WiredWX Hobby Weather ToolsLog in

 


Same 6 "bugs" on antispyware, slow computer, compu

3 posters

descriptionSame 6 "bugs" on antispyware, slow computer, compu - Page 2 EmptyRe: Same 6 "bugs" on antispyware, slow computer, compu

more_horiz
ComboFix 09-05-16.05 - Crystal 05/17/2009 12:57.6 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.1.1252.1.1033.18.255.70 [GMT -4:00]
Running from: c:\documents and settings\Crystal\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Crystal\Desktop\CFScript.txt
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Viewpoint
c:\program files\Viewpoint\Viewpoint Experience Technology\HostRegistry.ini
c:\program files\Viewpoint\Viewpoint Media Player\ComponentMgr_0306003B.dll
c:\program files\Viewpoint\Viewpoint Media Player\ComponentRegistry.ini
c:\program files\Viewpoint\Viewpoint Media Player\Components\AOLUserShell.dll
c:\program files\Viewpoint\Viewpoint Media Player\Components\JpegReader.dll
c:\program files\Viewpoint\Viewpoint Media Player\Components\SceneComponent.dll
c:\program files\Viewpoint\Viewpoint Media Player\Components\SreeDMMX.dll
c:\program files\Viewpoint\Viewpoint Media Player\DownLoadHist.ini
c:\program files\Viewpoint\Viewpoint Media Player\HostRegistry.ini
c:\program files\Viewpoint\Viewpoint Media Player\MetaStreamConfig.ini
c:\program files\Viewpoint\Viewpoint Media Player\MetaStreamID.ini
c:\program files\Viewpoint\Viewpoint Media Player\UserShell\AOL9Plus\AOLTheme_InfiniteFlow79.mtx
c:\program files\Viewpoint\Viewpoint Media Player\UserShell\AOL9Plus\FLFBootStrap.mtx

.
((((((((((((((((((((((((( Files Created from 2009-04-17 to 2009-05-17 )))))))))))))))))))))))))))))))
.

2009-05-17 01:35 . 2008-12-11 12:38 159600 ----a-w c:\windows\system32\drivers\pctgntdi.sys
2009-05-17 01:34 . 2009-05-17 01:59 130936 ----a-w c:\windows\system32\drivers\PCTCore.sys
2009-05-17 01:34 . 2008-12-18 16:16 73840 ----a-w c:\windows\system32\drivers\PCTAppEvent.sys
2009-05-17 01:34 . 2009-05-17 01:36 -------- d-----w c:\program files\Common Files\PC Tools
2009-05-17 01:34 . 2008-12-10 16:36 64392 ----a-w c:\windows\system32\drivers\pctplsg.sys
2009-05-17 01:34 . 2009-05-17 01:34 -------- d-----w c:\documents and settings\All Users\Application Data\PC Tools
2009-05-17 01:34 . 2009-05-17 01:34 -------- d-----w c:\documents and settings\Crystal\Application Data\PC Tools
2009-05-17 01:34 . 2009-05-17 02:42 -------- d-----w c:\program files\Spyware Doctor
2009-05-17 00:44 . 2009-05-17 00:44 -------- d-----w c:\documents and settings\Crystal\Application Data\Malwarebytes
2009-05-17 00:44 . 2009-04-06 19:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-05-17 00:44 . 2009-04-06 19:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-17 00:44 . 2009-05-17 00:44 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-05-17 00:44 . 2009-05-17 00:44 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-05-07 03:46 . 2009-05-07 03:46 -------- d-----w c:\windows\Cache
2009-05-07 03:46 . 2009-05-07 03:53 -------- d-----w c:\program files\Coupons
2009-05-04 16:09 . 2009-05-07 17:40 -------- d-----w C:\ASTROLOG

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-09 03:25 . 2009-02-20 02:47 -------- d-----w c:\program files\AOL 9.1
2009-04-08 05:14 . 2009-04-08 05:14 -------- d-----w c:\program files\Trend Micro
2009-04-07 17:01 . 2009-02-10 19:03 -------- d-----w c:\program files\KJClipper
2009-04-07 16:59 . 2009-02-20 02:47 -------- d-----w c:\program files\Common Files\aol
2009-03-12 08:04 . 2008-01-24 07:02 8224 ----a-w c:\documents and settings\Crystal\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Reminder"="c:\program files\Microsoft Money\System\reminder.exe" [1998-07-25 36352]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-06-01 94208]
"EasyLinkAdvisor"="c:\program files\Linksys EasyLink Advisor\LinksysAgent.exe" [2006-10-30 392832]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-12-09 1809648]
"AOL Fast Start"="c:\program files\AOL 9.1\AOL.EXE" [2008-06-03 50528]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MMTray"="c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe" [2004-07-29 131072]
"MCAgentExe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2002-09-07 192512]
"MCUpdateExe"="c:\progra~1\McAfee.com\Agent\mcupdate.exe" [2002-09-04 151552]
"VirusScan Online"="c:\progra~1\mcafee.com\vso\mcvsshld.exe" [2002-10-04 139264]
"Microsoft Works Update Detection"="c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2001-08-17 28738]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-13 155648]
"WorksFUD"="c:\program files\Microsoft Works\wkfud.exe" [2001-10-06 24576]
"Microsoft Works Portfolio"="c:\program files\Microsoft Works\WksSb.exe" [2001-08-23 331830]
"mmtask"="c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe" [2004-07-29 53248]
"diagent"="c:\program files\Creative\SBLive\Diagnostics\diagent.exe" [2002-04-03 135264]
"AVG7_CC"="c:\progra~1\Grisoft\AVG7\avgcc.exe" [2008-10-17 590848]
"HostManager"="c:\program files\Common Files\AOL\1235098084\ee\AOLSoftware.exe" [2007-05-25 42032]
"ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [2008-12-08 1173384]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="c:\progra~1\Grisoft\AVG7\avgw.exe" [2008-02-13 219136]

c:\documents and settings\Crystal\Start Menu\Programs\Startup\
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-12-15 384000]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-09-02 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-09 08:38 352256 ----a-w c:\program files\SUPERAntiSpyware\SASWINLO.DLL

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2/29/2008 7:03 PM 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2/29/2008 7:03 PM 55024]
R3 NaiFiltr;NaiFiltr;c:\windows\system32\drivers\NaiFiltr.sys [1/22/2008 6:33 PM 23296]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2/16/2006 7:51 PM 4096]
S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [5/16/2009 9:34 PM 130936]

--- Other Services/Drivers In Memory ---

*Deregistered* - mchInjDrv
*Deregistered* - Netman
*Deregistered* - Nla
*Deregistered* - PolicyAgent
*Deregistered* - ProtectedStorage
*Deregistered* - RasAuto
*Deregistered* - RasMan
*Deregistered* - RpcSs
*Deregistered* - SamSs
*Deregistered* - Schedule
*Deregistered* - sdAuxService
*Deregistered* - sdCoreService
*Deregistered* - seclogon
*Deregistered* - SENS
*Deregistered* - SharedAccess
*Deregistered* - ShellHWDetection
*Deregistered* - Spooler
*Deregistered* - srservice
*Deregistered* - SSDPSRV
*Deregistered* - stisvc
*Deregistered* - TapiSrv
*Deregistered* - TermService
*Deregistered* - Themes
*Deregistered* - TrkWks
*Deregistered* - UMWdf
*Deregistered* - uploadmgr
*Deregistered* - upnphost
*Deregistered* - W32Time
*Deregistered* - WebClient
*Deregistered* - winmgmt
*Deregistered* - WMDM PMSP Service
*Deregistered* - wuauserv
*Deregistered* - WZCSVC
.
Contents of the 'Scheduled Tasks' folder

2008-09-29 c:\windows\Tasks\FRU Task 2002-12-03 04:38ewlett-Packard2002-12-03 04:38p psc 1200 series84887B468ABA3F57D76752217D5938688025EB21201207759.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2002-12-03 04:38]

2009-05-17 c:\windows\Tasks\McAfee.com Update Check (CMYSTIC-Crystal).job
- c:\progra~1\McAfee.com\Agent\mcupdate.exe [2008-01-22 18:28]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.myspace.com/
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = 127.0.0.1
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
Trusted Zone: aol.com\free
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath -
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-17 13:15
Windows 5.1.2600 Service Pack 1 NTFS

detected NTDLL code modification:
ZwClose

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(696)
c:\windows\System32\ODBC32.dll
c:\program files\SUPERAntiSpyware\SASWINLO.DLL

- - - - - - - > 'lsass.exe'(752)
c:\windows\System32\dssenh.dll

- - - - - - - > 'explorer.exe'(2316)
c:\program files\Spyware Doctor\pctgmhk.dll
c:\program files\Common Files\Ahead\Lib\NeroSearchBar.dll
c:\program files\Common Files\Ahead\Lib\NeroSearchTrayHook.dll
c:\program files\Common Files\Ahead\Lib\MFC71U.DLL
c:\program files\Common Files\Ahead\Lib\BCGCBPRO800u.dll
c:\windows\System32\ODBC32.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\aol\acs\AOLacsd.exe
c:\progra~1\Grisoft\AVG7\avgamsvr.exe
c:\progra~1\Grisoft\AVG7\avgupsvc.exe
c:\progra~1\Grisoft\AVG7\avgemc.exe
c:\windows\system32\bgsvcgen.exe
c:\windows\system32\CTsvcCDA.EXE
c:\progra~1\McAfee.com\VSO\mcvsrte.exe
c:\program files\Spyware Doctor\pctsAuxs.exe
c:\program files\Spyware Doctor\pctsSvc.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\MsPMSPSv.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\program files\AOL 9.1\waol.exe
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
c:\program files\AOL 9.1\shellmon.exe
.
**************************************************************************
.
Completion time: 2009-05-17 13:24 - machine was rebooted
ComboFix-quarantined-files.txt 2009-05-17 17:24
ComboFix2.txt 2009-05-17 14:38

Pre-Run: 48,586,317,824 bytes free
Post-Run: 48,881,545,216 bytes free

193

descriptionSame 6 "bugs" on antispyware, slow computer, compu - Page 2 EmptyRe: Same 6 "bugs" on antispyware, slow computer, compu

more_horiz
Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /u

Same 6 "bugs" on antispyware, slow computer, compu - Page 2 CF_Cleanup

This will also reset your restore points.

How is the machine running now?

descriptionSame 6 "bugs" on antispyware, slow computer, compu - Page 2 EmptyRe: Same 6 "bugs" on antispyware, slow computer, compu

more_horiz
sorry for the delay in replying... a day or so after this message things were pretty much going fine. but within the past few days I have begun noticing a few more things...


- the internet has been crashing more

- have had quite a few "Runtime Error" messages pop up then close whatever browser I'm on... very frustrating...

- certain pages of websites I visit frequently are having errors on them, even after cleaning out my internet files and running antispyware

- whenever I run Super Anti Spyware there are 0 issues found and this has been happening for almost a week, (even after much surfing on the net, which usually entails at least a few minor bugs on the spyware, if all was feeling smooth on the computer I wouldn't be so worried, lol)

I feel like there maybe another bug to tackle... please help again!

descriptionSame 6 "bugs" on antispyware, slow computer, compu - Page 2 EmptyRe: Same 6 "bugs" on antispyware, slow computer, compu

more_horiz
Can you run a malwarebytes scan and post teh log back here.

descriptionSame 6 "bugs" on antispyware, slow computer, compu - Page 2 EmptyRe: Same 6 "bugs" on antispyware, slow computer, compu

more_horiz
Malwarebytes' Anti-Malware 1.36
Database version: 2143
Windows 5.1.2600 Service Pack 1

5/28/2009 2:58:14 AM
mbam-log-2009-05-28 (02-58-14).txt

Scan type: Quick Scan
Objects scanned: 88339
Time elapsed: 10 minute(s), 53 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

descriptionSame 6 "bugs" on antispyware, slow computer, compu - Page 2 EmptyRe: Same 6 "bugs" on antispyware, slow computer, compu

more_horiz
Hello.
The runtime error is sometimes caused by the machine not having the VB6 runetime package installed.
More likely the problem is that you only have SP1 installed, not the latest which is SP3.
http://www.microsoft.com/DownLoads/details.aspx?FamilyID=5b33b5a8-5e76-401f-be08-1e1555d4f3d4&displaylang=en

After downloading and installing SP3 (should take about 30-40mins by my experience), if you still get errors, download the VB6 installer.
You can download that here:
http://www.microsoft.com/Downloads/details.aspx?FamilyID=bf9a24f9-b5c5-48f4-8edd-cdf2d29a79d5&displaylang=en

Download and run it, it shouldn't take more than 1 minute.

Let me know if you still get errors after installing it.

descriptionSame 6 "bugs" on antispyware, slow computer, compu - Page 2 EmptyRe: Same 6 "bugs" on antispyware, slow computer, compu

more_horiz
Would this still be the case if I just started getting these messages? I remember one of Runtime error messages said something at the top about C++++.

And if I have SP1, I'm wondering why the messages didn't pop up earlier, why now? just curious. (the messages havent popped up for a few days, seemed to happen a few times and stop)

also I'm wondering about the spyware not picking up anything after extensive surfing on the net... 99.9% of the time it will at least find adware, etc... is there anyway to check if this is working correctly?

things just seem different and I'm hoping its all ok... thank you again for all of your help!!!

descriptionSame 6 "bugs" on antispyware, slow computer, compu - Page 2 EmptyRe: Same 6 "bugs" on antispyware, slow computer, compu

more_horiz
Hello.
There's no real explanation why the error comes and goes, when it comes to technology, anything can happen.

You seem to have this backwards, finding nothing is good, means there's no malware on your machine. That's why I want you to update to SP3, SP1 has many holes the malware can (ab)use.

descriptionSame 6 "bugs" on antispyware, slow computer, compu - Page 2 EmptyRe: Same 6 "bugs" on antispyware, slow computer, compu

more_horiz
privacy_tip Permissions in this forum:
You cannot reply to topics in this forum