Jump to content


Photo

Spooler Subsystem App has encounted a problem...


  • Please log in to reply
17 replies to this topic

#1 Emi

Emi

    New Member

  • Members
  • Pip
  • 14 posts

Posted 12 September 2010 - 07:46 PM

I was suggested to post my new printer problem here after the post in HijackThisLog forum.

http://forums.malwar...showtopic=62276

After cleaning up my pc (windows xp) according to the directions in the forum above, I hooked up my printer Oki C5300 (not printing was my original problem), and tried to re-install it following "printers and faxes" "add a printer". It stopped and gave error mssg "Spooler Subsytem App has encountered a problem and need to close. Sorry". ....? I googled that message and some said there's still a virus...? Am I supposed to download a printer driver and put it somewhere first? I'm afraid to do ANYTHING without being told now... please help, thanks...

#2 noknojon

noknojon

    you know why ---

  • Honorary Members
  • PipPipPipPipPipPip
  • 6,090 posts
  • Gender:Male

Posted 12 September 2010 - 08:19 PM

Hi -
Did that printer come with an install CD or similar ?? -
These items (CD's) usually contain the 'drivers' for your printer - This sounds like the problem -

Thank You -

EDIT -
Please visit http://driverscollec...?H=C5300&By=OKI this page linked here to see if there are drivers to load -
Only use the link posted containing Download OKI C5300 Microsoft Certified Driver v.1.8.0 on that page -
Many of the others are only Advertising -
Just another private helper .......................... The answer is always 42, or Reboot
If you are waiting for an answer Press F5 ................. you may have one waiting for you ........

#3 Emi

Emi

    New Member

  • Members
  • Pip
  • 14 posts

Posted 13 September 2010 - 09:42 AM

I'm back to square one...
-I put installation CD from Okidata (pretty old), and it gave error "CDinst.exe has encountered problem and need to close."

Sorry I can't remember the order I did but:
-I ran Dell diagnostics, and it fixed "Printer Service" or something.
-I followed microsoft instruction to run spooler.
-Then I can't remember exactly when but suddenly OkiC5300 icon showed up in "Printers and Faxes", I could change default printer to C5300, but when I click preferences, then it gives this mssg "Function address ox68647646 caused a protection fault. (exception code 0xc0000094), Some or all property page may not be displayed." that was the mssg I was getting before malware cleanup.
-Add Printer's Plug and Play still doesn't work no matter how many times I reboot computer and re-plug the printer. It gives "Spooler Subsystem App has encountered a problem." So I went to "Run" CDinst.exe from installation CD, then Oki's installation wizard came up and I could click "install printer driver". But then it asked me to remove "older version of driver 2.0.0.0 in order to install the "new driver 1.0.0.0" because the CD is old.
-I downloaded the new driver but that just overwrite existing files.
-I tried to print from Microsoft Word to see if it prints (it did before cleanup), which crashed, went into Microsoft Office Diagnostics, couldn't find or solve it, now it's circling error mssg "Word has encountered problem and needs to close", and try to go into safe mode, crashes and gives the same error mssg, over and over.... I need to reboot. I'll be back...
This is making me crazy!
Thanks for your help

#4 AdvancedSetup

AdvancedSetup

    Staff

  • Root Admin
  • PipPipPipPipPipPip
  • 41,015 posts
  • Gender:Male
  • Location:US

Posted 13 September 2010 - 05:22 PM

Please take a look at the following article and see if it helps to resolve the issue.

http://support.microsoft.com/kb/324757

Ron Lewis
Forum Community Manager

staff.png

Follow us: Twitter, Become a fan: Facebook


#5 Emi

Emi

    New Member

  • Members
  • Pip
  • 14 posts

Posted 13 September 2010 - 09:05 PM

:) :)
It's printing!!!!! Thank you!!!!!
What I did after my last post was to call Okidata support, the rep told me to delete all printers and remove drivers. I had HP C4480 too and she actually said that maybe the cause. I still had "protection fault" every time I try to open "printer preferences" while I'm trying to delete the printers/drivers. So she told me to go to HP website, download "Scrubber Utility" and ran it. It went through, but then I still had problem re-installing Oki printer. So I followed your link, although "Fix It" didn't go through automatically, I manually deleted spool printer and driver files, remove registry entries. Now it's printing! I've been dealing with this for over a week, hurt my back during moving heavy printer form room to room. Now I'm back in business! Thank you!! Including all other people who helped me in other forums!

#6 AdvancedSetup

AdvancedSetup

    Staff

  • Root Admin
  • PipPipPipPipPipPip
  • 41,015 posts
  • Gender:Male
  • Location:US

Posted 13 September 2010 - 11:09 PM

You're quite welcome. I've had to use that utility method from Microsoft a few times myself on some stubborn systems.

Ron Lewis
Forum Community Manager

staff.png

Follow us: Twitter, Become a fan: Facebook


#7 Emi

Emi

    New Member

  • Members
  • Pip
  • 14 posts

Posted 21 September 2010 - 10:18 PM

It WAS printing until today.... (spooler subsystem has encountered problems, RTC is unavailable, etc...) ????? So I did the same fix above, reinstalled printer and driver, and they seem to be in place, but this time is not working.... still application crases when print, protection fault, etc. .... Malwarebytes scan comes out clean. I can't even try to restore system this time since there is no checkpoint! Does this mean my XP is corrupt and I need to reinstall? Are there any other options before that? .... thank you for any input...!

#8 AdvancedSetup

AdvancedSetup

    Staff

  • Root Admin
  • PipPipPipPipPipPip
  • 41,015 posts
  • Gender:Male
  • Location:US

Posted 22 September 2010 - 12:36 AM

Please run the following and post back the information requested

STEP 01

Download DDS and save it to your desktop
http://download.bleepingcomputer.com/sUBs/dds.scr

Disable any script blocker if your Anti-Virus/Anti-Malware has it.
Once downloaded you can disconnect from the Internet and disable your Ant-Virus temporarily if needed.
Then double click dds.scr to run the tool.
When done, the DDS.txt will open.
Click Yes at the next prompt for Optional Scan.

  • When done, DDS will open two (2) logs:
  • DDS.txt
  • Attach.txt
  • Save both reports to your desktop
  • Please include the following logs in your next reply: DDS.txt and Attach.txt


STEP 02
Click on START - RUN and copy / paste the entry below into the run line and click OK
CMD /C NETSH FIREWALL RESET
Click on START - RUN and copy / paste the entry below into the run line and click OK
CMD /C NETSH int ip reset c:\resetlog.txt
Click on START - RUN and copy / paste the entry below into the run line and click OK
CMD /C netsh winsock reset catalog

STEP 03
  • Download and install CCleaner
  • CCleaner
  • Double-click on the downloaded file "ccsetup235_slim.exe" and install the application.
  • Keep the default installation folder "C:\Program Files\CCleaner"
  • Click finish when done and close ALL PROGRAMS including your Web Browser
  • Start the CCleaner program.
  • Click on Registry and Uncheck Registry Integrity so that it does not run (basically the very top, uncheck it)
  • Click on Options - Advanced and Uncheck "Only delete files in Windows Temp folders older than 48 hours"
  • Click back to Cleaner and under SYSTEM uncheck the Memory Dumps and Windows Log Files
  • Click on Run Cleaner button on the bottom right side of the program.
  • Click OK to any prompts

STEP 04
You may have corrupted files on your disk. Please try running the following.
First close ALL Applications as this routine will automatically restart your computer.
Click on START - RUN and copy / paste the following entry into the box and click OK
CMD /C ECHO Y|CHKDSK C: /R | SHUTDOWN /R /T 30

STEP 05
SHUT DOWN and power off the printer for a couple minutes and then plug it back in.

Now rerun that tool from Microsoft and try to reinstall your printer after the reboot and let us know how things are going.

Ron Lewis
Forum Community Manager

staff.png

Follow us: Twitter, Become a fan: Facebook


#9 Emi

Emi

    New Member

  • Members
  • Pip
  • 14 posts

Posted 22 September 2010 - 10:45 AM

I did the above, and when rebooted, it gave "Spooler Subsystem App" error. Then I tried to add printer, and got "Spooler service is not running." From Admin Tools - Services, I started Print Spooler. Then again tried to add printer, but printer wizard didn't give me any option at "select a printer port", it was all blank. :P
Here is DDS.txt and attach.txt (am I supposed to attach this? Last time I attached it but I've been told to post it)
Thanks for your time...

DDS (Ver_10-03-17.01) - NTFSx86
Run by Master at 8:19:36.18 on 09/22/2010 Wed
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.932.81.1033.18.3061.2387 [GMT -5:00]

AV: Kaspersky Internet Security *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe
C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\FileHippo.com\UpdateChecker.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
svchost.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
C:\Program Files\Java\jre6\bin\jqs.exe
c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe
C:\Program Files\Microsoft SQL Server\MSSQL$SHIPWORKS\Binn\sqlservr.exe
C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Master\Desktop\dds.scr
C:\WINDOWS\system32\conime.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.maxiwe.com/
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\program files\kaspersky lab\kaspersky internet security 2010\ievkbd.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - c:\program files\kaspersky lab\kaspersky internet security 2010\klwtbbho.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [FileHippo.com] "c:\program files\filehippo.com\UpdateChecker.exe" /background
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Dell DataSafe Online] "c:\program files\dell datasafe online\DataSafeOnline.exe" /m
mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [IMEKRMIG6.1] c:\windows\ime\imkr6_1\IMEKRMIG.EXE
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [Corel Photo Downloader] "c:\program files\common files\corel\corel photodownloader\Corel Photo Downloader.exe" -startup
mRun: [Corel File Shell Monitor] c:\program files\corel\corel paint shop pro photo x2\CorelIOMonitor.exe
mRun: [Intuit SyncManager] c:\program files\common files\intuit\sync\IntuitSyncManager.exe startup
mRun: [avp] "c:\program files\kaspersky lab\kaspersky internet security 2010\avp.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\servic~1.lnk - c:\program files\microsoft sql server\80\tools\binn\sqlmangr.exe
IE: Add to Anti-Banner - c:\program files\kaspersky lab\kaspersky internet security 2010\ie_banner_deny.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - {85E0B171-04FA-11D1-B7DA-00A0C90348D6} - c:\program files\kaspersky lab\kaspersky internet security 2009\SCIEPlgn.dll
IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - c:\program files\kaspersky lab\kaspersky internet security 2010\klwtbbho.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files\kaspersky lab\kaspersky internet security 2010\klwtbbho.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - c:\program files\intuit\quickbooks 2009\HelpAsyncPluggableProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll
Notify: igfxcui - igfxdev.dll
Notify: klogon - c:\windows\system32\klogon.dll
AppInit_DLLs: c:\progra~1\kasper~1\kasper~2\kloehk.dll

============= SERVICES / DRIVERS ===============

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-1-29 36880]
R1 kl1;Kl1;c:\windows\system32\drivers\kl1.sys [2009-9-1 128016]
R1 KLIF;Kaspersky Lab Driver;c:\windows\system32\drivers\klif.sys [2009-2-11 315408]
R2 AVP;Kaspersky Internet Security;c:\program files\kaspersky lab\kaspersky internet security 2010\avp.exe [2009-10-20 340520]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\sitead~1\mcsacore.exe [2010-9-15 88176]
R2 MSSQL$SHIPWORKS;MSSQL$SHIPWORKS;c:\program files\microsoft sql server\mssql$shipworks\binn\sqlservr.exe -sshipworks --> c:\program files\microsoft sql server\mssql$shipworks\binn\sqlservr.exe -sSHIPWORKS [?]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\drivers\klfltdev.sys [2008-3-13 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2009-9-14 32272]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2009-10-2 19472]
S3 SQLAgent$SHIPWORKS;SQLAgent$SHIPWORKS;c:\program files\microsoft sql server\mssql$shipworks\binn\sqlagent.exe -i shipworks --> c:\program files\microsoft sql server\mssql$shipworks\binn\sqlagent.EXE -i SHIPWORKS [?]
S3 Srssscatfnt;Srssscatfnt; [x]

=============== Created Last 30 ================

2010-09-15 23:28:20 0 dc----w- c:\docume~1\master\applic~1\Foxit Software
2010-09-15 23:28:19 0 dc----w- c:\docume~1\master\applic~1\Foxit
2010-09-15 23:28:10 0 dc----w- c:\program files\Foxit Software
2010-09-15 14:14:09 200 -c--a-w- c:\windows\WININIT.INI
2010-09-15 12:53:36 0 dc----w- c:\program files\common files\McAfee
2010-09-15 12:53:31 0 dc----w- c:\program files\McAfee
2010-09-15 12:40:26 0 dc----w- c:\program files\FileHippo.com
2010-09-15 01:46:45 0 dc----w- c:\program files\SpywareBlaster
2010-09-14 01:05:34 375 -c--a-w- c:\windows\OPLN.INI
2010-09-14 01:05:34 17420 -c--a-w- c:\windows\system32\OPC5300.cah
2010-09-14 01:05:34 13076 -c--a-w- c:\windows\system32\OPLN_M00.cah
2010-09-14 01:02:15 808 -c----w- c:\windows\system32\OKIPAR.DAT
2010-09-14 01:02:15 61440 -c----w- c:\windows\system32\OPPARMON.DLL
2010-09-14 01:02:15 45056 -c----w- c:\windows\system32\OPDEVACC.DLL
2010-09-14 01:02:15 36320 -c----w- c:\windows\system32\drivers\OKIPAR.SYS
2010-09-14 01:02:15 32768 -c----w- c:\windows\system32\OPLPTACC.DLL
2010-09-13 23:53:36 0 dc----w- C:\RegBack
2010-09-13 23:53:25 0 dc----w- c:\windows\system32\NtmsData
2010-09-13 23:51:57 0 dc----w- c:\program files\ACW
2010-09-13 17:21:19 531768 -c--a-w- C:\WindowsXP-KB924078-x86-ENU.exe
2010-09-11 20:44:29 0 dc----w- c:\program files\ESET
2010-09-10 18:15:49 0 dcsha-r- C:\cmdcons
2010-09-09 13:52:08 3278 -c--a-w- c:\windows\system32\wbem\Outlook_01cb5026320fbc64.mof
2010-09-08 16:12:50 0 -c--a-w- c:\documents and settings\master\defogger_reenable
2010-09-08 14:37:49 0 dc----w- c:\windows\SxsCaPendDel
2010-09-08 12:51:44 0 dc----w- c:\docume~1\master\applic~1\Malwarebytes
2010-09-08 12:51:08 38224 -c--a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-08 12:51:07 0 dc----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-09-08 12:51:06 20952 -c--a-w- c:\windows\system32\drivers\mbam.sys
2010-09-08 12:51:06 0 dc----w- c:\program files\Malwarebytes' Anti-Malware
2010-09-06 00:48:39 0 dc----w- c:\windows\system32\wbem\Repository
2010-09-05 22:33:02 0 dc----w- C:\spoolerlogs

==================== Find3M ====================

2010-09-14 13:59:20 848 -csha-w- c:\docume~1\alluse~1\applic~1\KGyGaAvL.sys
2010-09-12 13:27:59 423656 -c--a-w- c:\windows\system32\deployJava1.dll
2010-08-21 21:08:14 65792 -c-ha-w- c:\windows\system32\mlfcache.dat
2010-08-17 13:17:06 58880 -c--a-w- c:\windows\system32\spoolsv.exe
2010-07-29 15:12:49 97549 -c--a-w- c:\windows\system32\drivers\klick.dat
2010-07-29 15:12:49 113933 -c--a-w- c:\windows\system32\drivers\klin.dat
2010-07-22 15:49:15 590848 -c--a-w- c:\windows\system32\rpcrt4.dll
2010-07-22 05:57:20 5120 -c--a-w- c:\windows\system32\xpsp4res.dll
2010-06-30 12:31:35 149504 -c--a-w- c:\windows\system32\schannel.dll
2006-08-10 02:52:04 17795 -c--a-w- c:\program files\ok715.cat
2006-08-08 16:09:28 2357 -c--a-w- c:\program files\OK715.inf
2006-07-18 18:17:50 37376 -c--a-w- c:\program files\OPLXSLOC.DLL
2006-07-18 18:17:50 1604096 -c--a-w- c:\program files\OPLXRLOC.DLL
2006-05-16 21:09:02 60222 -c--a-w- c:\program files\OPLX.HLP
2006-02-27 15:27:26 241 -c--a-w- c:\program files\Oplx.dat
2006-02-27 15:26:52 205 -c--a-w- c:\program files\ok01du3c.cap
2005-11-07 14:26:14 564736 -c--a-w- c:\program files\OPLX_UI.dll
2005-11-07 14:25:56 650240 -c--a-w- c:\program files\OPLX_UM.dll
2005-10-26 21:50:02 98304 -c--a-w- c:\program files\OPLNLSCU.DLL
2005-10-21 02:33:32 27136 -c--a-w- c:\program files\oklmon64.dll
2005-10-14 20:57:36 6144 -c--a-w- c:\program files\OPLX_M00.DLL
2005-10-14 20:45:22 37376 -c--a-w- c:\program files\OPLAPP3.dll
2005-10-14 20:36:06 94720 -c--a-w- c:\program files\OPLX_F00.dll
2005-10-14 20:09:02 41 -c--a-w- c:\program files\OK715.ver
2005-08-26 22:53:30 6277 -c--a-w- c:\program files\Op53v2.dat
2004-06-10 00:42:06 7870 -c--a-w- c:\program files\OPLX_M00.DAT
2002-11-12 07:01:00 322 -c--a-w- c:\program files\Mlredi02.ASP
2002-11-01 23:05:18 228 -c--a-w- c:\program files\Okccm012.bin
2002-09-12 08:03:00 2825 -c--a-w- c:\program files\opne000e.scr
2002-06-26 16:16:08 228 -c--a-w- c:\program files\Okccm015.bin
2002-06-26 16:16:08 228 -c--a-w- c:\program files\Okccm014.bin
2002-06-26 16:16:08 228 -c--a-w- c:\program files\Okccm013.bin
2002-06-26 16:16:08 228 -c--a-w- c:\program files\Okccm011.bin
2002-06-20 16:36:38 694 -c--a-w- c:\program files\OPLX_S00.DAT
2002-06-08 01:55:46 34 -c--a-w- c:\program files\Ok048u0l.ccm
2009-11-06 14:14:17 3533856 -csha-w- c:\windows\system32\drivers\fidbox.dat
2009-11-06 14:14:17 696352 -csha-w- c:\windows\system32\drivers\fidbox2.dat

============= FINISH: 8:19:57.62 ===============


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 2/11/2009 7:07:19 PM
System Uptime: 9/22/2010 6:02:21 AM (2 hours ago)

Motherboard: Dell Inc. | | 0RY007
Processor: Intel® Core™2 Duo CPU E7300 @ 2.66GHz | Socket 775 | 2660/266mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 466 GiB total, 446.251 GiB free.
D: is CDROM (CDFS)
E: is Removable
F: is Removable
G: is Removable
H: is Removable

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP1: 9/21/2010 4:34:38 PM - System Checkpoint

==== Installed Programs ======================

Adobe Flash Player 10 Plugin
Business Contact Manager for Outlook 2007
Canon CanoScan Toolbox 4.6
Corel Paint Shop Pro Photo X2
DAZzle
Dell DataSafe Online
Dell Driver Reset Tool
Dell Support Center (Support Software)
DYMO Printable Postage
ESET Online Scanner v3
EVGA Display Driver
FileHippo.com Update Checker
Foxit Reader
GoToAssist 8.0.0.514
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB953955)
Hotfix for Windows XP (KB954434)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB958347)
Hotfix for Windows XP (KB959252)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
Intel® Graphics Media Accelerator Driver
Intel® PRO Network Connections Drivers
Java Auto Updater
Java™ 6 Update 21
Jw_cad
Kaspersky Internet Security 2010
Malwarebytes' Anti-Malware
McAfee SiteAdvisor
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2003 Web Components
Microsoft Office 2007 Primary Interop Assemblies
Microsoft Office Excel MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Small Business 2007
Microsoft Office Small Business Connectivity Components
Microsoft Office Word MUI (English) 2007
Microsoft Software Update for Web Folders (English) 12
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
Microsoft SQL Server Desktop Engine (SHIPWORKS)
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft Visual C++ 2005 Redistributable
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
MSXML 6.0 Parser
QuickBooks
QuickBooks Pro 2009
Realtek High Definition Audio Driver
SeaMonkey (1.1.17)
SeaMonkey (2.0.8)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
ShipWorks? 2.9.60
SpywareBlaster 4.4
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB975364)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB898461)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951618-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Presentation Foundation
XML Paper Specification Shared Components Pack 1.0

==== Event Viewer Messages From Past Week ========

9/21/2010 8:22:10 AM, error: MRxSmb [8003] - The master browser has received a server announcement from the computer MASTER-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{467C99D2-0EFA-4D40. The master browser is stopping or an election is being forced.
9/21/2010 7:59:59 AM, error: Service Control Manager [7034] - The Print Spooler service terminated unexpectedly. It has done this 1 time(s).
9/21/2010 12:17:36 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Fips intelppm IPSec kl1 KLIF MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip
9/21/2010 12:17:36 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
9/21/2010 12:17:36 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
9/21/2010 12:17:36 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
9/21/2010 12:17:36 PM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
9/21/2010 12:17:33 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
9/21/2010 12:16:58 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
9/21/2010 12:16:57 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
9/21/2010 12:03:33 PM, error: Service Control Manager [7023] - The HID Input Service service terminated with the following error: The specified module could not be found.
9/21/2010 12:00:26 PM, error: Service Control Manager [7034] - The Print Spooler service terminated unexpectedly. It has done this 3 time(s).
9/21/2010 11:59:04 AM, error: Service Control Manager [7034] - The Print Spooler service terminated unexpectedly. It has done this 2 time(s).

==== End Of File ===========================

#10 garybear

garybear

    Elite Member

  • Banned
  • PipPipPipPipPip
  • 614 posts
  • Gender:Male
  • Location:Oklahoma
  • Interests:I like sharing my limited knowledge with others and learning some thing new every day!

Posted 22 September 2010 - 12:36 PM

Hi! You are in good hands but I just want to add what I did. If AdvancedSetup can't fix it, no one can. I down loaded Microsoft Fix it and ran the printer fix. Screenshot shows what all it checked.
Garybear!ScreenShot00043.jpg

PS I hope I'm not interfering. Please follow AdvancedSetup's advice, and just ignore my post. Fix it worked for me, but AdvancedSetup is the man, and is the one to listen to.

#11 AdvancedSetup

AdvancedSetup

    Staff

  • Root Admin
  • PipPipPipPipPipPip
  • 41,015 posts
  • Gender:Male
  • Location:US

Posted 23 September 2010 - 03:34 AM

Let's try and run Combofix and see if it finds anything.


Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

---------------------------------------------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Stay with me until given the 'all clear' even if symptoms diminish. Lack of symptoms does not always mean the job is complete.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by me or another helper at this forum.

---------------------------------------------------------------------------------------------



  • Download ComboFix from below:

    Combofix download


    * IMPORTANT !!! Place combofix.exe on your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.


    You can get help on disabling your protection programs here
  • Double click on combofix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed.

    Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


    Posted Image


    The Windows recovery console will allow you to boot up into a special recovery mode that allows us to help you in the case that your computer has a problem after an attempted removal of malware.

    With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal.

    Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement.

    ComboFix will now automatically install the Microsoft Windows Recovery Console onto your computer, which will show up as a new option when booting up your computer. Do not select the Microsoft Windows Recovery Console option when you start your computer unless requested to by a helper.

    Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see a message that says:

    The Recovery Console was successfully installed.

    Posted Image

    Click on Yes, to continue scanning for malware.
  • Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  • When finished, it shall produce a log for you. Post that log in your next reply

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


    ---------------------------------------------------------------------------------------------
  • Ensure your AntiVirus and AntiSpyware applications are re-enabled.

    ---------------------------------------------------------------------------------------------

Ron Lewis
Forum Community Manager

staff.png

Follow us: Twitter, Become a fan: Facebook


#12 Emi

Emi

    New Member

  • Members
  • Pip
  • 14 posts

Posted 23 September 2010 - 05:31 PM

Thanks, here it is...

ComboFix 10-09-23.01 - Master 3/2010 Thu 17:16:46.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.932.81.1033.18.3061.2354 [GMT -5:00]
Running from: c:\documents and settings\Master\Desktop\ComboFix.exe
AV: Kaspersky Internet Security *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.

((((((((((((((((((((((((( Files Created from 2010-08-23 to 2010-09-23 )))))))))))))))))))))))))))))))
.

2010-09-22 13:32 . 2010-09-22 13:32 -------- dc----w- c:\program files\CCleaner
2010-09-22 01:37 . 2010-09-22 01:37 -------- dc----w- c:\documents and settings\Master\Local Settings\Application Data\Identities
2010-09-16 14:15 . 2010-09-16 14:15 850448 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.736\updater.dll
2010-09-16 14:15 . 2010-09-16 14:15 850520 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.736\updater.dll
2010-09-15 23:28 . 2010-09-15 23:28 -------- dc----w- c:\documents and settings\Master\Application Data\Foxit Software
2010-09-15 23:28 . 2010-09-15 23:28 -------- dc----w- c:\documents and settings\Master\Application Data\Foxit
2010-09-15 23:28 . 2010-09-15 23:28 -------- dc----w- c:\program files\Foxit Software
2010-09-15 12:53 . 2010-09-15 12:53 -------- dc----w- c:\program files\Common Files\McAfee
2010-09-15 12:53 . 2010-09-16 11:38 -------- dc----w- c:\program files\McAfee
2010-09-15 12:40 . 2010-09-15 12:40 -------- dc----w- c:\program files\FileHippo.com
2010-09-15 01:46 . 2010-09-21 13:20 -------- dc--a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-09-15 01:46 . 2010-09-21 13:20 -------- dc----w- c:\program files\SpywareBlaster
2010-09-14 01:19 . 2010-09-14 01:14 791856 -c--a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\Sybase10\dblgen10.dll
2010-09-14 01:17 . 2010-09-14 01:14 763184 -c--a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\Sybase10\dblib10.dll
2010-09-14 01:17 . 2010-09-14 01:14 570672 -c--a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\Sybase10\mlhttps10.dll
2010-09-14 01:17 . 2010-09-14 01:14 296240 -c--a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\Sybase10\mlsock10.dll
2010-09-14 01:17 . 2010-09-14 01:14 1152304 -c--a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\Sybase10\dbtool10.dll
2010-09-14 01:17 . 2010-09-14 01:14 398640 -c--a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\Sybase10\dbcon10.dll
2010-09-14 01:14 . 2010-09-14 01:14 856880 -c--a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\dblgen11.dll
2010-09-14 01:14 . 2010-09-14 01:14 2184496 -c--a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\iAnywhere.Data.SQLAnywhere.dll
2010-09-14 01:14 . 2010-09-14 01:14 211720 -c--a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\IntuitSyncManagerPatch.exe
2010-09-14 01:14 . 2010-09-14 01:14 24328 -c--a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\Interop.QBInstanceFinder.dll
2010-09-14 01:14 . 2010-09-14 01:14 1394440 -c--a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\IntuitSyncManager.exe
2010-09-14 01:02 . 2001-07-11 21:03 61440 -c----w- c:\windows\system32\OPPARMON.DLL
2010-09-14 01:02 . 2001-01-19 04:08 32768 -c----w- c:\windows\system32\OPLPTACC.DLL
2010-09-14 01:02 . 2001-01-16 01:35 45056 -c----w- c:\windows\system32\OPDEVACC.DLL
2010-09-14 01:02 . 2001-01-16 00:17 808 -c----w- c:\windows\system32\OKIPAR.DAT
2010-09-14 01:02 . 2000-12-23 00:40 36320 -c----w- c:\windows\system32\drivers\OKIPAR.SYS
2010-09-14 00:38 . 2010-09-14 00:38 -------- dcsh--w- c:\documents and settings\Administrator\IETldCache
2010-09-13 23:53 . 2010-09-21 13:22 -------- dc----w- C:\RegBack
2010-09-13 23:53 . 2010-09-21 13:26 -------- dc----w- c:\windows\system32\NtmsData
2010-09-13 23:51 . 2010-09-21 13:22 -------- dc----w- c:\program files\ACW
2010-09-13 17:21 . 2010-09-09 13:06 531768 -c--a-w- C:\WindowsXP-KB924078-x86-ENU.exe
2010-09-11 20:44 . 2010-09-11 20:44 -------- dc----w- c:\program files\ESET
2010-09-08 14:37 . 2010-09-08 14:43 -------- dc----w- c:\windows\SxsCaPendDel
2010-09-08 12:51 . 2010-09-08 12:51 -------- dc----w- c:\documents and settings\Master\Application Data\Malwarebytes
2010-09-08 12:51 . 2010-04-29 20:39 38224 -c--a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-08 12:51 . 2010-09-08 12:51 -------- dc----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-09-08 12:51 . 2010-09-08 12:51 -------- dc----w- c:\program files\Malwarebytes' Anti-Malware
2010-09-08 12:51 . 2010-04-29 20:39 20952 -c--a-w- c:\windows\system32\drivers\mbam.sys
2010-09-06 13:51 . 2010-09-06 13:51 -------- dc----w- c:\documents and settings\Master\Local Settings\Application Data\PCHealth
2010-09-06 03:41 . 2010-09-06 03:41 -------- dc----w- c:\documents and settings\Master\Local Settings\Application Data\Dell
2010-09-06 00:48 . 2010-09-06 00:48 -------- dc----w- c:\windows\system32\wbem\Repository
2010-09-05 22:33 . 2010-09-05 22:33 -------- dc----w- C:\spoolerlogs

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-23 22:24 . 2009-02-12 01:20 -------- dc----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2010-09-23 22:12 . 2009-11-24 13:33 -------- dc----w- c:\program files\SeaMonkey
2010-09-22 17:37 . 2009-03-12 22:18 -------- dc----w- c:\documents and settings\Master\Application Data\Canon
2010-09-21 20:06 . 2009-02-05 17:19 -------- dc----w- c:\program files\Common Files\Adobe
2010-09-21 19:43 . 2009-04-06 17:29 -------- dc----w- c:\program files\Common Files\Macromedia
2010-09-21 19:43 . 2009-02-05 17:19 -------- dc-h--w- c:\program files\InstallShield Installation Information
2010-09-21 19:42 . 2009-04-06 17:29 -------- dc----w- c:\program files\Macromedia
2010-09-20 14:59 . 2009-12-30 21:35 -------- dc----w- c:\documents and settings\Master\Application Data\DYMO Stamps
2010-09-17 13:04 . 2009-02-12 14:37 -------- dc----w- c:\program files\ShipWorks
2010-09-16 13:03 . 2009-02-15 16:14 -------- dc----w- c:\program files\JWW
2010-09-15 14:13 . 2009-02-05 17:24 -------- dc----w- c:\program files\Common Files\Roxio Shared
2010-09-15 14:12 . 2010-08-15 21:52 -------- dc----w- c:\program files\QuickTime
2010-09-15 14:12 . 2010-08-15 21:52 -------- dc----w- c:\documents and settings\All Users\Application Data\Apple Computer
2010-09-15 14:10 . 2009-09-13 00:54 -------- dc----w- c:\documents and settings\Master\Application Data\Move Networks
2010-09-15 13:56 . 2010-06-15 22:29 -------- dc----w- c:\program files\3GPplayer2010
2010-09-15 12:53 . 2009-02-05 17:21 -------- dc----w- c:\documents and settings\All Users\Application Data\McAfee
2010-09-14 13:59 . 2009-03-12 22:34 848 -csha-w- c:\documents and settings\All Users\Application Data\KGyGaAvL.sys
2010-09-14 13:59 . 2009-03-12 22:34 848 -csha-w- c:\documents and settings\All Users\Application Data\KGyGaAvL.sys
2010-09-14 01:14 . 2009-08-12 12:23 496944 -c--a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\Sybase10\mlrsa10.dll
2010-09-14 01:14 . 2009-08-12 12:23 423216 -c--a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\Sybase10\dbmlsync.exe
2010-09-14 01:14 . 2009-08-12 12:23 267568 -c--a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\Sybase10\mlcrsa10.dll
2010-09-13 23:34 . 2009-05-08 02:00 2485 -c--a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\qbbackup.sys
2010-09-13 14:45 . 2009-02-05 17:25 79784 -c--a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-09-13 14:35 . 2009-02-05 17:19 -------- dc----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-09-12 13:28 . 2009-02-05 17:18 -------- dc----w- c:\program files\Common Files\Java
2010-09-12 13:27 . 2010-04-29 11:11 423656 -c--a-w- c:\windows\system32\deployJava1.dll
2010-09-12 13:15 . 2009-02-05 17:18 -------- dc----w- c:\program files\Java
2010-09-08 14:43 . 2010-04-01 10:55 -------- dc----w- c:\program files\Carbonite
2010-09-06 00:47 . 2009-02-12 01:18 -------- dc----w- c:\documents and settings\All Users\Application Data\Dell
2010-08-21 21:08 . 2010-08-21 21:08 65792 -c-ha-w- c:\windows\system32\mlfcache.dat
2010-08-18 17:19 . 2010-08-18 17:19 170584 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.736\prloader.dll
2010-08-18 17:19 . 2010-08-18 17:19 340520 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.736\avp.exe
2010-08-17 13:17 . 2008-04-25 16:16 58880 -c--a-w- c:\windows\system32\spoolsv.exe
2010-08-15 22:02 . 2010-08-15 21:54 -------- dc----w- c:\documents and settings\Master\Application Data\Apple Computer
2010-08-15 21:53 . 2010-08-15 21:53 -------- dc----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-08-04 11:59 . 2010-08-04 11:59 61440 -c--a-w- c:\documents and settings\Master\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-114af051-n\decora-sse.dll
2010-08-04 11:59 . 2010-08-04 11:59 503808 -c--a-w- c:\documents and settings\Master\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-7be08023-n\msvcp71.dll
2010-08-04 11:59 . 2010-08-04 11:59 499712 -c--a-w- c:\documents and settings\Master\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-7be08023-n\jmc.dll
2010-08-04 11:59 . 2010-08-04 11:59 348160 -c--a-w- c:\documents and settings\Master\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-7be08023-n\msvcr71.dll
2010-08-04 11:59 . 2010-08-04 11:59 12800 -c--a-w- c:\documents and settings\Master\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-114af051-n\decora-d3d.dll
2010-07-29 15:12 . 2009-02-12 01:20 97549 -c--a-w- c:\windows\system32\drivers\klick.dat
2010-07-29 15:12 . 2009-02-12 01:20 113933 -c--a-w- c:\windows\system32\drivers\klin.dat
2010-07-22 15:49 . 2008-04-25 16:16 590848 -c--a-w- c:\windows\system32\rpcrt4.dll
2010-07-22 05:57 . 2009-04-16 00:11 5120 -c--a-w- c:\windows\system32\xpsp4res.dll
2010-06-30 12:31 . 2008-04-25 16:16 149504 -c--a-w- c:\windows\system32\schannel.dll
2006-08-10 02:52 . 2006-08-10 02:52 17795 -c--a-w- c:\program files\ok715.cat
2006-08-08 16:09 . 2006-08-08 16:09 2357 -c--a-w- c:\program files\OK715.inf
2006-07-18 18:17 . 2006-07-18 18:17 37376 -c--a-w- c:\program files\OPLXSLOC.DLL
2006-07-18 18:17 . 2006-07-18 18:17 1604096 -c--a-w- c:\program files\OPLXRLOC.DLL
2006-05-16 21:09 . 2006-05-16 21:09 60222 -c--a-w- c:\program files\OPLX.HLP
2006-02-27 15:27 . 2006-02-27 15:27 241 -c--a-w- c:\program files\Oplx.dat
2006-02-27 15:26 . 2006-02-27 15:26 205 -c--a-w- c:\program files\ok01du3c.cap
2005-11-07 14:26 . 2005-11-07 14:26 564736 -c--a-w- c:\program files\OPLX_UI.dll
2005-11-07 14:25 . 2005-11-07 14:25 650240 -c--a-w- c:\program files\OPLX_UM.dll
2005-10-26 21:50 . 2005-10-26 21:50 98304 -c--a-w- c:\program files\OPLNLSCU.DLL
2005-10-21 02:33 . 2005-10-21 02:33 27136 -c--a-w- c:\program files\oklmon64.dll
2005-10-14 20:57 . 2005-10-14 20:57 6144 -c--a-w- c:\program files\OPLX_M00.DLL
2005-10-14 20:45 . 2005-10-14 20:45 37376 -c--a-w- c:\program files\OPLAPP3.dll
2005-10-14 20:36 . 2005-10-14 20:36 94720 -c--a-w- c:\program files\OPLX_F00.dll
2005-10-14 20:09 . 2005-10-14 20:09 41 -c--a-w- c:\program files\OK715.ver
2005-08-26 22:53 . 2005-08-26 22:53 6277 -c--a-w- c:\program files\Op53v2.dat
2004-06-10 00:42 . 2004-06-10 00:42 7870 -c--a-w- c:\program files\OPLX_M00.DAT
2002-11-12 07:01 . 2002-11-12 07:01 322 -c--a-w- c:\program files\Mlredi02.ASP
2002-11-01 23:05 . 2002-11-01 23:05 228 -c--a-w- c:\program files\Okccm012.bin
2002-09-12 08:03 . 2002-09-12 08:03 2825 -c--a-w- c:\program files\opne000e.scr
2002-06-26 16:16 . 2002-06-26 16:16 228 -c--a-w- c:\program files\Okccm015.bin
2002-06-26 16:16 . 2002-06-26 16:16 228 -c--a-w- c:\program files\Okccm014.bin
2002-06-26 16:16 . 2002-06-26 16:16 228 -c--a-w- c:\program files\Okccm013.bin
2002-06-26 16:16 . 2002-06-26 16:16 228 -c--a-w- c:\program files\Okccm011.bin
2002-06-20 16:36 . 2002-06-20 16:36 694 -c--a-w- c:\program files\OPLX_S00.DAT
2002-06-08 01:55 . 2002-06-08 01:55 34 -c--a-w- c:\program files\Ok048u0l.ccm
2009-11-06 14:14 . 2009-02-12 01:20 3533856 -csha-w- c:\windows\system32\drivers\fidbox.dat
2009-11-06 14:14 . 2009-02-12 01:20 696352 -csha-w- c:\windows\system32\drivers\fidbox2.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FileHippo.com"="c:\program files\FileHippo.com\UpdateChecker.exe" [2010-08-09 248832]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-07-17 16132608]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-07-17 142104]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-07-17 162584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-07-17 138008]
"Dell DataSafe Online"="c:\program files\Dell DataSafe Online\DataSafeOnline.exe" [2009-11-13 1807600]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-06-03 206064]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952]
"IMEKRMIG6.1"="c:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2008-04-14 44032]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-14 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"Corel Photo Downloader"="c:\program files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" [2008-08-08 532808]
"Corel File Shell Monitor"="c:\program files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe" [2008-08-08 16712]
"Intuit SyncManager"="c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2009-12-22 1092872]
"avp"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe" [2010-08-18 340520]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2010-2-2 984352]
Service Manager.lnk - c:\program files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2002-12-17 74308]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2009-02-05 17:24 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [1/29/2008 7:29 PM 36880]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\SITEAD~1\mcsacore.exe [9/15/2010 7:53 AM 88176]
R2 MSSQL$SHIPWORKS;MSSQL$SHIPWORKS;c:\program files\Microsoft SQL Server\MSSQL$SHIPWORKS\Binn\sqlservr.exe -sSHIPWORKS --> c:\program files\Microsoft SQL Server\MSSQL$SHIPWORKS\Binn\sqlservr.exe -sSHIPWORKS [?]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\drivers\klfltdev.sys [3/13/2008 8:02 PM 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [9/14/2009 2:42 PM 32272]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [10/2/2009 8:39 PM 19472]
S3 SQLAgent$SHIPWORKS;SQLAgent$SHIPWORKS;c:\program files\Microsoft SQL Server\MSSQL$SHIPWORKS\Binn\sqlagent.EXE -i SHIPWORKS --> c:\program files\Microsoft SQL Server\MSSQL$SHIPWORKS\Binn\sqlagent.EXE -i SHIPWORKS [?]
S3 Srssscatfnt;Srssscatfnt; [x]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.maxiwe.com/
uInternet Settings,ProxyOverride = *.local
IE: Add to Anti-Banner - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - c:\program files\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-23 17:24
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(564)
c:\program files\Citrix\GoToAssist\514\G2AWinLogon.dll

- - - - - - - > 'explorer.exe'(2040)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\conime.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\igfxsrvc.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\program files\Microsoft SQL Server\MSSQL$SHIPWORKS\Binn\sqlservr.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
.
**************************************************************************
.
Completion time: 2010-09-23 17:27:41 - machine was rebooted
ComboFix-quarantined-files.txt 2010-09-23 22:27

Pre-Run: 479,292,657,664 bytes free
Post-Run: 479,363,506,176 bytes free

- - End Of File - - CF7851B25AC099EC5AC4DB13F937F031

#13 AdvancedSetup

AdvancedSetup

    Staff

  • Root Admin
  • PipPipPipPipPipPip
  • 41,015 posts
  • Gender:Male
  • Location:US

Posted 23 September 2010 - 09:06 PM

Unfortunately that does not show anything that might be causing an issue either, at least nothing obvious.

Please go ahead and remove combofix by clicking on START - RUN and type in COMBOFIX /uninstall

I would probably have to suggest doing an in place repair of Windows XP

Ron Lewis
Forum Community Manager

staff.png

Follow us: Twitter, Become a fan: Facebook


#14 Emi

Emi

    New Member

  • Members
  • Pip
  • 14 posts

Posted 24 September 2010 - 03:33 PM

I'm reading through your link to do repair install. At Warning #1, it tells me to delete the undo_guimode.txt file. I tried to copy and paste the command prompt, but my line looks like this
del /a /f %windir% ?(yen sign)system32?undo_guimode.txt, and it says "Could not find the file".
My backslash key can only put yen sign in cmd. I have English as default language and Japanese IME added.
Come to think of it, I remember "could not find the file" happened before but I can't remember in which step... but whenever needed backslash in cmd, mine probably had yen sign in it... Is this a problem? Can I work around it?
Thanks...

#15 Porthos

Porthos

    True Member

  • Malware Hunters
  • PipPipPipPip
  • 351 posts
  • Gender:Male
  • Location:San Antonio Texas

Posted 24 September 2010 - 05:23 PM

You might want to run this bat file and see if it fixes the issue.

Open notepad and copy the text in the quote box and save it as spool.bat.

[quote]@echo off
cls
net stop spooler
del %systemroot%\system32\spool\*.spl
del %systemroot%\system32\spool\*.shd
net start spooler[/quote]

Open up Notepad in Windows. You can do this by navigating to Start > Programs > Accessories > Notepad, or simply by entering notepad under Start > Run.

# copy the text in the quote box and paste it to notepad
# Go to File > Save As... and chose a file name.
# Choose your desktop as the location to save.
# Click on the dropdown box "Save as type:" and select "All files" instead of Text (*.txt).
# Add .bat to the end of your file name before you save. For example, you would type spool.bat
# Click on Save. If you did this correctly, you should see your file name in the title bar of Windows Notepad. Make sure that it reads as spool.batónot spool.bat.txt.

Run the file by double clicking the file on your desktop.

#16 AdvancedSetup

AdvancedSetup

    Staff

  • Root Admin
  • PipPipPipPipPipPip
  • 41,015 posts
  • Gender:Male
  • Location:US

Posted 24 September 2010 - 05:27 PM

I'm reading through your link to do repair install. At Warning #1, it tells me to delete the undo_guimode.txt file. I tried to copy and paste the command prompt, but my line looks like this
del /a /f %windir% ?(yen sign)system32?undo_guimode.txt, and it says "Could not find the file".
My backslash key can only put yen sign in cmd. I have English as default language and Japanese IME added.
Come to think of it, I remember "could not find the file" happened before but I can't remember in which step... but whenever needed backslash in cmd, mine probably had yen sign in it... Is this a problem? Can I work around it?
Thanks...


If you're using a different language OS then it might be different. I see no Yen sign when I view the site.

Ron Lewis
Forum Community Manager

staff.png

Follow us: Twitter, Become a fan: Facebook


#17 Emi

Emi

    New Member

  • Members
  • Pip
  • 14 posts

Posted 26 September 2010 - 09:06 AM

I went over to Dell forum because of this problem Repair install of XP AND then even with clean install of Vista (something about boot configuration, couldn't even clean install). Now I'm getting ready to do something called Darik's Boot And Nuke... Also considering going up to Windows 7. I wanted to update and also thank AdvancedSetup and other people who helped me here...

Oh yes, I have one more question, after somehow I reinstall OS, I'll need better anti-virus, firewall and other security software. I was just using kaspersky and added AntiVir after I came to this forum, but AntiVir is just a anti-virus so I still needed kaspersky as firewall, right? Then I read that I should run only one anti-virus, so I opened kaspersky to see if I can "disable" kaspersky's anti-virus part but didn't find anything to do that. So my question is, what is your recommended combination of security software?

#18 garybear

garybear

    Elite Member

  • Banned
  • PipPipPipPipPip
  • 614 posts
  • Gender:Male
  • Location:Oklahoma
  • Interests:I like sharing my limited knowledge with others and learning some thing new every day!

Posted 26 September 2010 - 11:48 AM

Hi Emi! Everyone has different needs and different preferences.If you change to Windows 7 , I think Microsoft Security Essentials (MSE) is very good. It does every thing. I like a three teared set up. I have Windows XP3. I use Avira free- (AV)-Online Armor(firewall)- and Malwarebytes paid (running in real time). There are no conflicts, and I feel like I got the best protection I can get. I want Malwarebytes running in real time on my PC because it's the best you can have. Would never give up my MBAM. This setup costs me 25$ a year, and that's cheap.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users