|
|
|
|
|||||
|
|
|
|
|
|
|||
| Welcome
to Tech Support Forum home to more then 136,000 problems solved. Issues
have included: Spyware, Malware, Virus Issues, Windows, Microsoft,
Linux, Networking, Security, Hardware, and Gaming Getting your
problem solved is as easy as: 1. Registering for a free account 2. Asking your question 3. Receiving an answer Registered members: * See fewer ads. * And much more..
|
| Want to know how to post a question? click here | Having problems with spyware and pop-ups? First Steps |
|
|||||||
| Resolved HJT Threads Resolved spyware and popup issues. |
|
|
LinkBack | Thread Tools |
12-27-2008, 08:25 PM
|
#1 (permalink) |
|
Registered User
Join Date: Dec 2008
Posts: 14
OS: Windows XP
|
Runtime/Dll/JScript Errors
DDS (Version 1.1.0) - NTFSx86
Run by Ryan at 22:14:21.81 on Sat 12/27/2008 Internet Explorer: 8.0.6001.18241 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.560 [GMT -5:00] AV: Avira AntiVir PersonalEdition *On-access scanning enabled* (Updated) ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup svchost.exe svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Dell Support Center\bin\sprtsvc.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\WINDOWS\Explorer.EXE C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\WINDOWS\system32\ctfmon.exe C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE C:\WINDOWS\system32\rundll32.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Outlook Express\msimn.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\Explorer.EXE C:\Documents and Settings\Ryan\My Documents\dds.com ============== Pseudo HJT Report =============== BHO: {ad1565d3-f834-a929-2424-b2e7ea16f774}: {477f61ae-7e2b-4242-929a-438f3d5651da} - c:\windows\system32\bekijo.dll BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar3.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\3.1.807.1746\swg.dll BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\googleafe\GoogleAE.dll BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar3.dll TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File TB: {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - No File TB: {A057A204-BACC-4D26-CEC4-75A487FD6484} - No File uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [Yahoo! Pager] "c:\progra~1\yahoo!\messen~1\YAHOOM~1.EXE" -quiet uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter uRun: [Uniblue RegistryBooster 2] c:\program files\uniblue\registrybooster 2\RegistryBooster.exe /S uRun: [Performance Center] c:\program files\ascentive\performance center\APCMain.exe -m mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe mRun: [IntelMeM] c:\program files\intel\modem event monitor\IntelMEM.exe mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe" mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start mRun: [Lexmark X1100 Series] "c:\program files\lexmark x1100 series\lxbkbmgr.exe" mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop elements 5.0\apdproxy.exe" mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter mRun: [avgnt] "c:\program files\avira\antivir personaledition classic\avgnt.exe" /min mRun: [0cd24eff] rundll32.exe "c:\windows\system32\bkjluxql.dll",b StartupFolder: c:\documents and settings\ryan\start menu\programs\startup\PowerReg Scheduler.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ymetray.lnk - c:\program files\yahoo!\yahoo! music jukebox\ymetray.exe IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll Trusted Zone: limewire Trusted Zone: line6.net Notify: igfxcui - igfxdev.dll AppInit_DLLs: AVGRSSTX.DLL bekijo.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll LSA: Authentication Packages = msv1_0 c:\windows\system32\ssqPgeby ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\ryan\applic~1\mozilla\firefox\profiles\3rm6t233.default\ FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll FF - plugin: c:\program files\yahoo!\shared\npYState.dll ============= SERVICES / DRIVERS =============== R1 avgio;avgio;\??\c:\program files\avira\antivir personaledition classic\avgio.sys [2008-12-23 11840] R2 AntiVirScheduler;Avira AntiVir Personal - Free Antivirus Scheduler;"c:\program files\avira\antivir personaledition classic\sched.exe" [2008-12-23 68865] R2 AntiVirService;Avira AntiVir Personal - Free Antivirus Guard;"c:\program files\avira\antivir personaledition classic\avguard.exe" [2008-12-23 151297] R3 avgntflt;avgntflt;\??\c:\program files\avira\antivir personaledition classic\avgntflt.sys [2008-12-23 52032] R3 GPWADrv;Service for L6 GuitarPort Driver (WDM);c:\windows\system32\drivers\GPWADrv.sys [2004-10-25 521472] R3 L6DP;L6DP;c:\windows\system32\drivers\l6dp.sys [2002-7-15 29312] S2 Ca533av;Mega DV(Video);c:\windows\system32\drivers\Ca533av.sys [2006-2-17 515803] S3 MR97310_VGA_DUAL_CAMERA;VGA Dual-Mode Camera;c:\windows\system32\drivers\mr97310v.sys [2006-7-18 99840] S3 USBCamera;DSC Still Image Capture (CA533A);c:\windows\system32\drivers\Bulk533.sys [2006-2-17 11144] =============== Created Last 30 ================ 2008-12-27 17:31 <DIR> --d----- c:\docume~1\ryan\applic~1\Malwarebytes 2008-12-27 17:31 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes 2008-12-26 16:53 <DIR> --d----- c:\windows\ie8updates 2008-12-26 16:51 410,984 a------- c:\windows\system32\deploytk.dll 2008-12-26 11:23 4,128 a------- C:\INFCACHE.1 2008-12-25 16:51 <DIR> --dsh--- c:\documents and settings\ryan\PrivacIE 2008-12-25 12:13 <DIR> -cd-h--- c:\windows\ie8 2008-12-24 12:49 1,661,209 ---sh--- c:\windows\system32\lqxuljkb.ini 2008-12-24 12:49 135,168 a------- c:\windows\system32\xgbggmrq.dll 2008-12-24 11:19 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com 2008-12-24 11:18 <DIR> --d----- c:\program files\SUPERAntiSpyware 2008-12-24 11:18 <DIR> --d----- c:\docume~1\ryan\applic~1\SUPERAntiSpyware.com 2008-12-24 11:11 1,661,209 ---sh--- c:\windows\system32\mbwpskiu.ini 2008-12-24 11:09 135,168 a------- c:\windows\system32\oxzxrk.dll 2008-12-24 11:09 135,168 a------- c:\windows\system32\ookljulp.dll 2008-12-24 10:23 3,016 a------- c:\windows\system32\tmp.reg 2008-12-24 09:50 135,168 a------- c:\windows\system32\exwrcbeb.dll 2008-12-24 09:45 1,661,209 ---sh--- c:\windows\system32\rjmauqyr.tmp 2008-12-24 09:45 1,661,218 ---sh--- c:\windows\system32\rjmauqyr.ini 2008-12-24 09:44 135,168 a------- c:\windows\system32\aujczv.dll 2008-12-24 09:44 135,168 a------- c:\windows\system32\uawbcutu.dll 2008-12-23 20:27 1,661,209 ---sh--- c:\windows\system32\nvfbfjdm.tmp 2008-12-23 20:27 1,661,218 ---sh--- c:\windows\system32\nvfbfjdm.ini 2008-12-23 20:02 54,156 a---h--- c:\windows\QTFont.qfn 2008-12-23 20:02 1,409 a------- c:\windows\QTFont.for 2008-12-23 17:45 1,661,218 ---sh--- c:\windows\system32\jkhplvgw.ini 2008-12-23 17:37 371 a--sh--- c:\windows\system32\MmpsrBeg.ini 2008-12-23 15:56 1,661,209 ---sh--- c:\windows\system32\ntfkbrgr.ini 2008-12-23 07:51 143 a------- c:\windows\system32\mcrh.tmp 2008-12-22 23:42 890,897 a--sh--- c:\windows\system32\ybegPqss.ini2 2008-12-22 23:40 <DIR> --d-h--- C:\$AVG8.VAULT$ 2008-12-22 23:40 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Avg8 2008-12-22 23:26 <DIR> --d----- c:\program files\Avira 2008-12-22 23:26 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Avira 2008-12-22 20:43 890,897 a--sh--- c:\windows\system32\ybegPqss.ini 2008-12-08 21:46 <DIR> --d----- c:\docume~1\ryan\applic~1\GetRightToGo ==================== Find3M ==================== 2008-12-14 08:59 5,699,584 a------- c:\windows\system32\dllcache\mshtml.dll 2008-10-24 06:21 455,296 -------- c:\windows\system32\dllcache\mrxsmb.sys 2008-10-23 07:36 286,720 a------- c:\windows\system32\gdi32.dll 2008-10-23 07:36 286,720 -------- c:\windows\system32\dllcache\gdi32.dll 2008-10-16 15:38 133,120 a------- c:\windows\system32\dllcache\extmgr.dll 2008-10-16 14:13 1,809,944 a------- c:\windows\system32\dllcache\wuaueng.dll 2008-10-16 14:13 202,776 a------- c:\windows\system32\dllcache\wuweb.dll 2008-10-16 14:12 323,608 a------- c:\windows\system32\dllcache\wucltui.dll 2008-10-16 14:12 561,688 a------- c:\windows\system32\dllcache\wuapi.dll 2008-10-16 14:09 92,696 a------- c:\windows\system32\dllcache\cdm.dll 2008-10-16 14:09 51,224 a------- c:\windows\system32\dllcache\wuauclt.exe 2008-10-16 14:08 34,328 a------- c:\windows\system32\dllcache\wups.dll 2008-10-16 08:11 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe 2008-10-15 11:34 337,408 -------- c:\windows\system32\dllcache\netapi32.dll 2008-10-03 05:02 247,326 a------- c:\windows\system32\strmdll.dll 2008-10-03 05:02 247,326 a------- c:\windows\system32\dllcache\strmdll.dll 2006-03-26 02:23 56 -c-shr-- c:\windows\system32\84236D92F5.sys 2006-03-26 02:23 3,350 ac-sh--- c:\windows\system32\KGyGaAvL.sys 2008-09-06 09:55 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008090620080907\index.dat ============= FINISH: 22:14:57.73 =============== |
|
     |
| Important Information |
|
Join the #1 Tech Support Forum Today - It's Totally Free!
TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free. Join TechSupportforum.com Today - Click Here |
|
12-29-2008, 05:39 PM
|
#2 (permalink) |
|
Manager, Security Center, TSF Academy; Analyst, Security Team
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 35,580
OS: 2000 Pro; XP Pro; XP Home
|
Re: Runtime/Dll/JScript Errors
Hello, and Welcome to TSF.
Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe. Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix. It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence. ---------------------------------------------------------------------------------------------
__________________
Practice Safe Surfing Because what you don't know, CAN hurt you.  Microsoft MVP - Consumer Security 2009
|
|
|
|
|
12-30-2008, 12:31 PM
|
#3 (permalink) |
|
Registered User
Join Date: Dec 2008
Posts: 14
OS: Windows XP
|
Re: Runtime/Dll/JScript Errors
I tried to get the thread tool drop bar to come down so I could subscribe to this thread but it won't allow the bar to pull down so I can select to subscribe..I chose it from the bottom so hopefully that will work too.
ComboFix 08-12-29.02 - Ryan 2008-12-30 14:14:28.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.697 [GMT -5:00] Running from: c:\documents and settings\Ryan\Desktop\ComboFix.exe AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Updated) * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Ryan\Application Data\FunWebProducts c:\windows\system32\aujczv.dll c:\windows\system32\exwrcbeb.dll c:\windows\system32\jkhplvgw.ini c:\windows\system32\lqxuljkb.ini c:\windows\system32\mbwpskiu.ini c:\windows\system32\mcrh.tmp c:\windows\system32\MmpsrBeg.ini c:\windows\system32\ntfkbrgr.ini c:\windows\system32\nvfbfjdm.ini c:\windows\system32\ookljulp.dll c:\windows\system32\oxzxrk.dll c:\windows\system32\rjmauqyr.ini c:\windows\system32\tmp.reg c:\windows\system32\uawbcutu.dll c:\windows\system32\xgbggmrq.dll c:\windows\system32\ybegPqss.ini c:\windows\system32\ybegPqss.ini2 . ((((((((((((((((((((((((( Files Created from 2008-11-28 to 2008-12-30 ))))))))))))))))))))))))))))))) . 2008-12-27 22:16 . 2008-12-27 22:16 250 --a------ c:\windows\gmer.ini 2008-12-27 17:31 . 2008-12-27 17:31 <DIR> d-------- c:\documents and settings\Ryan\Application Data\Malwarebytes 2008-12-27 17:31 . 2008-12-27 17:31 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes 2008-12-26 16:53 . 2008-12-26 16:53 <DIR> d-------- c:\windows\ie8updates 2008-12-26 16:51 . 2008-12-26 16:50 410,984 --a------ c:\windows\system32\deploytk.dll 2008-12-26 11:23 . 2008-12-26 11:23 4,128 --a------ C:\INFCACHE.1 2008-12-25 16:51 . 2008-12-25 16:51 <DIR> d--hs---- c:\documents and settings\Ryan\PrivacIE 2008-12-25 12:13 . 2008-12-25 12:14 <DIR> d--h-c--- c:\windows\ie8 2008-12-24 11:19 . 2008-12-24 11:19 <DIR> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com 2008-12-24 11:18 . 2008-12-27 18:03 <DIR> d-------- c:\program files\SUPERAntiSpyware 2008-12-24 11:18 . 2008-12-24 11:18 <DIR> d-------- c:\documents and settings\Ryan\Application Data\SUPERAntiSpyware.com 2008-12-24 09:45 . 2008-12-24 09:45 1,661,209 ---hs---- c:\windows\system32\rjmauqyr.tmp 2008-12-23 20:27 . 2008-12-23 20:27 1,661,209 ---hs---- c:\windows\system32\nvfbfjdm.tmp 2008-12-23 20:02 . 2008-12-23 20:02 54,156 --ah----- c:\windows\QTFont.qfn 2008-12-23 20:02 . 2008-12-23 20:02 1,409 --a------ c:\windows\QTFont.for 2008-12-22 23:40 . 2008-12-23 20:16 <DIR> d-------- c:\documents and settings\All Users\Application Data\Avg8 2008-12-22 23:40 . 2008-12-22 23:40 <DIR> d--h----- C:\$AVG8.VAULT$ 2008-12-22 23:26 . 2008-12-22 23:26 <DIR> d-------- c:\program files\Avira 2008-12-22 23:26 . 2008-12-22 23:26 <DIR> d-------- c:\documents and settings\All Users\Application Data\Avira 2008-12-08 21:46 . 2008-12-08 22:02 <DIR> d-------- c:\documents and settings\Ryan\Application Data\GetRightToGo 2008-11-27 12:35 . 2008-11-27 13:37 <DIR> d-------- c:\program files\TQ Digital 2008-11-25 15:59 . 2007-07-03 11:48 36,864 --a------ c:\windows\system32\ascbalon.dll 2008-11-25 15:58 . 2008-11-25 17:34 <DIR> d-------- c:\program files\Ascentive 2008-11-25 15:58 . 2008-07-29 11:27 208,896 --a------ c:\windows\system32\ConTest.dll 2008-11-25 15:58 . 2008-08-20 17:44 45,056 --a------ c:\windows\system32\CreateLog.dll 2008-11-25 15:58 . 2007-07-03 11:48 20,480 --a------ c:\windows\system32\SysRestore.dll 2008-11-17 11:16 . 2008-11-18 10:53 <DIR> d-------- c:\windows\SxsCaPendDel 2008-11-16 16:13 . 2008-12-23 20:27 <DIR> d-------- c:\program files\mypoints 2008-11-12 10:30 . 2008-10-24 06:21 455,296 --------- c:\windows\system32\dllcache\mrxsmb.sys 2008-11-12 10:29 . 2008-09-04 12:15 1,106,944 --------- c:\windows\system32\dllcache\msxml3.dll 2008-11-06 12:52 . 2008-11-06 15:43 <DIR> d-------- c:\documents and settings\Ryan\Application Data\AVGTOOLBAR(2) 2008-11-06 12:25 . 2008-11-06 15:43 <DIR> d-------- c:\documents and settings\All Users\Application Data\Avg8(2) . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-12-28 03:10 --------- d-----w c:\program files\Click'N Design 3D (V5) 2008-12-27 22:20 --------- d-----w c:\program files\Java 2008-12-27 22:18 --------- d-----w c:\program files\Coupons 2008-12-09 02:53 --------- d-----w c:\program files\WordPerfect Office 12 2008-11-25 21:31 --------- d--h--w c:\program files\InstallShield Installation Information 2008-11-15 23:36 --------- d-----w c:\program files\LimeWire 2008-11-08 04:11 --------- d-----w c:\program files\Lexmark X1100 Series 2006-03-26 07:23 56 -csh--r c:\windows\system32\84236D92F5.sys 2006-03-26 07:23 3,350 -csha-w c:\windows\system32\KGyGaAvL.sys 2008-09-06 14:55 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008090620080907\index.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-14 68856] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360] "Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 4670704] "DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928] "IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-03 221184] "DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 53248] "ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920] "Lexmark X1100 Series"="c:\program files\Lexmark X1100 Series\lxbkbmgr.exe" [2003-08-19 57344] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-04-27 282624] "Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Elements 5.0\apdproxy.exe" [2006-12-22 67752] "DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064] "avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497] c:\documents and settings\Ryan\Start Menu\Programs\Startup\ PowerReg Scheduler.exe [2008-09-15 256000] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 29696] HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 288472] ymetray.lnk - c:\program files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe [2008-02-05 54512] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=AVGRSSTX.DLL bekijo.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.SP54"= SP5X_32.DLL "VIDC.SP55"= SP5X_32.DLL "VIDC.SP56"= SP5X_32.DLL "VIDC.SP57"= SP5X_32.DLL "VIDC.SP58"= SP5X_32.DLL [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\WINDOWS\\system32\\LEXPPS.EXE"= "c:\\StubInstaller.exe"= "c:\\WINDOWS\\system32\\sessmgr.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"= "c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "c:\\Program Files\\Yahoo!\\Yahoo! Music Jukebox\\YahooMusicEngine.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= R3 GPWADrv;Service for L6 GuitarPort Driver (WDM);c:\windows\system32\Drivers\GPWADrv.sys [2004-10-25 521472] R3 L6DP;L6DP;c:\windows\system32\Drivers\l6dp.sys [2002-07-15 29312] S2 Ca533av;Mega DV(Video);c:\windows\system32\Drivers\Ca533av.sys [2006-02-17 515803] S3 MR97310_VGA_DUAL_CAMERA;VGA Dual-Mode Camera;c:\windows\system32\DRIVERS\mr97310v.sys [2006-07-18 99840] S3 USBCamera;DSC Still Image Capture (CA533A);c:\windows\system32\Drivers\Bulk533.sys [2006-02-17 11144] . Contents of the 'Scheduled Tasks' folder 2008-12-30 c:\windows\Tasks\qzmjavwj.job - c:\windows\system32\rundll32.exe [2008-04-13 19:12] . - - - - ORPHANS REMOVED - - - - BHO-{477f61ae-7e2b-4242-929a-438f3d5651da} - c:\windows\system32\bekijo.dll WebBrowser-{A057A204-BACC-4D26-CEC4-75A487FD6484} - (no file) HKCU-Run-Uniblue RegistryBooster 2 - c:\program files\Uniblue\RegistryBooster 2\RegistryBooster.exe HKCU-Run-Performance Center - c:\program files\Ascentive\Performance Center\APCMain.exe HKLM-Run-0cd24eff - c:\windows\system32\bkjluxql.dll . ------- Supplementary Scan ------- . Trusted Zone: *.limewire Trusted Zone: *.line6.net FF - ProfilePath - c:\documents and settings\Ryan\Application Data\Mozilla\Firefox\Profiles\3rm6t233.default\ FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll FF - plugin: c:\program files\Yahoo!\Shared\npYState.dll . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-12-30 14:20:02 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\LEXBCES.EXE c:\windows\system32\LEXPPS.EXE c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe c:\program files\Avira\AntiVir PersonalEdition Classic\avguard.exe c:\program files\Dell Support Center\bin\sprtsvc.exe c:\windows\system32\wscntfy.exe . ************************************************************************** . Completion time: 2008-12-30 14:24:32 - machine was rebooted [Ryan] ComboFix-quarantined-files.txt 2008-12-30 19:23:41 Pre-Run: 59,062,251,520 bytes free Post-Run: 59,831,463,936 bytes free WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect 181 --- E O F --- 2008-12-26 21:53:51 |
|
|
|
|
12-30-2008, 12:40 PM
|
#4 (permalink) |
|
Manager, Security Center, TSF Academy; Analyst, Security Team
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 35,580
OS: 2000 Pro; XP Pro; XP Home
|
Re: Runtime/Dll/JScript Errors
Please go to: VirusTotal
__________________
Practice Safe Surfing Because what you don't know, CAN hurt you. Microsoft MVP - Consumer Security 2009
|
|
|
|
|
12-30-2008, 02:49 PM
|
#5 (permalink) |
|
Registered User
Join Date: Dec 2008
Posts: 14
OS: Windows XP
|
Re: Runtime/Dll/JScript Errors
I have tried over and over to try and get the message to copy and paste into the text box with Virus tool.
I am not sure if i am doing incorrectly or not. Anytime I left click on it it brings up my files and when I right clcik there is no option to paste.. What could I be doing wrong? |
|
|
|
|
12-30-2008, 04:10 PM
|
#6 (permalink) |
|
Manager, Security Center, TSF Academy; Analyst, Security Team
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 35,580
OS: 2000 Pro; XP Pro; XP Home
|
Re: Runtime/Dll/JScript Errors
Hi -
I think things have changed a bit at VirusTotal. Simply paste the entire file path into the File Upload box which opens, into the File Name area, and click on Open, then click Send File
__________________
Practice Safe Surfing Because what you don't know, CAN hurt you. Microsoft MVP - Consumer Security 2009
|
|
|
|
|
12-30-2008, 08:14 PM
|
#7 (permalink) |
|
Registered User
Join Date: Dec 2008
Posts: 14
OS: Windows XP
|
Re: Runtime/Dll/JScript Errors
File rjmauqyr.tmp received on 12.31.2008 04:10:57 (CET)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED Result: 1/39 (2.57%) Loading server information... Your file is queued in position: 4. Estimated start time is between 62 and 88 seconds. Do not close the window until scan is complete. The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result. If you are waiting for more than five minutes you have to resend your file. Your file is being scanned by VirusTotal in this moment, results will be shown as they're generated. Compact Print results Your file has expired or does not exists. Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time. You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished. Email: Antivirus Version Last Update Result a-squared 4.0.0.73 2008.12.31 - AhnLab-V3 2008.12.31.0 2008.12.30 - AntiVir 7.9.0.45 2008.12.30 - Authentium 5.1.0.4 2008.12.30 - Avast 4.8.1281.0 2008.12.30 - AVG 8.0.0.199 2008.12.30 - BitDefender 7.2 2008.12.31 - CAT-QuickHeal 10.00 2008.12.30 - ClamAV 0.94.1 2008.12.30 - Comodo 851 2008.12.31 - DrWeb 4.44.0.09170 2008.12.31 - eSafe 7.0.17.0 2008.12.30 - eTrust-Vet 31.6.6284 2008.12.31 - Ewido 4.0 2008.12.30 - F-Prot 4.4.4.56 2008.12.30 - F-Secure 8.0.14470.0 2008.12.31 Vundo.FBW Fortinet 3.117.0.0 2008.12.31 - GData 19 2008.12.31 - Ikarus T3.1.1.45.0 2008.12.31 - K7AntiVirus 7.10.571 2008.12.30 - Kaspersky 7.0.0.125 2008.12.31 - McAfee 5479 2008.12.30 - McAfee+Artemis 5479 2008.12.30 - Microsoft 1.4205 2008.12.31 - NOD32 3724 2008.12.30 - Norman 5.80.02 2008.12.30 - Panda 9.0.0.4 2008.12.30 - PCTools 4.4.2.0 2008.12.30 - Prevx1 V2 2008.12.31 - Rising 21.10.12.00 2008.12.30 - SecureWeb-Gateway 6.7.6 2008.12.30 - Sophos 4.37.0 2008.12.31 - Sunbelt 3.2.1809.2 2008.12.22 - Symantec 10 2008.12.31 - TheHacker 6.3.1.4.202 2008.12.30 - TrendMicro 8.700.0.1004 2008.12.31 - VBA32 3.12.8.10 2008.12.30 - ViRobot 2008.12.30.1540 2008.12.30 - VirusBuster 4.5.11.0 2008.12.30 - Additional information File size: 1661209 bytes MD5...: 54ad5d17ca9988d81ad34bdf94724343 SHA1..: 752aeca19f397f02dd4a626b5ec40776b0f6e836 SHA256: fc6ef67c1bb4c8218d5644432fb50865e12721695c275d11c970fd3331aeb07d SHA512: d633a6ff33a918a16bea650d247cde7fcdd49f37b7db68c96f4aa6a87fcafaaa 76a4ee9b55c605f28d7fc33ebe1c8ddc46b81f809cf448f1f0a4634ff79c6d4f ssdeep: 24576:rXyudiArDrK2WH+Splm00eMN2b90vrUrQSsqp:riudiArDrK2WH+Splmxv rU7tp PEiD..: - TrID..: File type identification Unknown! PEInfo: - |
|
|
|
|
12-30-2008, 08:20 PM
|
#8 (permalink) | |
|
Manager, Security Center, TSF Academy; Analyst, Security Team
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 35,580
OS: 2000 Pro; XP Pro; XP Home
|
Re: Runtime/Dll/JScript Errors
Good, that helps confirm what I suspected.
Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix. It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence. ---------------------------------------------------------------------------------------------
__________________
Practice Safe Surfing Because what you don't know, CAN hurt you. Microsoft MVP - Consumer Security 2009
|
|
|
|
|
|
12-31-2008, 11:11 AM
|
#9 (permalink) |
|
Registered User
Join Date: Dec 2008
Posts: 14
OS: Windows XP
|
Re: Runtime/Dll/JScript Errors
ComboFix 08-12-30.02 - Ryan 2008-12-31 13:15:42.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.696 [GMT -5:00] Running from: c:\documents and settings\Ryan\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Ryan\My Documents\CFScript.txt AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Updated) * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\All Users\Application Data\Avg8(2) c:\documents and settings\All Users\Application Data\Avg8(2)\emc(2)\Log(2)\emc.log c:\documents and settings\All Users\Application Data\Avg8(2)\Log(2)\avgcfg.log c:\documents and settings\All Users\Application Data\Avg8(2)\Log(2)\avgcfg.log.lock c:\documents and settings\All Users\Application Data\Avg8(2)\Log(2)\avgcore.log c:\documents and settings\All Users\Application Data\Avg8(2)\Log(2)\avgcore.log.1 c:\documents and settings\All Users\Application Data\Avg8(2)\Log(2)\avgcore.log.lock c:\documents and settings\All Users\Application Data\Avg8(2)\Log(2)\avgfrw.log c:\documents and settings\All Users\Application Data\Avg8(2)\Log(2)\avgfrw.log.lock c:\documents and settings\All Users\Application Data\Avg8(2)\Log(2)\avglng.log c:\documents and settings\All Users\Application Data\Avg8(2)\Log(2)\avglng.log.lock c:\documents and settings\All Users\Application Data\Avg8(2)\Log(2)\avgrs.log c:\documents and settings\All Users\Application Data\Avg8(2)\Log(2)\avgrs.log.1 c:\documents and settings\All Users\Application Data\Avg8(2)\Log(2)\avgrs.log.lock c:\documents and settings\All Users\Application Data\Avg8(2)\Log(2)\avgscan.log c:\documents and settings\All Users\Application Data\Avg8(2)\Log(2)\avgscan.log.lock c:\documents and settings\All Users\Application Data\Avg8(2)\Log(2)\avgsched.log c:\documents and settings\All Users\Application Data\Avg8(2)\Log(2)\avgsched.log.lock c:\documents and settings\All Users\Application Data\Avg8(2)\Log(2)\avgsrm.log c:\documents and settings\All Users\Application Data\Avg8(2)\Log(2)\avgsrm.log.lock c:\documents and settings\All Users\Application Data\Avg8(2)\Log(2)\avgui.log c:\documents and settings\All Users\Application Data\Avg8(2)\Log(2)\avgui.log.lock c:\documents and settings\All Users\Application Data\Avg8(2)\Log(2)\avgupd.log c:\documents and settings\All Users\Application Data\Avg8(2)\Log(2)\avgupd.log.lock c:\documents and settings\All Users\Application Data\Avg8(2)\Log(2)\avgwd.log c:\documents and settings\All Users\Application Data\Avg8(2)\Log(2)\avgwd.log.lock c:\documents and settings\All Users\Application Data\Avg8(2)\Log(2)\avgwdsvc.log c:\documents and settings\All Users\Application Data\Avg8(2)\Log(2)\avgwdsvc.log.lock c:\documents and settings\All Users\Application Data\Avg8(2)\Log(2)\avildr.log c:\documents and settings\All Users\Application Data\Avg8(2)\Log(2)\commonpriv.log c:\documents and settings\All Users\Application Data\Avg8(2)\Log(2)\commonpriv.log.lock c:\documents and settings\All Users\Application Data\Avg8(2)\Log(2)\history.xml c:\documents and settings\All Users\Application Data\Avg8(2)\scanlogs(2)\I_00000005.log c:\documents and settings\All Users\Application Data\Avg8(2)\scanlogs(2)\srm.idx c:\documents and settings\All Users\Application Data\Avg8(2)\update(2)\download(2)\avginfoavi.ctf c:\documents and settings\All Users\Application Data\Avg8(2)\update(2)\download(2)\avginfowin.ctf c:\documents and settings\All Users\Application Data\Avg8(2)\update(2)\download(2)\w8upd1998v.bin c:\documents and settings\Ryan\Application Data\AVGTOOLBAR(2) c:\documents and settings\Ryan\Application Data\AVGTOOLBAR(2)\avglinks.bmp c:\documents and settings\Ryan\Application Data\AVGTOOLBAR(2)\avglogo.bmp c:\documents and settings\Ryan\Application Data\AVGTOOLBAR(2)\avgstatus.bmp c:\documents and settings\Ryan\Application Data\AVGTOOLBAR(2)\avgstatus_error.bmp c:\documents and settings\Ryan\Application Data\AVGTOOLBAR(2)\brandlogo.bmp c:\documents and settings\Ryan\Application Data\AVGTOOLBAR(2)\p_yahoo.bmp c:\documents and settings\Ryan\Application Data\AVGTOOLBAR(2)\safesearch.bmp c:\documents and settings\Ryan\Application Data\AVGTOOLBAR(2)\safesearch_off.bmp c:\documents and settings\Ryan\Application Data\AVGTOOLBAR(2)\safesearch_on.bmp c:\documents and settings\Ryan\Application Data\AVGTOOLBAR(2)\safesurf.bmp c:\documents and settings\Ryan\Application Data\AVGTOOLBAR(2)\safesurf_off.bmp c:\documents and settings\Ryan\Application Data\AVGTOOLBAR(2)\safesurf_on.bmp c:\documents and settings\Ryan\Application Data\AVGTOOLBAR(2)\slider.bmp c:\program files\Ascentive c:\windows\system32\ascbalon.dll c:\windows\system32\ConTest.dll c:\windows\system32\CreateLog.dll c:\windows\system32\nvfbfjdm.tmp c:\windows\system32\rjmauqyr.tmp c:\windows\system32\SysRestore.dll c:\windows\Tasks\qzmjavwj.job . ((((((((((((((((((((((((( Files Created from 2008-11-28 to 2008-12-31 ))))))))))))))))))))))))))))))) . 2008-12-30 16:23 . 2008-12-30 16:23 <DIR> d-------- c:\program files\VirusTotalUploader 2008-12-27 22:16 . 2008-12-27 22:16 250 --a------ c:\windows\gmer.ini 2008-12-27 17:31 . 2008-12-27 17:31 <DIR> d-------- c:\documents and settings\Ryan\Application Data\Malwarebytes 2008-12-27 17:31 . 2008-12-27 17:31 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes 2008-12-26 16:53 . 2008-12-26 16:53 <DIR> d-------- c:\windows\ie8updates 2008-12-26 16:51 . 2008-12-26 16:50 410,984 --a------ c:\windows\system32\deploytk.dll 2008-12-26 11:23 . 2008-12-26 11:23 4,128 --a------ C:\INFCACHE.1 2008-12-25 16:51 . 2008-12-25 16:51 <DIR> d--hs---- c:\documents and settings\Ryan\PrivacIE 2008-12-25 12:13 . 2008-12-25 12:14 <DIR> d--h-c--- c:\windows\ie8 2008-12-24 11:19 . 2008-12-24 11:19 <DIR> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com 2008-12-24 11:18 . 2008-12-27 18:03 <DIR> d-------- c:\program files\SUPERAntiSpyware 2008-12-24 11:18 . 2008-12-24 11:18 <DIR> d-------- c:\documents and settings\Ryan\Application Data\SUPERAntiSpyware.com 2008-12-23 20:02 . 2008-12-23 20:02 54,156 --ah----- c:\windows\QTFont.qfn 2008-12-23 20:02 . 2008-12-23 20:02 1,409 --a------ c:\windows\QTFont.for 2008-12-22 23:40 . 2008-12-23 20:16 <DIR> d-------- c:\documents and settings\All Users\Application Data\Avg8 2008-12-22 23:40 . 2008-12-22 23:40 <DIR> d--h----- C:\$AVG8.VAULT$ 2008-12-22 23:26 . 2008-12-22 23:26 <DIR> d-------- c:\program files\Avira 2008-12-22 23:26 . 2008-12-22 23:26 <DIR> d-------- c:\documents and settings\All Users\Application Data\Avira 2008-12-08 21:46 . 2008-12-08 22:02 <DIR> d-------- c:\documents and settings\Ryan\Application Data\GetRightToGo 2008-11-27 12:35 . 2008-11-27 13:37 <DIR> d-------- c:\program files\TQ Digital 2008-11-17 11:16 . 2008-11-18 10:53 <DIR> d-------- c:\windows\SxsCaPendDel 2008-11-16 16:13 . 2008-12-23 20:27 <DIR> d-------- c:\program files\mypoints 2008-11-12 10:30 . 2008-10-24 06:21 455,296 --------- c:\windows\system32\dllcache\mrxsmb.sys 2008-11-12 10:29 . 2008-09-04 12:15 1,106,944 --------- c:\windows\system32\dllcache\msxml3.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-12-31 17:34 --------- d-----w c:\program files\Lexmark X1100 Series 2008-12-28 03:10 --------- d-----w c:\program files\Click'N Design 3D (V5) 2008-12-27 22:20 --------- d-----w c:\program files\Java 2008-12-27 22:18 --------- d-----w c:\program files\Coupons 2008-12-14 13:59 5,699,584 ----a-w c:\windows\system32\dllcache\mshtml.dll 2008-12-09 02:53 --------- d-----w c:\program files\WordPerfect Office 12 2008-11-25 21:31 --------- d--h--w c:\program files\InstallShield Installation Information 2008-11-15 23:36 --------- d-----w c:\program files\LimeWire 2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll 2008-10-23 12:36 286,720 ------w c:\windows\system32\dllcache\gdi32.dll 2008-10-16 20:38 133,120 ----a-w c:\windows\system32\dllcache\extmgr.dll 2008-10-16 19:13 202,776 ----a-w c:\windows\system32\wuweb.dll 2008-10-16 19:13 202,776 ----a-w c:\windows\system32\dllcache\wuweb.dll 2008-10-16 19:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll 2008-10-16 19:13 1,809,944 ----a-w c:\windows\system32\dllcache\wuaueng.dll 2008-10-16 19:12 561,688 ----a-w c:\windows\system32\wuapi.dll 2008-10-16 19:12 561,688 ----a-w c:\windows\system32\dllcache\wuapi.dll 2008-10-16 19:12 323,608 ----a-w c:\windows\system32\wucltui.dll 2008-10-16 19:12 323,608 ----a-w c:\windows\system32\dllcache\wucltui.dll 2008-10-16 19:09 92,696 ----a-w c:\windows\system32\dllcache\cdm.dll 2008-10-16 19:09 92,696 ----a-w c:\windows\system32\cdm.dll 2008-10-16 19:09 51,224 ----a-w c:\windows\system32\wuauclt.exe 2008-10-16 19:09 51,224 ----a-w c:\windows\system32\dllcache\wuauclt.exe 2008-10-16 19:09 43,544 ----a-w c:\windows\system32\wups2.dll 2008-10-16 19:08 34,328 ----a-w c:\windows\system32\wups.dll 2008-10-16 19:08 34,328 ----a-w c:\windows\system32\dllcache\wups.dll 2008-10-16 13:11 13,824 ------w c:\windows\system32\dllcache\ieudinit.exe 2008-10-15 16:34 337,408 ------w c:\windows\system32\dllcache\netapi32.dll 2008-10-03 10:02 247,326 ----a-w c:\windows\system32\strmdll.dll 2008-10-03 10:02 247,326 ----a-w c:\windows\system32\dllcache\strmdll.dll 2008-09-15 12:12 1,846,400 ----a-w c:\windows\system32\win32k.sys 2008-09-15 12:12 1,846,400 ----a-w c:\windows\system32\win32k(2)(2).sys 2008-09-15 12:12 1,846,400 ------w c:\windows\system32\dllcache\win32k.sys 2008-09-10 01:14 1,307,648 ------w c:\windows\system32\msxml6.dll 2008-09-10 01:14 1,307,648 ------w c:\windows\system32\dllcache\msxml6.dll 2008-09-08 10:41 333,824 ------w c:\windows\system32\dllcache\srv.sys 2008-09-04 17:15 1,106,944 ----a-w c:\windows\system32\msxml3.dll 2006-03-26 07:23 56 -csh--r c:\windows\system32\84236D92F5.sys 2006-03-26 07:23 3,350 -csha-w c:\windows\system32\KGyGaAvL.sys 2008-09-06 14:55 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008090620080907\index.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-14 68856] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360] "Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 4670704] "DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928] "IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-03 221184] "DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 53248] "ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920] "Lexmark X1100 Series"="c:\program files\Lexmark X1100 Series\lxbkbmgr.exe" [2003-08-19 57344] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-04-27 282624] "Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Elements 5.0\apdproxy.exe" [2006-12-22 67752] "DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064] "avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497] c:\documents and settings\Ryan\Start Menu\Programs\Startup\ PowerReg Scheduler.exe [2008-09-15 256000] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 29696] HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 288472] ymetray.lnk - c:\program files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe [2008-02-05 54512] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.SP54"= SP5X_32.DLL "VIDC.SP55"= SP5X_32.DLL "VIDC.SP56"= SP5X_32.DLL "VIDC.SP57"= SP5X_32.DLL "VIDC.SP58"= SP5X_32.DLL [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\WINDOWS\\system32\\LEXPPS.EXE"= "c:\\StubInstaller.exe"= "c:\\WINDOWS\\system32\\sessmgr.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"= "c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "c:\\Program Files\\Yahoo!\\Yahoo! Music Jukebox\\YahooMusicEngine.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= R3 GPWADrv;Service for L6 GuitarPort Driver (WDM);c:\windows\system32\Drivers\GPWADrv.sys [2004-10-25 521472] R3 L6DP;L6DP;c:\windows\system32\Drivers\l6dp.sys [2002-07-15 29312] S2 Ca533av;Mega DV(Video);c:\windows\system32\Drivers\Ca533av.sys [2006-02-17 515803] S3 MR97310_VGA_DUAL_CAMERA;VGA Dual-Mode Camera;c:\windows\system32\DRIVERS\mr97310v.sys [2006-07-18 99840] S3 USBCamera;DSC Still Image Capture (CA533A);c:\windows\system32\Drivers\Bulk533.sys [2006-02-17 11144] . . ------- Supplementary Scan ------- . Trusted Zone: *.limewire Trusted Zone: *.line6.net FF - ProfilePath - c:\documents and settings\Ryan\Application Data\Mozilla\Firefox\Profiles\3rm6t233.default\ FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll FF - plugin: c:\program files\Yahoo!\Shared\npYState.dll . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-12-31 13:18:29 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... ************************************************************************** . Completion time: 2008-12-31 13:20:50 ComboFix-quarantined-files.txt 2008-12-31 18:19:32 ComboFix2.txt 2008-12-30 19:24:35 Pre-Run: 59,747,753,984 bytes free Post-Run: 59,809,574,912 bytes free 214 --- E O F --- 2008-12-26 21:53:51 Last edited by Rjmccarl; 12-31-2008 at 11:28 AM. |
|
|
|
|
12-31-2008, 01:40 PM
|
#11 (permalink) |
|
Manager, Security Center, TSF Academy; Analyst, Security Team
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 35,580
OS: 2000 Pro; XP Pro; XP Home
|
Re: Runtime/Dll/JScript Errors
Thanks for uploading the file.
I'll be waiting on the results from Kaspersky online scan.
__________________
Practice Safe Surfing Because what you don't know, CAN hurt you. Microsoft MVP - Consumer Security 2009
|
|
|
|
|
12-31-2008, 02:32 PM
|
#12 (permalink) |
|
Registered User
Join Date: Dec 2008
Posts: 14
OS: Windows XP
|
Re: Runtime/Dll/JScript Errors
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT Wednesday, December 31, 2008 Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600) Kaspersky Online Scanner 7 version: 7.0.25.0 Program database last update: Wednesday, December 31, 2008 16:30:36 Records in database: 1538967 -------------------------------------------------------------------------------- Scan settings: Scan using the following database: extended Scan archives: yes Scan mail databases: no Scan area - My Computer: C:\ D:\ Scan statistics: Files scanned: 71970 Threat name: 0 Infected objects: 0 Suspicious objects: 0 Duration of the scan: 02:15:18 No malware has been detected. The scan area is clean. The selected area was scanned. |
|
|
|
|
12-31-2008, 03:11 PM
|
#13 (permalink) |
|
Manager, Security Center, TSF Academy; Analyst, Security Team
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 35,580
OS: 2000 Pro; XP Pro; XP Home
|
Re: Runtime/Dll/JScript Errors
Your logs appear clean.You should be good to go. We still have a few items to address.
Go to  -> Run -> copy/paste in the following single line command & click OKcombofix /u  This will uninstall ComboFix. It will also implement some cleanup procedures and reset System Restore points. Now that your system is clean, to help protect your computer in the future I recommend that you follow these steps and look into the following free programs:
In light of your recent troubles, I'm sure you'll like to avoid any future infections. Please take a look at these well written articles If you want to fight back the Malware Writers that have made your life a misery, please take a look here and read what you can do against it. Please respond to this thread one more time so we can mark this thread as resolved.
__________________
Practice Safe Surfing Because what you don't know, CAN hurt you. Microsoft MVP - Consumer Security 2009
|
|
|
|
|
12-31-2008, 06:37 PM
|
#14 (permalink) | |
|
Registered User
Join Date: Dec 2008
Posts: 14
OS: Windows XP
|
Re: Runtime/Dll/JScript Errors
Well everything seems to be running better as in that I am no longer getting a module error on start and I ma no longer getting pop ups but I am still recieving the runtime error message. It is asking me if I would like to debug. If I click no it goes away but when I click yes it bring up a page of stuff I have no idea how to comprehend.
Now each time that it brings up the runtime error messge the code is differnt here is an example: Quote:
I tried to do a screen grab so you could see the error box but I can only do that with Firefox and the error doesn't appear when I am under Firefox..it only appears with IE. Could my Internet Explorer be the problem? |
|
|
|
|
|
12-31-2008, 08:08 PM
|
#15 (permalink) |
|
Manager, Security Center, TSF Academy; Analyst, Security Team
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 35,580
OS: 2000 Pro; XP Pro; XP Home
|
Re: Runtime/Dll/JScript Errors
Something on those pages you're visiting (myspace?) doesn't agree with your IE. Perhaps those pages are not happy with the version of Java you're using. It could also have to do with the version of the Microsoft .NET Framework you're running, which is not the most recent. It might also have to do with the Beta version of IE8 you're running
Windows Internet Explorer 8 Beta 2 Beta software, by definition, is not ready for release, and often prone to bugs and issues with other applications. Those are some things to think about. This does not appear to be malware related, and is out of my area of knowledge. I'd suggest you take it up with the folks in the Internet Explorer or Windows XP sections of the forums. Best wishes for a new year.
__________________
Practice Safe Surfing Because what you don't know, CAN hurt you. Microsoft MVP - Consumer Security 2009
|
|
|
|
|
12-31-2008, 09:07 PM
|
#16 (permalink) |
|
Registered User
Join Date: Dec 2008
Posts: 14
OS: Windows XP
|
Re: Runtime/Dll/JScript Errors
Okay, I was told to check Java before. And yes it was myspace that had the runtime error as well as another site I visit.
I really appreciate your help and am thankful that I can atleast rest for now knowing the virus is gone. I will continue to check the above mentioned sites. Thank you again!!!! |
|
|
|
|
12-31-2008, 09:10 PM
|
#17 (permalink) |
|
Manager, Security Center, TSF Academy; Analyst, Security Team
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 35,580
OS: 2000 Pro; XP Pro; XP Home
|
Re: Runtime/Dll/JScript Errors
Glad to have helped.
Surf Safely, and Think Prevention! Since this issue is resolved, this topic will be archived. 
__________________
Practice Safe Surfing Because what you don't know, CAN hurt you. Microsoft MVP - Consumer Security 2009
|
|
|
|
| Thread Tools | |
|
|
