Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads

User Tag List

Runtime/Dll/JScript Errors

This is a discussion on Runtime/Dll/JScript Errors within the Resolved HJT Threads forums, part of the Tech Support Forum category. DDS (Version 1.1.0) - NTFSx86 Run by Ryan at 22:14:21.81 on Sat 12/27/2008 Internet Explorer: 8.0.6001.18241 Microsoft Windows XP Home


 
 
Thread Tools Search this Thread
Old 12-27-2008, 08:25 PM   #1
Guest
 
Join Date: Dec 2008
Posts: 14
OS:



DDS (Version 1.1.0) - NTFSx86
Run by Ryan at 22:14:21.81 on Sat 12/27/2008
Internet Explorer: 8.0.6001.18241
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.560 [GMT -5:00]

AV: Avira AntiVir PersonalEdition *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Ryan\My Documents\dds.com

============== Pseudo HJT Report ===============

BHO: {ad1565d3-f834-a929-2424-b2e7ea16f774}: {477f61ae-7e2b-4242-929a-438f3d5651da} - c:\windows\system32\bekijo.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar3.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\3.1.807.1746\swg.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\googleafe\GoogleAE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar3.dll
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
TB: {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - No File
TB: {A057A204-BACC-4D26-CEC4-75A487FD6484} - No File
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Yahoo! Pager] "c:\progra~1\yahoo!\messen~1\YAHOOM~1.EXE" -quiet
uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
uRun: [Uniblue RegistryBooster 2] c:\program files\uniblue\registrybooster 2\RegistryBooster.exe /S
uRun: [Performance Center] c:\program files\ascentive\performance center\APCMain.exe -m
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [IntelMeM] c:\program files\intel\modem event monitor\IntelMEM.exe
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [Lexmark X1100 Series] "c:\program files\lexmark x1100 series\lxbkbmgr.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop elements 5.0\apdproxy.exe"
mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [avgnt] "c:\program files\avira\antivir personaledition classic\avgnt.exe" /min
mRun: [0cd24eff] rundll32.exe "c:\windows\system32\bkjluxql.dll",b
StartupFolder: c:\documents and settings\ryan\start menu\programs\startup\PowerReg Scheduler.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ymetray.lnk - c:\program files\yahoo!\yahoo! music jukebox\ymetray.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
Trusted Zone: limewire
Trusted Zone: line6.net
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: AVGRSSTX.DLL bekijo.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Authentication Packages = msv1_0 c:\windows\system32\ssqPgeby

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\ryan\applic~1\mozilla\firefox\profiles\3rm6t233.default\
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - plugin: c:\program files\yahoo!\shared\npYState.dll

============= SERVICES / DRIVERS ===============

R1 avgio;avgio;\??\c:\program files\avira\antivir personaledition classic\avgio.sys [2008-12-23 11840]
R2 AntiVirScheduler;Avira AntiVir Personal - Free Antivirus Scheduler;"c:\program files\avira\antivir personaledition classic\sched.exe" [2008-12-23 68865]
R2 AntiVirService;Avira AntiVir Personal - Free Antivirus Guard;"c:\program files\avira\antivir personaledition classic\avguard.exe" [2008-12-23 151297]
R3 avgntflt;avgntflt;\??\c:\program files\avira\antivir personaledition classic\avgntflt.sys [2008-12-23 52032]
R3 GPWADrv;Service for L6 GuitarPort Driver (WDM);c:\windows\system32\drivers\GPWADrv.sys [2004-10-25 521472]
R3 L6DP;L6DP;c:\windows\system32\drivers\l6dp.sys [2002-7-15 29312]
S2 Ca533av;Mega DV(Video);c:\windows\system32\drivers\Ca533av.sys [2006-2-17 515803]
S3 MR97310_VGA_DUAL_CAMERA;VGA Dual-Mode Camera;c:\windows\system32\drivers\mr97310v.sys [2006-7-18 99840]
S3 USBCamera;DSC Still Image Capture (CA533A);c:\windows\system32\drivers\Bulk533.sys [2006-2-17 11144]

=============== Created Last 30 ================

2008-12-27 17:31 <DIR> --d----- c:\docume~1\ryan\applic~1\Malwarebytes
2008-12-27 17:31 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2008-12-26 16:53 <DIR> --d----- c:\windows\ie8updates
2008-12-26 16:51 410,984 a------- c:\windows\system32\deploytk.dll
2008-12-26 11:23 4,128 a------- C:\INFCACHE.1
2008-12-25 16:51 <DIR> --dsh--- c:\documents and settings\ryan\PrivacIE
2008-12-25 12:13 <DIR> -cd-h--- c:\windows\ie8
2008-12-24 12:49 1,661,209 ---sh--- c:\windows\system32\lqxuljkb.ini
2008-12-24 12:49 135,168 a------- c:\windows\system32\xgbggmrq.dll
2008-12-24 11:19 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2008-12-24 11:18 <DIR> --d----- c:\program files\SUPERAntiSpyware
2008-12-24 11:18 <DIR> --d----- c:\docume~1\ryan\applic~1\SUPERAntiSpyware.com
2008-12-24 11:11 1,661,209 ---sh--- c:\windows\system32\mbwpskiu.ini
2008-12-24 11:09 135,168 a------- c:\windows\system32\oxzxrk.dll
2008-12-24 11:09 135,168 a------- c:\windows\system32\ookljulp.dll
2008-12-24 10:23 3,016 a------- c:\windows\system32\tmp.reg
2008-12-24 09:50 135,168 a------- c:\windows\system32\exwrcbeb.dll
2008-12-24 09:45 1,661,209 ---sh--- c:\windows\system32\rjmauqyr.tmp
2008-12-24 09:45 1,661,218 ---sh--- c:\windows\system32\rjmauqyr.ini
2008-12-24 09:44 135,168 a------- c:\windows\system32\aujczv.dll
2008-12-24 09:44 135,168 a------- c:\windows\system32\uawbcutu.dll
2008-12-23 20:27 1,661,209 ---sh--- c:\windows\system32\nvfbfjdm.tmp
2008-12-23 20:27 1,661,218 ---sh--- c:\windows\system32\nvfbfjdm.ini
2008-12-23 20:02 54,156 a---h--- c:\windows\QTFont.qfn
2008-12-23 20:02 1,409 a------- c:\windows\QTFont.for
2008-12-23 17:45 1,661,218 ---sh--- c:\windows\system32\jkhplvgw.ini
2008-12-23 17:37 371 a--sh--- c:\windows\system32\MmpsrBeg.ini
2008-12-23 15:56 1,661,209 ---sh--- c:\windows\system32\ntfkbrgr.ini
2008-12-23 07:51 143 a------- c:\windows\system32\mcrh.tmp
2008-12-22 23:42 890,897 a--sh--- c:\windows\system32\ybegPqss.ini2
2008-12-22 23:40 <DIR> --d-h--- C:\$AVG8.VAULT$
2008-12-22 23:40 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Avg8
2008-12-22 23:26 <DIR> --d----- c:\program files\Avira
2008-12-22 23:26 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Avira
2008-12-22 20:43 890,897 a--sh--- c:\windows\system32\ybegPqss.ini
2008-12-08 21:46 <DIR> --d----- c:\docume~1\ryan\applic~1\GetRightToGo

==================== Find3M ====================

2008-12-14 08:59 5,699,584 a------- c:\windows\system32\dllcache\mshtml.dll
2008-10-24 06:21 455,296 -------- c:\windows\system32\dllcache\mrxsmb.sys
2008-10-23 07:36 286,720 a------- c:\windows\system32\gdi32.dll
2008-10-23 07:36 286,720 -------- c:\windows\system32\dllcache\gdi32.dll
2008-10-16 15:38 133,120 a------- c:\windows\system32\dllcache\extmgr.dll
2008-10-16 14:13 1,809,944 a------- c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 14:13 202,776 a------- c:\windows\system32\dllcache\wuweb.dll
2008-10-16 14:12 323,608 a------- c:\windows\system32\dllcache\wucltui.dll
2008-10-16 14:12 561,688 a------- c:\windows\system32\dllcache\wuapi.dll
2008-10-16 14:09 92,696 a------- c:\windows\system32\dllcache\cdm.dll
2008-10-16 14:09 51,224 a------- c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 14:08 34,328 a------- c:\windows\system32\dllcache\wups.dll
2008-10-16 08:11 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe
2008-10-15 11:34 337,408 -------- c:\windows\system32\dllcache\netapi32.dll
2008-10-03 05:02 247,326 a------- c:\windows\system32\strmdll.dll
2008-10-03 05:02 247,326 a------- c:\windows\system32\dllcache\strmdll.dll
2006-03-26 02:23 56 -c-shr-- c:\windows\system32\84236D92F5.sys
2006-03-26 02:23 3,350 ac-sh--- c:\windows\system32\KGyGaAvL.sys
2008-09-06 09:55 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008090620080907\index.dat

============= FINISH: 22:14:57.73 ===============
Attached Files
File Type: zip ark.zip (615 Bytes, 11 views)
File Type: zip Attach.zip (2.6 KB, 9 views)
Rjmccarl is offline  
Sponsored Links
Advertisement
 
Old 12-29-2008, 05:39 PM   #2
TSF Security Manager
Emeritus
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 52,197
OS: XP Pro; XP Home; Win7 x86 & x64



Hello, and Welcome to TSF.

Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

---------------------------------------------------------------------------------------------
  1. Download ComboFix from one of these locations:

    Link 1
    Link 2
    Link 3

    * IMPORTANT !!! Place combofix.exe on your Desktop
  2. Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.

  3. Double click on combofix.exe & follow the prompts.
  4. As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed.

    Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.





    The Windows recovery console will allow you to boot up into a special recovery mode that allows us to help you in the case that your computer has a problem after an attempted removal of malware.

    With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal.

    Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement.

    ComboFix will now automatically install the Microsoft Windows Recovery Console onto your computer, which will show up as a new option when booting up your computer. Do not select the Microsoft Windows Recovery Console option when you start your computer unless requested to by a helper.

    Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see a message that says:

    The Recovery Console was successfully installed.



    Click on Yes, to continue scanning for malware.
  5. Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  6. When finished, it shall produce a log for you. Post that log in your next reply

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


    ---------------------------------------------------------------------------------------------
  7. Ensure your AntiVirus and AntiSpyware applications are re-enabled. A reboot should have done this.

__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of UNITE since 2006

Microsoft MVP Consumer Security 2009 - 2015
tetonbob is offline  
Old 12-30-2008, 12:31 PM   #3
Guest
 
Join Date: Dec 2008
Posts: 14
OS:



I tried to get the thread tool drop bar to come down so I could subscribe to this thread but it won't allow the bar to pull down so I can select to subscribe..I chose it from the bottom so hopefully that will work too.





ComboFix 08-12-29.02 - Ryan 2008-12-30 14:14:28.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.697 [GMT -5:00]
Running from: c:\documents and settings\Ryan\Desktop\ComboFix.exe
AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Updated)
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Ryan\Application Data\FunWebProducts
c:\windows\system32\aujczv.dll
c:\windows\system32\exwrcbeb.dll
c:\windows\system32\jkhplvgw.ini
c:\windows\system32\lqxuljkb.ini
c:\windows\system32\mbwpskiu.ini
c:\windows\system32\mcrh.tmp
c:\windows\system32\MmpsrBeg.ini
c:\windows\system32\ntfkbrgr.ini
c:\windows\system32\nvfbfjdm.ini
c:\windows\system32\ookljulp.dll
c:\windows\system32\oxzxrk.dll
c:\windows\system32\rjmauqyr.ini
c:\windows\system32\tmp.reg
c:\windows\system32\uawbcutu.dll
c:\windows\system32\xgbggmrq.dll
c:\windows\system32\ybegPqss.ini
c:\windows\system32\ybegPqss.ini2

.
((((((((((((((((((((((((( Files Created from 2008-11-28 to 2008-12-30 )))))))))))))))))))))))))))))))
.

2008-12-27 22:16 . 2008-12-27 22:16 250 --a------ c:\windows\gmer.ini
2008-12-27 17:31 . 2008-12-27 17:31 <DIR> d-------- c:\documents and settings\Ryan\Application Data\Malwarebytes
2008-12-27 17:31 . 2008-12-27 17:31 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-26 16:53 . 2008-12-26 16:53 <DIR> d-------- c:\windows\ie8updates
2008-12-26 16:51 . 2008-12-26 16:50 410,984 --a------ c:\windows\system32\deploytk.dll
2008-12-26 11:23 . 2008-12-26 11:23 4,128 --a------ C:\INFCACHE.1
2008-12-25 16:51 . 2008-12-25 16:51 <DIR> d--hs---- c:\documents and settings\Ryan\PrivacIE
2008-12-25 12:13 . 2008-12-25 12:14 <DIR> d--h-c--- c:\windows\ie8
2008-12-24 11:19 . 2008-12-24 11:19 <DIR> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2008-12-24 11:18 . 2008-12-27 18:03 <DIR> d-------- c:\program files\SUPERAntiSpyware
2008-12-24 11:18 . 2008-12-24 11:18 <DIR> d-------- c:\documents and settings\Ryan\Application Data\SUPERAntiSpyware.com
2008-12-24 09:45 . 2008-12-24 09:45 1,661,209 ---hs---- c:\windows\system32\rjmauqyr.tmp
2008-12-23 20:27 . 2008-12-23 20:27 1,661,209 ---hs---- c:\windows\system32\nvfbfjdm.tmp
2008-12-23 20:02 . 2008-12-23 20:02 54,156 --ah----- c:\windows\QTFont.qfn
2008-12-23 20:02 . 2008-12-23 20:02 1,409 --a------ c:\windows\QTFont.for
2008-12-22 23:40 . 2008-12-23 20:16 <DIR> d-------- c:\documents and settings\All Users\Application Data\Avg8
2008-12-22 23:40 . 2008-12-22 23:40 <DIR> d--h----- C:\$AVG8.VAULT$
2008-12-22 23:26 . 2008-12-22 23:26 <DIR> d-------- c:\program files\Avira
2008-12-22 23:26 . 2008-12-22 23:26 <DIR> d-------- c:\documents and settings\All Users\Application Data\Avira
2008-12-08 21:46 . 2008-12-08 22:02 <DIR> d-------- c:\documents and settings\Ryan\Application Data\GetRightToGo
2008-11-27 12:35 . 2008-11-27 13:37 <DIR> d-------- c:\program files\TQ Digital
2008-11-25 15:59 . 2007-07-03 11:48 36,864 --a------ c:\windows\system32\ascbalon.dll
2008-11-25 15:58 . 2008-11-25 17:34 <DIR> d-------- c:\program files\Ascentive
2008-11-25 15:58 . 2008-07-29 11:27 208,896 --a------ c:\windows\system32\ConTest.dll
2008-11-25 15:58 . 2008-08-20 17:44 45,056 --a------ c:\windows\system32\CreateLog.dll
2008-11-25 15:58 . 2007-07-03 11:48 20,480 --a------ c:\windows\system32\SysRestore.dll
2008-11-17 11:16 . 2008-11-18 10:53 <DIR> d-------- c:\windows\SxsCaPendDel
2008-11-16 16:13 . 2008-12-23 20:27 <DIR> d-------- c:\program files\mypoints
2008-11-12 10:30 . 2008-10-24 06:21 455,296 --------- c:\windows\system32\dllcache\mrxsmb.sys
2008-11-12 10:29 . 2008-09-04 12:15 1,106,944 --------- c:\windows\system32\dllcache\msxml3.dll
2008-11-06 12:52 . 2008-11-06 15:43 <DIR> d-------- c:\documents and settings\Ryan\Application Data\AVGTOOLBAR(2)
2008-11-06 12:25 . 2008-11-06 15:43 <DIR> d-------- c:\documents and settings\All Users\Application Data\Avg8(2)

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-28 03:10 --------- d-----w c:\program files\Click'N Design 3D (V5)
2008-12-27 22:20 --------- d-----w c:\program files\Java
2008-12-27 22:18 --------- d-----w c:\program files\Coupons
2008-12-09 02:53 --------- d-----w c:\program files\WordPerfect Office 12
2008-11-25 21:31 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-15 23:36 --------- d-----w c:\program files\LimeWire
2008-11-08 04:11 --------- d-----w c:\program files\Lexmark X1100 Series
2006-03-26 07:23 56 -csh--r c:\windows\system32\84236D92F5.sys
2006-03-26 07:23 3,350 -csha-w c:\windows\system32\KGyGaAvL.sys
2008-09-06 14:55 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008090620080907\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-14 68856]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 4670704]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-03 221184]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 53248]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"Lexmark X1100 Series"="c:\program files\Lexmark X1100 Series\lxbkbmgr.exe" [2003-08-19 57344]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-04-27 282624]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Elements 5.0\apdproxy.exe" [2006-12-22 67752]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]

c:\documents and settings\Ryan\Start Menu\Programs\Startup\
PowerReg Scheduler.exe [2008-09-15 256000]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 29696]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 288472]
ymetray.lnk - c:\program files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe [2008-02-05 54512]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=AVGRSSTX.DLL bekijo.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.SP54"= SP5X_32.DLL
"VIDC.SP55"= SP5X_32.DLL
"VIDC.SP56"= SP5X_32.DLL
"VIDC.SP57"= SP5X_32.DLL
"VIDC.SP58"= SP5X_32.DLL

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\LEXPPS.EXE"=
"c:\\StubInstaller.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Yahoo! Music Jukebox\\YahooMusicEngine.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

R3 GPWADrv;Service for L6 GuitarPort Driver (WDM);c:\windows\system32\Drivers\GPWADrv.sys [2004-10-25 521472]
R3 L6DP;L6DP;c:\windows\system32\Drivers\l6dp.sys [2002-07-15 29312]
S2 Ca533av;Mega DV(Video);c:\windows\system32\Drivers\Ca533av.sys [2006-02-17 515803]
S3 MR97310_VGA_DUAL_CAMERA;VGA Dual-Mode Camera;c:\windows\system32\DRIVERS\mr97310v.sys [2006-07-18 99840]
S3 USBCamera;DSC Still Image Capture (CA533A);c:\windows\system32\Drivers\Bulk533.sys [2006-02-17 11144]
.
Contents of the 'Scheduled Tasks' folder

2008-12-30 c:\windows\Tasks\qzmjavwj.job
- c:\windows\system32\rundll32.exe [2008-04-13 19:12]
.
- - - - ORPHANS REMOVED - - - -

BHO-{477f61ae-7e2b-4242-929a-438f3d5651da} - c:\windows\system32\bekijo.dll
WebBrowser-{A057A204-BACC-4D26-CEC4-75A487FD6484} - (no file)
HKCU-Run-Uniblue RegistryBooster 2 - c:\program files\Uniblue\RegistryBooster 2\RegistryBooster.exe
HKCU-Run-Performance Center - c:\program files\Ascentive\Performance Center\APCMain.exe
HKLM-Run-0cd24eff - c:\windows\system32\bkjluxql.dll


.
------- Supplementary Scan -------
.
Trusted Zone: *.limewire
Trusted Zone: *.line6.net
FF - ProfilePath - c:\documents and settings\Ryan\Application Data\Mozilla\Firefox\Profiles\3rm6t233.default\
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - plugin: c:\program files\Yahoo!\Shared\npYState.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, https://www.gmer.net
Rootkit scan 2008-12-30 14:20:02
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\avguard.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2008-12-30 14:24:32 - machine was rebooted [Ryan]
ComboFix-quarantined-files.txt 2008-12-30 19:23:41

Pre-Run: 59,062,251,520 bytes free
Post-Run: 59,831,463,936 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

181 --- E O F --- 2008-12-26 21:53:51
Rjmccarl is offline  
Sponsored Links
Advertisement
 
Old 12-30-2008, 12:40 PM   #4
TSF Security Manager
Emeritus
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 52,197
OS: XP Pro; XP Home; Win7 x86 & x64



Please go to: VirusTotal
  • On the page you'll find a "Browse" button.
  • Next to the browse button you'll see a box to enter text.
  • Please copy/paste the following:

    c:\windows\system32\rjmauqyr.tmp

  • Then click the "Send File " button just below.
  • This will scan the file. Please be patient.
  • If you get a message saying File has already been analyzed: click Reanalyze file now
  • Once scanned, copy and paste the results in your next reply.
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of UNITE since 2006

Microsoft MVP Consumer Security 2009 - 2015
tetonbob is offline  
Old 12-30-2008, 02:49 PM   #5
Guest
 
Join Date: Dec 2008
Posts: 14
OS:



I have tried over and over to try and get the message to copy and paste into the text box with Virus tool.
I am not sure if i am doing incorrectly or not. Anytime I left click on it it brings up my files and when I right clcik there is no option to paste..

What could I be doing wrong?
Rjmccarl is offline  
Old 12-30-2008, 04:10 PM   #6
TSF Security Manager
Emeritus
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 52,197
OS: XP Pro; XP Home; Win7 x86 & x64



Hi -

I think things have changed a bit at VirusTotal.

Simply paste the entire file path into the File Upload box which opens, into the File Name area, and click on Open, then click Send File
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of UNITE since 2006

Microsoft MVP Consumer Security 2009 - 2015
tetonbob is offline  
Old 12-30-2008, 08:14 PM   #7
Guest
 
Join Date: Dec 2008
Posts: 14
OS:



File rjmauqyr.tmp received on 12.31.2008 04:10:57 (CET)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED


Result: 1/39 (2.57%)
Loading server information...
Your file is queued in position: 4.
Estimated start time is between 62 and 88 seconds.
Do not close the window until scan is complete.
The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.
If you are waiting for more than five minutes you have to resend your file.
Your file is being scanned by VirusTotal in this moment,
results will be shown as they're generated.
Compact Print results Your file has expired or does not exists.
Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.

You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished.
Email:


Antivirus Version Last Update Result
a-squared 4.0.0.73 2008.12.31 -
AhnLab-V3 2008.12.31.0 2008.12.30 -
AntiVir 7.9.0.45 2008.12.30 -
Authentium 5.1.0.4 2008.12.30 -
Avast 4.8.1281.0 2008.12.30 -
AVG 8.0.0.199 2008.12.30 -
BitDefender 7.2 2008.12.31 -
CAT-QuickHeal 10.00 2008.12.30 -
ClamAV 0.94.1 2008.12.30 -
Comodo 851 2008.12.31 -
DrWeb 4.44.0.09170 2008.12.31 -
eSafe 7.0.17.0 2008.12.30 -
eTrust-Vet 31.6.6284 2008.12.31 -
Ewido 4.0 2008.12.30 -
F-Prot 4.4.4.56 2008.12.30 -
F-Secure 8.0.14470.0 2008.12.31 Vundo.FBW
Fortinet 3.117.0.0 2008.12.31 -
GData 19 2008.12.31 -
Ikarus T3.1.1.45.0 2008.12.31 -
K7AntiVirus 7.10.571 2008.12.30 -
Kaspersky 7.0.0.125 2008.12.31 -
McAfee 5479 2008.12.30 -
McAfee+Artemis 5479 2008.12.30 -
Microsoft 1.4205 2008.12.31 -
NOD32 3724 2008.12.30 -
Norman 5.80.02 2008.12.30 -
Panda 9.0.0.4 2008.12.30 -
PCTools 4.4.2.0 2008.12.30 -
Prevx1 V2 2008.12.31 -
Rising 21.10.12.00 2008.12.30 -
SecureWeb-Gateway 6.7.6 2008.12.30 -
Sophos 4.37.0 2008.12.31 -
Sunbelt 3.2.1809.2 2008.12.22 -
Symantec 10 2008.12.31 -
TheHacker 6.3.1.4.202 2008.12.30 -
TrendMicro 8.700.0.1004 2008.12.31 -
VBA32 3.12.8.10 2008.12.30 -
ViRobot 2008.12.30.1540 2008.12.30 -
VirusBuster 4.5.11.0 2008.12.30 -
Additional information
File size: 1661209 bytes
MD5...: 54ad5d17ca9988d81ad34bdf94724343
SHA1..: 752aeca19f397f02dd4a626b5ec40776b0f6e836
SHA256: fc6ef67c1bb4c8218d5644432fb50865e12721695c275d11c970fd3331aeb07d
SHA512: d633a6ff33a918a16bea650d247cde7fcdd49f37b7db68c96f4aa6a87fcafaaa
76a4ee9b55c605f28d7fc33ebe1c8ddc46b81f809cf448f1f0a4634ff79c6d4f

ssdeep: 24576:rXyudiArDrK2WH+Splm00eMN2b90vrUrQSsqp:riudiArDrK2WH+Splmxv
rU7tp

PEiD..: -
TrID..: File type identification
Unknown!
PEInfo: -
Rjmccarl is offline  
Old 12-30-2008, 08:20 PM   #8
TSF Security Manager
Emeritus
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 52,197
OS: XP Pro; XP Home; Win7 x86 & x64



Good, that helps confirm what I suspected.

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

---------------------------------------------------------------------------------------------
  1. Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
  2. Open notepad and copy/paste the text in the quotebox below into it:

    Quote:
    https://www.techsupportforum.com/f100/runtime-dll-jscript-errors-328526.html#post1886884

    Folder::
    c:\Program Files\Ascentive
    c:\documents and settings\Ryan\Application Data\AVGTOOLBAR(2)
    c:\documents and settings\All Users\Application Data\Avg8(2)

    Registry::
    Trusted Zone: *.limewire
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=""

    Collect::
    c:\windows\system32\rjmauqyr.tmp
    c:\windows\system32\nvfbfjdm.tmp
    c:\windows\system32\ascbalon.dll
    c:\windows\system32\ConTest.dll
    c:\windows\system32\CreateLog.dll
    c:\windows\system32\SysRestore.dll
    c:\windows\Tasks\qzmjavwj.job


    Save this as CFScript.txt




    Referring to the picture above, drag CFScript.txt into ComboFix.exe


  3. Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  4. When finished, it shall produce a log for you. Post that log in your next reply

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


    When ComboFix finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture a file to submit for analysis.

    Ensure you are connected to the internet and click OK. A browser will open. Simply follow the instructions to copy/paste/send the requested file.

    If a browser does not open, ComboFix has generated a zipped file at C:\Qoobox\Quarantine\[4][email protected]_Time.zip
    Before proceeding to the next step, please submit this file to https://www.bleepingcomputer.com/subm....php?channel=4, and include a link to this topic.
  5. Ensure your AntiVirus and AntiSpyware applications are re-enabled.

    ---------------------------------------------------------------------------------------------

  6. P2P - I see you have P2P software ( LimeWire ) installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It may be contributing to your current situation. This page will give you further information.

    Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

    Please see this topic for more information:

    https://www.techsupportforum.com/f50/perils-of-p2p-file-sharing-305923.html

    I would strongly recommend that you uninstall this. You can do so via Control Panel >> Add or Remove Programs.

    ---------------------------------------------------------------------------------------------
  7. Please perform this online scan to help look for remnants

    Establish an internet connection & perform an online scan with Firefox or Internet Explorer at Kaspersky Online Scanner

    **Note**

    To optimize scanning time and produce a more sensible report for review:
    • Close any open programs
    • Turn off the real time scanner of any existing antivirus program while performing the online scan.

    Click Accept, when prompted to download and install the program files and database of malware definitions.
    • Click Run at the Security prompt.
    • The program will then begin downloading and installing and will also update the database.
    • Please be patient as this can take several minutes.
    • Once the update is complete, click on Settings. Uncheck Mail databases.
    • Next, click on My Computer under the green Scan bar to the left to start the scan.
    • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
    • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
    • Click View scan report at the bottom.
    • Click the Save Report As... button.
    • Click the Save as Text button to save the file to your desktop so that you may post it in your next reply.

    ---------------------------------------------------------------------------------------------

    Post logs from ComboFix and Kaspersky.

    How is the machine behaving?

__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of UNITE since 2006

Microsoft MVP Consumer Security 2009 - 2015
tetonbob is offline  
Old 12-31-2008, 11:11 AM   #9
Guest
 
Join Date: Dec 2008
Posts: 14
OS:



ComboFix 08-12-30.02 - Ryan 2008-12-31 13:15:42.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.696 [GMT -5:00]
Running from: c:\documents and settings\Ryan\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Ryan\My Documents\CFScript.txt
AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Updated)
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Avg8(2)
c:\documents and settings\All Users\Application Data\Avg8(2)\emc(2)\Log(2)\emc.log
c:\documents and settings\All Users\Application Data\Avg8(2)\Log(2)\avgcfg.log
c:\documents and settings\All Users\Application Data\Avg8(2)\Log(2)\avgcfg.log.lock
c:\documents and settings\All Users\Application Data\Avg8(2)\Log(2)\avgcore.log
c:\documents and settings\All Users\Application Data\Avg8(2)\Log(2)\avgcore.log.1
c:\documents and settings\All Users\Application Data\Avg8(2)\Log(2)\avgcore.log.lock
c:\documents and settings\All Users\Application Data\Avg8(2)\Log(2)\avgfrw.log
c:\documents and settings\All Users\Application Data\Avg8(2)\Log(2)\avgfrw.log.lock
c:\documents and settings\All Users\Application Data\Avg8(2)\Log(2)\avglng.log
c:\documents and settings\All Users\Application Data\Avg8(2)\Log(2)\avglng.log.lock
c:\documents and settings\All Users\Application Data\Avg8(2)\Log(2)\avgrs.log
c:\documents and settings\All Users\Application Data\Avg8(2)\Log(2)\avgrs.log.1
c:\documents and settings\All Users\Application Data\Avg8(2)\Log(2)\avgrs.log.lock
c:\documents and settings\All Users\Application Data\Avg8(2)\Log(2)\avgscan.log
c:\documents and settings\All Users\Application Data\Avg8(2)\Log(2)\avgscan.log.lock
c:\documents and settings\All Users\Application Data\Avg8(2)\Log(2)\avgsched.log
c:\documents and settings\All Users\Application Data\Avg8(2)\Log(2)\avgsched.log.lock
c:\documents and settings\All Users\Application Data\Avg8(2)\Log(2)\avgsrm.log
c:\documents and settings\All Users\Application Data\Avg8(2)\Log(2)\avgsrm.log.lock
c:\documents and settings\All Users\Application Data\Avg8(2)\Log(2)\avgui.log
c:\documents and settings\All Users\Application Data\Avg8(2)\Log(2)\avgui.log.lock
c:\documents and settings\All Users\Application Data\Avg8(2)\Log(2)\avgupd.log
c:\documents and settings\All Users\Application Data\Avg8(2)\Log(2)\avgupd.log.lock
c:\documents and settings\All Users\Application Data\Avg8(2)\Log(2)\avgwd.log
c:\documents and settings\All Users\Application Data\Avg8(2)\Log(2)\avgwd.log.lock
c:\documents and settings\All Users\Application Data\Avg8(2)\Log(2)\avgwdsvc.log
c:\documents and settings\All Users\Application Data\Avg8(2)\Log(2)\avgwdsvc.log.lock
c:\documents and settings\All Users\Application Data\Avg8(2)\Log(2)\avildr.log
c:\documents and settings\All Users\Application Data\Avg8(2)\Log(2)\commonpriv.log
c:\documents and settings\All Users\Application Data\Avg8(2)\Log(2)\commonpriv.log.lock
c:\documents and settings\All Users\Application Data\Avg8(2)\Log(2)\history.xml
c:\documents and settings\All Users\Application Data\Avg8(2)\scanlogs(2)\I_00000005.log
c:\documents and settings\All Users\Application Data\Avg8(2)\scanlogs(2)\srm.idx
c:\documents and settings\All Users\Application Data\Avg8(2)\update(2)\download(2)\avginfoavi.ctf
c:\documents and settings\All Users\Application Data\Avg8(2)\update(2)\download(2)\avginfowin.ctf
c:\documents and settings\All Users\Application Data\Avg8(2)\update(2)\download(2)\w8upd1998v.bin
c:\documents and settings\Ryan\Application Data\AVGTOOLBAR(2)
c:\documents and settings\Ryan\Application Data\AVGTOOLBAR(2)\avglinks.bmp
c:\documents and settings\Ryan\Application Data\AVGTOOLBAR(2)\avglogo.bmp
c:\documents and settings\Ryan\Application Data\AVGTOOLBAR(2)\avgstatus.bmp
c:\documents and settings\Ryan\Application Data\AVGTOOLBAR(2)\avgstatus_error.bmp
c:\documents and settings\Ryan\Application Data\AVGTOOLBAR(2)\brandlogo.bmp
c:\documents and settings\Ryan\Application Data\AVGTOOLBAR(2)\p_yahoo.bmp
c:\documents and settings\Ryan\Application Data\AVGTOOLBAR(2)\safesearch.bmp
c:\documents and settings\Ryan\Application Data\AVGTOOLBAR(2)\safesearch_off.bmp
c:\documents and settings\Ryan\Application Data\AVGTOOLBAR(2)\safesearch_on.bmp
c:\documents and settings\Ryan\Application Data\AVGTOOLBAR(2)\safesurf.bmp
c:\documents and settings\Ryan\Application Data\AVGTOOLBAR(2)\safesurf_off.bmp
c:\documents and settings\Ryan\Application Data\AVGTOOLBAR(2)\safesurf_on.bmp
c:\documents and settings\Ryan\Application Data\AVGTOOLBAR(2)\slider.bmp
c:\program files\Ascentive
c:\windows\system32\ascbalon.dll
c:\windows\system32\ConTest.dll
c:\windows\system32\CreateLog.dll
c:\windows\system32\nvfbfjdm.tmp
c:\windows\system32\rjmauqyr.tmp
c:\windows\system32\SysRestore.dll
c:\windows\Tasks\qzmjavwj.job

.
((((((((((((((((((((((((( Files Created from 2008-11-28 to 2008-12-31 )))))))))))))))))))))))))))))))
.

2008-12-30 16:23 . 2008-12-30 16:23 <DIR> d-------- c:\program files\VirusTotalUploader
2008-12-27 22:16 . 2008-12-27 22:16 250 --a------ c:\windows\gmer.ini
2008-12-27 17:31 . 2008-12-27 17:31 <DIR> d-------- c:\documents and settings\Ryan\Application Data\Malwarebytes
2008-12-27 17:31 . 2008-12-27 17:31 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-26 16:53 . 2008-12-26 16:53 <DIR> d-------- c:\windows\ie8updates
2008-12-26 16:51 . 2008-12-26 16:50 410,984 --a------ c:\windows\system32\deploytk.dll
2008-12-26 11:23 . 2008-12-26 11:23 4,128 --a------ C:\INFCACHE.1
2008-12-25 16:51 . 2008-12-25 16:51 <DIR> d--hs---- c:\documents and settings\Ryan\PrivacIE
2008-12-25 12:13 . 2008-12-25 12:14 <DIR> d--h-c--- c:\windows\ie8
2008-12-24 11:19 . 2008-12-24 11:19 <DIR> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2008-12-24 11:18 . 2008-12-27 18:03 <DIR> d-------- c:\program files\SUPERAntiSpyware
2008-12-24 11:18 . 2008-12-24 11:18 <DIR> d-------- c:\documents and settings\Ryan\Application Data\SUPERAntiSpyware.com
2008-12-23 20:02 . 2008-12-23 20:02 54,156 --ah----- c:\windows\QTFont.qfn
2008-12-23 20:02 . 2008-12-23 20:02 1,409 --a------ c:\windows\QTFont.for
2008-12-22 23:40 . 2008-12-23 20:16 <DIR> d-------- c:\documents and settings\All Users\Application Data\Avg8
2008-12-22 23:40 . 2008-12-22 23:40 <DIR> d--h----- C:\$AVG8.VAULT$
2008-12-22 23:26 . 2008-12-22 23:26 <DIR> d-------- c:\program files\Avira
2008-12-22 23:26 . 2008-12-22 23:26 <DIR> d-------- c:\documents and settings\All Users\Application Data\Avira
2008-12-08 21:46 . 2008-12-08 22:02 <DIR> d-------- c:\documents and settings\Ryan\Application Data\GetRightToGo
2008-11-27 12:35 . 2008-11-27 13:37 <DIR> d-------- c:\program files\TQ Digital
2008-11-17 11:16 . 2008-11-18 10:53 <DIR> d-------- c:\windows\SxsCaPendDel
2008-11-16 16:13 . 2008-12-23 20:27 <DIR> d-------- c:\program files\mypoints
2008-11-12 10:30 . 2008-10-24 06:21 455,296 --------- c:\windows\system32\dllcache\mrxsmb.sys
2008-11-12 10:29 . 2008-09-04 12:15 1,106,944 --------- c:\windows\system32\dllcache\msxml3.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-31 17:34 --------- d-----w c:\program files\Lexmark X1100 Series
2008-12-28 03:10 --------- d-----w c:\program files\Click'N Design 3D (V5)
2008-12-27 22:20 --------- d-----w c:\program files\Java
2008-12-27 22:18 --------- d-----w c:\program files\Coupons
2008-12-14 13:59 5,699,584 ----a-w c:\windows\system32\dllcache\mshtml.dll
2008-12-09 02:53 --------- d-----w c:\program files\WordPerfect Office 12
2008-11-25 21:31 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-15 23:36 --------- d-----w c:\program files\LimeWire
2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll
2008-10-23 12:36 286,720 ------w c:\windows\system32\dllcache\gdi32.dll
2008-10-16 20:38 133,120 ----a-w c:\windows\system32\dllcache\extmgr.dll
2008-10-16 19:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 19:13 202,776 ----a-w c:\windows\system32\dllcache\wuweb.dll
2008-10-16 19:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 19:13 1,809,944 ----a-w c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 19:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 19:12 561,688 ----a-w c:\windows\system32\dllcache\wuapi.dll
2008-10-16 19:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 19:12 323,608 ----a-w c:\windows\system32\dllcache\wucltui.dll
2008-10-16 19:09 92,696 ----a-w c:\windows\system32\dllcache\cdm.dll
2008-10-16 19:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 19:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 19:09 51,224 ----a-w c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 19:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 19:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 19:08 34,328 ----a-w c:\windows\system32\dllcache\wups.dll
2008-10-16 13:11 13,824 ------w c:\windows\system32\dllcache\ieudinit.exe
2008-10-15 16:34 337,408 ------w c:\windows\system32\dllcache\netapi32.dll
2008-10-03 10:02 247,326 ----a-w c:\windows\system32\strmdll.dll
2008-10-03 10:02 247,326 ----a-w c:\windows\system32\dllcache\strmdll.dll
2008-09-15 12:12 1,846,400 ----a-w c:\windows\system32\win32k.sys
2008-09-15 12:12 1,846,400 ----a-w c:\windows\system32\win32k(2)(2).sys
2008-09-15 12:12 1,846,400 ------w c:\windows\system32\dllcache\win32k.sys
2008-09-10 01:14 1,307,648 ------w c:\windows\system32\msxml6.dll
2008-09-10 01:14 1,307,648 ------w c:\windows\system32\dllcache\msxml6.dll
2008-09-08 10:41 333,824 ------w c:\windows\system32\dllcache\srv.sys
2008-09-04 17:15 1,106,944 ----a-w c:\windows\system32\msxml3.dll
2006-03-26 07:23 56 -csh--r c:\windows\system32\84236D92F5.sys
2006-03-26 07:23 3,350 -csha-w c:\windows\system32\KGyGaAvL.sys
2008-09-06 14:55 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008090620080907\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-14 68856]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 4670704]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-03 221184]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 53248]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"Lexmark X1100 Series"="c:\program files\Lexmark X1100 Series\lxbkbmgr.exe" [2003-08-19 57344]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-04-27 282624]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Elements 5.0\apdproxy.exe" [2006-12-22 67752]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]

c:\documents and settings\Ryan\Start Menu\Programs\Startup\
PowerReg Scheduler.exe [2008-09-15 256000]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 29696]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 288472]
ymetray.lnk - c:\program files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe [2008-02-05 54512]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.SP54"= SP5X_32.DLL
"VIDC.SP55"= SP5X_32.DLL
"VIDC.SP56"= SP5X_32.DLL
"VIDC.SP57"= SP5X_32.DLL
"VIDC.SP58"= SP5X_32.DLL

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\LEXPPS.EXE"=
"c:\\StubInstaller.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Yahoo! Music Jukebox\\YahooMusicEngine.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

R3 GPWADrv;Service for L6 GuitarPort Driver (WDM);c:\windows\system32\Drivers\GPWADrv.sys [2004-10-25 521472]
R3 L6DP;L6DP;c:\windows\system32\Drivers\l6dp.sys [2002-07-15 29312]
S2 Ca533av;Mega DV(Video);c:\windows\system32\Drivers\Ca533av.sys [2006-02-17 515803]
S3 MR97310_VGA_DUAL_CAMERA;VGA Dual-Mode Camera;c:\windows\system32\DRIVERS\mr97310v.sys [2006-07-18 99840]
S3 USBCamera;DSC Still Image Capture (CA533A);c:\windows\system32\Drivers\Bulk533.sys [2006-02-17 11144]
.
.
------- Supplementary Scan -------
.
Trusted Zone: *.limewire
Trusted Zone: *.line6.net
FF - ProfilePath - c:\documents and settings\Ryan\Application Data\Mozilla\Firefox\Profiles\3rm6t233.default\
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - plugin: c:\program files\Yahoo!\Shared\npYState.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, https://www.gmer.net
Rootkit scan 2008-12-31 13:18:29
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************
.
Completion time: 2008-12-31 13:20:50
ComboFix-quarantined-files.txt 2008-12-31 18:19:32
ComboFix2.txt 2008-12-30 19:24:35

Pre-Run: 59,747,753,984 bytes free
Post-Run: 59,809,574,912 bytes free

214 --- E O F --- 2008-12-26 21:53:51
Rjmccarl is offline  
Old 12-31-2008, 11:47 AM   #10
Guest
 
Join Date: Dec 2008
Posts: 14
OS:



Link to bleeping computer:

https://www.bleepingcomputer.com/subm....php?channel=4
Rjmccarl is offline  
Old 12-31-2008, 01:40 PM   #11
TSF Security Manager
Emeritus
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 52,197
OS: XP Pro; XP Home; Win7 x86 & x64



Thanks for uploading the file.

I'll be waiting on the results from Kaspersky online scan.
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of UNITE since 2006

Microsoft MVP Consumer Security 2009 - 2015
tetonbob is offline  
Old 12-31-2008, 02:32 PM   #12
Guest
 
Join Date: Dec 2008
Posts: 14
OS:



--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Wednesday, December 31, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Wednesday, December 31, 2008 16:30:36
Records in database: 1538967
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: no

Scan area - My Computer:
C:\
D:\

Scan statistics:
Files scanned: 71970
Threat name: 0
Infected objects: 0
Suspicious objects: 0
Duration of the scan: 02:15:18

No malware has been detected. The scan area is clean.

The selected area was scanned.
Rjmccarl is offline  
Old 12-31-2008, 03:11 PM   #13
TSF Security Manager
Emeritus
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 52,197
OS: XP Pro; XP Home; Win7 x86 & x64



Your logs appear clean.You should be good to go. We still have a few items to address.

Go to -> Run -> copy/paste in the following single line command & click OK

combofix /u



This will uninstall ComboFix. It will also implement some cleanup procedures and reset System Restore points.

Now that your system is clean, to help protect your computer in the future I recommend that you follow these steps and look into the following free programs:
  • Microsoft Windows Update - https://www.windowsupdate.com
    Visit regularly. This will ensure your computer always has the latest security updates. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

  • SpywareBlaster to help prevent spyware from installing in the first place.
    • Install & update SpywareBlaster with the latest definitions.
      After you have updated, click the button - enable protection for all unprotected items
  • McAfee Site Advisor--free version. The folks there check out websites and based on their findings, rate it as Safe, Unknown, Caution, or Bad.
  • Winpatrol

    Winpatrol is heuristic protection program, meaning it looks for patterns in codes that work like malware. It also takes a snapshot of your system's critical resources and alerts you to any changes that may occur without you knowing. You can read more about Winpatrol's features here.

    You can get a free copy of Winpatrol or use the Plus version for more features.

    You can read Winpatrol's FAQ if you run into problems.

  • MVPS HOST FILE
    The MVPS Hosts file replaces your current HOSTS file with one that will restrict known ad sites form serving you unsolicited advertisements. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is the IP of your local computer.
    • Download Host.zip to your desktop.
    • From your Desktop right-click (hosts.zip) and select:
      Extract All from the menu.
    • Click Next, click Next, select the option:
      "Show Extracted files", click Finish
    • This will open the newly created hosts folder on your Desktop.
    • Double-click on the included mvps.bat file, this will rename the existing HOSTS file to HOSTS.MVP, then it will copy the included updated HOSTS file to the correct location on your machine.
    • Once updated you should see another prompt that the task was completed.
  • ANTIVIRUS SOFTWARE
    It is very important that you have anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future. It is imperative that you update your antivirus software at least once a week (even more if you wish). If you do not update your antivirus software then it will not be able to catch new malware that may have come out.

    Do not install more than one AntiVirus program because they will conflict with each other.

  • Scan here https://secunia.com/software_inspector/ for out of date & vulnerable common applications on your computer

  • https://www.trillian.cc ? Trillian or https://www.miranda-im.com ? Miranda-IM - These are Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN)

  • https://www.aumha.org/downloads/erunt-setup.exe - ERUNT - A useful freeware utility for users of Windows 2000/XP//Vista. It's made up of two parts - ERUNT & NTREGOPT.

    ERUNT will create daily complete backups of your computer's Registry. Whilst System Restore does the same thing, a corrupt registry file may prevent Windows from booting & this effectively renders disables System Restore. With ERUNT, you're able to restore the damaged Registry.

    NTREGOPT works by recreating each registry hive "from scratch", thus removing any slack space that may be left from previously modified or deleted keys. In other words, it compacts the Registry to a small size which allows Windows to load & perform faster.


In light of your recent troubles, I'm sure you'll like to avoid any future infections. Please take a look at these well written articles
If you want to fight back the Malware Writers that have made your life a misery, please take a look here and read what you can do against it.

Please respond to this thread one more time so we can mark this thread as resolved.
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of UNITE since 2006

Microsoft MVP Consumer Security 2009 - 2015
tetonbob is offline  
Old 12-31-2008, 06:37 PM   #14
Guest
 
Join Date: Dec 2008
Posts: 14
OS:



Well everything seems to be running better as in that I am no longer getting a module error on start and I ma no longer getting pop ups but I am still recieving the runtime error message. It is asking me if I would like to debug. If I click no it goes away but when I click yes it bring up a page of stuff I have no idea how to comprehend.
Now each time that it brings up the runtime error messge the code is differnt here is an example:
Quote:
Line: 260
Error: 'win.gadgets.IFPC_' is null or not an object
It seems to only happen on pages that have alot of graphics, so I am thinking that it has to do with that and not a virus but because I am computer illiterate I can't really say.
I tried to do a screen grab so you could see the error box but I can only do that with Firefox and the error doesn't appear when I am under Firefox..it only appears with IE. Could my Internet Explorer be the problem?
Rjmccarl is offline  
Old 12-31-2008, 08:08 PM   #15
TSF Security Manager
Emeritus
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 52,197
OS: XP Pro; XP Home; Win7 x86 & x64



Something on those pages you're visiting (myspace?) doesn't agree with your IE. Perhaps those pages are not happy with the version of Java you're using. It could also have to do with the version of the Microsoft .NET Framework you're running, which is not the most recent. It might also have to do with the Beta version of IE8 you're running

Windows Internet Explorer 8 Beta 2

Beta software, by definition, is not ready for release, and often prone to bugs and issues with other applications.

Those are some things to think about.

This does not appear to be malware related, and is out of my area of knowledge. I'd suggest you take it up with the folks in the Internet Explorer or Windows XP sections of the forums.

Best wishes for a new year.
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of UNITE since 2006

Microsoft MVP Consumer Security 2009 - 2015
tetonbob is offline  
Old 12-31-2008, 09:07 PM   #16
Guest
 
Join Date: Dec 2008
Posts: 14
OS:



Okay, I was told to check Java before. And yes it was myspace that had the runtime error as well as another site I visit.

I really appreciate your help and am thankful that I can atleast rest for now knowing the virus is gone. I will continue to check the above mentioned sites.

Thank you again!!!!
Rjmccarl is offline  
Old 12-31-2008, 09:10 PM   #17
TSF Security Manager
Emeritus
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 52,197
OS: XP Pro; XP Home; Win7 x86 & x64



Glad to have helped.

Surf Safely, and Think Prevention!

Since this issue is resolved, this topic will be archived.

__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of UNITE since 2006

Microsoft MVP Consumer Security 2009 - 2015
tetonbob is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 06:33 AM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts