Jump to content

Recommended Posts

I have received every error message from runtime error 0 to vbscript accelerator errors to cocreate instance failure errors when I attempt to install Malware. I have even used Revo to uninstall it and attempted to reinstall it. IE, Microsoft Office, Flash, audio not working. The 'attach a file' link in gmail (Firefox is fine) isnt working either. Please help at your earliest convenience.

Hijackthis log

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 9:13:35 AM, on 31/05/2011

Platform: Unknown Windows (WinNT 6.01.3505 SP1)

MSIE: Internet Explorer v9.00 (9.00.8112.16421)

Boot mode: Normal

Running processes:

C:\Windows\SysWOW64\rundll32.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe

C:\Users\neil\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe

C:\Users\neil\AppData\Local\Google\Update\GoogleUpdate.exe

C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.toshiba.ca/welcome

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.toshiba.ca/welcome

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: (no name) - {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - (no file)

O2 - BHO: (no name) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - (no file)

O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)

O2 - BHO: (no name) - {AE7CD045-E861-484f-8273-0445EE161910} - (no file)

O2 - BHO: (no name) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - (no file)

O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - (no file)

O2 - BHO: (no name) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - (no file)

O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)

O3 - Toolbar: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - (no file)

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

O4 - Global Startup: MozyHome Status.lnk = C:\Program Files\MozyHome\mozystat.exe

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\windows\system32\GPhotos.scr/200

O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000

O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - (no file)

O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - (no file)

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)

O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - (no file)

O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - (no file)

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (no file)

O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - (no file)

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O16 - DPF: {7D30109B-DD2B-4339-BE80-1CD48723C2BC} - http://swapshop.no-ip.ca:8888/cab/Live.cab

O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -

O16 - DPF: {E84E5574-FAE4-4EE2-877D-092AFF688F21} - http://swapshop.no-ip.ca:8888/cab/RPB.cab

O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - (no file)

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - (no file)

O23 - Service: Advanced SystemCare Service (AdvancedSystemCareService) - IObit - C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCService.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files (x86)\Symantec\pcAnywhere\awhost32.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe

O23 - Service: ConfigFree WiMAX Service (cfWiMAXService) - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe

O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe

O23 - Service: Cron Service for Prey (CronService) - Fork Ltd. - C:\Prey\platform\windows\cronsvc.exe

O23 - Service: DisplayLinkManager (DisplayLinkService) - DisplayLink Corp. - C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)

O23 - Service: Lavasoft Ad-Aware Service - Lavasoft Limited - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe

O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

O23 - Service: MozyHome Backup Service (mozybackup) - Mozy, Inc. - C:\Program Files\MozyHome\mozybackup.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)

O23 - Service: Partner Service - Google Inc. - C:\ProgramData\Partner\Partner.exe

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)

O23 - Service: Soluto PCGenome Core Service (SolutoService) - Soluto - C:\Program Files\Soluto\SolutoService.exe

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)

O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe

O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - Unknown owner - C:\windows\system32\TODDSrv.exe (file missing)

O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe

O23 - Service: TOSHIBA eco Utility Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TECO\TecoService.exe

O23 - Service: TOSHIBA HDD SSD Alert Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe

O23 - Service: TPCH Service (TPCHSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)

O23 - Service: Intel® Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--

End of file - 11253 bytes

When I ran defogger, it worked as instructed except it didnt ask to reboot the computer so I rebooted it anyway

After running DDS, I had to copy and paste the logs. When I attempted to save the original text files I got a "Not enough memory to save this file" error message (or something similar)

Here are those logs

.

DDS (Ver_11-05-19.01) - NTFSx86

Internet Explorer: 9.0.8112.16421

Run by neil at 9:23:00 on 2011-05-31

.

============== Running Processes ===============

.

C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCService.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

C:\Windows\SysWOW64\rundll32.exe

C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe

C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Users\neil\Desktop\dds.scr

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.toshiba.ca/welcome

uDefault_Search_URL = hxxp://www.google.com/ie

mStart Page = hxxp://www.toshiba.ca/welcome

uInternet Settings,ProxyOverride = *.local

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

uURLSearchHooks: H - No File

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - No File

BHO: {9030D464-4C02-4ABF-8ECC-5164760863C6} - No File

BHO: {AA58ED58-01DD-4d91-8333-CF10577473F7} - No File

BHO: {AE7CD045-E861-484f-8273-0445EE161910} - No File

BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - No File

BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9} - No File

BHO: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - No File

TB: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - No File

TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File

TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

EB: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

IE: Add to Google Photos Screensa&ver - C:\windows\system32\GPhotos.scr/200

IE: Append to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert link target to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert link target to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert selected links to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert selected links to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Convert selection to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert selection to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC}

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C}

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5}

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}

IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522}

DPF: {7D30109B-DD2B-4339-BE80-1CD48723C2BC} - hxxp://swapshop.no-ip.ca:8888/cab/Live.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -

DPF: {E84E5574-FAE4-4EE2-877D-092AFF688F21} - hxxp://swapshop.no-ip.ca:8888/cab/RPB.cab

Notify: PCANotify - PCANotify.dll

BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll

BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg64.dll

TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll

TB-X64: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File

TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File

mRun-x64: [Persistence] C:\windows\system32\igfxpers.exe

mRun-x64: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe

mRun-x64: [Cm106Sound] C:\windows\syswow64\RunDll32.exe C:\windows\Syswow64\cm106.dll,CMICtrlWnd

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\neil\AppData\Roaming\Mozilla\Firefox\Profiles\vcbsi0f6.default\

FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/accounts/ServiceLogin?service=mail&passive=true&rm=false&continue=https%3A%2F%2Fmail.google.com%2Fmail%2F%3Fui%3Dhtml%26zy%3Dl&bsv=llya694le36z&ss=1&scc=1&ltmpl=default&ltmplcache=2&hl=en|https://www1.royalbank.com/cgi-bin/rbaccess/rbunxcgi?F6=1&F7=IB&F21=IB&F22=IB&REQUEST=ClientSignin&LANGUAGE=ENGLISH|http://www.theglobeandmail.com/globe-investor/|http://money.cnn.com/|http://www.theglobeandmail.com/report-on-business/your-business/business-categories/customer-experience/|http://www.theglobeandmail.com/report-on-business/your-business/business-categories/innovation/the-next-generation-business-plan/article1721182/|http://www.profitguide.com/article/10051--the-wealthy-entrepreneur--page2

FF - plugin: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll

FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll

FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.53\npGoogleUpdate3.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npatgpc.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\Users\neil\AppData\Local\Google\Update\1.3.21.53\npGoogleUpdate3.dll

FF - plugin: C:\Users\neil\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll

FF - plugin: C:\Users\neil\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll

FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll

.

============= SERVICES / DRIVERS ===============

.

R? cfWiMAXService;ConfigFree WiMAX Service

R? ConfigFree Service;ConfigFree Service

R? CronService;Cron Service for Prey

R? dgderdrv;dgderdrv

R? DisplayLinkUsbPort;DisplayLink USB Device

R? gupdate;Google Update Service (gupdate)

R? gupdatem;Google Update Service (gupdatem)

R? Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service

R? Partner Service;Partner Service

R? PCGenFAM;PCGenFAM

R? RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader

R? SolutoService;Soluto PCGenome Core Service

R? ssadbus;SAMSUNG Android USB Composite Device driver (WDM)

R? ssadmdfl;SAMSUNG Android USB Modem (Filter)

R? ssadmdm;SAMSUNG Android USB Modem Drivers

R? TFsExDisk;TFsExDisk

R? TMachInfo;TMachInfo

R? TOSHIBA eco Utility Service;TOSHIBA eco Utility Service

R? TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service

R? TPCHSrv;TPCH Service

R? TsUsbFlt;TsUsbFlt

R? USBAAPL64;Apple Mobile USB Driver

R? USBMULCD;USB Multi-Channel Audio Device Interface

R? WatAdminSvc;Windows Activation Technologies Service

S? AdvancedSystemCareService;Advanced SystemCare Service

S? DisplayLinkService;DisplayLinkManager

S? dlkmd;dlkmd

S? dlkmdldr;dlkmdldr

S? FwLnk;FwLnk Driver

S? HECIx64;Intel® Management Engine Interface

S? Impcd;Impcd

S? IntcDAud;Intel® Display Audio

S? L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller

S? Lbd;Lbd

S? PGEffect;Pangu effect driver

S? RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver

S? TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver

S? UNS;Intel® Management & Security Application User Notification Service

S? vwififlt;Virtual WiFi Filter Driver

.

=============== Created Last 30 ================

.

2011-05-31 13:13:26 -------- d-----w- C:\Program Files (x86)\Trend Micro

2011-05-31 12:29:13 8718160 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{9A00A142-486D-4EAF-B43C-A5D9EE4BBA4E}\mpengine.dll

2011-05-31 03:09:14 38224 ----a-w- C:\windows\SysWow64\drivers\mbamswissarmy.sys

2011-05-31 03:09:08 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2011-05-31 02:44:58 -------- d-----w- C:\Program Files (x86)\VS Revo Group

2011-05-30 23:03:48 -------- d-----w- C:\ProgramData\SecTaskMan

2011-05-30 23:03:45 -------- d-----w- C:\Program Files (x86)\Security Task Manager

2011-05-30 03:12:19 404640 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl

2011-05-30 02:56:17 -------- d-sh--w- C:\$RECYCLE.BIN

2011-05-30 02:35:19 98816 ----a-w- C:\windows\sed.exe

2011-05-30 02:35:19 89088 ----a-w- C:\windows\MBR.exe

2011-05-30 02:35:19 256512 ----a-w- C:\windows\PEV.exe

2011-05-30 02:35:19 161792 ----a-w- C:\windows\SWREG.exe

2011-05-28 15:53:17 -------- d-----w- C:\windows\System32\SPReview

2011-05-28 15:40:43 -------- d-----w- C:\windows\System32\EventProviders

2011-05-28 15:38:01 48976 ----a-w- C:\windows\System32\netfxperf.dll

2011-05-28 15:38:01 1942856 ----a-w- C:\windows\System32\dfshim.dll

2011-05-28 15:36:59 833024 ----a-w- C:\windows\SysWow64\user32.dll

2011-05-28 15:35:59 94208 ----a-w- C:\windows\SysWow64\eappgnui.dll

2011-05-28 15:34:07 529408 ----a-w- C:\windows\System32\wbemcomn.dll

2011-05-28 15:34:07 524288 ----a-w- C:\windows\System32\wmicmiplugin.dll

2011-05-28 15:34:07 1225216 ----a-w- C:\windows\System32\wbem\wbemcore.dll

2011-05-28 15:34:04 933376 ----a-w- C:\windows\System32\SmiEngine.dll

2011-05-28 15:34:02 199168 ----a-w- C:\windows\System32\PkgMgr.exe

2011-05-28 15:33:51 422912 ----a-w- C:\windows\System32\drvstore.dll

2011-05-28 15:33:51 399872 ----a-w- C:\windows\System32\dpx.dll

2011-05-28 15:13:44 214016 ----a-w- C:\windows\System32\winsrv.dll

2011-05-28 15:13:26 31232 ----a-w- C:\windows\SysWow64\prevhost.exe

2011-05-28 15:13:26 31232 ----a-w- C:\windows\System32\prevhost.exe

2011-05-28 15:13:02 27520 ----a-w- C:\windows\System32\drivers\Diskdump.sys

2011-05-27 01:45:57 -------- d-----w- C:\ProgramData\Skype Extras

2011-05-17 20:16:52 142336 ----a-w- C:\windows\System32\poqexec.exe

2011-05-17 20:16:52 123904 ----a-w- C:\windows\SysWow64\poqexec.exe

2011-05-11 13:29:28 176128 ----a-w- C:\Program Files (x86)\Internet Explorer\MyTempDll\AF2F94B4-6A80-4796-A29F-C669CB3088AB.dll

2011-05-11 13:29:27 176128 ----a-w- C:\Program Files (x86)\Internet Explorer\MyTempDll\076CD013-890C-4454-B52B-2878EAC1D49E.dll

2011-05-11 02:48:37 5562240 ----a-w- C:\windows\System32\ntoskrnl.exe

2011-05-11 02:48:35 3967872 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe

2011-05-11 02:48:35 3912576 ----a-w- C:\windows\SysWow64\ntoskrnl.exe

2011-05-10 18:29:09 83968 ----a-w- C:\windows\System32\Spool\prtprocs\x64\CNMPPA0.DLL

2011-05-10 18:29:09 28672 ----a-w- C:\windows\System32\Spool\prtprocs\x64\CNMPDA0.DLL

2011-05-10 18:29:01 92672 ----a-w- C:\windows\System32\CNC560I.dll

2011-05-10 18:29:01 328192 ----a-w- C:\windows\System32\CNC560L.dll

2011-05-10 18:29:01 303104 ----a-w- C:\windows\SysWow64\CNC560L.dll

2011-05-10 18:29:01 17920 ----a-w- C:\windows\System32\CNHMCA6.dll

2011-05-10 18:29:01 15872 ----a-w- C:\windows\SysWow64\CNHMCA.dll

2011-05-10 18:29:01 1321984 ----a-w- C:\windows\System32\CNC560C.dll

2011-05-10 18:29:01 106496 ----a-w- C:\windows\SysWow64\CNC560U.dll

2011-05-10 18:28:47 336896 ----a-w- C:\windows\System32\CNMLMA0.DLL

2011-05-10 18:28:42 244736 ----a-w- C:\windows\System32\CNMIUA0.DLL

2011-05-10 18:28:42 104448 ----a-w- C:\windows\System32\CNC560O.dll

2011-05-07 14:32:47 176128 ----a-w- C:\Program Files (x86)\Internet Explorer\MyTempDll\20D9F3B4-F1E2-46bf-858A-EFA0F71D873A.dll

2011-05-07 14:32:43 176128 ----a-w- C:\Program Files (x86)\Internet Explorer\MyTempDll\F9DB7FFD-A062-46e7-BB36-447D28E2CED3.dll

.

==================== Find3M ====================

.

2011-05-28 16:04:56 175616 ----a-w- C:\windows\System32\msclmd.dll

2011-05-28 16:04:56 152576 ----a-w- C:\windows\SysWow64\msclmd.dll

2011-05-24 23:14:10 270720 ------w- C:\windows\System32\MpSigStub.exe

2011-04-13 22:40:10 4284416 ----a-w- C:\windows\SysWow64\GPhotos.scr

2011-04-08 19:09:51 29 ----a-w- C:\windows\SysWow64\TempWmicBatchFile.bat

2011-03-29 19:09:32 21504 ----a-w- C:\windows\SysWow64\drivers\libusb0.sys

2011-03-29 19:09:30 37376 ----a-w- C:\windows\SysWow64\libusb0.dll

2011-03-12 12:08:49 1465344 ----a-w- C:\windows\System32\XpsPrint.dll

2011-03-12 11:23:45 870912 ----a-w- C:\windows\SysWow64\XpsPrint.dll

2011-03-11 06:34:51 1359872 ----a-w- C:\windows\System32\mfc42u.dll

2011-03-11 06:34:50 1395712 ----a-w- C:\windows\System32\mfc42.dll

2011-03-11 05:33:59 1164288 ----a-w- C:\windows\SysWow64\mfc42u.dll

2011-03-11 05:33:59 1137664 ----a-w- C:\windows\SysWow64\mfc42.dll

2011-03-08 06:29:32 976896 ----a-w- C:\windows\System32\inetcomm.dll

2011-03-08 05:28:29 741376 ----a-w- C:\windows\SysWow64\inetcomm.dll

2011-03-03 06:24:16 183296 ----a-w- C:\windows\System32\dnsrslvr.dll

2011-03-03 06:21:57 30208 ----a-w- C:\windows\System32\dnscacheugc.exe

2011-03-03 05:36:16 28672 ----a-w- C:\windows\SysWow64\dnscacheugc.exe

2011-03-03 03:52:08 3135488 ----a-w- C:\windows\System32\win32k.sys

.

============= FINISH: 9:24:28.86 ===============

I am trying to attach the zipped 'attach.txt' but the browse button below wont work either

let me know if I should post it in its original form

GMER scan result: "Gmer hasnt found any system modification"

I await your help and further instructions on the 'attach' file

Thanks

Link to post
Share on other sites

  • Staff

Hi and welcome to Malwarebytes.

Please do the following:

  • Download and run mbam-clean.exe from here
  • It will ask to restart your computer, please allow it to do so very important
  • After the computer restarts, temporarily disable your Anti-Virus and install the latest version of Malwarebytes' Anti-Malware from here
    • Note: You will need to reactivate the program using the license you were sent via email if using the Pro version
    • Launch the program and set the Protection and Registration. Then go to the UPDATE tab if not done during installation and check for updates.
      Restart the computer again and verify that MBAM is in the task tray if using the Pro version. Now setup any file exclusions as may be required in your Anti-Virus/Internet-Security/Firewall applications and restart your Anti-Virus/Internet-Security applications. You may use the guides posted in the FAQ's here or ask and we'll explain how to do it.

Link to post
Share on other sites

Ran into the same problem as before

Ran MBAM-clean and restarted the computer

After downloading the new version of malware, the installation gave me the following error message 4 times at the end

cocreateinstance failed: code 0x70040154. class not registered

After installation finished, when I attemped to launch Malware, I received the Runtime error and VBaccelerator errors

What next?

Thanks

Link to post
Share on other sites

I have tried to attach screenshots but the 'Browse' button below this post wont work!

When I ran mbam-clean, I received 2 error messages before it asked me to reboot my computer, first "vbAccelerator SGrid II run-time error '0'", followed by "Malwarebytes Anti-Malware Run-time error '440': Automation error"

After reboot, I attempted the fresh install, near the end of which it gives me the same error message "CoCreateInstance failed; code 0x80040154. Class not registered" four times with the following four install points in the background screen

1. Creating shortcuts... C:\Programs\Malwarebytes' Anti-Malware\Malwarebytes'Anti-Malware.lnk

2. Creating shortcuts... C:\Programs\Malwarebytes' Anti-Malware\Malwarebytes'Anti-Malware Help.lnk

3. Creating shortcuts... C:\Programs\Malwarebytes' Anti-Malware\Uninstall Malwarebytes'Anti-Malware.lnk

4. Creating shortcuts... C:\Users\Public\Desktop\Malwarebytes'Anti-Malware.lnk

As I accepted each of these error messages, it exited that screen and then finally tried to run with the same error messages as when I ran Mbam-Clean

1. vbAccelerator SGrid II Con.. Run-time error'0'

2. Malwarebytes' Anti-Malware Run-time error '440': Automation error

Your help is greatly appreciated

To recap, I have a working wifi connection but the icon in the taskbar has a red X through it

Internet explorer will not start

Microsoft Office goes into an install sequence when I try to run it

Firefox is working but flash and video files (eg You Tube) will not run (which may be the same reason the Browse button will not work to attach files to this post)

I am prepared to pull my files off the computer and reformat as a last resort, but please also advise me on checking to make sure that none of my files are infected

Thanks once again

Link to post
Share on other sites

  • 2 weeks later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.