william2

Ran the suggested fixes. All my programs open normally and appear to be working fine. No other system issues that I noticed. Thanks much for your help

I ran MBAM and it successfully got rid of my Defense Center virus. But after this, now I can't open many exe files (at all) and others do not open normally (double clicking on desktop or selecting from start menu). I've also gotten a message several times that rundll.exe cannot be found. Here are my recent MBAM and DDS logs. GMER failed repeatedly for some reason. Thanks for your help! Malwarebytes' Anti-Malware 1.43 Database version: 3458 Windows 5.1.2600 Service Pack 2 (Safe Mode) Internet Explorer 7.0.5730.13 3/25/2010 3:39:01 AM mbam-log-2010-03-25 (03-39-01).txt Scan type: Full Scan (C:\|D:\|) Objects scanned: 267401 Time elapsed: 3 hour(s), 2 minute(s), 6 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 2 Registry Values Infected: 1 Registry Data Items Infected: 1 Folders Infected: 0 Files Infected: 2 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\mslivemsn (Spyware.Banker) -> Quarantined and deleted successfully. Registry Data Items Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Folders Infected: (No malicious items detected) Files Infected: C:\Program Files\Windows NT\Accessories\svchost.exe (Spyware.Banker) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{2466A83D-1B81-456E-9766-38C2B7E48210}\Fifoed(67)\A0189803.exe (Adware.MyWebSearch) -> Quarantined and deleted successfully. ******************** DDS (Ver_10-03-17.01) - NTFSx86 Run by Compaq_Owner at 21:58:35.53 on Tue 06/29/2010 Internet Explorer: 7.0.5730.13 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.511.193 [GMT -7:00] AV: Spyware Doctor with AntiVirus *On-access scanning disabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6} AV: Defense Center *On-access scanning enabled* (Outdated) {28e00e3b-806e-4533-925c-f4c3d79514b9} ============== Running Processes =============== C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\AVG\AVG9\avgchsvx.exe C:\Program Files\AVG\AVG9\avgrsx.exe C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup C:\Program Files\AVG\AVG9\avgcsrvx.exe svchost.exe svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe svchost.exe C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\AVG\AVG9\avgwdsvc.exe C:\Program Files\AVG\AVG9\avgfws9.exe C:\Program Files\AVG\AVG9\avgam.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\AVG\AVG9\avgnsx.exe C:\Program Files\Pure Digital Technologies\FlipShare\FlipShareService.exe c:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\WINDOWS\System32\svchost.exe -k HTTPFilter C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\AVG\AVG9\avgcsrvx.exe C:\Documents and Settings\Compaq_Owner\My Documents\Downloads\dds.scr ============== Pseudo HJT Report =============== uStart Page = hxxp://search.mywebsearch.com/mywebsearch/default.jhtml?ptnrS=GRfox000&ptb=MolqpGFCvzeTtRam6TsfNg uSearch Page = hxxp://www.google.com uSearch Bar = hxxp://www.google.com/ie uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=presario&pf=desktop uDefault_Search_URL = hxxp://www.google.com/ie uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=presario&pf=desktop uInternet Settings,ProxyOverride = *.local uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s mSearchAssistant = hxxp://www.google.com/ie BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar3.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar3.dll TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe" uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe uRun: [DW6] uRun: [smileboxTray] "c:\documents and settings\compaq_owner\application data\smilebox\SmileboxTray.exe" uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background uRun: [Defense Center] "c:\program files\defense center\defcnt.exe" -noscan mRun: [siSPower] Rundll32.exe SiSPower.dll,ModeAgent mRun: [HPBootOp] "c:\program files\hewlett-packard\hp boot optimizer\HPBootOp.exe" /run mRun: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot mRun: [AlcxMonitor] ALCXMNTR.EXE mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe mRun: [ANIWZCS2Service] c:\program files\ani\aniwzcs2 service\WZCSLDR2.exe mRun: [D-Link Wireless G WUA-1340] c:\program files\d-link\wireless g wua-1340\AirGCFG.exe mRun: [D-Link D-Link RangeBooster N DWA-140] c:\program files\d-link\d-link rangebooster n dwa-140\AirNCFG.exe mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [Family Tree Builder Update] c:\program files\myheritage\bin\FTBCheckUpdates.exe mRun: [V0500Mon.exe] c:\windows\V0500Mon.exe mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript StartupFolder: c:\docume~1\compaq~1\startm~1\programs\startup\pmbmed~1.lnk - c:\program files\sony\sony picture utility\pmbcore\SPUVolumeWatcher.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\compaq~1.lnk - c:\program files\compaq connections\6750491\program\Compaq Connections.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\eventr~1.lnk - c:\program files\the print shop 23\Remind.exe uPolicies-system: DisableTaskMgr = 1 (0x1) IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000 IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0\bin\npjpi150.dll IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL LSP: c:\program files\common files\pc tools\lsp\PCTLsp.dll DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB DPF: {62789780-B744-11D0-986B-00609731A21D} - hxxp://www.maricopa.gov/assessor/gis/plugin/mgaxctrl.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab DPF: {D821DC4A-0814-435E-9820-661C543A4679} - hxxp://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL Notify: AtiExtEvent - Ati2evxx.dll Notify: avgrsstarter - avgrsstx.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: {FA010552-4A27-4cb1-A1BB-3E2D697F1639} - No File ============= SERVICES / DRIVERS =============== R0 AVGIDSErHrxpx;AVG9IDSErHr;c:\windows\system32\drivers\AVGIDSxx.sys [2010-6-27 25168] R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2008-5-8 52872] R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-5-8 216400] R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2007-9-11 29584] R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-5-8 243024] R1 pctfw2;pctfw2;c:\windows\system32\drivers\pctfw2.sys [2008-6-23 159880] R2 avg9wd;AVG WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-6-27 308136] R2 avgfws9;AVG Firewall;c:\program files\avg\avg9\avgfws9.exe [2010-6-27 2331032] R2 AVGIDSAgent;AVG9IDSAgent;c:\program files\avg\avg9\identity protection\agent\bin\AVGIDSAgent.exe [2010-6-27 5897808] R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2008-5-8 30104] R3 AVGIDSDriverxpx;AVG9IDSDriver;c:\program files\avg\avg9\identity protection\agent\driver\platform_xp\AVGIDSDriver.sys [2010-6-27 122448] R3 AVGIDSFilterxpx;AVG9IDSFilter;c:\program files\avg\avg9\identity protection\agent\driver\platform_xp\AVGIDSFilter.sys [2010-6-27 30288] R3 AVGIDSShimxpx;AVG9IDSShim;c:\program files\avg\avg9\identity protection\agent\driver\platform_xp\AVGIDSShim.sys [2010-6-27 26192] R3 rt2870;Ralink 802.11n USB Wireless LAN Card Driver;c:\windows\system32\drivers\rt2870.sys [2009-6-15 517632] R3 V0500Dev;Dynex 1.3MP Webcam Driver;c:\windows\system32\drivers\V0500Vid.sys [2010-4-29 251264] S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-10-21 133104] S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [2008-5-8 30104] S3 IKFileSec;File Security Driver;c:\windows\system32\drivers\ikfilesec.sys [2008-6-23 42376] S3 IKSysFlt;System Filter Driver;c:\windows\system32\drivers\iksysflt.sys [2008-6-23 66952] S3 IKSysSec;System Security Driver;c:\windows\system32\drivers\iksyssec.sys [2008-6-23 81288] S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2008-6-23 356920] S3 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2008-6-23 1072008] ============== File Associations =============== .exe=secfile =============== Created Last 30 ================ 2010-06-30 04:33:06 0 ----a-w- c:\documents and settings\compaq_owner\defogger_reenable 2010-06-28 05:18:20 129 ----a-w- c:\documents and settings\compaq_owner\fix.reg 2010-06-28 03:57:59 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-06-28 03:57:55 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-06-28 00:37:58 12536 ----a-w- c:\windows\system32\avgrsstx.dll 2010-06-28 00:13:59 0 d--h--w- C:\$AVG 2010-06-27 23:59:07 25168 ----a-w- c:\windows\system32\drivers\AVGIDSxx.sys 2010-06-27 23:57:00 0 d-----w- c:\docume~1\alluse~1\applic~1\avg9 2010-06-26 22:12:55 0 d-----w- c:\windows\system32\wbem\Repository ==================== Find3M ==================== 2010-06-28 00:38:08 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys 2010-06-28 00:37:16 50968 ----a-w- c:\windows\system32\avgfwdx.dll 2010-06-28 00:37:16 30104 ----a-w- c:\windows\system32\drivers\avgfwdx.sys 2010-06-28 00:37:02 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2010-06-28 00:36:46 52872 ----a-w- c:\windows\system32\drivers\avgrkx86.sys 2010-05-04 12:39:27 70656 ------w- c:\windows\system32\dllcache\ie4uinit.exe 2010-05-04 12:39:27 13824 ------w- c:\windows\system32\dllcache\ieudinit.exe 2010-05-02 05:56:34 1850880 ----a-w- c:\windows\system32\win32k.sys 2010-05-02 05:56:34 1850880 ----a-w- c:\windows\system32\dllcache\win32k.sys 2010-04-20 05:51:20 285696 ----a-w- c:\windows\system32\dllcache\atmfd.dll 2010-04-20 05:51:20 285696 ----a-w- c:\windows\system32\atmfd.dll 2010-04-16 11:43:25 634656 ------w- c:\windows\system32\dllcache\iexplore.exe 2010-04-16 11:43:23 161792 ------w- c:\windows\system32\dllcache\ieakui.dll 2010-04-09 20:09:49 3649 ----a-w- c:\windows\viassary-hp.reg 2010-04-06 11:52:46 2462720 ----a-w- c:\windows\system32\dllcache\WMVCore.dll 2009-11-12 17:28:00 900 --sha-w- c:\windows\system32\KGyGaAvL.sys ============= FINISH: 22:00:10.79 ===============

Couldn't find this topic addressed elsewhere in the forums, so here we go. I downloaded and employed the most recent Malwarebytes' Anti-Malware program to get rid of a fake anti-virus trojan horse program (don't remember the name). It seemed to work-- no more windows telling me i'm infected and must buy their product, no more re-directions on the internet to shopping sites, and no more porn links on my desktop. But now I can't open some programs like Word Perfect, Nero StartSmart, and Picasa. And other programs won't open on my quick links or by double-clicking the desktop shortcuts-- I have to right-click and scroll to "start" rather than the default "Open" which gives an error message that it can't open the exe file (IE Explorer, Firefox, and Google Earth). I also get the "Application not found-- rundll.exe" error message when trying to access the mouse settings via the control panel. I am certain that the IE Explorer, Firefox, and Google Earth problems are new and only since running MBAM. I had been running them the normal way when the virus was active before. Can't say for sure on the other programs. I checked every file name that MBAM found before I removed it-- none of these programs appeared on the list. Also complicating matters is that I cannot access my Task Manager because of the virus' dirty work. The virus also removed all System Restore points prior to its inception yesterday. Thanks for any help