Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer Really Slow, volsnap.sys, bad infection


  • Please log in to reply
11 replies to this topic

#1 supergeek561

supergeek561

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:40 PM

Posted 27 February 2013 - 12:31 AM

Hi,

 

About a day ago, I tried to boot my computer, but during the boot, I got the Blue Screen of Death telling me there was a problem with volsnap.sys. I've had Windows XP Professional Service Pack 3 installed on this computer for quite a long time and I've never had this problem happen to me with any of my computers. I tried booting it several more times and I got the same problem.

 

Next, I inserted the Windows OS CD and tried to overwrite the volsnap.sys file on my computer with the one from that CD. That didn't work. Eventually, I ended up doing a repair reinstall of my OS. That is, I reinstalled my OS, but it wasn't a clean re-install, in order to save my data and what have you. After I did this, I was able to boot the computer. So now, I am running XP Service Pack 2 (as I haven't installed any updates since the incident).

 

Although I was able to log in and use the internet and so on, everything has become much slower than it was before. This computer used to be quite fast. Now it's quite slow. I am also unable to open MalwareBytes Anti-Malware. When I try, it gives me a dialog that says:

 

"'Run time error -2147024769 (8007007f)':

Automation error

The specified procedure could not be found."
 

Given this very unusual behavior, I think my computer is infected with something really really bad.

 

Here are my DDS logs:

 

 

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 6.0.2900.2180  BrowserJavaVersion: 1.4.2_03
Run by Ben at 0:20:37 on 2013-02-27
#Option MBR scan  is disabled.
Microsoft Windows XP Professional  5.1.2600.2.1252.1.1033.18.2038.1177 [GMT -5:00]
.
.
============== Running Processes ================
.
C:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\SCardSvr.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Real\RealPlayer\update\realsched.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Apoint\HidFind.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\notepad.exe
\\?\C:\WINDOWS\system32\WBEM\WMIADAP.EXE
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uURLSearchHooks: uTorrentControl_v2 Toolbar: {7473b6bd-4691-4744-a82b-7854eb3d70b6} - c:\program files\utorrentcontrol_v2\prxtbuTo0.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: uTorrentControl_v2 Toolbar: {7473b6bd-4691-4744-a82b-7854eb3d70b6} - c:\program files\utorrentcontrol_v2\prxtbuTo0.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} -
TB: uTorrentControl_v2 Toolbar: {7473B6BD-4691-4744-A82B-7854EB3D70B6} - c:\program files\utorrentcontrol_v2\prxtbuTo0.dll
TB: uTorrentControl_v2 Toolbar: {7473b6bd-4691-4744-a82b-7854eb3d70b6} - c:\program files\utorrentcontrol_v2\prxtbuTo0.dll
uRun: [ctfmon.exe] "c:\windows\system32\ctfmon.exe"
mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [Dell QuickSet] "c:\program files\dell\quickset\quickset.exe"
mRun: [Apoint] "c:\program files\apoint\Apoint.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe"  -osboot
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [igfxtray] "c:\windows\system32\igfxtray.exe"
mRun: [igfxhkcmd] "c:\windows\system32\hkcmd.exe"
mRun: [igfxpers] "c:\windows\system32\igfxpers.exe"
mRun: [SigmatelSysTrayApp] "stsystra.exe"
mRun: [SpySweeper] "c:\program files\webroot\spy sweeper\SpySweeperUI.exe" /startintray
dRunOnce: [tscuninstall] c:\windows\system32\tscupgrd.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - LocalServer32 - <no file>
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1350946612953
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
TCP: NameServer = 208.59.247.45 208.59.247.46
TCP: Interfaces\{5D03D347-A9FD-4035-874E-99BCA371388A} : DHCPNameServer = 208.59.247.45 208.59.247.46
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: igfxcui - igfxdev.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\25.0.1364.97\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\ben\application data\mozilla\firefox\profiles\5w6x08ou.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\update\1.3.21.135\npGoogleUpdate3.dll
FF - plugin: c:\program files\real\realplayer\netscape6\nprpplugin.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_5_502_135.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
.
============= SERVICES / DRIVERS ===============
.
R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [2011-3-22 29832]
R2 WebrootSpySweeperService;Webroot Spy Sweeper Engine;c:\program files\webroot\spy sweeper\SpySweeper.exe [2011-3-22 4048256]
R2 WRConsumerService;Webroot Client Service;c:\program files\webroot\spy sweeper\WRConsumerService.exe [2012-10-22 1201656]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-7-13 160944]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2013-2-26 40776]
.
=============== Created Last 30 ================
.
2013-02-26 08:44:44    40776    ----a-w-    c:\windows\system32\drivers\mbamswissarmy.sys
2013-02-26 08:37:20    135168    ----a-w-    c:\windows\system32\igfxres.dll
2013-02-26 08:18:57    229439    -c--a-w-    c:\windows\system32\dllcache\multibox.dll
2013-02-26 08:17:59    400384    -c--a-w-    c:\windows\system32\dllcache\fxsxp32.dll
2013-02-26 08:16:59    20536    -c--a-w-    c:\windows\system32\dllcache\shtml.dll
2013-02-26 08:14:49    16384    -c--a-w-    c:\windows\system32\dllcache\isignup.exe
2013-02-26 08:14:49    16384    ----a-w-    c:\program files\internet explorer\connection wizard\isignup.exe
2013-02-26 08:06:34    24661    -c--a-w-    c:\windows\system32\dllcache\spxcoins.dll
2013-02-26 08:06:34    24661    ----a-w-    c:\windows\system32\spxcoins.dll
2013-02-26 08:06:34    13312    -c--a-w-    c:\windows\system32\dllcache\irclass.dll
2013-02-26 08:06:34    13312    ----a-w-    c:\windows\system32\irclass.dll
2013-02-26 08:06:24    10559    ----a-r-    c:\windows\SET11C.tmp
2013-02-26 08:06:23    22339    ----a-r-    c:\windows\SET11B.tmp
2013-02-26 08:06:18    13753    ----a-r-    c:\windows\SETE0.tmp
2013-02-26 08:06:15    1086058    ----a-r-    c:\windows\SETD4.tmp
2013-02-26 08:06:13    1042903    ----a-r-    c:\windows\SETD1.tmp
2013-02-18 09:03:55    650752    ----a-w-    c:\windows\system32\xvidcore.dll
2013-02-18 09:03:55    240640    ----a-w-    c:\windows\system32\xvidvfw.dll
2013-02-18 09:03:54    143872    ----a-w-    c:\windows\system32\xvid.ax
2013-02-18 09:03:52    --------    d-----w-    c:\program files\Xvid
2013-02-18 09:01:34    --------    d-----w-    c:\windows\BuzzSocialPointsChecker
2013-02-18 09:01:33    --------    d-----w-    c:\program files\BuzzSocialPointsIE_DNS
2013-02-18 06:21:31    --------    d-----w-    c:\documents and settings\all users\application data\InstallMate
2013-02-16 09:06:13    --------    d-----w-    c:\documents and settings\all users\application data\19Rgeit2iTqrf7M2Ql65
2013-02-16 08:54:54    --------    d-----w-    c:\documents and settings\ben\local settings\application data\Downloaded Installations
2013-02-16 08:50:20    --------    d-----w-    c:\program files\common files\GTK
2013-02-16 08:50:18    81920    ----a-w-    c:\windows\system32\OpenAL32.dll
2013-02-16 08:50:18    233472    ----a-w-    c:\windows\system32\wrap_oal.dll
2013-02-16 08:28:29    --------    d-----w-    c:\windows\speech
2013-02-16 08:26:53    --------    d-----w-    c:\windows\Lhsp
2013-02-15 04:09:12    --------    d-sha-r-    C:\cmdcons
2013-02-15 04:07:44    98816    ----a-w-    c:\windows\sed.exe
2013-02-15 04:07:44    256000    ----a-w-    c:\windows\PEV.exe
2013-02-15 04:07:44    208896    ----a-w-    c:\windows\MBR.exe
2013-02-06 07:15:58    --------    d-----w-    c:\program files\VideoLAN
2013-01-30 18:24:37    --------    d-----w-    C:\found.000
.
==================== Find3M  ====================
.
2013-02-14 08:06:35    71024    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2013-02-14 08:06:35    691568    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2012-12-15 07:26:33    143872    ----a-w-    c:\windows\system32\javacpl.cpl
2012-12-15 07:26:32    821736    ----a-w-    c:\windows\system32\npDeployJava1.dll
2012-12-15 07:26:32    746984    ----a-w-    c:\windows\system32\deployJava1.dll
2012-12-14 21:49:28    21104    ----a-w-    c:\windows\system32\drivers\mbam.sys
.
============= FINISH:  0:21:17.93 ===============
 

Attached Files


Edited by supergeek561, 27 February 2013 - 12:33 AM.


BC AdBot (Login to Remove)

 


#2 The Dark Knight

The Dark Knight

    The Magician


  • Security Colleague
  • 661 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Krypton
  • Local time:02:40 PM

Posted 01 March 2013 - 05:59 PM

Hello and welcome to BleepingComputer. I am The Dark Knight and will be assisting you. Please ask questions if anything is unclear. :welcome:

 

Please follow these instructions to run ComboFix.exe. Please visit this webpage for download links and instructions for running this tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix (CF).

Please go here to see a list of programs that need to be disabled.

**Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall.**

**Note 2: If you get a message saying "Illegal operation attempted on a registry key that has been marked for deletion", please restart your computer.**

Please include the C:\ComboFix.txt in your next reply for further review.


If you make yourself more than just a man, if you devote yourself to an ideal...you become something else entirely. A legend, Mr. Wayne, a legend!


If I have helped you please consider donating to the Neuroscience Research Institute.


Posted Image
Posted Image


#3 supergeek561

supergeek561
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:40 PM

Posted 03 March 2013 - 12:31 AM

Hi Dark Knight!

 

Thank you for getting back to me.

 

Since making my first post, my computer has become faster. It's almost as fast as normal now, but I'm quite sure I still have some nasty malware left.

 

I have run Combofix. Strangely, it did not restart my computer (I have dealt with Combofix several times in the past few years and all those times, it restarted my computer).

 

In any case, here is the log:

 

 

 

ComboFix 13-03-02.01 - Ben 03/03/2013   0:16.2.2 - x86
Microsoft Windows XP Professional  5.1.2600.2.1252.1.1033.18.2038.1623 [GMT -5:00]
Running from: c:\documents and settings\Ben\Desktop\vodka.exe
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\SCLabel.ocx
.
.
(((((((((((((((((((((((((   Files Created from 2013-02-03 to 2013-03-03  )))))))))))))))))))))))))))))))
.
.
2013-02-26 08:44 . 2013-02-27 05:27    40776    ----a-w-    c:\windows\system32\drivers\mbamswissarmy.sys
2013-02-26 08:37 . 2005-12-13 21:40    135168    ----a-w-    c:\windows\system32\igfxres.dll
2013-02-26 08:18 . 2004-08-04 10:00    229439    -c--a-w-    c:\windows\system32\dllcache\multibox.dll
2013-02-26 08:17 . 2004-08-04 10:00    400384    -c--a-w-    c:\windows\system32\dllcache\fxsxp32.dll
2013-02-26 08:16 . 2003-03-24 21:52    20536    -c--a-w-    c:\windows\system32\dllcache\shtml.dll
2013-02-26 08:14 . 2004-08-04 10:00    16384    -c--a-w-    c:\windows\system32\dllcache\isignup.exe
2013-02-26 08:14 . 2004-08-04 10:00    16384    ----a-w-    c:\program files\Internet Explorer\Connection Wizard\isignup.exe
2013-02-26 08:06 . 2004-08-04 10:00    24661    -c--a-w-    c:\windows\system32\dllcache\spxcoins.dll
2013-02-26 08:06 . 2004-08-04 10:00    24661    ----a-w-    c:\windows\system32\spxcoins.dll
2013-02-26 08:06 . 2004-08-04 10:00    13312    -c--a-w-    c:\windows\system32\dllcache\irclass.dll
2013-02-26 08:06 . 2004-08-04 10:00    13312    ----a-w-    c:\windows\system32\irclass.dll
2013-02-26 08:06 . 2005-03-30 17:54    10559    ----a-r-    c:\windows\SET11C.tmp
2013-02-26 08:06 . 2006-03-30 10:03    22339    ----a-r-    c:\windows\SET11B.tmp
2013-02-26 08:06 . 2004-08-04 10:00    13753    ----a-r-    c:\windows\SETE0.tmp
2013-02-26 08:06 . 2004-08-04 10:00    1086058    ----a-r-    c:\windows\SETD4.tmp
2013-02-26 08:06 . 2004-08-04 10:00    1042903    ----a-r-    c:\windows\SETD1.tmp
2013-02-18 09:03 . 2011-03-19 15:06    240640    ----a-w-    c:\windows\system32\xvidvfw.dll
2013-02-18 09:03 . 2011-03-19 15:04    650752    ----a-w-    c:\windows\system32\xvidcore.dll
2013-02-18 09:03 . 2011-03-21 13:56    143872    ----a-w-    c:\windows\system32\xvid.ax
2013-02-18 09:03 . 2013-02-18 09:04    --------    d-----w-    c:\program files\Xvid
2013-02-18 09:01 . 2013-02-18 09:01    --------    d-----w-    c:\windows\BuzzSocialPointsChecker
2013-02-18 09:01 . 2013-02-18 09:01    --------    d-----w-    c:\program files\BuzzSocialPointsIE_DNS
2013-02-18 06:21 . 2013-02-18 06:21    --------    d-----w-    c:\documents and settings\All Users\Application Data\InstallMate
2013-02-18 06:08 . 2013-02-18 06:08    --------    d-----w-    c:\windows\system32\config\systemprofile\Local Settings\Application Data\Google
2013-02-16 09:06 . 2013-02-16 09:06    --------    d-----w-    c:\documents and settings\All Users\Application Data\19Rgeit2iTqrf7M2Ql65
2013-02-16 08:54 . 2013-02-16 08:54    --------    d-----w-    c:\documents and settings\Ben\Local Settings\Application Data\Downloaded Installations
2013-02-16 08:50 . 2013-02-16 08:50    --------    d-----w-    c:\program files\Common Files\GTK
2013-02-16 08:50 . 2013-02-16 08:50    81920    ----a-w-    c:\windows\system32\OpenAL32.dll
2013-02-16 08:50 . 2013-02-16 08:50    233472    ----a-w-    c:\windows\system32\wrap_oal.dll
2013-02-16 08:28 . 2013-02-16 08:28    --------    d-----w-    c:\windows\speech
2013-02-16 08:26 . 2013-02-16 08:42    --------    d-----w-    c:\windows\Lhsp
2013-02-06 07:16 . 2013-02-27 08:41    --------    d-----w-    c:\documents and settings\Ben\Application Data\vlc
2013-02-06 07:15 . 2013-02-06 07:15    --------    d-----w-    c:\program files\VideoLAN
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-14 08:06 . 2012-10-23 02:57    71024    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2013-02-14 08:06 . 2012-10-23 02:57    691568    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2012-12-15 07:26 . 2012-12-15 07:27    143872    ----a-w-    c:\windows\system32\javacpl.cpl
2012-12-15 07:26 . 2012-12-15 07:27    821736    ----a-w-    c:\windows\system32\npDeployJava1.dll
2012-12-15 07:26 . 2012-12-15 07:27    746984    ----a-w-    c:\windows\system32\deployJava1.dll
2012-12-14 21:49 . 2012-12-04 20:37    21104    ----a-w-    c:\windows\system32\drivers\mbam.sys
2012-10-11 01:06 . 2012-10-22 22:59    261600    ----a-w-    c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{7473b6bd-4691-4744-a82b-7854eb3d70b6}"= "c:\program files\uTorrentControl_v2\prxtbuTo0.dll" [2012-11-06 183112]
.
[HKEY_CLASSES_ROOT\clsid\{7473b6bd-4691-4744-a82b-7854eb3d70b6}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{7473b6bd-4691-4744-a82b-7854eb3d70b6}]
2012-11-06 13:01    183112    ----a-w-    c:\program files\uTorrentControl_v2\prxtbuTo0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{7473b6bd-4691-4744-a82b-7854eb3d70b6}"= "c:\program files\uTorrentControl_v2\prxtbuTo0.dll" [2012-11-06 183112]
.
[HKEY_CLASSES_ROOT\clsid\{7473b6bd-4691-4744-a82b-7854eb3d70b6}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{7473B6BD-4691-4744-A82B-7854EB3D70B6}"= "c:\program files\uTorrentControl_v2\prxtbuTo0.dll" [2012-11-06 183112]
.
[HKEY_CLASSES_ROOT\clsid\{7473b6bd-4691-4744-a82b-7854eb3d70b6}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-28 667718]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-12-28 602182]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2006-04-06 1032192]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2005-10-07 176128]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-09-24 926896]
"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2012-10-23 296096]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-19 421888]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-12-13 98304]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-12-13 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-12-13 118784]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 282624]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-04 44544]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
.
R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [3/22/2011 9:14 AM 29832]
R2 WRConsumerService;Webroot Client Service;c:\program files\Webroot\Spy Sweeper\WRConsumerService.exe [10/22/2012 8:41 PM 1201656]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [7/13/2012 12:28 PM 160944]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2/26/2013 3:44 AM 40776]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-02-27 05:15    1629648    ----a-w-    c:\program files\Google\Chrome\Application\25.0.1364.97\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-03-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-10-23 03:03]
.
2013-03-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-10-23 03:03]
.
2013-03-03 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1220945662-776561741-725345543-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-07-27 18:27]
.
2013-03-03 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1220945662-776561741-725345543-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-07-27 18:27]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
TCP: DhcpNameServer = 208.59.247.45 208.59.247.46
FF - ProfilePath - c:\documents and settings\Ben\Application Data\Mozilla\Firefox\Profiles\5w6x08ou.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - prefs.js: network.proxy.type - 0
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-03-03 00:24
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ...
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
Completion time: 2013-03-03  00:27:56
ComboFix-quarantined-files.txt  2013-03-03 05:27
ComboFix2.txt  2013-02-15 04:29
.
Pre-Run: 24,370,135,040 bytes free
Post-Run: 24,375,742,464 bytes free
.
- - End Of File - - 0454B7E7C20D0506A5A9259787B47CB2
 


Edited by supergeek561, 03 March 2013 - 12:33 AM.


#4 The Dark Knight

The Dark Knight

    The Magician


  • Security Colleague
  • 661 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Krypton
  • Local time:02:40 PM

Posted 03 March 2013 - 12:54 AM

Hello supergeek561,

 

I see you have the uTorrentControl_v2 Toolbar installed. It has been known to exhibit suspicious behaviour (please see here for more information). I recommend removing it.

 

Please go to Start>Control Panel>Programs and uninstall the following program (if present):

  • uTorrentControl_v2 Toolbar

Please restart your computer after this program removal.

 

=====
 

 

Please follow these instructions to remove the remaining malicious entries:

  • Please close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Open Notepad and copy/paste the text in the quotebox below into it:

    Please Note: Do NOT use any other text editor than Notepad or the CFScript will fail.

    killall::

    File::

    c:\windows\SET11C.tmp
    c:\windows\SET11B.tmp
    c:\windows\SETE0.tmp
    c:\windows\SETD4.tmp

    c:\windows\SETD1.tmp

     

    Folder::

    c:\documents and settings\All Users\Application Data\19Rgeit2iTqrf7M2Ql65

  • Save this as CFScript.txt, in the same location as ComboFix.exe.


  • Referring to the picture above, drag CFScript into ComboFix.exe.
  • When finished, it shall produce a log for you at C:\ComboFix.txt.

Please post the ComboFix.txt in your next reply.

 

Please post the results in your reply and let me know how your computer is currently running.
 


If you make yourself more than just a man, if you devote yourself to an ideal...you become something else entirely. A legend, Mr. Wayne, a legend!


If I have helped you please consider donating to the Neuroscience Research Institute.


Posted Image
Posted Image


#5 supergeek561

supergeek561
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:40 PM

Posted 04 March 2013 - 10:21 PM

Hi Dark Knight,

 

 

My computer seems to be alright now, overall, but I'm still having problems with MalwareBytes. After running Combofix, I tried to run MalwareBytes just to see if it would run. I got the same error. Then I installed MalwareBytes again. Still got the same error.

 

 

Here is the Combofix log:

 

 

ComboFix 13-03-04.01 - Ben 03/04/2013  21:58:24.3.2 - x86
Microsoft Windows XP Professional  5.1.2600.2.1252.1.1033.18.2038.1516 [GMT -5:00]
Running from: c:\documents and settings\Ben\Desktop\vodka.exe
Command switches used :: c:\documents and settings\Ben\Desktop\CFScript.txt
.
FILE ::
"c:\windows\SET11B.tmp"
"c:\windows\SET11C.tmp"
"c:\windows\SETD1.tmp"
"c:\windows\SETD4.tmp"
"c:\windows\SETE0.tmp"
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\19Rgeit2iTqrf7M2Ql65
c:\documents and settings\All Users\Application Data\19Rgeit2iTqrf7M2Ql65\PCGWIN32.LI5
c:\windows\SET11B.tmp
c:\windows\SET11C.tmp
c:\windows\SETD1.tmp
c:\windows\SETD4.tmp
c:\windows\SETE0.tmp
.
.
(((((((((((((((((((((((((   Files Created from 2013-02-05 to 2013-03-05  )))))))))))))))))))))))))))))))
.
.
2013-02-26 08:44 . 2013-02-27 05:27    40776    ----a-w-    c:\windows\system32\drivers\mbamswissarmy.sys
2013-02-26 08:37 . 2005-12-13 21:40    135168    ----a-w-    c:\windows\system32\igfxres.dll
2013-02-26 08:18 . 2004-08-04 10:00    229439    -c--a-w-    c:\windows\system32\dllcache\multibox.dll
2013-02-26 08:17 . 2004-08-04 10:00    400384    -c--a-w-    c:\windows\system32\dllcache\fxsxp32.dll
2013-02-26 08:16 . 2003-03-24 21:52    20536    -c--a-w-    c:\windows\system32\dllcache\shtml.dll
2013-02-26 08:14 . 2004-08-04 10:00    16384    -c--a-w-    c:\windows\system32\dllcache\isignup.exe
2013-02-26 08:14 . 2004-08-04 10:00    16384    ----a-w-    c:\program files\Internet Explorer\Connection Wizard\isignup.exe
2013-02-26 08:06 . 2004-08-04 10:00    24661    -c--a-w-    c:\windows\system32\dllcache\spxcoins.dll
2013-02-26 08:06 . 2004-08-04 10:00    24661    ----a-w-    c:\windows\system32\spxcoins.dll
2013-02-26 08:06 . 2004-08-04 10:00    13312    -c--a-w-    c:\windows\system32\dllcache\irclass.dll
2013-02-26 08:06 . 2004-08-04 10:00    13312    ----a-w-    c:\windows\system32\irclass.dll
2013-02-18 09:03 . 2011-03-19 15:06    240640    ----a-w-    c:\windows\system32\xvidvfw.dll
2013-02-18 09:03 . 2011-03-19 15:04    650752    ----a-w-    c:\windows\system32\xvidcore.dll
2013-02-18 09:03 . 2011-03-21 13:56    143872    ----a-w-    c:\windows\system32\xvid.ax
2013-02-18 09:03 . 2013-02-18 09:04    --------    d-----w-    c:\program files\Xvid
2013-02-18 09:01 . 2013-02-18 09:01    --------    d-----w-    c:\windows\BuzzSocialPointsChecker
2013-02-18 09:01 . 2013-02-18 09:01    --------    d-----w-    c:\program files\BuzzSocialPointsIE_DNS
2013-02-18 06:21 . 2013-02-18 06:21    --------    d-----w-    c:\documents and settings\All Users\Application Data\InstallMate
2013-02-18 06:08 . 2013-02-18 06:08    --------    d-----w-    c:\windows\system32\config\systemprofile\Local Settings\Application Data\Google
2013-02-16 08:54 . 2013-02-16 08:54    --------    d-----w-    c:\documents and settings\Ben\Local Settings\Application Data\Downloaded Installations
2013-02-16 08:50 . 2013-02-16 08:50    --------    d-----w-    c:\program files\Common Files\GTK
2013-02-16 08:50 . 2013-02-16 08:50    81920    ----a-w-    c:\windows\system32\OpenAL32.dll
2013-02-16 08:50 . 2013-02-16 08:50    233472    ----a-w-    c:\windows\system32\wrap_oal.dll
2013-02-16 08:28 . 2013-02-16 08:28    --------    d-----w-    c:\windows\speech
2013-02-16 08:26 . 2013-02-16 08:42    --------    d-----w-    c:\windows\Lhsp
2013-02-06 07:16 . 2013-02-27 08:41    --------    d-----w-    c:\documents and settings\Ben\Application Data\vlc
2013-02-06 07:15 . 2013-02-06 07:15    --------    d-----w-    c:\program files\VideoLAN
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-14 08:06 . 2012-10-23 02:57    71024    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2013-02-14 08:06 . 2012-10-23 02:57    691568    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2012-12-15 07:26 . 2012-12-15 07:27    143872    ----a-w-    c:\windows\system32\javacpl.cpl
2012-12-15 07:26 . 2012-12-15 07:27    821736    ----a-w-    c:\windows\system32\npDeployJava1.dll
2012-12-15 07:26 . 2012-12-15 07:27    746984    ----a-w-    c:\windows\system32\deployJava1.dll
2012-12-14 21:49 . 2012-12-04 20:37    21104    ----a-w-    c:\windows\system32\drivers\mbam.sys
2012-10-11 01:06 . 2012-10-22 22:59    261600    ----a-w-    c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-28 667718]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-12-28 602182]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2006-04-06 1032192]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2005-10-07 176128]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-09-24 926896]
"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2012-10-23 296096]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-19 421888]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-12-13 98304]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-12-13 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-12-13 118784]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 282624]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-04 44544]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
.
R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [3/22/2011 9:14 AM 29832]
R2 WRConsumerService;Webroot Client Service;c:\program files\Webroot\Spy Sweeper\WRConsumerService.exe [10/22/2012 8:41 PM 1201656]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [7/13/2012 12:28 PM 160944]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2/26/2013 3:44 AM 40776]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-02-27 05:15    1629648    ----a-w-    c:\program files\Google\Chrome\Application\25.0.1364.97\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-03-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-10-23 03:03]
.
2013-03-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-10-23 03:03]
.
2013-03-05 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1220945662-776561741-725345543-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-07-27 18:27]
.
2013-03-05 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1220945662-776561741-725345543-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-07-27 18:27]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
TCP: DhcpNameServer = 208.59.247.45 208.59.247.46
FF - ProfilePath - c:\documents and settings\Ben\Application Data\Mozilla\Firefox\Profiles\5w6x08ou.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - prefs.js: network.proxy.type - 0
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-03-04 22:11
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ...
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(3644)
c:\windows\system32\ieframe.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Intel\Wireless\Bin\WLKeeper.exe
c:\windows\System32\SCardSvr.exe
c:\program files\Dell\QuickSet\NICCONFIGSVC.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\Webroot\Spy Sweeper\SpySweeper.exe
c:\windows\system32\wscntfy.exe
c:\program files\Apoint\HidFind.exe
c:\program files\Apoint\Apntex.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\stsystra.exe
c:\progra~1\Intel\Wireless\Bin\Dot1XCfg.exe
.
**************************************************************************
.
Completion time: 2013-03-04  22:13:03 - machine was rebooted
ComboFix-quarantined-files.txt  2013-03-05 03:13
ComboFix2.txt  2013-03-03 05:27
ComboFix3.txt  2013-02-15 04:29
.
Pre-Run: 25,011,998,720 bytes free
Post-Run: 25,086,836,736 bytes free
.
- - End Of File - - 08928DCAAD3AC3250E6C170F949E606C
 

 

 

 

Thank you,

  -Super Geek



#6 The Dark Knight

The Dark Knight

    The Magician


  • Security Colleague
  • 661 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Krypton
  • Local time:02:40 PM

Posted 05 March 2013 - 03:35 PM

Hey supergeek561,

 

Please see this link:

 

http://forums.microsoft.com/MSDN/ShowPost.aspx?PostID=221601&SiteID=1

 

Did that help remove the runtime error?


If you make yourself more than just a man, if you devote yourself to an ideal...you become something else entirely. A legend, Mr. Wayne, a legend!


If I have helped you please consider donating to the Neuroscience Research Institute.


Posted Image
Posted Image


#7 supergeek561

supergeek561
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:40 PM

Posted 05 March 2013 - 10:17 PM

Hey Dark Knight,

 

That link doesn't work.



#8 The Dark Knight

The Dark Knight

    The Magician


  • Security Colleague
  • 661 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Krypton
  • Local time:02:40 PM

Posted 06 March 2013 - 03:34 PM

Hey supergeek561,

 

Please see this link instead and follow the instructions in the first post:

 

http://kb.swiftkit.net/question-automation-error.html'

 

Please let me know how that goes.


If you make yourself more than just a man, if you devote yourself to an ideal...you become something else entirely. A legend, Mr. Wayne, a legend!


If I have helped you please consider donating to the Neuroscience Research Institute.


Posted Image
Posted Image


#9 supergeek561

supergeek561
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:40 PM

Posted 07 March 2013 - 03:19 AM

For regsvr32 "C:\Program Files\Common Files\System\ado\msader15.dll": C:\Program Files\Common Files\System\ado\msader15.dll was loaded, but the DllRegisterServer entry point was not be found. The file cannot be registered.

 

Everything worked fine for the other commands.

 

I tried this serveral times and go the same results, though.

 

Still no luck with MalwareBytes.



#10 The Dark Knight

The Dark Knight

    The Magician


  • Security Colleague
  • 661 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Krypton
  • Local time:02:40 PM

Posted 07 March 2013 - 03:41 PM

Hello supergeek561,

 

Please run the System File Checker:

 

http://www.bleepingcomputer.com/forums/t/43051/how-to-use-sfcexe-to-repair-system-files/

 

Did that solve the issue?


If you make yourself more than just a man, if you devote yourself to an ideal...you become something else entirely. A legend, Mr. Wayne, a legend!


If I have helped you please consider donating to the Neuroscience Research Institute.


Posted Image
Posted Image


#11 supergeek561

supergeek561
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:40 PM

Posted 07 March 2013 - 05:33 PM

No. I got to step 4, but I'm unable to use Windows Update. The website tells me it encountered an error.

 

Maybe I should install XP Pro SP3? That's what I had installed here before the events described in the very first post in this thread happened.

 

I'm starting to think that there really are some files that are either missing or corrupted or both.

 

What do you think?



#12 The Dark Knight

The Dark Knight

    The Magician


  • Security Colleague
  • 661 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Krypton
  • Local time:02:40 PM

Posted 08 March 2013 - 06:40 PM

Hello supergeek561,

 

Yes, I believe there are some corrupted or missing files.

 

Please try updating Windows and see how things go.


If you make yourself more than just a man, if you devote yourself to an ideal...you become something else entirely. A legend, Mr. Wayne, a legend!


If I have helped you please consider donating to the Neuroscience Research Institute.


Posted Image
Posted Image





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users