7 replies to this topic

[tkmops]

Hi,
I've been posting back and forth with another admin for a few weeks now, but he's
out of town, and unable to offer any further assistance. I'm not sure how to link
this to my prior posts..
would it be http://www.malwarebytes.org/forums/index.p...ost&p=94537,
dated June 30th, 2009.
If not, can you look for older posts from 'tkmops'?

Thanks!

[GT500]

Try installing the Visual Basic 6.0 Common Controls from Microsoft.

[tkmops]

GT500, on Aug 2 2009, 11:03 PM, said:

Try installing the Visual Basic 6.0 Common Controls from Microsoft.

Thanks, went to that site, but it looks as if my Vista is not one of the supported OS's. Is there a Vista version somewhere?

[GT500]

tkmops said:

Thanks, went to that site, but it looks as if my Vista is not one of the supported OS's. Is there a Vista version somewhere?

Visual Basic comes with Vista, so it should already be on there. Might have been corrupted.

I found the info below on this site:

Quote

The Windows Vista operating system has a problem with older versions of msvbvm60.dll. To fix this problem, you will have to go to Start, Search and type msvbvm60.dll and check its version. If the version is 6.0.88.77, you will have to replace it by visiting the Microsoft web sit here http://activex.micro...vb6/vbrun60.cab and install the latest version.

[tkmops]

OK, thanks. I downloaded it, but it's asking me what folder do I want to extract the files to. I'm assuming windows/system?

[GT500]

tkmops said:

OK, thanks. I downloaded it, but it's asking me what folder do I want to extract the files to. I'm assuming windows/system?

On 32-bit Vista extract to:
C:\Windows\System32

On 64-bit Vista extract to:
C:\Windows\SysWOW64


If you have a version in C:\Windows\System that you have previously tried to copy there, then delete it. Otherwise, don't mess with C:\Windows\System.

[rnranimal]

I am having the same problem but with Windows XP here is the log:

ComboFix 11-11-05.03 - Randy 05/11/11 15:29:49.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.894.380 [GMT -4:00]
Running from: c:\documents and settings\Randy\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Norton Security Suite *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Security Suite *Disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\documents and settings\Randy\Application Data\PriceGong\Data\1.txt
c:\documents and settings\Randy\Application Data\PriceGong\Data\10.txt
c:\documents and settings\Randy\Application Data\PriceGong\Data\1137.txt
c:\documents and settings\Randy\Application Data\PriceGong\Data\2229.txt
c:\documents and settings\Randy\Application Data\PriceGong\Data\3578.txt
c:\documents and settings\Randy\Application Data\PriceGong\Data\40.txt
c:\documents and settings\Randy\Application Data\PriceGong\Data\420.txt
c:\documents and settings\Randy\Application Data\PriceGong\Data\4258.txt
c:\documents and settings\Randy\Application Data\PriceGong\Data\4489.txt
c:\documents and settings\Randy\Application Data\PriceGong\Data\450.txt
c:\documents and settings\Randy\Application Data\PriceGong\Data\4677.txt
c:\documents and settings\Randy\Application Data\PriceGong\Data\468.txt
c:\documents and settings\Randy\Application Data\PriceGong\Data\6784.txt
c:\documents and settings\Randy\Application Data\PriceGong\Data\946.txt
c:\documents and settings\Randy\Application Data\PriceGong\Data\a.txt
c:\documents and settings\Randy\Application Data\PriceGong\Data\b.txt
c:\documents and settings\Randy\Application Data\PriceGong\Data\c.txt
c:\documents and settings\Randy\Application Data\PriceGong\Data\d.txt
c:\documents and settings\Randy\Application Data\PriceGong\Data\e.txt
c:\documents and settings\Randy\Application Data\PriceGong\Data\f.txt
c:\documents and settings\Randy\Application Data\PriceGong\Data\g.txt
c:\documents and settings\Randy\Application Data\PriceGong\Data\h.txt
c:\documents and settings\Randy\Application Data\PriceGong\Data\i.txt
c:\documents and settings\Randy\Application Data\PriceGong\Data\j.txt
c:\documents and settings\Randy\Application Data\PriceGong\Data\k.txt
c:\documents and settings\Randy\Application Data\PriceGong\Data\l.txt
c:\documents and settings\Randy\Application Data\PriceGong\Data\m.txt
c:\documents and settings\Randy\Application Data\PriceGong\Data\mru.xml
c:\documents and settings\Randy\Application Data\PriceGong\Data\n.txt
c:\documents and settings\Randy\Application Data\PriceGong\Data\o.txt
c:\documents and settings\Randy\Application Data\PriceGong\Data\p.txt
c:\documents and settings\Randy\Application Data\PriceGong\Data\q.txt
c:\documents and settings\Randy\Application Data\PriceGong\Data\r.txt
c:\documents and settings\Randy\Application Data\PriceGong\Data\s.txt
c:\documents and settings\Randy\Application Data\PriceGong\Data\t.txt
c:\documents and settings\Randy\Application Data\PriceGong\Data\u.txt
c:\documents and settings\Randy\Application Data\PriceGong\Data\v.txt
c:\documents and settings\Randy\Application Data\PriceGong\Data\w.txt
c:\documents and settings\Randy\Application Data\PriceGong\Data\wlu.txt
c:\documents and settings\Randy\Application Data\PriceGong\Data\x.txt
c:\documents and settings\Randy\Application Data\PriceGong\Data\y.txt
c:\documents and settings\Randy\Application Data\PriceGong\Data\z.txt
D:\Autorun.inf
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
.
.
((((((((((((((((((((((((( Files Created from 2011-10-05 to 2011-11-05 )))))))))))))))))))))))))))))))
.
.
2011-11-05 16:54 . 2011-09-06 20:37 320856 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-11-05 16:54 . 2011-09-06 20:36 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-11-05 16:54 . 2011-09-06 20:38 442200 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-11-05 16:54 . 2011-09-06 20:36 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-11-05 16:54 . 2011-09-06 20:36 52568 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-11-05 16:54 . 2011-09-06 20:36 110552 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-11-05 16:54 . 2011-09-06 20:36 104536 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-11-05 16:54 . 2011-09-06 20:33 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-11-05 16:52 . 2011-09-06 20:45 41184 ----a-w- c:\windows\avastSS.scr
2011-11-05 16:52 . 2011-09-06 20:45 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-11-05 16:50 . 2011-11-05 16:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-11-05 16:49 . 2011-11-05 16:49 -------- d-----w- c:\program files\AVAST Software
2011-11-05 16:49 . 2011-11-05 16:49 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software
2011-10-29 20:23 . 2011-10-31 19:39 -------- d-----w- c:\program files\AmericasCardroom
2011-10-26 00:39 . 2011-10-26 00:39 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Apple Computer
2011-10-25 22:43 . 2011-11-03 16:16 -------- d-----w- c:\windows\SxsCaPendDel
2011-10-25 22:07 . 2011-10-25 22:07 -------- d-----w- c:\documents and settings\Randy\Local Settings\Application Data\Microsoft_Corporation
2011-10-23 14:55 . 2011-10-23 15:05 -------- d-----w- c:\documents and settings\Randy\Local Settings\Application Data\NPE
2011-10-19 13:24 . 2011-10-19 13:24 -------- d-----w- c:\documents and settings\All Users\Application Data\regid.1986-12.com.adobe
2011-10-19 11:53 . 2011-11-01 23:07 -------- d-----w- c:\program files\Wise PC Engineer
2011-10-15 13:39 . 2011-10-23 14:27 -------- d-----w- c:\documents and settings\Randy\Application Data\Smart PC Solutions
2011-10-15 12:09 . 2011-10-23 14:29 -------- d-----w- c:\program files\Tournament Indicator
2011-10-12 20:30 . 2011-10-12 20:30 -------- d-----w- c:\documents and settings\Randy\Local Settings\Application Data\ArcSoft
2011-10-12 20:25 . 2011-10-12 20:32 -------- d--h--w- c:\documents and settings\All Users\Application Data\ArcSoft
2011-10-12 20:21 . 2006-11-10 19:05 18688 ----a-w- c:\windows\system32\drivers\afc.sys
2011-10-12 20:21 . 2011-10-12 20:24 -------- d-----w- c:\program files\Common Files\ArcSoft
2011-10-12 20:20 . 2011-10-20 19:54 -------- d-----w- c:\documents and settings\Randy\Application Data\ArcSoft
2011-10-12 17:03 . 2011-10-12 17:03 -------- d-----w- c:\program files\iPod
2011-10-12 17:03 . 2011-10-12 17:04 -------- d-----w- c:\program files\iTunes
2011-10-12 16:56 . 2011-10-12 16:56 -------- d-----w- c:\documents and settings\LocalService\Application Data\Apple Computer
2011-10-12 16:55 . 2011-10-12 16:55 -------- d-----w- c:\program files\Bonjour
2011-10-09 19:18 . 2011-10-15 11:31 -------- d-----w- c:\program files\PokerCrusher 5
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-03 09:06 . 2011-06-23 12:18 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-10-03 06:37 . 2011-06-23 12:18 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-09-26 15:41 . 2008-07-29 23:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 15:41 . 2006-02-28 12:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 15:41 . 2006-02-28 12:00 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-24 09:00 . 2011-09-22 18:30 2377696 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll
2011-09-22 18:30 . 2011-09-22 18:30 18368 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\VSA\9.0\1033\ResourceCache.dll
2011-09-09 09:12 . 2006-02-28 12:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-07 13:52 . 2011-09-07 12:42 2516 --sha-w- c:\documents and settings\All Users\Application Data\KGyGaAvL.sys
2011-09-07 13:52 . 2011-09-07 12:42 88 --sh--r- c:\documents and settings\All Users\Application Data\A84BBCF008.sys
2011-09-06 13:20 . 2006-02-28 12:00 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-09-05 14:30 . 2011-09-05 14:30 299008 ------w- c:\windows\Setup1.exe
2011-09-05 14:30 . 2011-09-05 14:30 73216 ----a-w- c:\windows\ST6UNST.EXE
2011-09-04 12:10 . 2011-09-04 12:11 434688 ----a-w- c:\windows\system32\ss2uinst.exe
2011-09-02 12:02 . 2011-06-22 23:56 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-08-31 03:05 . 2011-08-31 03:05 83816 ----a-w- c:\windows\system32\dns-sd.exe
2011-08-31 03:05 . 2011-08-31 03:05 73064 ----a-w- c:\windows\system32\dnssd.dll
2011-08-31 03:05 . 2011-08-31 03:05 50536 ----a-w- c:\windows\system32\jdns_sd.dll
2011-08-31 03:05 . 2011-08-31 03:05 178536 ----a-w- c:\windows\system32\dnssdX.dll
2011-08-22 23:48 . 2006-02-28 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2011-08-22 23:48 . 2006-02-28 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-08-22 23:48 . 2006-02-28 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-08-22 11:56 . 2006-02-28 12:00 385024 ----a-w- c:\windows\system32\html.iec
2011-08-20 13:06 . 2011-08-20 13:06 0 ----a-w- c:\windows\system32\ConduitEngine.tmp
2011-08-17 13:49 . 2006-02-28 12:00 138496 ----a-w- c:\windows\system32\drivers\afd.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files\Yahoo!\Companion\Installs\cpn0\YTNavAssist.dll" [2011-03-16 214840]
.
[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
[HKEY_CLASSES_ROOT\YTNavAssist.YTNavAssistPlugin.1]
[HKEY_CLASSES_ROOT\TypeLib\{A31F34A1-EBD2-45A2-BF6D-231C1B987CC8}]
[HKEY_CLASSES_ROOT\YTNavAssist.YTNavAssistPlugin]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-09-06 20:45 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-06-22 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2007-07-23 77824]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"Conime"="c:\windows\system32\conime.exe" [2008-04-14 27648]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-07-05 421888]
"EKIJ5000StatusMonitor"="c:\windows\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe" [2011-03-03 2510848]
"V0500Mon.exe"="c:\windows\V0500Mon.exe" [2007-11-03 32768]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-10-09 421736]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-09-06 3722416]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Constant Guard.lnk - c:\program files\Constant Guard Protection Suite\IDVault.exe [2011-10-12 3604040]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GIDLogonXP]
2011-07-05 14:25 53528 ----a-w- c:\windows\system32\GIDLogonXP.dll
.
[HKLM\~\startupfolder\C:^Documents and Settings^Randy^Start Menu^Programs^Startup^ZooskMessenger.lnk]
backup=c:\windows\pss\ZooskMessenger.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GIDDesktop]
2011-07-05 14:24 395528 ----a-w- c:\program files\SFT\GuardedID\GIDD.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2011-06-16 11:55 6276408 ----a-w- c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2010-04-17 02:12 3872080 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-07-05 22:36 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
2006-05-12 17:50 1138688 ------w- c:\windows\SMINST\Recguard.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder]
2006-03-31 19:44 761856 ------w- c:\windows\CREATOR\Remind_XP.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2008-06-13 18:50 16871936 ----a-w- c:\windows\RTHDCPL.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Scheduler]
2006-07-10 15:53 872448 ------w- c:\windows\SMINST\Scheduler.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2008-01-21 16:17 61440 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-06-09 17:06 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2011-06-22 23:53 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\V0500Mon.exe]
2007-11-03 00:00 32768 ----a-w- c:\windows\V0500Mon.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\SMINST\\Scheduler.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\Kodak\\Installer\\Setup.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:UDP"= 5353:UDP:Bonjour Port 5353
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0501000.01D\symds.sys [22/06/11 5:32 PM 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0501000.01D\symefa.sys [22/06/11 5:32 PM 744568]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [05/11/11 12:54 PM 442200]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [05/11/11 12:54 PM 320856]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20111027.001\BHDrvx86.sys [01/11/11 4:13 PM 818808]
R1 GIDv2;GIDv2;c:\windows\system32\drivers\gidv2.sys [22/06/11 3:58 PM 25232]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0501000.01D\ironx86.sys [22/06/11 5:32 PM 136312]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [05/11/11 12:54 PM 20568]
R2 BrcmMgmtAgent;Broadcom Management Agent;c:\program files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe [11/02/10 4:35 PM 103936]
R2 IDVaultSvc;CGPS Service;c:\program files\Constant Guard Protection Suite\IDVaultSvc.exe [12/10/11 4:53 PM 63048]
R2 N360;Norton Security Suite;c:\program files\Norton Security Suite\Norton Security Suite\Engine\5.1.0.29\ccsvchst.exe [22/06/11 5:32 PM 130008]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [29/07/11 2:36 PM 105592]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20111104.030\IDSXpx86.sys [04/11/11 7:24 PM 356280]
R3 V0500Dev;Dynex 1.3MP Webcam Driver;c:\windows\system32\drivers\V0500Vid.sys [04/09/11 10:23 AM 251264]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/10 1:16 PM 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [22/06/11 7:53 PM 136176]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [22/06/11 7:53 PM 136176]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/03/10 1:16 PM 753504]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - BASFND
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9191979D-821C-4EA8-B021-2DA1D859A7C5}-3Reg]
2011-07-05 14:26 435976 ----a-w- c:\program files\SFT\GuardedID\GIDI.exe
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-02 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]
.
2011-11-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-06-22 23:53]
.
2011-11-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-06-22 23:53]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/ig?hl=en&source=mpes
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.1.1
DPF: {647D42B5-B9B8-4068-96B0-292F985F8A51} - hxxp://share.vzochat.com/plugin/WebClientXLib.cab
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-11-05 15:43
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600
.
CreateFile("\\.\PHYSICALDRIVE0"): The process cannot access the file because it is being used by another process.
device: opened successfully
user: error reading MBR
kernel: MBR read successfully
user != kernel MBR !!!
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\N360]
"ImagePath"="\"c:\program files\Norton Security Suite\Norton Security Suite\Engine\5.1.0.29\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton Security Suite\Norton Security Suite\Engine\5.1.0.29\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\DbgagD\1*]
"value"="?\07\06\1e\16$\03*"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(772)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\GIDLogonXP.dll
c:\windows\system32\GIDHookLogon.dll
c:\windows\system32\GIDBIN1.dll
c:\windows\system32\WININET.dll
.
- - - - - - - > 'explorer.exe'(18092)
c:\windows\system32\WININET.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2011-11-05 16:00:45
ComboFix-quarantined-files.txt 2011-11-05 20:00
.
Pre-Run: 29,690,904,576 bytes free
Post-Run: 29,654,233,088 bytes free
.
- - End Of File - - E6F697193EB0CD2CE19F28F0AA44285A


Hope you can help!

[daledoc1]

Hello and welcome to MBAM, rnranimal:

Sorry you are having trouble.

A couple of things come to mind (until the experts stop by):

First, this is a REALLY old, stale topic. So, since each computer's problems are unique and for proper attention from the experts, it would be advisable to start a new thread.

Second, we cannot review scan logs or work on malware issues in this particular section of the forums.

Third, it's generally not advisable to run specialized cleaning tools, such as Combofix, without expert assistance; doing so could damage your system and make your data unrecoverable. Nor is it advisable to run more than 1 AV on your system -- doing so actually makes your computer less secure, not more.

Having said all that, if you think your computer may be infected, please review the following info for how to start the diagnostic/cleaning process:

IMPORTANT NOTE: Please do NOT use any temporary file cleaners unless requested - this can cause data loss and make recovery difficult

If you would like expert assistance with cleaning your system, there are 3 support options:

• Option 1 -- Free, Expert advice in the Malware Removal Forum
  
• Option 2 -- Free support for paying customers using MBAM PRO -- Contact MBAM Support via email
  
• Option 3 -- Premium, Fee-Based Support

OPTION 1
As we don't deal with malware removal in this area of the forums, you'll need to start a topic in the Malware Removal forum so that a qualified helper can help you fix any malware-related problems/infections.

• First, please print out, read and CAREFULLY FOLLOW the directions here, skipping any steps you are unable to complete.
  
• If the infection has so crippled the computer that you cannot follow most/all of the requested steps, then please just proceed as advised below:
  
• Then please post a NEW topic in the Malware Removal forum.
  
• Please do NOT post in an open topic started by another member in the malware removal forum, even if the problem appears to be similar to yours.
  
• When posting your new thread, under "options", make sure to select Track this topic and choose Immediate Email Notification, so that you're alerted when someone has replied to your post.
  
• One of the expert helpers there will give you free, one-on-one assistance when one becomes available.

IMPORTANT NOTE: Please do NOT make any further changes to your computer such as (Install/Uninstall programs; use special fix tools; delete files; edit the registry; OR use temp file cleaners, etc...) unless advised by a malware removal helper. Doing so can result in system changes which may hinder the attempts by a helper to clean your machine.

IMPORTANT NOTE: Please DO NOT post back to your topic or "bump" it within the first 48 hours.
Replying to your own posts changes the post count from zero. Helpers are looking for topics with zero replies. If you reply to your own post, helpers may think that you're already being helped and thus may overlook your post. This will only delay your obtaining assistance.

o If there is no reply from any experts after 48 hours, you may reply to the topic, asking for help again.
Or
o You may send a Private Message to a Moderator, asking for assistance.

OPTION 2
Alternatively, as a paying customer using MBAM PRO, you can contact the help desk at support@malwarebytes.org or here.

OPTION 3
If you would like to use the Malwarebytes Premium Services (Comprehensive solutions to all your computer support needs -- from installation and set-up to troubleshooting and tune-ups), please go to the Malwarebytes Premium Services support site.

Please be patient -- someone will assist you as soon as it is possible.

Thanks very much!

daledoc1

PS: Please use the button instead of other ones when you reply here and at the other forums, so that it will be easier to read.