Jump to content

Emi

Members
  • Posts

    14
  • Joined

  • Last visited

Reputation

0 Neutral
  1. I went over to Dell forum because of this problem Repair install of XP AND then even with clean install of Vista (something about boot configuration, couldn't even clean install). Now I'm getting ready to do something called Darik's Boot And Nuke... Also considering going up to Windows 7. I wanted to update and also thank AdvancedSetup and other people who helped me here... Oh yes, I have one more question, after somehow I reinstall OS, I'll need better anti-virus, firewall and other security software. I was just using kaspersky and added AntiVir after I came to this forum, but AntiVir is just a anti-virus so I still needed kaspersky as firewall, right? Then I read that I should run only one anti-virus, so I opened kaspersky to see if I can "disable" kaspersky's anti-virus part but didn't find anything to do that. So my question is, what is your recommended combination of security software?
  2. I'm reading through your link to do repair install. At Warning #1, it tells me to delete the undo_guimode.txt file. I tried to copy and paste the command prompt, but my line looks like this del /a /f %windir% ?(yen sign)system32?undo_guimode.txt, and it says "Could not find the file". My backslash key can only put yen sign in cmd. I have English as default language and Japanese IME added. Come to think of it, I remember "could not find the file" happened before but I can't remember in which step... but whenever needed backslash in cmd, mine probably had yen sign in it... Is this a problem? Can I work around it? Thanks...
  3. Thanks, here it is... ComboFix 10-09-23.01 - Master 3/2010 Thu 17:16:46.2.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.932.81.1033.18.3061.2354 [GMT -5:00] Running from: c:\documents and settings\Master\Desktop\ComboFix.exe AV: Kaspersky Internet Security *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0} FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0} . ((((((((((((((((((((((((( Files Created from 2010-08-23 to 2010-09-23 ))))))))))))))))))))))))))))))) . 2010-09-22 13:32 . 2010-09-22 13:32 -------- dc----w- c:\program files\CCleaner 2010-09-22 01:37 . 2010-09-22 01:37 -------- dc----w- c:\documents and settings\Master\Local Settings\Application Data\Identities 2010-09-16 14:15 . 2010-09-16 14:15 850448 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.736\updater.dll 2010-09-16 14:15 . 2010-09-16 14:15 850520 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.736\updater.dll 2010-09-15 23:28 . 2010-09-15 23:28 -------- dc----w- c:\documents and settings\Master\Application Data\Foxit Software 2010-09-15 23:28 . 2010-09-15 23:28 -------- dc----w- c:\documents and settings\Master\Application Data\Foxit 2010-09-15 23:28 . 2010-09-15 23:28 -------- dc----w- c:\program files\Foxit Software 2010-09-15 12:53 . 2010-09-15 12:53 -------- dc----w- c:\program files\Common Files\McAfee 2010-09-15 12:53 . 2010-09-16 11:38 -------- dc----w- c:\program files\McAfee 2010-09-15 12:40 . 2010-09-15 12:40 -------- dc----w- c:\program files\FileHippo.com 2010-09-15 01:46 . 2010-09-21 13:20 -------- dc--a-w- c:\documents and settings\All Users\Application Data\TEMP 2010-09-15 01:46 . 2010-09-21 13:20 -------- dc----w- c:\program files\SpywareBlaster 2010-09-14 01:19 . 2010-09-14 01:14 791856 -c--a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\Sybase10\dblgen10.dll 2010-09-14 01:17 . 2010-09-14 01:14 763184 -c--a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\Sybase10\dblib10.dll 2010-09-14 01:17 . 2010-09-14 01:14 570672 -c--a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\Sybase10\mlhttps10.dll 2010-09-14 01:17 . 2010-09-14 01:14 296240 -c--a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\Sybase10\mlsock10.dll 2010-09-14 01:17 . 2010-09-14 01:14 1152304 -c--a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\Sybase10\dbtool10.dll 2010-09-14 01:17 . 2010-09-14 01:14 398640 -c--a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\Sybase10\dbcon10.dll 2010-09-14 01:14 . 2010-09-14 01:14 856880 -c--a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\dblgen11.dll 2010-09-14 01:14 . 2010-09-14 01:14 2184496 -c--a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\iAnywhere.Data.SQLAnywhere.dll 2010-09-14 01:14 . 2010-09-14 01:14 211720 -c--a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\IntuitSyncManagerPatch.exe 2010-09-14 01:14 . 2010-09-14 01:14 24328 -c--a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\Interop.QBInstanceFinder.dll 2010-09-14 01:14 . 2010-09-14 01:14 1394440 -c--a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\IntuitSyncManager.exe 2010-09-14 01:02 . 2001-07-11 21:03 61440 -c----w- c:\windows\system32\OPPARMON.DLL 2010-09-14 01:02 . 2001-01-19 04:08 32768 -c----w- c:\windows\system32\OPLPTACC.DLL 2010-09-14 01:02 . 2001-01-16 01:35 45056 -c----w- c:\windows\system32\OPDEVACC.DLL 2010-09-14 01:02 . 2001-01-16 00:17 808 -c----w- c:\windows\system32\OKIPAR.DAT 2010-09-14 01:02 . 2000-12-23 00:40 36320 -c----w- c:\windows\system32\drivers\OKIPAR.SYS 2010-09-14 00:38 . 2010-09-14 00:38 -------- dcsh--w- c:\documents and settings\Administrator\IETldCache 2010-09-13 23:53 . 2010-09-21 13:22 -------- dc----w- C:\RegBack 2010-09-13 23:53 . 2010-09-21 13:26 -------- dc----w- c:\windows\system32\NtmsData 2010-09-13 23:51 . 2010-09-21 13:22 -------- dc----w- c:\program files\ACW 2010-09-13 17:21 . 2010-09-09 13:06 531768 -c--a-w- C:\WindowsXP-KB924078-x86-ENU.exe 2010-09-11 20:44 . 2010-09-11 20:44 -------- dc----w- c:\program files\ESET 2010-09-08 14:37 . 2010-09-08 14:43 -------- dc----w- c:\windows\SxsCaPendDel 2010-09-08 12:51 . 2010-09-08 12:51 -------- dc----w- c:\documents and settings\Master\Application Data\Malwarebytes 2010-09-08 12:51 . 2010-04-29 20:39 38224 -c--a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-09-08 12:51 . 2010-09-08 12:51 -------- dc----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2010-09-08 12:51 . 2010-09-08 12:51 -------- dc----w- c:\program files\Malwarebytes' Anti-Malware 2010-09-08 12:51 . 2010-04-29 20:39 20952 -c--a-w- c:\windows\system32\drivers\mbam.sys 2010-09-06 13:51 . 2010-09-06 13:51 -------- dc----w- c:\documents and settings\Master\Local Settings\Application Data\PCHealth 2010-09-06 03:41 . 2010-09-06 03:41 -------- dc----w- c:\documents and settings\Master\Local Settings\Application Data\Dell 2010-09-06 00:48 . 2010-09-06 00:48 -------- dc----w- c:\windows\system32\wbem\Repository 2010-09-05 22:33 . 2010-09-05 22:33 -------- dc----w- C:\spoolerlogs . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-09-23 22:24 . 2009-02-12 01:20 -------- dc----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab 2010-09-23 22:12 . 2009-11-24 13:33 -------- dc----w- c:\program files\SeaMonkey 2010-09-22 17:37 . 2009-03-12 22:18 -------- dc----w- c:\documents and settings\Master\Application Data\Canon 2010-09-21 20:06 . 2009-02-05 17:19 -------- dc----w- c:\program files\Common Files\Adobe 2010-09-21 19:43 . 2009-04-06 17:29 -------- dc----w- c:\program files\Common Files\Macromedia 2010-09-21 19:43 . 2009-02-05 17:19 -------- dc-h--w- c:\program files\InstallShield Installation Information 2010-09-21 19:42 . 2009-04-06 17:29 -------- dc----w- c:\program files\Macromedia 2010-09-20 14:59 . 2009-12-30 21:35 -------- dc----w- c:\documents and settings\Master\Application Data\DYMO Stamps 2010-09-17 13:04 . 2009-02-12 14:37 -------- dc----w- c:\program files\ShipWorks 2010-09-16 13:03 . 2009-02-15 16:14 -------- dc----w- c:\program files\JWW 2010-09-15 14:13 . 2009-02-05 17:24 -------- dc----w- c:\program files\Common Files\Roxio Shared 2010-09-15 14:12 . 2010-08-15 21:52 -------- dc----w- c:\program files\QuickTime 2010-09-15 14:12 . 2010-08-15 21:52 -------- dc----w- c:\documents and settings\All Users\Application Data\Apple Computer 2010-09-15 14:10 . 2009-09-13 00:54 -------- dc----w- c:\documents and settings\Master\Application Data\Move Networks 2010-09-15 13:56 . 2010-06-15 22:29 -------- dc----w- c:\program files\3GPplayer2010 2010-09-15 12:53 . 2009-02-05 17:21 -------- dc----w- c:\documents and settings\All Users\Application Data\McAfee 2010-09-14 13:59 . 2009-03-12 22:34 848 -csha-w- c:\documents and settings\All Users\Application Data\KGyGaAvL.sys 2010-09-14 13:59 . 2009-03-12 22:34 848 -csha-w- c:\documents and settings\All Users\Application Data\KGyGaAvL.sys 2010-09-14 01:14 . 2009-08-12 12:23 496944 -c--a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\Sybase10\mlrsa10.dll 2010-09-14 01:14 . 2009-08-12 12:23 423216 -c--a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\Sybase10\dbmlsync.exe 2010-09-14 01:14 . 2009-08-12 12:23 267568 -c--a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\Sybase10\mlcrsa10.dll 2010-09-13 23:34 . 2009-05-08 02:00 2485 -c--a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\qbbackup.sys 2010-09-13 14:45 . 2009-02-05 17:25 79784 -c--a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-09-13 14:35 . 2009-02-05 17:19 -------- dc----w- c:\documents and settings\All Users\Application Data\Microsoft Help 2010-09-12 13:28 . 2009-02-05 17:18 -------- dc----w- c:\program files\Common Files\Java 2010-09-12 13:27 . 2010-04-29 11:11 423656 -c--a-w- c:\windows\system32\deployJava1.dll 2010-09-12 13:15 . 2009-02-05 17:18 -------- dc----w- c:\program files\Java 2010-09-08 14:43 . 2010-04-01 10:55 -------- dc----w- c:\program files\Carbonite 2010-09-06 00:47 . 2009-02-12 01:18 -------- dc----w- c:\documents and settings\All Users\Application Data\Dell 2010-08-21 21:08 . 2010-08-21 21:08 65792 -c-ha-w- c:\windows\system32\mlfcache.dat 2010-08-18 17:19 . 2010-08-18 17:19 170584 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.736\prloader.dll 2010-08-18 17:19 . 2010-08-18 17:19 340520 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.736\avp.exe 2010-08-17 13:17 . 2008-04-25 16:16 58880 -c--a-w- c:\windows\system32\spoolsv.exe 2010-08-15 22:02 . 2010-08-15 21:54 -------- dc----w- c:\documents and settings\Master\Application Data\Apple Computer 2010-08-15 21:53 . 2010-08-15 21:53 -------- dc----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521} 2010-08-04 11:59 . 2010-08-04 11:59 61440 -c--a-w- c:\documents and settings\Master\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-114af051-n\decora-sse.dll 2010-08-04 11:59 . 2010-08-04 11:59 503808 -c--a-w- c:\documents and settings\Master\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-7be08023-n\msvcp71.dll 2010-08-04 11:59 . 2010-08-04 11:59 499712 -c--a-w- c:\documents and settings\Master\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-7be08023-n\jmc.dll 2010-08-04 11:59 . 2010-08-04 11:59 348160 -c--a-w- c:\documents and settings\Master\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-7be08023-n\msvcr71.dll 2010-08-04 11:59 . 2010-08-04 11:59 12800 -c--a-w- c:\documents and settings\Master\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-114af051-n\decora-d3d.dll 2010-07-29 15:12 . 2009-02-12 01:20 97549 -c--a-w- c:\windows\system32\drivers\klick.dat 2010-07-29 15:12 . 2009-02-12 01:20 113933 -c--a-w- c:\windows\system32\drivers\klin.dat 2010-07-22 15:49 . 2008-04-25 16:16 590848 -c--a-w- c:\windows\system32\rpcrt4.dll 2010-07-22 05:57 . 2009-04-16 00:11 5120 -c--a-w- c:\windows\system32\xpsp4res.dll 2010-06-30 12:31 . 2008-04-25 16:16 149504 -c--a-w- c:\windows\system32\schannel.dll 2006-08-10 02:52 . 2006-08-10 02:52 17795 -c--a-w- c:\program files\ok715.cat 2006-08-08 16:09 . 2006-08-08 16:09 2357 -c--a-w- c:\program files\OK715.inf 2006-07-18 18:17 . 2006-07-18 18:17 37376 -c--a-w- c:\program files\OPLXSLOC.DLL 2006-07-18 18:17 . 2006-07-18 18:17 1604096 -c--a-w- c:\program files\OPLXRLOC.DLL 2006-05-16 21:09 . 2006-05-16 21:09 60222 -c--a-w- c:\program files\OPLX.HLP 2006-02-27 15:27 . 2006-02-27 15:27 241 -c--a-w- c:\program files\Oplx.dat 2006-02-27 15:26 . 2006-02-27 15:26 205 -c--a-w- c:\program files\ok01du3c.cap 2005-11-07 14:26 . 2005-11-07 14:26 564736 -c--a-w- c:\program files\OPLX_UI.dll 2005-11-07 14:25 . 2005-11-07 14:25 650240 -c--a-w- c:\program files\OPLX_UM.dll 2005-10-26 21:50 . 2005-10-26 21:50 98304 -c--a-w- c:\program files\OPLNLSCU.DLL 2005-10-21 02:33 . 2005-10-21 02:33 27136 -c--a-w- c:\program files\oklmon64.dll 2005-10-14 20:57 . 2005-10-14 20:57 6144 -c--a-w- c:\program files\OPLX_M00.DLL 2005-10-14 20:45 . 2005-10-14 20:45 37376 -c--a-w- c:\program files\OPLAPP3.dll 2005-10-14 20:36 . 2005-10-14 20:36 94720 -c--a-w- c:\program files\OPLX_F00.dll 2005-10-14 20:09 . 2005-10-14 20:09 41 -c--a-w- c:\program files\OK715.ver 2005-08-26 22:53 . 2005-08-26 22:53 6277 -c--a-w- c:\program files\Op53v2.dat 2004-06-10 00:42 . 2004-06-10 00:42 7870 -c--a-w- c:\program files\OPLX_M00.DAT 2002-11-12 07:01 . 2002-11-12 07:01 322 -c--a-w- c:\program files\Mlredi02.ASP 2002-11-01 23:05 . 2002-11-01 23:05 228 -c--a-w- c:\program files\Okccm012.bin 2002-09-12 08:03 . 2002-09-12 08:03 2825 -c--a-w- c:\program files\opne000e.scr 2002-06-26 16:16 . 2002-06-26 16:16 228 -c--a-w- c:\program files\Okccm015.bin 2002-06-26 16:16 . 2002-06-26 16:16 228 -c--a-w- c:\program files\Okccm014.bin 2002-06-26 16:16 . 2002-06-26 16:16 228 -c--a-w- c:\program files\Okccm013.bin 2002-06-26 16:16 . 2002-06-26 16:16 228 -c--a-w- c:\program files\Okccm011.bin 2002-06-20 16:36 . 2002-06-20 16:36 694 -c--a-w- c:\program files\OPLX_S00.DAT 2002-06-08 01:55 . 2002-06-08 01:55 34 -c--a-w- c:\program files\Ok048u0l.ccm 2009-11-06 14:14 . 2009-02-12 01:20 3533856 -csha-w- c:\windows\system32\drivers\fidbox.dat 2009-11-06 14:14 . 2009-02-12 01:20 696352 -csha-w- c:\windows\system32\drivers\fidbox2.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "FileHippo.com"="c:\program files\FileHippo.com\UpdateChecker.exe" [2010-08-09 248832] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDCPL"="RTHDCPL.EXE" [2007-07-17 16132608] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-07-17 142104] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-07-17 162584] "Persistence"="c:\windows\system32\igfxpers.exe" [2007-07-17 138008] "Dell DataSafe Online"="c:\program files\Dell DataSafe Online\DataSafeOnline.exe" [2009-11-13 1807600] "dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-06-03 206064] "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952] "IMEKRMIG6.1"="c:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2008-04-14 44032] "MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-14 59392] "PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168] "PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168] "Corel Photo Downloader"="c:\program files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" [2008-08-08 532808] "Corel File Shell Monitor"="c:\program files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe" [2008-08-08 16712] "Intuit SyncManager"="c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2009-12-22 1092872] "avp"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe" [2010-08-18 340520] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552] c:\documents and settings\All Users\Start Menu\Programs\Startup\ QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2010-2-2 984352] Service Manager.lnk - c:\program files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2002-12-17 74308] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist] 2009-02-05 17:24 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [1/29/2008 7:29 PM 36880] R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\SITEAD~1\mcsacore.exe [9/15/2010 7:53 AM 88176] R2 MSSQL$SHIPWORKS;MSSQL$SHIPWORKS;c:\program files\Microsoft SQL Server\MSSQL$SHIPWORKS\Binn\sqlservr.exe -sSHIPWORKS --> c:\program files\Microsoft SQL Server\MSSQL$SHIPWORKS\Binn\sqlservr.exe -sSHIPWORKS [?] R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\drivers\klfltdev.sys [3/13/2008 8:02 PM 26640] R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [9/14/2009 2:42 PM 32272] R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [10/2/2009 8:39 PM 19472] S3 SQLAgent$SHIPWORKS;SQLAgent$SHIPWORKS;c:\program files\Microsoft SQL Server\MSSQL$SHIPWORKS\Binn\sqlagent.EXE -i SHIPWORKS --> c:\program files\Microsoft SQL Server\MSSQL$SHIPWORKS\Binn\sqlagent.EXE -i SHIPWORKS [?] S3 Srssscatfnt;Srssscatfnt; [x] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ mStart Page = hxxp://www.maxiwe.com/ uInternet Settings,ProxyOverride = *.local IE: Add to Anti-Banner - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - c:\program files\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-09-23 17:24 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(564) c:\program files\Citrix\GoToAssist\514\G2AWinLogon.dll - - - - - - - > 'explorer.exe'(2040) c:\windows\system32\WININET.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\conime.exe c:\windows\RTHDCPL.EXE c:\windows\system32\igfxsrvc.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe c:\program files\Microsoft SQL Server\MSSQL$SHIPWORKS\Binn\sqlservr.exe c:\program files\Common Files\Protexis\License Service\PsiService_2.exe c:\program files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe c:\program files\Dell Support Center\bin\sprtsvc.exe c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe . ************************************************************************** . Completion time: 2010-09-23 17:27:41 - machine was rebooted ComboFix-quarantined-files.txt 2010-09-23 22:27 Pre-Run: 479,292,657,664 bytes free Post-Run: 479,363,506,176 bytes free - - End Of File - - CF7851B25AC099EC5AC4DB13F937F031
  4. I did the above, and when rebooted, it gave "Spooler Subsystem App" error. Then I tried to add printer, and got "Spooler service is not running." From Admin Tools - Services, I started Print Spooler. Then again tried to add printer, but printer wizard didn't give me any option at "select a printer port", it was all blank. Here is DDS.txt and attach.txt (am I supposed to attach this? Last time I attached it but I've been told to post it) Thanks for your time... DDS (Ver_10-03-17.01) - NTFSx86 Run by Master at 8:19:36.18 on 09/22/2010 Wed Internet Explorer: 8.0.6001.18702 Microsoft Windows XP Professional 5.1.2600.3.932.81.1033.18.3061.2387 [GMT -5:00] AV: Kaspersky Internet Security *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0} FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0} ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe C:\WINDOWS\system32\igfxsrvc.exe C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\FileHippo.com\UpdateChecker.exe C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe svchost.exe C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe C:\Program Files\Java\jre6\bin\jqs.exe c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe C:\Program Files\Microsoft SQL Server\MSSQL$SHIPWORKS\Binn\sqlservr.exe C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe C:\Program Files\Dell Support Center\bin\sprtsvc.exe c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\WINDOWS\System32\svchost.exe -k HTTPFilter C:\WINDOWS\system32\wscntfy.exe C:\Documents and Settings\Master\Desktop\dds.scr C:\WINDOWS\system32\conime.exe ============== Pseudo HJT Report =============== uStart Page = hxxp://www.google.com/ mStart Page = hxxp://www.maxiwe.com/ uInternet Settings,ProxyOverride = *.local uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\program files\kaspersky lab\kaspersky internet security 2010\ievkbd.dll BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - c:\program files\kaspersky lab\kaspersky internet security 2010\klwtbbho.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [FileHippo.com] "c:\program files\filehippo.com\UpdateChecker.exe" /background mRun: [RTHDCPL] RTHDCPL.EXE mRun: [igfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [Persistence] c:\windows\system32\igfxpers.exe mRun: [Dell DataSafe Online] "c:\program files\dell datasafe online\DataSafeOnline.exe" /m mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter mRun: [iMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 mRun: [iMEKRMIG6.1] c:\windows\ime\imkr6_1\IMEKRMIG.EXE mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName mRun: [Corel Photo Downloader] "c:\program files\common files\corel\corel photodownloader\Corel Photo Downloader.exe" -startup mRun: [Corel File Shell Monitor] c:\program files\corel\corel paint shop pro photo x2\CorelIOMonitor.exe mRun: [intuit SyncManager] c:\program files\common files\intuit\sync\IntuitSyncManager.exe startup mRun: [avp] "c:\program files\kaspersky lab\kaspersky internet security 2010\avp.exe" mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [userFaultCheck] %systemroot%\system32\dumprep 0 -u StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\servic~1.lnk - c:\program files\microsoft sql server\80\tools\binn\sqlmangr.exe IE: Add to Anti-Banner - c:\program files\kaspersky lab\kaspersky internet security 2010\ie_banner_deny.htm IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - {85E0B171-04FA-11D1-B7DA-00A0C90348D6} - c:\program files\kaspersky lab\kaspersky internet security 2009\SCIEPlgn.dll IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - c:\program files\kaspersky lab\kaspersky internet security 2010\klwtbbho.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files\kaspersky lab\kaspersky internet security 2010\klwtbbho.dll DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - c:\program files\intuit\quickbooks 2009\HelpAsyncPluggableProtocol.dll Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll Notify: igfxcui - igfxdev.dll Notify: klogon - c:\windows\system32\klogon.dll AppInit_DLLs: c:\progra~1\kasper~1\kasper~2\kloehk.dll ============= SERVICES / DRIVERS =============== R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-1-29 36880] R1 kl1;Kl1;c:\windows\system32\drivers\kl1.sys [2009-9-1 128016] R1 KLIF;Kaspersky Lab Driver;c:\windows\system32\drivers\klif.sys [2009-2-11 315408] R2 AVP;Kaspersky Internet Security;c:\program files\kaspersky lab\kaspersky internet security 2010\avp.exe [2009-10-20 340520] R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\sitead~1\mcsacore.exe [2010-9-15 88176] R2 MSSQL$SHIPWORKS;MSSQL$SHIPWORKS;c:\program files\microsoft sql server\mssql$shipworks\binn\sqlservr.exe -sshipworks --> c:\program files\microsoft sql server\mssql$shipworks\binn\sqlservr.exe -sSHIPWORKS [?] R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\drivers\klfltdev.sys [2008-3-13 26640] R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2009-9-14 32272] R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2009-10-2 19472] S3 SQLAgent$SHIPWORKS;SQLAgent$SHIPWORKS;c:\program files\microsoft sql server\mssql$shipworks\binn\sqlagent.exe -i shipworks --> c:\program files\microsoft sql server\mssql$shipworks\binn\sqlagent.EXE -i SHIPWORKS [?] S3 Srssscatfnt;Srssscatfnt; [x] =============== Created Last 30 ================ 2010-09-15 23:28:20 0 dc----w- c:\docume~1\master\applic~1\Foxit Software 2010-09-15 23:28:19 0 dc----w- c:\docume~1\master\applic~1\Foxit 2010-09-15 23:28:10 0 dc----w- c:\program files\Foxit Software 2010-09-15 14:14:09 200 -c--a-w- c:\windows\WININIT.INI 2010-09-15 12:53:36 0 dc----w- c:\program files\common files\McAfee 2010-09-15 12:53:31 0 dc----w- c:\program files\McAfee 2010-09-15 12:40:26 0 dc----w- c:\program files\FileHippo.com 2010-09-15 01:46:45 0 dc----w- c:\program files\SpywareBlaster 2010-09-14 01:05:34 375 -c--a-w- c:\windows\OPLN.INI 2010-09-14 01:05:34 17420 -c--a-w- c:\windows\system32\OPC5300.cah 2010-09-14 01:05:34 13076 -c--a-w- c:\windows\system32\OPLN_M00.cah 2010-09-14 01:02:15 808 -c----w- c:\windows\system32\OKIPAR.DAT 2010-09-14 01:02:15 61440 -c----w- c:\windows\system32\OPPARMON.DLL 2010-09-14 01:02:15 45056 -c----w- c:\windows\system32\OPDEVACC.DLL 2010-09-14 01:02:15 36320 -c----w- c:\windows\system32\drivers\OKIPAR.SYS 2010-09-14 01:02:15 32768 -c----w- c:\windows\system32\OPLPTACC.DLL 2010-09-13 23:53:36 0 dc----w- C:\RegBack 2010-09-13 23:53:25 0 dc----w- c:\windows\system32\NtmsData 2010-09-13 23:51:57 0 dc----w- c:\program files\ACW 2010-09-13 17:21:19 531768 -c--a-w- C:\WindowsXP-KB924078-x86-ENU.exe 2010-09-11 20:44:29 0 dc----w- c:\program files\ESET 2010-09-10 18:15:49 0 dcsha-r- C:\cmdcons 2010-09-09 13:52:08 3278 -c--a-w- c:\windows\system32\wbem\Outlook_01cb5026320fbc64.mof 2010-09-08 16:12:50 0 -c--a-w- c:\documents and settings\master\defogger_reenable 2010-09-08 14:37:49 0 dc----w- c:\windows\SxsCaPendDel 2010-09-08 12:51:44 0 dc----w- c:\docume~1\master\applic~1\Malwarebytes 2010-09-08 12:51:08 38224 -c--a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-09-08 12:51:07 0 dc----w- c:\docume~1\alluse~1\applic~1\Malwarebytes 2010-09-08 12:51:06 20952 -c--a-w- c:\windows\system32\drivers\mbam.sys 2010-09-08 12:51:06 0 dc----w- c:\program files\Malwarebytes' Anti-Malware 2010-09-06 00:48:39 0 dc----w- c:\windows\system32\wbem\Repository 2010-09-05 22:33:02 0 dc----w- C:\spoolerlogs ==================== Find3M ==================== 2010-09-14 13:59:20 848 -csha-w- c:\docume~1\alluse~1\applic~1\KGyGaAvL.sys 2010-09-12 13:27:59 423656 -c--a-w- c:\windows\system32\deployJava1.dll 2010-08-21 21:08:14 65792 -c-ha-w- c:\windows\system32\mlfcache.dat 2010-08-17 13:17:06 58880 -c--a-w- c:\windows\system32\spoolsv.exe 2010-07-29 15:12:49 97549 -c--a-w- c:\windows\system32\drivers\klick.dat 2010-07-29 15:12:49 113933 -c--a-w- c:\windows\system32\drivers\klin.dat 2010-07-22 15:49:15 590848 -c--a-w- c:\windows\system32\rpcrt4.dll 2010-07-22 05:57:20 5120 -c--a-w- c:\windows\system32\xpsp4res.dll 2010-06-30 12:31:35 149504 -c--a-w- c:\windows\system32\schannel.dll 2006-08-10 02:52:04 17795 -c--a-w- c:\program files\ok715.cat 2006-08-08 16:09:28 2357 -c--a-w- c:\program files\OK715.inf 2006-07-18 18:17:50 37376 -c--a-w- c:\program files\OPLXSLOC.DLL 2006-07-18 18:17:50 1604096 -c--a-w- c:\program files\OPLXRLOC.DLL 2006-05-16 21:09:02 60222 -c--a-w- c:\program files\OPLX.HLP 2006-02-27 15:27:26 241 -c--a-w- c:\program files\Oplx.dat 2006-02-27 15:26:52 205 -c--a-w- c:\program files\ok01du3c.cap 2005-11-07 14:26:14 564736 -c--a-w- c:\program files\OPLX_UI.dll 2005-11-07 14:25:56 650240 -c--a-w- c:\program files\OPLX_UM.dll 2005-10-26 21:50:02 98304 -c--a-w- c:\program files\OPLNLSCU.DLL 2005-10-21 02:33:32 27136 -c--a-w- c:\program files\oklmon64.dll 2005-10-14 20:57:36 6144 -c--a-w- c:\program files\OPLX_M00.DLL 2005-10-14 20:45:22 37376 -c--a-w- c:\program files\OPLAPP3.dll 2005-10-14 20:36:06 94720 -c--a-w- c:\program files\OPLX_F00.dll 2005-10-14 20:09:02 41 -c--a-w- c:\program files\OK715.ver 2005-08-26 22:53:30 6277 -c--a-w- c:\program files\Op53v2.dat 2004-06-10 00:42:06 7870 -c--a-w- c:\program files\OPLX_M00.DAT 2002-11-12 07:01:00 322 -c--a-w- c:\program files\Mlredi02.ASP 2002-11-01 23:05:18 228 -c--a-w- c:\program files\Okccm012.bin 2002-09-12 08:03:00 2825 -c--a-w- c:\program files\opne000e.scr 2002-06-26 16:16:08 228 -c--a-w- c:\program files\Okccm015.bin 2002-06-26 16:16:08 228 -c--a-w- c:\program files\Okccm014.bin 2002-06-26 16:16:08 228 -c--a-w- c:\program files\Okccm013.bin 2002-06-26 16:16:08 228 -c--a-w- c:\program files\Okccm011.bin 2002-06-20 16:36:38 694 -c--a-w- c:\program files\OPLX_S00.DAT 2002-06-08 01:55:46 34 -c--a-w- c:\program files\Ok048u0l.ccm 2009-11-06 14:14:17 3533856 -csha-w- c:\windows\system32\drivers\fidbox.dat 2009-11-06 14:14:17 696352 -csha-w- c:\windows\system32\drivers\fidbox2.dat ============= FINISH: 8:19:57.62 =============== UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT DDS (Ver_10-03-17.01) Microsoft Windows XP Professional Boot Device: \Device\HarddiskVolume2 Install Date: 2/11/2009 7:07:19 PM System Uptime: 9/22/2010 6:02:21 AM (2 hours ago) Motherboard: Dell Inc. | | 0RY007 Processor: Intel® Core2 Duo CPU E7300 @ 2.66GHz | Socket 775 | 2660/266mhz ==== Disk Partitions ========================= C: is FIXED (NTFS) - 466 GiB total, 446.251 GiB free. D: is CDROM (CDFS) E: is Removable F: is Removable G: is Removable H: is Removable ==== Disabled Device Manager Items ============= ==== System Restore Points =================== RP1: 9/21/2010 4:34:38 PM - System Checkpoint ==== Installed Programs ====================== Adobe Flash Player 10 Plugin Business Contact Manager for Outlook 2007 Canon CanoScan Toolbox 4.6 Corel Paint Shop Pro Photo X2 DAZzle Dell DataSafe Online Dell Driver Reset Tool Dell Support Center (Support Software) DYMO Printable Postage ESET Online Scanner v3 EVGA Display Driver FileHippo.com Update Checker Foxit Reader GoToAssist 8.0.0.514 Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Hotfix for Windows XP (KB952287) Hotfix for Windows XP (KB953955) Hotfix for Windows XP (KB954434) Hotfix for Windows XP (KB954550-v5) Hotfix for Windows XP (KB954708) Hotfix for Windows XP (KB958347) Hotfix for Windows XP (KB959252) Hotfix for Windows XP (KB961118) Hotfix for Windows XP (KB970653-v3) Hotfix for Windows XP (KB976098-v2) Hotfix for Windows XP (KB979306) Hotfix for Windows XP (KB981793) Intel® Graphics Media Accelerator Driver Intel® PRO Network Connections Drivers Java Auto Updater Java 6 Update 21 Jw_cad Kaspersky Internet Security 2010 Malwarebytes' Anti-Malware McAfee SiteAdvisor Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Security Update (KB979906) Microsoft .NET Framework 2.0 Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 Microsoft .NET Framework 3.5 SP1 Microsoft Application Error Reporting Microsoft Internationalized Domain Names Mitigation APIs Microsoft National Language Support Downlevel APIs Microsoft Office 2003 Web Components Microsoft Office 2007 Primary Interop Assemblies Microsoft Office Excel MUI (English) 2007 Microsoft Office Outlook MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Publisher MUI (English) 2007 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Small Business 2007 Microsoft Office Small Business Connectivity Components Microsoft Office Word MUI (English) 2007 Microsoft Software Update for Web Folders (English) 12 Microsoft SQL Server 2005 Microsoft SQL Server 2005 Express Edition (MSSMLBIZ) Microsoft SQL Server Desktop Engine (SHIPWORKS) Microsoft SQL Server Native Client Microsoft SQL Server Setup Support Files (English) Microsoft SQL Server VSS Writer Microsoft Visual C++ 2005 Redistributable MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MSXML 4.0 SP2 Parser and SDK MSXML 6.0 Parser QuickBooks QuickBooks Pro 2009 Realtek High Definition Audio Driver SeaMonkey (1.1.17) SeaMonkey (2.0.8) Security Update for Windows Internet Explorer 7 (KB938127-v2) Security Update for Windows Internet Explorer 7 (KB956390) Security Update for Windows Internet Explorer 7 (KB961260) Security Update for Windows Internet Explorer 7 (KB963027) Security Update for Windows Internet Explorer 7 (KB969897) Security Update for Windows Internet Explorer 8 (KB2183461) Security Update for Windows Internet Explorer 8 (KB971961) Security Update for Windows Internet Explorer 8 (KB974455) Security Update for Windows Internet Explorer 8 (KB976325) Security Update for Windows Internet Explorer 8 (KB978207) Security Update for Windows Internet Explorer 8 (KB981332) Security Update for Windows Internet Explorer 8 (KB982381) Security Update for Windows Media Player (KB952069) Security Update for Windows Media Player (KB954155) Security Update for Windows Media Player (KB968816) Security Update for Windows Media Player (KB973540) Security Update for Windows Media Player (KB975558) Security Update for Windows Media Player (KB978695) Security Update for Windows Media Player (KB979402) Security Update for Windows XP (KB2079403) Security Update for Windows XP (KB2115168) Security Update for Windows XP (KB2121546) Security Update for Windows XP (KB2160329) Security Update for Windows XP (KB2229593) Security Update for Windows XP (KB2259922) Security Update for Windows XP (KB2286198) Security Update for Windows XP (KB2347290) Security Update for Windows XP (KB923561) Security Update for Windows XP (KB938464) Security Update for Windows XP (KB946648) Security Update for Windows XP (KB950762) Security Update for Windows XP (KB950974) Security Update for Windows XP (KB951066) Security Update for Windows XP (KB951376-v2) Security Update for Windows XP (KB951698) Security Update for Windows XP (KB951748) Security Update for Windows XP (KB952004) Security Update for Windows XP (KB952954) Security Update for Windows XP (KB954211) Security Update for Windows XP (KB954459) Security Update for Windows XP (KB954600) Security Update for Windows XP (KB955069) Security Update for Windows XP (KB956391) Security Update for Windows XP (KB956572) Security Update for Windows XP (KB956744) Security Update for Windows XP (KB956802) Security Update for Windows XP (KB956803) Security Update for Windows XP (KB956841) Security Update for Windows XP (KB956844) Security Update for Windows XP (KB957095) Security Update for Windows XP (KB957097) Security Update for Windows XP (KB958215) Security Update for Windows XP (KB958644) Security Update for Windows XP (KB958687) Security Update for Windows XP (KB958690) Security Update for Windows XP (KB958869) Security Update for Windows XP (KB959426) Security Update for Windows XP (KB960225) Security Update for Windows XP (KB960714) Security Update for Windows XP (KB960715) Security Update for Windows XP (KB960803) Security Update for Windows XP (KB960859) Security Update for Windows XP (KB961371) Security Update for Windows XP (KB961373) Security Update for Windows XP (KB961501) Security Update for Windows XP (KB968537) Security Update for Windows XP (KB969059) Security Update for Windows XP (KB969898) Security Update for Windows XP (KB969947) Security Update for Windows XP (KB970238) Security Update for Windows XP (KB970430) Security Update for Windows XP (KB971468) Security Update for Windows XP (KB971486) Security Update for Windows XP (KB971557) Security Update for Windows XP (KB971633) Security Update for Windows XP (KB971657) Security Update for Windows XP (KB972270) Security Update for Windows XP (KB973346) Security Update for Windows XP (KB973354) Security Update for Windows XP (KB973507) Security Update for Windows XP (KB973525) Security Update for Windows XP (KB973869) Security Update for Windows XP (KB973904) Security Update for Windows XP (KB974112) Security Update for Windows XP (KB974318) Security Update for Windows XP (KB974392) Security Update for Windows XP (KB974571) Security Update for Windows XP (KB975025) Security Update for Windows XP (KB975467) Security Update for Windows XP (KB975560) Security Update for Windows XP (KB975561) Security Update for Windows XP (KB975562) Security Update for Windows XP (KB975713) Security Update for Windows XP (KB977165) Security Update for Windows XP (KB977816) Security Update for Windows XP (KB977914) Security Update for Windows XP (KB978037) Security Update for Windows XP (KB978251) Security Update for Windows XP (KB978262) Security Update for Windows XP (KB978338) Security Update for Windows XP (KB978542) Security Update for Windows XP (KB978601) Security Update for Windows XP (KB978706) Security Update for Windows XP (KB979309) Security Update for Windows XP (KB979482) Security Update for Windows XP (KB979559) Security Update for Windows XP (KB979683) Security Update for Windows XP (KB980195) Security Update for Windows XP (KB980218) Security Update for Windows XP (KB980232) Security Update for Windows XP (KB980436) Security Update for Windows XP (KB981322) Security Update for Windows XP (KB981852) Security Update for Windows XP (KB981997) Security Update for Windows XP (KB982214) Security Update for Windows XP (KB982665) Security Update for Windows XP (KB982802) ShipWorks? 2.9.60 SpywareBlaster 4.4 Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Windows Internet Explorer 8 (KB975364) Update for Windows Internet Explorer 8 (KB976662) Update for Windows Internet Explorer 8 (KB976749) Update for Windows Internet Explorer 8 (KB980182) Update for Windows XP (KB2141007) Update for Windows XP (KB898461) Update for Windows XP (KB951072-v2) Update for Windows XP (KB951618-v2) Update for Windows XP (KB951978) Update for Windows XP (KB955759) Update for Windows XP (KB955839) Update for Windows XP (KB967715) Update for Windows XP (KB968389) Update for Windows XP (KB971737) Update for Windows XP (KB973687) Update for Windows XP (KB973815) WebFldrs XP Windows Genuine Advantage Notifications (KB905474) Windows Internet Explorer 7 Windows Internet Explorer 8 Windows Presentation Foundation XML Paper Specification Shared Components Pack 1.0 ==== Event Viewer Messages From Past Week ======== 9/21/2010 8:22:10 AM, error: MRxSmb [8003] - The master browser has received a server announcement from the computer MASTER-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{467C99D2-0EFA-4D40. The master browser is stopping or an election is being forced. 9/21/2010 7:59:59 AM, error: Service Control Manager [7034] - The Print Spooler service terminated unexpectedly. It has done this 1 time(s). 9/21/2010 12:17:36 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Fips intelppm IPSec kl1 KLIF MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip 9/21/2010 12:17:36 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning. 9/21/2010 12:17:36 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning. 9/21/2010 12:17:36 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning. 9/21/2010 12:17:36 PM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning. 9/21/2010 12:17:33 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811} 9/21/2010 12:16:58 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} 9/21/2010 12:16:57 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E} 9/21/2010 12:03:33 PM, error: Service Control Manager [7023] - The HID Input Service service terminated with the following error: The specified module could not be found. 9/21/2010 12:00:26 PM, error: Service Control Manager [7034] - The Print Spooler service terminated unexpectedly. It has done this 3 time(s). 9/21/2010 11:59:04 AM, error: Service Control Manager [7034] - The Print Spooler service terminated unexpectedly. It has done this 2 time(s). ==== End Of File ===========================
  5. It WAS printing until today.... (spooler subsystem has encountered problems, RTC is unavailable, etc...) ????? So I did the same fix above, reinstalled printer and driver, and they seem to be in place, but this time is not working.... still application crases when print, protection fault, etc. .... Malwarebytes scan comes out clean. I can't even try to restore system this time since there is no checkpoint! Does this mean my XP is corrupt and I need to reinstall? Are there any other options before that? .... thank you for any input...!
  6. It's printing!!!!! Thank you!!!!! What I did after my last post was to call Okidata support, the rep told me to delete all printers and remove drivers. I had HP C4480 too and she actually said that maybe the cause. I still had "protection fault" every time I try to open "printer preferences" while I'm trying to delete the printers/drivers. So she told me to go to HP website, download "Scrubber Utility" and ran it. It went through, but then I still had problem re-installing Oki printer. So I followed your link, although "Fix It" didn't go through automatically, I manually deleted spool printer and driver files, remove registry entries. Now it's printing! I've been dealing with this for over a week, hurt my back during moving heavy printer form room to room. Now I'm back in business! Thank you!! Including all other people who helped me in other forums!
  7. I'm back to square one... -I put installation CD from Okidata (pretty old), and it gave error "CDinst.exe has encountered problem and need to close." Sorry I can't remember the order I did but: -I ran Dell diagnostics, and it fixed "Printer Service" or something. -I followed microsoft instruction to run spooler. -Then I can't remember exactly when but suddenly OkiC5300 icon showed up in "Printers and Faxes", I could change default printer to C5300, but when I click preferences, then it gives this mssg "Function address ox68647646 caused a protection fault. (exception code 0xc0000094), Some or all property page may not be displayed." that was the mssg I was getting before malware cleanup. -Add Printer's Plug and Play still doesn't work no matter how many times I reboot computer and re-plug the printer. It gives "Spooler Subsystem App has encountered a problem." So I went to "Run" CDinst.exe from installation CD, then Oki's installation wizard came up and I could click "install printer driver". But then it asked me to remove "older version of driver 2.0.0.0 in order to install the "new driver 1.0.0.0" because the CD is old. -I downloaded the new driver but that just overwrite existing files. -I tried to print from Microsoft Word to see if it prints (it did before cleanup), which crashed, went into Microsoft Office Diagnostics, couldn't find or solve it, now it's circling error mssg "Word has encountered problem and needs to close", and try to go into safe mode, crashes and gives the same error mssg, over and over.... I need to reboot. I'll be back... This is making me crazy! Thanks for your help
  8. I was suggested to post my new printer problem here after the post in HijackThisLog forum. http://forums.malwarebytes.org/index.php?showtopic=62276 After cleaning up my pc (windows xp) according to the directions in the forum above, I hooked up my printer Oki C5300 (not printing was my original problem), and tried to re-install it following "printers and faxes" "add a printer". It stopped and gave error mssg "Spooler Subsytem App has encountered a problem and need to close. Sorry". ....? I googled that message and some said there's still a virus...? Am I supposed to download a printer driver and put it somewhere first? I'm afraid to do ANYTHING without being told now... please help, thanks...
  9. I did up to JavaRa, JRE part. Then I hooked up my printer Oki C5300, I tried to install it following "printers and faxes" "add a printer". It stopped and gave error mssg "Spooler Subsytem App has encountered a problem and need to close. Sorry". ....? Would you please direct me what to do... thanks
  10. There was no "Show Results" after Malwarebytes scan. Also, ESET scan came back with 0 infected, there was no selection of "List of found threats", nor "Export to text file". Another thing I want to mention is that when I went back to kaspersky anti-virus log after I posted this, there was one file in quarantine since Aug 19. virus HEUR:Trojan.Win32.Generic, location c:/documents and settings/master/application data/mozilla/Profiles/default/zklv91tf.slt/Cache/B3AE923Ad01. Kaspersky Anti-virus didn't give any warning, just says no active threats. So I didn't notice it til yesterday. I sent it to Kaspersky lab to analyze it but hadn't heard back. Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 4595 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 9/11/2010 3:41:00 PM mbam-log-2010-09-11 (15-41-00).txt Scan type: Quick scan Objects scanned: 144376 Time elapsed: 4 minute(s), 28 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)
  11. I did ComboFix and log is attached. After I posted #1 post here, in my original post in General (a link above) Haider told me to do a quick scan with Heuristics Shuriken Disabled after an update 4572, (turned out to be 4573). As I mentioned in the original post, the scan went through and I posted the log there. I hope that doesn't complicate this. Thank you! ComboFix.txt
  12. Haider Success! No infection? Here is the log. My window is XP. But I already started a new topic in HijackThisLogs before your reply. What should I do now? Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 4573 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 9/8/2010 4:15:38 PM mbam-log-2010-09-08 (16-15-38).txt Scan type: Quick scan Objects scanned: 145695 Time elapsed: 7 minute(s), 32 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)
  13. I was directed from General Forum below: http://forums.malwarebytes.org/index.php?showtopic=62264 I ran Quick Scan and it also crashed at 3 min, 2 infected. Then I realized that it was version 4570, so updated to 4571 and quick scanned again. Crash at 2 min 55 sec, 0 infected. So I downloaded defogger, disabled CD Emulation drivers. I received "Finished" mssg but wasn't asked to reboot, so I manually rebooted. Saved DDS.txt and attach.txt. Downloaded GMER Rootkit Scanner. It looked finished, so I clicked "Save" and ark.txt is saved, but then it says still scanning, and it crashed. There is nothing in the malwarebytes log. Thank you for your help! DDS (Ver_10-03-17.01) - NTFSx86 Run by Master at 11:24:34.78 on 09/08/2010 Wed Internet Explorer: 8.0.6001.18702 Microsoft Windows XP Professional 5.1.2600.3.932.81.1033.18.3061.2470 [GMT -5:00] AV: Kaspersky Internet Security *On-access scanning enabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0} FW: Kaspersky Internet Security *enabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0} ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe C:\WINDOWS\system32\igfxsrvc.exe C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe svchost.exe C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Microsoft SQL Server\MSSQL$SHIPWORKS\Binn\sqlservr.exe C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\Program Files\Dell Support Center\bin\sprtsvc.exe c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\Common Files\Java\Java Update\jucheck.exe C:\WINDOWS\system32\drwtsn32.exe C:\WINDOWS\system32\drwtsn32.exe C:\Program Files\SeaMonkey\seamonkey.exe C:\Documents and Settings\Master\Desktop\dds.scr C:\WINDOWS\system32\conime.exe ============== Pseudo HJT Report =============== uStart Page = hxxp://www.maxiwe.com/ uSearch Page = hxxp://www.live.com uDefault_Page_URL = hxxp://www.maxiwe.com/ mDefault_Page_URL = hxxp://www.maxiwe.com/ mStart Page = hxxp://www.maxiwe.com/ uInternet Settings,ProxyOverride = *.local BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - c:\program files\adobe\/Adobe Contribute CS3/contributeieplugin.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\program files\kaspersky lab\kaspersky internet security 2010\ievkbd.dll BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: PDFCreator Toolbar Helper: {c451c08a-ec37-45df-aaad-18b51ab5e837} - c:\program files\pdfcreator toolbar\v3.3.0.1\PDFCreator_Toolbar.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - c:\program files\kaspersky lab\kaspersky internet security 2010\klwtbbho.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - c:\program files\adobe\/Adobe Contribute CS3/contributeieplugin.dll TB: PDFCreator Toolbar: {31cf9ebe-5755-4a1d-ac25-2834d952d9b4} - c:\program files\pdfcreator toolbar\v3.3.0.1\PDFCreator_Toolbar.dll uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [RTHDCPL] RTHDCPL.EXE mRun: [Alcmtr] ALCMTR.EXE mRun: [igfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [Persistence] c:\windows\system32\igfxpers.exe mRun: [Dell DataSafe Online] "c:\program files\dell datasafe online\DataSafeOnline.exe" /m mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter mRun: [iMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 mRun: [iMEKRMIG6.1] c:\windows\ime\imkr6_1\IMEKRMIG.EXE mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName mRun: [Corel Photo Downloader] "c:\program files\common files\corel\corel photodownloader\Corel Photo Downloader.exe" -startup mRun: [Corel File Shell Monitor] c:\program files\corel\corel paint shop pro photo x2\CorelIOMonitor.exe mRun: [intuit SyncManager] c:\program files\common files\intuit\sync\IntuitSyncManager.exe startup mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [avp] "c:\program files\kaspersky lab\kaspersky internet security 2010\avp.exe" mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\servic~1.lnk - c:\program files\microsoft sql server\80\tools\binn\sqlmangr.exe IE: Add to Anti-Banner - c:\program files\kaspersky lab\kaspersky internet security 2010\ie_banner_deny.htm IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - {85E0B171-04FA-11D1-B7DA-00A0C90348D6} - c:\program files\kaspersky lab\kaspersky internet security 2009\SCIEPlgn.dll IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - c:\program files\kaspersky lab\kaspersky internet security 2010\klwtbbho.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files\kaspersky lab\kaspersky internet security 2010\klwtbbho.dll DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - c:\program files\intuit\quickbooks 2009\HelpAsyncPluggableProtocol.dll Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll Notify: igfxcui - igfxdev.dll Notify: klogon - c:\windows\system32\klogon.dll AppInit_DLLs: c:\progra~1\kasper~1\kasper~1\kloehk.dll c:\progra~1\kasper~1\kasper~2\mzvkbd3.dll,c:\progra~1\kasper~1\kasper~2\KLOEHK.DLL ============= SERVICES / DRIVERS =============== R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-1-29 36880] R1 kl1;Kl1;c:\windows\system32\drivers\kl1.sys [2009-9-1 128016] R1 KLIF;Kaspersky Lab Driver;c:\windows\system32\drivers\klif.sys [2009-2-11 315408] R2 AVP;Kaspersky Internet Security;c:\program files\kaspersky lab\kaspersky internet security 2010\avp.exe [2009-10-20 340520] R2 MSSQL$SHIPWORKS;MSSQL$SHIPWORKS;c:\program files\microsoft sql server\mssql$shipworks\binn\sqlservr.exe -sshipworks --> c:\program files\microsoft sql server\mssql$shipworks\binn\sqlservr.exe -sSHIPWORKS [?] R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\drivers\klfltdev.sys [2008-3-13 26640] R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2009-9-14 32272] R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2009-10-2 19472] R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-9-8 38224] S3 SQLAgent$SHIPWORKS;SQLAgent$SHIPWORKS;c:\program files\microsoft sql server\mssql$shipworks\binn\sqlagent.exe -i shipworks --> c:\program files\microsoft sql server\mssql$shipworks\binn\sqlagent.EXE -i SHIPWORKS [?] S3 Srssscatfnt;Srssscatfnt; [x] =============== Created Last 30 ================ 2010-09-08 16:12:50 0 -c--a-w- c:\documents and settings\master\defogger_reenable 2010-09-08 14:37:49 0 dc----w- c:\windows\SxsCaPendDel 2010-09-08 12:51:44 0 dc----w- c:\docume~1\master\applic~1\Malwarebytes 2010-09-08 12:51:08 38224 -c--a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-09-08 12:51:07 0 dc----w- c:\docume~1\alluse~1\applic~1\Malwarebytes 2010-09-08 12:51:06 20952 -c--a-w- c:\windows\system32\drivers\mbam.sys 2010-09-08 12:51:06 0 dc----w- c:\program files\Malwarebytes' Anti-Malware 2010-09-06 00:48:39 0 dc----w- c:\windows\system32\wbem\Repository 2010-09-05 22:33:02 0 dc----w- C:\spoolerlogs 2010-08-21 21:08:14 65792 -c-ha-w- c:\windows\system32\mlfcache.dat 2010-08-15 21:53:57 26600 -c--a-w- c:\windows\system32\drivers\GEARAspiWDM.sys 2010-08-15 21:53:57 107368 -c--a-w- c:\windows\system32\GEARAspi.dll 2010-08-15 21:53:08 0 dc----w- c:\docume~1\alluse~1\applic~1\{429CAD59-35B1-4DBC-BB6D-1DB246563521} 2010-08-10 18:03:00 0 dc----w- c:\program files\3ivx 2010-08-10 10:15:58 94208 -c--a-w- c:\windows\system32\QuickTimeVR.qtx 2010-08-10 10:15:58 69632 -c--a-w- c:\windows\system32\QuickTime.qts ==================== Find3M ==================== 2010-09-06 20:33:13 848 -csha-w- c:\docume~1\alluse~1\applic~1\KGyGaAvL.sys 2010-07-29 15:12:49 97549 -c--a-w- c:\windows\system32\drivers\klick.dat 2010-07-29 15:12:49 113933 -c--a-w- c:\windows\system32\drivers\klin.dat 2010-06-30 12:31:35 149504 -c--a-w- c:\windows\system32\schannel.dll 2010-06-24 12:22:03 916480 -c--a-w- c:\windows\system32\wininet.dll 2010-06-24 02:14:38 1861120 -c--a-w- c:\windows\system32\win32k.sys 2010-06-17 14:03:00 80384 -c--a-w- c:\windows\system32\iccvid.dll 2010-06-14 07:41:45 1172480 -c--a-w- c:\windows\system32\msxml3.dll 2006-08-10 02:52:04 17795 -c--a-w- c:\program files\ok715.cat 2006-08-08 16:09:28 2357 -c--a-w- c:\program files\OK715.inf 2006-07-18 18:17:50 37376 -c--a-w- c:\program files\OPLXSLOC.DLL 2006-07-18 18:17:50 1604096 -c--a-w- c:\program files\OPLXRLOC.DLL 2006-05-16 21:09:02 60222 -c--a-w- c:\program files\OPLX.HLP 2006-02-27 15:27:26 241 -c--a-w- c:\program files\Oplx.dat 2006-02-27 15:26:52 205 -c--a-w- c:\program files\ok01du3c.cap 2005-11-07 14:26:14 564736 -c--a-w- c:\program files\OPLX_UI.dll 2005-11-07 14:25:56 650240 -c--a-w- c:\program files\OPLX_UM.dll 2005-10-26 21:50:02 98304 -c--a-w- c:\program files\OPLNLSCU.DLL 2005-10-21 02:33:32 27136 -c--a-w- c:\program files\oklmon64.dll 2005-10-14 20:57:36 6144 -c--a-w- c:\program files\OPLX_M00.DLL 2005-10-14 20:45:22 37376 -c--a-w- c:\program files\OPLAPP3.dll 2005-10-14 20:36:06 94720 -c--a-w- c:\program files\OPLX_F00.dll 2005-10-14 20:09:02 41 -c--a-w- c:\program files\OK715.ver 2005-08-26 22:53:30 6277 -c--a-w- c:\program files\Op53v2.dat 2004-06-10 00:42:06 7870 -c--a-w- c:\program files\OPLX_M00.DAT 2002-11-12 07:01:00 322 -c--a-w- c:\program files\Mlredi02.ASP 2002-11-01 23:05:18 228 -c--a-w- c:\program files\Okccm012.bin 2002-09-12 08:03:00 2825 -c--a-w- c:\program files\opne000e.scr 2002-06-26 16:16:08 228 -c--a-w- c:\program files\Okccm015.bin 2002-06-26 16:16:08 228 -c--a-w- c:\program files\Okccm014.bin 2002-06-26 16:16:08 228 -c--a-w- c:\program files\Okccm013.bin 2002-06-26 16:16:08 228 -c--a-w- c:\program files\Okccm011.bin 2002-06-20 16:36:38 694 -c--a-w- c:\program files\OPLX_S00.DAT 2002-06-08 01:55:46 34 -c--a-w- c:\program files\Ok048u0l.ccm 2009-11-06 14:14:17 3533856 -csha-w- c:\windows\system32\drivers\fidbox.dat 2009-11-06 14:14:17 696352 -csha-w- c:\windows\system32\drivers\fidbox2.dat ============= FINISH: 11:25:22.26 =============== Attach.zip
  14. Hi Boy you all work so hard in this forum! After a lot of research of my printing problem, I was told to run free version of Malwarebytes. The history is below in Dell Forum. http://en.community.dell.com/support-forum...4.aspx#19746984 During full scan, I saw "3 files infected" at a little over an hour, then it crashed, giving "Malwarebytes Anti-Malware has encountered problem and need to close." After that, I also got "Dr Watson Postmortem Debugger has encountered problem and need to close." Since it was still running in the background, I rebooted and opened Malwarebytes, there was no results. Should I try to run it in safe mode? Please help... Thank you in advance....
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.