-01 23:05 . 2002-11-01 23:05 228 -c--a-w- c:\program files\Okccm012.bin

2002-09-12 08:03 . 2002-09-12 08:03 2825 -c--a-w- c:\program files\opne000e.scr

2002-06-26 16:16 . 2002-06-26 16:16 228 -c--a-w- c:\program files\Okccm015.bin

2002-06-26 16:16 . 2002-06-26 16:16 228 -c--a-w- c:\program files\Okccm014.bin

2002-06-26 16:16 . 2002-06-26 16:16 228 -c--a-w- c:\program files\Okccm013.bin

2002-06-26 16:16 . 2002-06-26 16:16 228 -c--a-w- c:\program files\Okccm011.bin

2002-06-20 16:36 . 2002-06-20 16:36 694 -c--a-w- c:\program files\OPLX_S00.DAT

2002-06-08 01:55 . 2002-06-08 01:55 34 -c--a-w- c:\program files\Ok048u0l.ccm

2009-11-06 14:14 . 2009-02-12 01:20 3533856 -csha-w- c:\windows\system32\drivers\fidbox.dat

2009-11-06 14:14 . 2009-02-12 01:20 696352 -csha-w- c:\windows\system32\drivers\fidbox2.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"FileHippo.com"="c:\program files\FileHippo.com\UpdateChecker.exe" [2010-08-09 248832]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RTHDCPL"="RTHDCPL.EXE" [2007-07-17 16132608]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-07-17 142104]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-07-17 162584]

"Persistence"="c:\windows\system32\igfxpers.exe" [2007-07-17 138008]

"Dell DataSafe Online"="c:\program files\Dell DataSafe Online\DataSafeOnline.exe" [2009-11-13 1807600]

"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-06-03 206064]

"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952]

"IMEKRMIG6.1"="c:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2008-04-14 44032]

"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-14 59392]

"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]

"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]

"Corel Photo Downloader"="c:\program files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" [2008-08-08 532808]

"Corel File Shell Monitor"="c:\program files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe" [2008-08-08 16712]

"Intuit SyncManager"="c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2009-12-22 1092872]

"avp"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe" [2010-08-18 340520]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2010-2-2 984352]

Service Manager.lnk - c:\program files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2002-12-17 74308]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]

2009-02-05 17:24 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [1/29/2008 7:29 PM 36880]

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\SITEAD~1\mcsacore.exe [9/15/2010 7:53 AM 88176]

R2 MSSQL$SHIPWORKS;MSSQL$SHIPWORKS;c:\program files\Microsoft SQL Server\MSSQL$SHIPWORKS\Binn\sqlservr.exe -sSHIPWORKS --> c:\program files\Microsoft SQL Server\MSSQL$SHIPWORKS\Binn\sqlservr.exe -sSHIPWORKS [?]

R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\drivers\klfltdev.sys [3/13/2008 8:02 PM 26640]

R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [9/14/2009 2:42 PM 32272]

R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [10/2/2009 8:39 PM 19472]

S3 SQLAgent$SHIPWORKS;SQLAgent$SHIPWORKS;c:\program files\Microsoft SQL Server\MSSQL$SHIPWORKS\Binn\sqlagent.EXE -i SHIPWORKS --> c:\program files\Microsoft SQL Server\MSSQL$SHIPWORKS\Binn\sqlagent.EXE -i SHIPWORKS [?]

S3 Srssscatfnt;Srssscatfnt; [x]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

mStart Page = hxxp://www.maxiwe.com/

uInternet Settings,ProxyOverride = *.local

IE: Add to Anti-Banner - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - c:\program files\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-09-23 17:24

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(564)

c:\program files\Citrix\GoToAssist\514\G2AWinLogon.dll

- - - - - - - > 'explorer.exe'(2040)

c:\windows\system32\WININET.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\conime.exe

c:\windows\RTHDCPL.EXE

c:\windows\system32\igfxsrvc.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe

c:\program files\Microsoft SQL Server\MSSQL$SHIPWORKS\Binn\sqlservr.exe

c:\program files\Common Files\Protexis\License Service\PsiService_2.exe

c:\program files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe

c:\program files\Dell Support Center\bin\sprtsvc.exe

c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe

.

**************************************************************************

.

Completion time: 2010-09-23 17:27:41 - machine was rebooted

ComboFix-quarantined-files.txt 2010-09-23 22:27

Pre-Run: 479,292,657,664 bytes free

Post-Run: 479,363,506,176 bytes free

- - End Of File - - CF7851B25AC099EC5AC4DB13F937F031

Link to post
Share on other sites

  • Root Admin

Unfortunately that does not show anything that might be causing an issue either, at least nothing obvious.

Please go ahead and remove combofix by clicking on START - RUN and type in COMBOFIX /uninstall

I would probably have to suggest doing an in place repair of Windows XP

Link to post
Share on other sites

I'm reading through your link to do repair install. At Warning #1, it tells me to delete the undo_guimode.txt file. I tried to copy and paste the command prompt, but my line looks like this

del /a /f %windir% ?(yen sign)system32?undo_guimode.txt, and it says "Could not find the file".

My backslash key can only put yen sign in cmd. I have English as default language and Japanese IME added.

Come to think of it, I remember "could not find the file" happened before but I can't remember in which step... but whenever needed backslash in cmd, mine probably had yen sign in it... Is this a problem? Can I work around it?

Thanks...

Link to post
Share on other sites

You might want to run this bat file and see if it fixes the issue.

Open notepad and copy the text in the quote box and save it as spool.bat.

@echo off

cls

net stop spooler

del %systemroot%\system32\spool\*.spl

del %systemroot%\system32\spool\*.shd

net start spooler

Open up Notepad in Windows. You can do this by navigating to Start > Programs > Accessories > Notepad, or simply by entering notepad under Start > Run.

# copy the text in the quote box and paste it to notepad

# Go to File > Save As... and chose a file name.

# Choose your desktop as the location to save.

# Click on the dropdown box "Save as type:" and select "All files" instead of Text (*.txt).

# Add .bat to the end of your file name before you save. For example, you would type spool.bat

# Click on Save. If you did this correctly, you should see your file name in the title bar of Windows Notepad. Make sure that it reads as spool.bat

Link to post
Share on other sites

  • Root Admin
I'm reading through your link to do repair install. At Warning #1, it tells me to delete the undo_guimode.txt file. I tried to copy and paste the command prompt, but my line looks like this

del /a /f %windir% ?(yen sign)system32?undo_guimode.txt, and it says "Could not find the file".

My backslash key can only put yen sign in cmd. I have English as default language and Japanese IME added.

Come to think of it, I remember "could not find the file" happened before but I can't remember in which step... but whenever needed backslash in cmd, mine probably had yen sign in it... Is this a problem? Can I work around it?

Thanks...

If you're using a different language OS then it might be different. I see no Yen sign when I view the site.

Link to post
Share on other sites

I went over to Dell forum because of this problem Repair install of XP AND then even with clean install of Vista (something about boot configuration, couldn't even clean install). Now I'm getting ready to do something called Darik's Boot And Nuke... Also considering going up to Windows 7. I wanted to update and also thank AdvancedSetup and other people who helped me here...

Oh yes, I have one more question, after somehow I reinstall OS, I'll need better anti-virus, firewall and other security software. I was just using kaspersky and added AntiVir after I came to this forum, but AntiVir is just a anti-virus so I still needed kaspersky as firewall, right? Then I read that I should run only one anti-virus, so I opened kaspersky to see if I can "disable" kaspersky's anti-virus part but didn't find anything to do that. So my question is, what is your recommended combination of security software?

Link to post
Share on other sites

Guest garybear

Hi Emi! Everyone has different needs and different preferences.If you change to Windows 7 , I think Microsoft Security Essentials (MSE) is very good. It does every thing. I like a three teared set up. I have Windows XP3. I use Avira free- (AV)-Online Armor(firewall)- and Malwarebytes paid (running in real time). There are no conflicts, and I feel like I got the best protection I can get. I want Malwarebytes running in real time on my PC because it's the best you can have. Would never give up my MBAM. This setup costs me 25$ a year, and that's cheap.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.