PDA

View Full Version : Start up and OS is acting up.



Louiscypher100
2011-09-03, 20:27
Hello,

The malware on my computer has been giving me run errors since I've been tryhing to remove it.
I thought I could learn to remove it my self but it is beyond me at this point in my education.

Here is the DDS: and the attached "Attach.txt" report.

Any help would be greatly appreciated and sacrifices of choclate will be givein to the Diety of you choice.

Regards, LouisCypher

Your personal Facilitator

:cowboy:



.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Bobo at 10:30:02 on 2011-09-03
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1535.993 [GMT -7:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\msiexec.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = iexplore
BHO: AutorunsDisabled - No File
BHO: {16fbc17a-9fb3-4b4d-824e-b965cf45bf3d} - c:\windows\system32\dimsntf.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - No File
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet
mRun: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
Trusted Zone: com\www.msi
Trusted Zone: com.tw\asia.msi
Trusted Zone: com.tw\global.msi
DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} - hxxp://liveupdate.msi.com.tw/autobios/LOnline/install.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.1.254 199.185.220.254
TCP: Interfaces\{D9D2E454-23FB-47B9-8D6F-E00E8520D99C} : DhcpNameServer = 192.168.1.254 199.185.220.254
Handler: AutorunsDisabled\grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GR99D3~1.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
.
============= SERVICES / DRIVERS ===============
.
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia updatus\daemonu.exe [2011-8-23 2255464]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
S3 FLASHSYS;FLASHSYS; [x]
S3 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-8-10 136176]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-8-10 136176]
S3 Lavasoft Kernexplorer;Lavasoft helper driver; [x]
S3 MSI_DVD_010507;MSI_DVD_010507;c:\progra~1\msi\msiwdev\DVDSYS32_100507.sys [2010-5-10 22328]
S3 MSI_MSIBIOS_010507;MSI_MSIBIOS_010507;c:\progra~1\msi\msiwdev\msibios32_100507.sys [2010-5-10 25912]
S3 MSI_VGASYS_010507;MSI_VGASYS_010507;c:\progra~1\msi\msiwdev\VGASYS32_100507.sys [2010-5-10 16696]
S3 Vsp;Vsp;c:\windows\system32\drivers\vsp.sys [2010-8-22 3351]
.
=============== Created Last 30 ================
.
2011-09-03 01:43:09 -------- d-----w- c:\windows\system32\NtmsData
2011-09-03 00:59:57 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-09-03 00:59:57 -------- d-----w- c:\documents and settings\all users\application data\Spybot - Search & Destroy
2011-09-02 23:54:19 7680 -c----w- c:\windows\system32\dllcache\iecompat.dll
2011-09-02 23:51:59 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2011-09-02 23:51:59 602112 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2011-09-02 23:51:59 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2011-09-02 23:51:59 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2011-09-02 23:51:59 1991680 -c----w- c:\windows\system32\dllcache\iertutil.dll
2011-09-02 23:51:59 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2011-09-02 23:51:59 11081728 -c----w- c:\windows\system32\dllcache\ieframe.dll
2011-09-02 23:51:58 -------- d-----w- C:\otherrecycler
2011-09-02 23:21:17 2321288 ----a-w- c:\documents and settings\all users\application data\microsoft\windows defender\definition updates\backup\mpengine.dll
2011-09-02 23:21:11 7152464 ----a-w- c:\documents and settings\all users\application data\microsoft\windows defender\definition updates\{2a0b44f2-2835-437b-8b15-9231086176db}\mpengine.dll
2011-09-02 23:21:11 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-09-02 22:47:10 -------- d-sha-r- C:\cmdcons
2011-09-02 22:45:45 256000 ----a-w- c:\windows\PEV.exe
2011-09-02 22:37:04 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-09-02 22:37:01 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-09-02 22:37:01 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-09-02 22:32:23 -------- d-----w- C:\ERDNT
2011-09-02 22:32:03 1445888 ----a-w- C:\WinsockxpFix.exe
2011-09-02 22:29:42 2560 ----a-w- c:\documents and settings\all users\application data\microsoft\usmt\iconlib.dll
2011-09-02 22:24:45 -------- d-----w- c:\windows\system32\wbem\repository\FS
2011-09-02 22:24:45 -------- d-----w- c:\windows\system32\wbem\Repository
2011-09-02 21:58:45 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2011-09-02 16:56:01 -------- d-sh--w- c:\documents and settings\bobo\IECompatCache
2011-09-02 16:54:53 -------- d-sh--w- c:\documents and settings\bobo\PrivacIE
2011-09-02 16:42:20 -------- d---a-w- C:\cmdcons(2)
2011-09-02 16:03:34 -------- d-----w- c:\windows\system32\CatRoot2
2011-09-02 15:55:44 446464 ----a-w- C:\TFC.exe
2011-09-02 15:43:07 4192529 ----a-w- C:\ComboFix.exe
2011-09-02 15:41:09 139264 ----a-w- C:\RKUnhookerLE.EXE
2011-09-02 15:40:22 50477 ----a-w- C:\Defogger.exe
2011-09-02 13:49:56 98816 ----a-w- c:\windows\sed.exe
2011-09-02 13:49:56 518144 ----a-w- c:\windows\SWREG.exe
2011-09-02 13:49:56 208896 ----a-w- c:\windows\MBR.exe
2011-09-02 04:43:27 29959 ----a-w- c:\windows\system\regsv32a.exe
2011-09-01 09:40:13 4194304 ----a-w- c:\windows\system32\embpmffm.dll
2011-09-01 05:12:15 -------- d-----w- c:\program files\Emsisoft HiJackFree
2011-09-01 05:02:37 709896 ----a-w- c:\program files\mozilla firefox\fakeavremover\tmufeng.dll
2011-09-01 05:02:37 537864 ----a-w- c:\program files\mozilla firefox\fakeavremover\tmfbeng.dll
2011-09-01 05:02:31 2433672 ----a-w- c:\program files\mozilla firefox\fakeavremover\svchost.exe
2011-09-01 05:01:06 15360 ----a-w- c:\windows\system32\ctfmon.exe.backup
2011-08-31 23:29:32 0 ----a-w- c:\windows\virus.bin
2011-08-31 23:28:04 -------- d-----w- c:\program files\Yontoo Layers Runtime
2011-08-31 23:27:41 121856 ----a-w- c:\windows\system32\dimsntf.dll
2011-08-27 23:15:52 69376 ----a-w- c:\windows\system32\drivers\usbhub20.sys
2011-08-27 23:09:18 10264 ----a-w- c:\windows\system32\Viagart.sys
2011-08-27 23:01:49 203776 ----a-w- c:\windows\system32\drivers\vinyl97.sys
2011-08-27 23:01:08 19968 ----a-w- c:\windows\Logi_MwX.Exe
2011-08-27 23:01:07 73576 ----a-w- c:\windows\system32\drivers\LMouFlt2.Sys
2011-08-27 23:01:07 26104 ----a-w- c:\windows\system32\drivers\LHidFlt2.Sys
2011-08-27 22:57:01 -------- d-----w- c:\documents and settings\all users\Uniblue
2011-08-27 22:31:02 73728 ----a-w- c:\windows\system32\fdeploy.dll
2011-08-27 22:31:02 566784 ----a-w- c:\windows\system32\gpedit.dll
2011-08-27 22:31:02 199680 ----a-w- c:\windows\system32\gptext.dll
2011-08-27 22:31:02 124928 ----a-w- c:\windows\system32\fde.dll
2011-08-27 22:31:02 -------- d--h--w- c:\windows\system32\GroupPolicy
2011-08-27 22:28:18 295936 ----a-w- c:\windows\system32\appmgr.dll
2011-08-27 22:28:18 167936 ----a-w- c:\windows\system32\appmgmts.dll
2011-08-23 15:28:48 -------- d-----w- c:\documents and settings\all users\application data\NVIDIA Corporation
2011-08-23 15:28:38 146024 ----a-w- c:\windows\system32\nvsvc32.exe
2011-08-23 15:28:38 145000 ----a-w- c:\windows\system32\nvcolor.exe
2011-08-23 15:28:37 54272 ----a-w- c:\windows\system32\nvwddi.dll
2011-08-23 15:28:37 13892200 ----a-w- c:\windows\system32\nvcpl.dll
2011-08-23 15:28:37 111208 ----a-w- c:\windows\system32\nvmctray.dll
2011-08-23 15:28:34 281440 ----a-w- c:\windows\system32\nvdrsdb1.bin
2011-08-23 15:28:34 281440 ----a-w- c:\windows\system32\nvdrsdb0.bin
2011-08-23 15:28:34 1 ----a-w- c:\windows\system32\nvdrssel.bin
2011-08-22 20:37:51 5427200 ----a-w- c:\windows\system32\nvcuda.dll
2011-08-22 20:37:51 2387560 ----a-w- c:\windows\system32\nvcuvid.dll
2011-08-22 20:37:51 2090088 ----a-w- c:\windows\system32\nvcuvenc.dll
2011-08-22 20:37:51 17186816 ----a-w- c:\windows\system32\nvcompiler.dll
2011-08-22 20:37:51 16191488 ----a-w- c:\windows\system32\nvoglnt.dll
2011-08-22 20:31:02 -------- d-----w- c:\program files\SystemRequirementsLab
2011-08-18 16:51:50 -------- d-----w- c:\program files\Eusing Free Registry Cleaner
2011-08-17 17:08:43 -------- d-----r- c:\program files\Skype
2011-08-16 14:20:32 4892320 ----a-w- c:\program files\mozilla firefox\extensions\{82af8dca-6de9-405d-bd5e-43525bdad38a}\components\SkypeFfComponent.dll
2011-08-11 03:46:13 139656 -c----w- c:\windows\system32\dllcache\rdpwd.sys
2011-08-11 03:45:56 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys
2011-08-10 17:54:35 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-08-10 17:37:32 -------- d-----w- c:\documents and settings\bobo\local settings\application data\Solid State Networks
2011-08-10 03:11:49 974848 ----a-w- c:\windows\system32\mfc70.dll
2011-08-10 03:11:49 487424 ----a-w- c:\windows\system32\msvcp70.dll
2011-08-10 03:11:49 344064 ----a-w- c:\windows\system32\msvcr70.dll
2011-08-10 03:11:49 -------- d-----w- c:\program files\AML Products
2011-08-10 02:58:13 -------- d-----w- c:\documents and settings\all users\application data\Autorun Eater
2011-08-10 01:39:07 -------- d-----w- c:\program files\InCode Solutions
2011-08-09 02:28:35 -------- d-----w- c:\program files\Everything
2011-08-09 02:22:22 -------- d-----w- c:\windows\SxsCaPendDel
2011-08-07 17:19:36 -------- d-----w- c:\documents and settings\all users\application data\Arovax
.
==================== Find3M ====================
.
2011-09-02 15:00:25 62976 ----a-w- c:\windows\system32\drivers\cdrom.sys
2011-09-01 05:01:06 24064 ----a-w- c:\windows\system32\ctfmon.exe
2011-08-27 23:14:51 69632 ----a-w- c:\windows\system32\vuins32.dll
2011-08-27 23:14:51 46592 ----a-w- c:\windows\system32\drivers\fetnd5bv.sys
2011-08-27 23:14:51 319456 ----a-w- c:\windows\system32\difxapi.dll
2011-08-27 23:09:11 117248 ----a-w- c:\windows\system32\drivers\viamraid.sys
2011-08-27 23:09:02 13976 ----a-w- c:\windows\system32\drivers\videX32.sys
2011-08-03 11:49:00 61440 ----a-w- c:\windows\system32\OpenCL.dll
2011-08-03 11:49:00 4210816 ----a-w- c:\windows\system32\nv4_disp.dll
2011-08-03 11:49:00 2404864 ----a-w- c:\windows\system32\nvapi.dll
2011-08-03 11:49:00 12542592 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2011-07-15 13:29:31 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-08 14:02:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
2011-06-24 14:10:36 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2011-06-23 18:36:30 916480 ----a-w- c:\windows\system32\wininet.dll
2011-06-23 18:36:30 43520 ------w- c:\windows\system32\licmgr10.dll
2011-06-23 18:36:30 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-06-23 12:05:13 385024 ----a-w- c:\windows\system32\html.iec
2011-06-21 18:18:34 667136 ----a-w- c:\windows\system32\wininet(5).dll
2011-06-21 18:18:34 667136 ----a-w- c:\windows\system32\wininet(4).dll
2011-06-21 18:18:34 633344 ----a-w- c:\windows\system32\urlmon(5).dll
2011-06-21 18:18:34 633344 ----a-w- c:\windows\system32\urlmon(4).dll
2011-06-21 18:18:34 449536 ----a-w- c:\windows\system32\mshtmled(2).dll
2011-06-21 18:18:34 37888 ----a-w- c:\windows\system32\url(3).dll
2011-06-20 17:44:52 293376 ----a-w- c:\windows\system32\winsrv.dll
.
============= FINISH: 10:30:13.57 ===============

shelf life
2011-09-08, 00:39
hi,

Have you been helped elsewhere recently? I see combofix leftovers. One thing I dont see is a resident AV. Essential for a Windows machine. I can suggest several free ones. That should be your priority.

Louiscypher100
2011-09-08, 18:21
hi,

Have you been helped elsewhere recently? I see combofix leftovers. One thing I dont see is a resident AV. Essential for a Windows machine. I can suggest several free ones. That should be your priority.


Thank you for answering :).

I pulled all my antiviral and P2P during the clean up. The only problem right now is that internet explorer will not allow me to access Tools options as restrictions are in effect.

Regards, Louis.

Louiscypher100
2011-09-08, 22:11
If you have some suggestions I would be happy to implement them.:cowboy:

shelf life
2011-09-09, 00:06
So what happens when you click on Tools in IE? A popup message?
Are you a admin. account on the machine?


you have some suggestions

For AV: avast (http://www.avast.com/en-us/index)
Panda Cloud (http://www.cloudantivirus.com/en/)
AVG (http://free.avg.com/us-en/homepage)
MS Security Essentials (https://www.microsoft.com/en-us/security_essentials/default.aspx)

You may as well wave a magic wand over your machine, those registry cleaners you have installed are big on promises and short on results.
Is a updated malwarebytes coming up clean after a scan?

Louiscypher100
2011-09-09, 06:35
Thank you.


As un update I am unable to access the IE Tools/internet options tab at this point. A message comes up requesting I contact the systems administrator.

I'm running windows XP home edition and I do have Admin privileges as well as access to the Admin account.

As discussed I choose to install Microsoft security essentials then attempted to install Malwarebytes.

This resulted in 2 runtime errors when installing Malwarebytes and the program appearing to install. When I attempt to run the program from the desktop short cut or the Start menu the following errors occurred.

vbaccelerator SGrid II Control
Run-time error 'o'

Followed by
Runtime error 372 from malwarebytes' anti-malware.
Failed to load control VbaldGrid from vbalsgrid6.0cx

So I'm running a security scan with Microsoft Security Essentials till I hear back from you.

Regards, Louis.

Louiscypher100
2011-09-09, 21:51
Hi, Shelf Life.

Thank you again for your recommendations :)

Microsoft SE found the following problems as follows

Win32 isssues:
Boaxxe.G
FakeYak
Stads (**addaware**)
ProxyBot.C
FakeRean
Smadow
AdRotator

WinNT Issues:
Sirefef.H

As an extra percaution after this is over I will put a password on the computer Admin accounts and keep all your recomendations.

Also I will tell the roomate to do all there data activities on his own laptop and I will also set up a limited accounts for the wife and roomate.

Do you need anymore reports or actions?

Regards, Louis.

shelf life
2011-09-10, 01:39
For now try uninstalling Malwarebytes via the add/remove programs panel, reboot then download from here (http://www.malwarebytes.org/) and reinstall it.

For IE download this MS fix (http://go.microsoft.com/?linkid=9646978) and follow the directions. It will set IE back to its original defaults. Afterwards see if you can access internet options.

Louiscypher100
2011-09-10, 03:08
For now try uninstalling Malwarebytes via the add/remove programs panel, reboot then download from here (http://www.malwarebytes.org/) and reinstall it.

For IE download this MS fix (http://go.microsoft.com/?linkid=9646978) and follow the directions. It will set IE back to its original defaults. Afterwards see if you can access internet options.

Hi Shelf Life, here are the results of this round:

Ok, I removed Malwarebytes and 2 sets of errors came up as I was uninstallign. Windows does report that it has been uninstalled.

I tried installing from your link and the following errors came up during install

vpAccelerator SGrid II Control
! Run-time error ‘0’

Then

Malwarebytes’ Anti-Malware
Runtime error ‘372’:
Failed to load control ‘vbalGrid’ from vbalsgrid6.ocx Your version of vbalsgrids6.ocx may be outdated. ect... ect..

Then

vpAccelerator SGrid II Control
! Run-time error ‘0’

Then

Malwarebytes’ Anti-Malware
Runtime error ‘372’:
Failed to load control ‘vbalGrid’ from vbalsgrid6.ocx Your version of vbalsgrids6.ocx may be outdated. Ect.. ect..

Windows then reported a ok install and I attempted to run the program at which point it failed to load.

I then did the IE fix with no erros reported but I still can't access the tools/internet options directory.

I unisntalled Malbytes and reinstalled and the same errors came up again.

We're getting there I'm sure this can be licked :cool:

Regards, Louis.

shelf life
2011-09-10, 04:32
see if you can locate this file: c:\windows\system\regsv32a.exe Go here (http://www.bleepingcomputer.com/submit-malware.php?channel=67) and browse for the file again then upload it using the send file button.
Then look in c:windows\system32\ and see if you spot: regsvr32.exe

Louiscypher100
2011-09-10, 07:20
see if you can locate this file: c:\windows\system\regsv32a.exe Go here and browse for the file again then upload it using the send file button.
Then look in c:windows\system32\ and see if you spot: regsvr32.exe
__________________


I've uploaded he file regsv32a.exe as requested.

I found a Regsvr32.exe.vir in c:\Qoobox\Quarantine\c\windows\system
But no sign of it in c:windows\system32\

Regards, Louis

shelf life
2011-09-10, 21:03
download and run this. (http://www.microsoft.com/download/en/details.aspx?displaylang=en&id=24417) Next run combofix, let it update first. Post the combofix log.

Louiscypher100
2011-09-10, 22:29
download and run this. (http://www.microsoft.com/download/en/details.aspx?displaylang=en&id=24417) Next run combofix, let it update first. Post the combofix log.

Shelf Life thank you again :)

I've done as requested and I now IE is running much better and I have full access to the tools tab.

Here is the DLL file.

shelf life
2011-09-11, 03:12
ok good. Now try running Malwarebytes and see how that goes.

Louiscypher100
2011-09-11, 21:31
see if you can locate this file: c:\windows\system\regsv32a.exe Go here (http://www.bleepingcomputer.com/submit-malware.php?channel=67) and browse for the file again then upload it using the send file button.
Then look in c:windows\system32\ and see if you spot: regsvr32.exe


Not so good this time.

I get the same runtime errors and the program will not load.

I then tried uninstalling it then reinstalling it fresh from the website.

Same result.

Regards, Louis.

Louiscypher100
2011-09-11, 21:48
ok good. Now try running Malwarebytes and see how that goes.

Sorry, I quoted the wrong reply. I meant this one.

Malware will not run.

Louis.

shelf life
2011-09-11, 22:47
try this:
1. Uninstall Malwarebytes' Anti-Malware using Add/Remove programs in the control panel.
2. Restart your computer (very important).
3. Download and run this. (http://www.malwarebytes.org/mbam-clean.exe)
4. It will ask to restart your computer (please allow it to).
5. After the computer restarts, download and reinstall Malwarebytes (http://www.malwarebytes.org/)

Louiscypher100
2011-09-12, 03:12
try this:
1. Uninstall Malwarebytes' Anti-Malware using Add/Remove programs in the control panel.
2. Restart your computer (very important).
3. Download and run this. (http://www.malwarebytes.org/mbam-clean.exe)
4. It will ask to restart your computer (please allow it to).
5. After the computer restarts, download and reinstall Malwarebytes (http://www.malwarebytes.org/)

Greetings Mr/Mrs Shelf Life.

Did as instructed above and here is the news sports and weather.

The malwarebytes will not run i get two errors similiar to earlier attempts to run the program Malwarebytes.

Here they are in order as follows:


vbAccelerator SGrid II Control
! Run-time error '0'

Then

Run-time error '372':
Failed to load control 'vbalgrid' from vbalsgrid6.ocx. Your version of vbalsgrid6.ocx may be outadated. Make sure you are useing the version of the control that was provided with your application.


These come up two times during the attempted run after install. I think it comes up during install as well.

I will uninstall the program and wait for further directions.

Regards, Louis

Louiscypher100
2011-09-12, 03:58
Hi Shelf Life

I don't know if this will help.

I ran my other antiviral program (remove it pro) and scanned the system and it came up with some flagged files.

Here is the file that didn't correspond to legitimate software.

NVGENCO32.DLL

http://www.novirus365.com/Softwareantivirus/36458.html

thought it might help.

Regards, Louis

Louiscypher100
2011-09-12, 18:43
Hi Shelf Life

I don't know if this will help.

I ran my other antiviral program (remove it pro) and scanned the system and it came up with some flagged files.

Here is the file that didn't correspond to legitimate software.

NVGENCO32.DLL

http://www.novirus365.com/Softwareantivirus/36458.html

thought it might help.

Regards, Louis


Hi Shelf Life

Please ignore that message as it appears to be a Nvidia related file sorry for that.

I will wait for your directions.

Regards, Louis

shelf life
2011-09-13, 03:51
At this point I dont think the problem with malwarebytes is malware related.

Your AV: RemoveIT Pro v4. You only need one resident AV running on your machine, you have MS Security Essentials which is a antivirus app. as well as a anti-malware. Need only one AV, but you can have more than one anti-malware app.

From MSSE website:


Before installing Microsoft Security Essentials, we recommend that you uninstall other antivirus software already running on your PC. Running more than one antivirus program at the same time can potentially cause conflicts that affect PC performance. source (http://www.microsoft.com/en-us/security_essentials/default.aspx)

Iam pressed for time today. I will post back for something else you can try to get MBAM going.

Louiscypher100
2011-09-13, 08:36
At this point I dont think the problem with malwarebytes is malware related.

Your AV: RemoveIT Pro v4. You only need one resident AV running on your machine, you have MS Security Essentials which is a antivirus app. as well as a anti-malware. Need only one AV, but you can have more than one anti-malware app.

From MSSE website:

source (http://www.microsoft.com/en-us/security_essentials/default.aspx)

Iam pressed for time today. I will post back for something else you can try to get MBAM going.

Right I'm sticking with just one antivirus namely the microsoft SE.
I did some looking and I found a copy of hijackthis that I cannot rename or delete.


Regards, Louis

shelf life
2011-09-14, 00:44
you can try this, then its probably time to head over to the malwarebytes forum if this dosnt fix the problem.
We will use a cmd prompt to cd in the malwarebytes directory. To get a cmd prompt you would go to start and click Run then type in cmd and click ok or enter.

Everything else will be done in the shell window. I made two screen shots.
You have to do it once, reboot then do it again. You get to the malwarebytes directory the same way each time, the only difference is what you type last as you will see in the screenshots.
Marked in red is what you will have to type in. After you type in a line hit enter.
If you make a mistake just close the windows and retype cmd again and start over or you can use the backspace key to erase previous letters.
Follow cmd1 first then cmd2. Post back if you have questions.

this goes in the last line the first time, you could copy/paste it in (note the space after32 and before the /)

Regsvr32 /u vbalsgrid6.ocx

this goes in the last line after the reboot, notice theres no /u switch
Regsvr32 vbalsgrid6.ocx

Louiscypher100
2011-09-14, 20:58
you can try this, then its probably time to head over to the malwarebytes forum if this dosnt fix the problem.
We will use a cmd prompt to cd in the malwarebytes directory. To get a cmd prompt you would go to start and click Run then type in cmd and click ok or enter.

Everything else will be done in the shell window. I made two screen shots.
You have to do it once, reboot then do it again. You get to the malwarebytes directory the same way each time, the only difference is what you type last as you will see in the screenshots.
Marked in red is what you will have to type in. After you type in a line hit enter.
If you make a mistake just close the windows and retype cmd again and start over or you can use the backspace key to erase previous letters.
Follow cmd1 first then cmd2. Post back if you have questions.

this goes in the last line the first time, you could copy/paste it in (note the space after32 and before the /)

Regsvr32 /u vbalsgrid6.ocx

this goes in the last line after the reboot, notice theres no /u switch
Regsvr32 vbalsgrid6.ocx

I tried to get this to work but it didn't intially.
I had to go to the win32 directory and noticed that the Regsvr32 was still missing.
I checked the entire drive to see if it had been relocated as you suggested in a previous post. As I did not find it I picked up another copy of the program from a friends computer which was runing the same OS Ver I had and replaced my missing copy.

As a side note I noticed that the Regsvr32a program had similar but limited/fewer switch commands when compared to the Regsvr32 orginal.:confused:

I'm ready for the next step.

Louiscypher100
2011-09-14, 21:00
p.s.

the instructions worked as your photos demonstrated.
Louis

shelf life
2011-09-15, 01:02
ok good. This regserv32a, I dont know why it has a letter a on the end of it. The copy you uploaded checked out ok. The one in combofix's quarantine folder is there for a reason, or it wouldnt have been quarantined.
Why dont you do a online scan for another opinion as far as virus and malware go: I assume re-registering the .ocx didnt help as far as running malwarebytes.

ESET online scanner:

http://www.eset.com/onlinescan/

Use Internet Explorer
check "YES" to accept terms
click start button
allow the ActiveX component to install
click the start button. the Scanner will update.
check both "Remove found threats" and "Scan archives" Leave the defaults checked under Advanced settings
click scan. When it completes click "List found threats"
click "Export to text file.." and save it to your desktop. Post the saved log.
Click "back" and "finish"

Louiscypher100
2011-09-15, 05:53
ok good. This regserv32a, I dont know why it has a letter a on the end of it. The copy you uploaded checked out ok. The one in combofix's quarantine folder is there for a reason, or it wouldnt have been quarantined.
Why dont you do a online scan for another opinion as far as virus and malware go: I assume re-registering the .ocx didnt help as far as running malwarebytes.

ESET online scanner:

http://www.eset.com/onlinescan/

Use Internet Explorer
check "YES" to accept terms
click start button
allow the ActiveX component to install
click the start button. the Scanner will update.
check both "Remove found threats" and "Scan archives" Leave the defaults checked under Advanced settings
click scan. When it completes click "List found threats"
click "Export to text file.." and save it to your desktop. Post the saved log.
Click "back" and "finish"


Hi Shelf Life.

Terribly sorry, I have good news.
Malwarebytes installed and ran FINE.

It identified and quarantined a
"Heuristics.Reserved.Word.Exploit"
in a hidden file located in :

c:\documents and settings\Bobo\mydocuments\downloads\Svchost.exe

Unfortunetly now I'm getting 403
"website requires you to log in"
issues from my online community website.
ie: www.ahpkicksass.com.

Other than that the IE behavior looks ok. if not improved and HJT seems to be working fine now as well.

I suspect it may be related to the word exploit being removed.

I am presently up loading the latest security updates for Ms Office 2000 to close down any other known exploits.

Things are looking up :)

Mbam Log to follow shortly if unless I hear otherwise from you.

Regards Louis

Louiscypher100
2011-09-15, 05:58
ok good. This regserv32a, I dont know why it has a letter a on the end of it. The copy you uploaded checked out ok. The one in combofix's quarantine folder is there for a reason, or it wouldnt have been quarantined.
Why dont you do a online scan for another opinion as far as virus and malware go: I assume re-registering the .ocx didnt help as far as running malwarebytes.

ESET online scanner:

http://www.eset.com/onlinescan/

Use Internet Explorer
check "YES" to accept terms
click start button
allow the ActiveX component to install
click the start button. the Scanner will update.
check both "Remove found threats" and "Scan archives" Leave the defaults checked under Advanced settings
click scan. When it completes click "List found threats"
click "Export to text file.." and save it to your desktop. Post the saved log.
Click "back" and "finish"

Here is the Mbam log and I will post the scan from the above instructions shortly.

Regards, Louis

Louiscypher100
2011-09-15, 21:22
ok good. This regserv32a, I dont know why it has a letter a on the end of it. The copy you uploaded checked out ok. The one in combofix's quarantine folder is there for a reason, or it wouldnt have been quarantined.
Why dont you do a online scan for another opinion as far as virus and malware go: I assume re-registering the .ocx didnt help as far as running malwarebytes.

ESET online scanner:

http://www.eset.com/onlinescan/

Use Internet Explorer
check "YES" to accept terms
click start button
allow the ActiveX component to install
click the start button. the Scanner will update.
check both "Remove found threats" and "Scan archives" Leave the defaults checked under Advanced settings
click scan. When it completes click "List found threats"
click "Export to text file.." and save it to your desktop. Post the saved log.
Click "back" and "finish"

Hi Shelf Life
I followed the instructions as noted above and it the scan found one more problem. I missed the export to text file option.

I re ran the the scan a second time but I found nothing and there were no options to download a text file.

Thank you Shelf Life you saved us a lot of headaches on this side.

Regards, Louis

shelf life
2011-09-16, 02:47
hi,

Looks good, and your welcome. Now that you can get to internet options, go ahead and set IE back to its defaults. Tools>Internet Options>advanced tab> Reset.

Louiscypher100
2011-09-16, 17:49
hi,

Looks good, and your welcome. Now that you can get to internet options, go ahead and set IE back to its defaults. Tools>Internet Options>advanced tab> Reset.

So far so good, I have done as requested.
IE looks pretty stable so far.

Regards, Louis

shelf life
2011-09-17, 15:03
hi,

You can remove combofix like this: start>run and type in combofix /u
click ok or enter, note the space after the x and before the /

Note that the free version of Malwarbytes must be updated manually and a scan started manually. Its good practice to check for updates on a regular basis even if you dont do a scan with it at that time.

if all is good, some tips to help you remain malware free:

10 Tips for Prevention and Avoidance of Malware:
There is no reason why your computer can not stay malware free.

No software can think for you. Help yourself. In no special order:

1) It is essential to keep your operating system (Windows) browser (IE, FireFox, Chrome, Opera) and other software up to date to "patch" vulnerabilities that could be exploited. Visit Windows Update (http://www.update.microsoft.com/microsoftupdate/v6/default.aspx?ln=en-us) frequently or use the Windows auto-update feature. (http://www.microsoft.com/windows/downloads/windowsupdate/automaticupdate.mspx) Staying updated is also essential for web based applications, browser plugins and addons like Java, Adobe Flash/Reader, iTunes etc. More and more third party applications are being targeted. Use the auto-update features available in most software. Not sure if you are using the latest version of software? Check their version status and get the updates here. (http://secunia.com/vulnerability_scanning/online/)

2) Know what you are installing to your computer. Alot of software can come bundled with unwanted add-ons, like adware, toolbars and malware. More and more legitimate software is installing useless toolbars if not unchecked first. Do not install any files from ads, popups or random links. Do not fall for fake warnings about virus and trojans being found on your computer and you are then prompted to install software to remedy this. See also the signs (http://www.malwarevault.com/signs.html)that you may have malware on your computer.

3) Install and keep updated: one antivirus and two or three anti-malware applications. If not kept updated then they will soon be worthless. If either of these frequently find malware then its time to *review your computer habits*.

4) Refrain from clicking on links or attachments via E-Mail, IM, IRC, Chat Rooms, Blogs or Social Networking Sites, no matter how tempting or legitimate the message may seem. Do you trust the source? See also E-mail phishing Tricks (http://www.fraud.org/tips/internet/phishing.htm).

5) Do not click on ads/pop ups or offers from websites requesting that you need to install software to your computer--*for any reason*. Use the Alt+F4 keys to close the window.

6) Don't click on offers to "scan" your computer. Install ActiveX Objects with care. Do you trust the website to install components?

7) Consider the use of limited (non-privileged) accounts for everyday use, rather than administrator accounts. Limited accounts (http://www.microsoft.com/protect/computer/advanced/useraccount.mspx) can help prevent *malware from installing and lessen its potential impact.* This is exactly what User Account Control (UAC) in Windows Vista and Windows 7 attempts to address.

8) Install and understand the *limitations* of a software firewall.

9) The why and how for securing (http://www.cert.org/tech_tips/securing_browser/) your browser for safer surfing.

10) Warez, cracks, keygens and p2p are very popular for carrying malware payloads. A file can be named anything, be nothing but malware or have malware bundled in it. Do you really trust the source of the file?


More info/tips with pictures, links below

Happy Safe Surfing.

Louiscypher100
2011-09-17, 18:34
hi,

You can remove combofix like this: start>run and type in combofix /u
click ok or enter, note the space after the x and before the /

Note that the free version of Malwarbytes must be updated manually and a scan started manually. Its good practice to check for updates on a regular basis even if you dont do a scan with it at that time.

if all is good, some tips to help you remain malware free:

10 Tips for Prevention and Avoidance of Malware:
There is no reason why your computer can not stay malware free.

No software can think for you. Help yourself. In no special order:

1) It is essential to keep your operating system (Windows) browser (IE, FireFox, Chrome, Opera) and other software up to date to "patch" vulnerabilities that could be exploited. Visit Windows Update (http://www.update.microsoft.com/microsoftupdate/v6/default.aspx?ln=en-us) frequently or use the Windows auto-update feature. (http://www.microsoft.com/windows/downloads/windowsupdate/automaticupdate.mspx) Staying updated is also essential for web based applications, browser plugins and addons like Java, Adobe Flash/Reader, iTunes etc. More and more third party applications are being targeted. Use the auto-update features available in most software. Not sure if you are using the latest version of software? Check their version status and get the updates here. (http://secunia.com/vulnerability_scanning/online/)

2) Know what you are installing to your computer. Alot of software can come bundled with unwanted add-ons, like adware, toolbars and malware. More and more legitimate software is installing useless toolbars if not unchecked first. Do not install any files from ads, popups or random links. Do not fall for fake warnings about virus and trojans being found on your computer and you are then prompted to install software to remedy this. See also the signs (http://www.malwarevault.com/signs.html)that you may have malware on your computer.

3) Install and keep updated: one antivirus and two or three anti-malware applications. If not kept updated then they will soon be worthless. If either of these frequently find malware then its time to *review your computer habits*.

4) Refrain from clicking on links or attachments via E-Mail, IM, IRC, Chat Rooms, Blogs or Social Networking Sites, no matter how tempting or legitimate the message may seem. Do you trust the source? See also E-mail phishing Tricks (http://www.fraud.org/tips/internet/phishing.htm).

5) Do not click on ads/pop ups or offers from websites requesting that you need to install software to your computer--*for any reason*. Use the Alt+F4 keys to close the window.

6) Don't click on offers to "scan" your computer. Install ActiveX Objects with care. Do you trust the website to install components?

7) Consider the use of limited (non-privileged) accounts for everyday use, rather than administrator accounts. Limited accounts (http://www.microsoft.com/protect/computer/advanced/useraccount.mspx) can help prevent *malware from installing and lessen its potential impact.* This is exactly what User Account Control (UAC) in Windows Vista and Windows 7 attempts to address.

8) Install and understand the *limitations* of a software firewall.

9) The why and how for securing (http://www.cert.org/tech_tips/securing_browser/) your browser for safer surfing.

10) Warez, cracks, keygens and p2p are very popular for carrying malware payloads. A file can be named anything, be nothing but malware or have malware bundled in it. Do you really trust the source of the file?


More info/tips with pictures, links below

Happy Safe Surfing.

Shelf Life again a hearty thank you. I am going to give these sugguestions to the Roomies and the wife and hopefully we will avoid any future issues.

If there is ever anything I can do to help please let me know.

Regards, Louis

shelf life
2011-09-17, 22:56
hi Louis

Your welcome. Happy Safe Surfing out there.