Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Taskbar gone, 372 Malwarebytes error, etc.


  • This topic is locked This topic is locked
37 replies to this topic

#1 edelman_b

edelman_b

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Perth, Western Australia
  • Local time:04:12 AM

Posted 31 March 2011 - 09:30 AM

Problem with vbalsgrid6.ocx has ended up with no taskbar, etc. Windows XP.

DDS log:

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Administrator at 20:35:03.75 on Thu 31/03/2011
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_24
.
============== Running Processes ===============
.
\??\C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS.0\Explorer.EXE
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Program Files\AVG\AVG10\avgemcx.exe
C:\WINDOWS.0\system32\igfxtray.exe
C:\WINDOWS.0\system32\hkcmd.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS.0\system32\ctfmon.exe
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
\??\C:\PROGRA~1\AVG\AVG10\avgrsx.exe
\??\C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\WINDOWS.0\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\dds.scr
C:\WINDOWS.0\System32\svchost.exe -k netsvcs
C:\WINDOWS.0\system32\svchost.exe -k NetworkService
C:\WINDOWS.0\system32\svchost.exe -k LocalService
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.abc.net.au/
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.6209.1142\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [ctfmon.exe] c:\windows.0\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Advanced SystemCare 3] "c:\program files\iobit\advanced systemcare 3\AWC.exe" /startup
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [IgfxTray] c:\windows.0\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows.0\system32\hkcmd.exe
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1294028983140
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows.0\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\docume~1\admini~1.gam\applic~1\mozilla\firefox\profiles\xg9yra1d.default\
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?sourceid=navclient&hl=en&q=
FF - component: c:\documents and settings\all users.windows.0\application data\google\toolbar for firefox\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\documents and settings\all users.windows.0\application data\google\toolbar for firefox\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar-ff3.dll
FF - component: c:\program files\avg\avg10\firefox\components\avgssff.dll
FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
.
============= SERVICES / DRIVERS ===============
.
R? gupdate;Google Update Service (gupdate)
R? Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service
R? Lavasoft Kernexplorer;Lavasoft helper driver
R? SASENUM;SASENUM
S? AVGIDSAgent;AVGIDSAgent
S? AVGIDSDriver;AVGIDSDriver
S? AVGIDSEH;AVGIDSEH
S? AVGIDSFilter;AVGIDSFilter
S? AVGIDSShim;AVGIDSShim
S? Avgldx86;AVG AVI Loader Driver
S? Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield
S? Avgrkx86;AVG Anti-Rootkit Driver
S? Avgtdix;AVG TDI Driver
S? avgwd;AVG WatchDog
S? Lbd;Lbd
S? SASDIFSV;SASDIFSV
S? SASKUTIL;SASKUTIL
.
=============== Created Last 30 ================
.
2011-03-31 12:33:43 625664 ----a-w- C:\dds.scr
2011-03-31 10:24:56 50477 ----a-w- C:\Defogger.exe
2011-03-29 13:19:50 64464042 ----a-w- C:\RegBackup.reg
2011-03-29 13:11:33 791393 ----a-w- C:\erunt-setup.exe
2011-03-29 13:09:33 2521 ----a-w- C:\xp_taskbar_desktop_fixall.vbs
2011-03-28 12:59:29 -------- d-----w- c:\documents and settings\administrator.games\DoctorWeb
2011-03-28 12:37:23 58749576 ----a-w- C:\5jx39z43.exe
2011-03-27 05:09:18 50688 ----a-w- C:\ATF-Cleaner.exe
2011-03-27 04:55:20 -------- d-----w- C:\VB6
2011-03-27 04:46:04 38224 ----a-w- c:\windows.0\system32\drivers\mbamswissarmy.sys
2011-03-27 04:45:59 20952 ----a-w- c:\windows.0\system32\drivers\mbam.sys
2011-03-27 04:45:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-03-25 22:58:41 781272 ----a-w- c:\program files\mozilla firefox\mozsqlite3.dll
2011-03-25 22:58:41 728024 ----a-w- c:\program files\mozilla firefox\libGLESv2.dll
2011-03-25 22:58:41 1874904 ----a-w- c:\program files\mozilla firefox\mozjs.dll
2011-03-25 22:58:41 15832 ----a-w- c:\program files\mozilla firefox\mozalloc.dll
2011-03-25 22:58:41 142296 ----a-w- c:\program files\mozilla firefox\libEGL.dll
2011-03-25 22:58:40 1893336 ----a-w- c:\program files\mozilla firefox\d3dx9_42.dll
2011-03-25 22:58:40 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2011-03-25 22:58:39 1975768 ----a-w- c:\program files\mozilla firefox\D3DCompiler_42.dll
.
==================== Find3M ====================
.
2011-03-27 08:51:36 80 ----a-w- C:\MktBackup.bat
2011-02-09 13:53:52 270848 ----a-w- c:\windows.0\system32\sbe.dll
2011-02-09 13:53:52 186880 ----a-w- c:\windows.0\system32\encdec.dll
2011-02-08 12:55:21 16432 ----a-w- c:\windows.0\system32\lsdelete.exe
2011-02-02 13:40:23 472808 ----a-w- c:\windows.0\system32\deployJava1.dll
2011-02-02 11:19:39 73728 ----a-w- c:\windows.0\system32\javacpl.cpl
2011-02-02 07:58:35 2067456 ----a-w- c:\windows.0\system32\mstscax.dll
2011-01-27 11:57:06 677888 ----a-w- c:\windows.0\system32\mstsc.exe
2011-01-21 14:44:37 439296 ----a-w- c:\windows.0\system32\shimgvw.dll
2011-01-07 14:09:02 290048 ----a-w- c:\windows.0\system32\atmfd.dll
2010-12-31 13:10:33 1854976 ----a-w- c:\windows.0\system32\win32k.sys
.
============= FINISH: 20:35:54.35 ===============

DDS Attach file attached.
GMER log file attached.

Attached Files



BC AdBot (Login to Remove)

 


#2 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,113 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:11:12 PM

Posted 06 April 2011 - 06:37 AM

Hello ,
And :welcome: to the Bleeping Computer Malware Removal Forum
. My name is Elise and I'll be glad to help you with your computer problems.


I will be working on your malware issues, this may or may not solve other issues you may have with your machine.

Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.
  • The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen.
  • Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic.
  • The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.
You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.
-----------------------------------------------------------

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.
If you have already posted a log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

-------------------------------------------------------------
In the meantime please, do NOT install any new programs or update anything unless told to do so while we are fixing your problem

If you still need help, please include the following in your next reply
  • A detailed description of your problems
  • A new DDS log (don't forget attach.txt)

Thanks and again sorry for the delay.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#3 edelman_b

edelman_b
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Perth, Western Australia
  • Local time:04:12 AM

Posted 06 April 2011 - 11:56 PM

Hi Elise,

This topic follows on from another one (now closed) so, rather than repeating a lot of information from there, I'll include a link:

My link

I join the conversation at entry #3. I'll redo the DDS scan and post the logs here.

Thanks in anticipation of your help. I was close to resigned to doing a format and re-install. May still be the best thing anyway.

Regards, Brad

#4 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,113 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:11:12 PM

Posted 07 April 2011 - 03:16 AM

Okay, I'll wait for the DDS log.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#5 edelman_b

edelman_b
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Perth, Western Australia
  • Local time:04:12 AM

Posted 07 April 2011 - 07:16 AM

Hi Elise,

I have no taskbar or start button. IE doesn't start (thank goodness for Firefox), Windows Media player doesn't start, I can't copy or move files around in Windows Explorer (which I am able to start from Task Manager) but I can copy/move files in a command prompt window (which I am able to start from Task Manager). Copy and Paste sometimes works and sometimes it doesn't. The audio card doesn't work, I just get default PC beeps.

DDS log:

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Administrator at 18:36:08.39 on Thu 07/04/2011
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_24
.
============== Running Processes ===============
.
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS.0\Explorer.EXE
C:\WINDOWS.0\system32\igfxtray.exe
C:\WINDOWS.0\system32\hkcmd.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS.0\system32\ctfmon.exe
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\WINDOWS.0\explorer.exe
C:\dds.scr
C:\WINDOWS.0\System32\svchost.exe -k netsvcs
C:\WINDOWS.0\system32\svchost.exe -k NetworkService
C:\WINDOWS.0\system32\svchost.exe -k LocalService
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.abc.net.au/
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.6209.1142\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [ctfmon.exe] c:\windows.0\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Advanced SystemCare 3] "c:\program files\iobit\advanced systemcare 3\AWC.exe" /startup
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [IgfxTray] c:\windows.0\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows.0\system32\hkcmd.exe
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1294028983140
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows.0\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\docume~1\admini~1.gam\applic~1\mozilla\firefox\profiles\xg9yra1d.default\
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?sourceid=navclient&hl=en&q=
FF - component: c:\documents and settings\all users.windows.0\application data\google\toolbar for firefox\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\documents and settings\all users.windows.0\application data\google\toolbar for firefox\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar-ff3.dll
FF - component: c:\program files\avg\avg10\firefox\components\avgssff.dll
FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
.
============= SERVICES / DRIVERS ===============
.
R? AVGIDSAgent;AVGIDSAgent
R? gupdate;Google Update Service (gupdate)
R? Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service
R? Lavasoft Kernexplorer;Lavasoft helper driver
R? SASENUM;SASENUM
S? AVGIDSDriver;AVGIDSDriver
S? AVGIDSEH;AVGIDSEH
S? AVGIDSFilter;AVGIDSFilter
S? AVGIDSShim;AVGIDSShim
S? Avgldx86;AVG AVI Loader Driver
S? Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield
S? Avgrkx86;AVG Anti-Rootkit Driver
S? Avgtdix;AVG TDI Driver
S? avgwd;AVG WatchDog
S? Lbd;Lbd
S? SASDIFSV;SASDIFSV
S? SASKUTIL;SASKUTIL
.
=============== Created Last 30 ================
.
2011-04-05 03:32:14 -------- d-----w- C:\Microsoft.Windows.XP.Professional.SP3.Integrated
2011-03-31 12:42:29 -------- d-----w- C:\gmer
2011-03-31 12:33:43 625664 ----a-w- C:\dds.scr
2011-03-31 10:24:56 50477 ----a-w- C:\Defogger.exe
2011-03-29 13:11:33 791393 ----a-w- C:\erunt-setup.exe
2011-03-29 13:09:33 2521 ----a-w- C:\xp_taskbar_desktop_fixall.vbs
2011-03-28 12:59:29 -------- d-----w- c:\documents and settings\administrator.games\DoctorWeb
2011-03-28 12:37:23 58749576 ----a-w- C:\5jx39z43.exe
2011-03-27 05:09:18 50688 ----a-w- C:\ATF-Cleaner.exe
2011-03-27 04:55:20 -------- d-----w- C:\VB6
2011-03-27 04:46:04 38224 ----a-w- c:\windows.0\system32\drivers\mbamswissarmy.sys
2011-03-27 04:45:59 20952 ----a-w- c:\windows.0\system32\drivers\mbam.sys
2011-03-27 04:45:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-03-25 22:58:41 781272 ----a-w- c:\program files\mozilla firefox\mozsqlite3.dll
2011-03-25 22:58:41 728024 ----a-w- c:\program files\mozilla firefox\libGLESv2.dll
2011-03-25 22:58:41 1874904 ----a-w- c:\program files\mozilla firefox\mozjs.dll
2011-03-25 22:58:41 15832 ----a-w- c:\program files\mozilla firefox\mozalloc.dll
2011-03-25 22:58:41 142296 ----a-w- c:\program files\mozilla firefox\libEGL.dll
2011-03-25 22:58:40 1893336 ----a-w- c:\program files\mozilla firefox\d3dx9_42.dll
2011-03-25 22:58:40 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2011-03-25 22:58:39 1975768 ----a-w- c:\program files\mozilla firefox\D3DCompiler_42.dll
.
==================== Find3M ====================
.
2011-03-27 08:51:36 80 ----a-w- C:\MktBackup.bat
2011-02-09 13:53:52 270848 ----a-w- c:\windows.0\system32\sbe.dll
2011-02-09 13:53:52 186880 ----a-w- c:\windows.0\system32\encdec.dll
2011-02-08 12:55:21 16432 ----a-w- c:\windows.0\system32\lsdelete.exe
2011-02-02 13:40:23 472808 ----a-w- c:\windows.0\system32\deployJava1.dll
2011-02-02 11:19:39 73728 ----a-w- c:\windows.0\system32\javacpl.cpl
2011-02-02 07:58:35 2067456 ----a-w- c:\windows.0\system32\mstscax.dll
2011-01-27 11:57:06 677888 ----a-w- c:\windows.0\system32\mstsc.exe
2011-01-21 14:44:37 439296 ----a-w- c:\windows.0\system32\shimgvw.dll
2011-01-07 14:09:02 290048 ----a-w- c:\windows.0\system32\atmfd.dll
.
============= FINISH: 18:36:59.01 ===============

Have attached the Attach.txt.

Thanks, Brad

Attached Files



#6 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,113 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:11:12 PM

Posted 07 April 2011 - 07:24 AM

Hello there,

COMBOFIX
---------------
Please download ComboFix from one of these locations:
Bleepingcomputer
ForoSpyware
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\Combofix.txt in your next reply.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#7 edelman_b

edelman_b
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Perth, Western Australia
  • Local time:04:12 AM

Posted 07 April 2011 - 09:03 AM

Hi Elise,

Downloaded ComboFix.
Disabled AVG.
Ran ComboFix. Got a message "ComboFix cannot run when AVG is installed." Tried to remove AVG but the uninstall from Control Panel failed, files mfa* and msi* attached. So I removed AVG manually and killed AVG processes.
Ran ComboFix. Got a message "System file is infected C:\WINDOWS.0\regedit.exe"
ComboFix downloaded the Recovery Console and did its scans.
ComboFix finished scanning and said it would reboot but just hung. I rebooted. There is now an extra desktop icon for IE that hadn't been coming up before (but IE still not working) and also catchme.txt that says:

File "C:\ComboFix\MT_regedit.exe.tmp" added successfully

There is no c:\ComboFix.txt. There is a c:\ComboFix\ComboFix.txt that says:

ComboFix 11-04-06.03 - Administrator 07/04/2011 21:26:08.1.1 - x86
Running from: C:\ComboFix.exe


As well as regedit it seems to have removed C:\Documents and Settings\you\Application Data\inst.exe

Thanks, Brad

Attached Files



#8 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,113 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:11:12 PM

Posted 07 April 2011 - 09:14 AM

Can you please try to rerun combofix and see if a log gets produced now?

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#9 edelman_b

edelman_b
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Perth, Western Australia
  • Local time:04:12 AM

Posted 08 April 2011 - 06:29 AM

Hi Elise,

Got a log this time, attached.

Brad

Attached Files



#10 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,113 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:11:12 PM

Posted 08 April 2011 - 08:21 AM

Please run the following tool, then rerun combofix and post me the new log. Note that this tool can throw some errors, its quite old, however, it should still do the trick.

  • Please download Dial-A-Fix from one of the following mirrors:
  • Extract the zip file to your desktop.
  • Double click Dial-a-Fix.exe to start the program. Note - you might see an error message regarding Internet Explorer. Just ignore this and continue.
  • Press the green double checkmark box (Looks like this: Posted Image)
  • UNcheck Empty Temp Folders, as well as Adjust Time/Date in the prep section. The prep section should then look like this:

    Posted Image

    Posted Image
  • Click on go
  • Exit/Close Dial-A-Fix

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#11 edelman_b

edelman_b
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Perth, Western Australia
  • Local time:04:12 AM

Posted 08 April 2011 - 07:54 PM

Hi Elise,

Downloade, extracted and ran Dial-a-fix. Got lots of errors like:

Error 127: c:\WINDOWS.0\system32\iesetup.dll is not registerable or the file is corrupted. Your version of iesetup.dll is: 8.00.6001.18702.

and

iesetup.dll is not DLL Install-able.

For imgutil.dll, inseng.dll, mshtl.dll, msrating.dll, occache.dll, pngfilt.dll, webcheck.dll.

Reran ComboFix, log attached.

Regards, Brad

Attached Files



#12 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,113 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:11:12 PM

Posted 09 April 2011 - 03:50 AM

Hi, do you have your XP CD at hand?

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#13 edelman_b

edelman_b
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Perth, Western Australia
  • Local time:04:12 AM

Posted 09 April 2011 - 07:10 PM

Hi Elise,

It is an OEM setup so I don't have an XP CD for it. But I believe I can create one from the install content on the hard drive (i386 folder) or perhaps use one from another computer?

Brad

#14 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,113 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:11:12 PM

Posted 10 April 2011 - 02:36 AM

Try this please: click start > run, type sfc /scannow and press enter. Let the system file checker run unhindered and when done, let me know how things are running.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#15 edelman_b

edelman_b
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Perth, Western Australia
  • Local time:04:12 AM

Posted 10 April 2011 - 05:49 AM

I don't have a Start button so I ran sfc /scanno from a command window (DOS prompt). It didn't find any problems.
No change.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users