[Resolved] ScriptInocUI Class
#31
Posted 21 November 2009 - 10:54 AM
Register to Remove
#32
Posted 21 November 2009 - 12:29 PM
------------------------------------------------------------
Microsoft MVP 2010-2014
#33
Posted 21 November 2009 - 05:19 PM
#34
Posted 21 November 2009 - 10:11 PM
Download ComboFix from one of these locations:
Link 1
Link 2
Link 3
* IMPORTANT !!! Save ComboFix.exe to your Desktop
- Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link --> http://forums.whatth...ams_t96260.html
- Double click on ComboFix.exe & follow the prompts.
- As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
- Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
4. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
5. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
------------------------------------------------------------
Microsoft MVP 2010-2014
#35
Posted 22 November 2009 - 10:17 PM
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.174 [GMT -6:00]
Running from: c:\documents and settings\Marty Sellers\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
((((((((((((((((((((((((( Files Created from 2009-10-23 to 2009-11-23 )))))))))))))))))))))))))))))))
.
2009-11-19 02:16 . 2009-11-19 02:16 -------- d-----w- C:\_OTM
2009-11-18 01:32 . 2009-11-18 01:32 -------- d-----w- C:\Rooter$
2009-11-14 19:08 . 2009-11-14 19:08 -------- d-----w- c:\program files\ERUNT
2009-11-09 22:25 . 2009-11-09 22:25 -------- d-----w- c:\documents and settings\Marty Sellers\Application Data\AVG8
2009-11-04 02:03 . 2009-11-04 02:03 152576 ----a-w- c:\documents and settings\Marty Sellers\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-10-28 00:35 . 2009-10-28 00:35 45056 ----a-w- c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\$Staging\sysfiles\kb945060\kb945060.exe
2009-10-28 00:34 . 2009-10-28 00:34 225280 ----a-w- c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\$Staging\wtf\start.exe
2009-10-28 00:33 . 2009-10-28 00:33 114688 ----a-w- c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\$Registration\KodakCameraAPI_8.0.30.1.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-21 16:46 . 2008-07-25 23:00 -------- d-----w- c:\program files\AVG
2009-11-21 16:44 . 2008-07-25 23:00 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-11-18 01:22 . 2005-12-02 05:32 -------- d-----w- c:\program files\Java
2009-11-07 03:14 . 2005-12-25 05:41 -------- d-----w- c:\program files\Common Files\Adobe
2009-10-11 10:17 . 2009-02-04 02:30 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-09-11 14:18 . 2004-08-10 18:51 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:03 . 2004-08-10 18:51 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 15:50 . 2005-12-02 05:37 348160 ----a-w- c:\windows\system32\msvcr71.dll
2009-08-29 08:08 . 2004-08-10 18:51 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-26 08:00 . 2004-08-10 18:51 247326 ----a-w- c:\windows\system32\strmdll.dll
2008-10-29 22:29 . 2006-05-02 01:15 56 --sh--r- c:\windows\system32\80F1DC0D35.sys
2008-10-29 22:29 . 2006-05-02 01:15 1682 --sha-w- c:\windows\system32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200]
[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-09-02 16:58 1107200 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"Creative Detector"="c:\program files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-03 102400]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-15 1404928]
"IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-04 221184]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2005-12-02 98304]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"MMTray"="c:\program files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [2005-09-09 110592]
"PaperPort PTD"="c:\progra~1\vision~1\paperp~1\pptd40nt.exe" [1999-04-13 29184]
"PP3100b"="c:\windows\twain_32\paprport\3100b\flatbed.exe" [1999-04-21 34304]
"MimBoot"="c:\progra~1\MUSICM~1\MUSICM~3\mimboot.exe" [2005-09-09 8192]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"SSP Notifier"="c:\program files\Fisher-Price\FP3 Player\sspnotifier.exe" [2006-04-13 20480]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"ISW.exe"="c:\program files\AT&T\Internet Security Wizard\ISW.exe" [2007-05-03 2061816]
"HelpCenter4.1"="c:\program files\FastAccessDSL\HelpCenter43\bin\sprtcmd.exe" [2007-04-13 198184]
"FastAccess Help"="c:\program files\BellSouth Application Management\content\..\Start.exe" [2007-10-03 108421]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-11-03 2028312]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-15 49152]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-08-29 198160]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
c:\documents and settings\Marty Sellers\Start Menu\Programs\Startup\
Webshots.lnk - c:\program files\Webshots\Launcher.exe [2006-9-8 45056]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
dlbcserv.lnk - c:\program files\Dell Photo Printer 720\dlbcserv.exe [2005-12-24 315392]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2003-6-25 614531]
KODAK Software Updater.lnk - c:\program files\Kodak\KODAK Software Updater\7288971\6.1.4.37-7288971L\Program\runner.exe [2003-6-8 16432]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2004-11-11 806912]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-22 20:01 11952 ----a-w- c:\windows\system32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\WINDOWS\\system32\\LEXPPS.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\att-nap\\McciBrowser.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\StubInstaller.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [7/25/2008 5:00 PM 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [7/25/2008 5:00 PM 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [7/25/2008 5:00 PM 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [7/25/2008 5:00 PM 297752]
--- Other Services/Drivers In Memory ---
*Deregistered* - ppsio2
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.weather.com/outlook/travel/businesstraveler/local/38834?lswe=38834&lwsa=WeatherLocalUndeclared&from=whatwhere
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search/msie?p={searchTerms}&ei=UTF-8
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = hxxp://www.dell4me.com/myway
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Webshots Photo Search - c:\program files\Webshots\WSToolbar4IE.dll/MENUSEARCH.HTM
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
Trusted Zone: taxactonline.com\www
Trusted Zone: musicmatch.com\online
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-Picasa Media Detector - c:\program files\Picasa2\PicasaMediaDetector.exe
AddRemove-Dell Game Console - c:\program files\WildTangent\Apps\Dell Game Console\Uninstall.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-22 22:05
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(2448)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-11-22 22:13
ComboFix-quarantined-files.txt 2009-11-23 04:13
Pre-Run: 57,088,315,392 bytes free
Post-Run: 57,547,825,152 bytes free
- - End Of File - - 2E43F82FB087A79B7D8800A8469E086A
#36
Posted 23 November 2009 - 11:36 AM
------------------------------------------------------------
Microsoft MVP 2010-2014
#37
Posted 23 November 2009 - 07:21 PM
#38
Posted 23 November 2009 - 09:38 PM
Apparently the last registry error you got is not uncommon on for AVG. They have made a utility that is supposed to fix this. Please download and run it and see if it helps. "Reset_Access” utility
------------------------------------------------------------
Microsoft MVP 2010-2014
#39
Posted 24 November 2009 - 05:52 AM
#40
Posted 24 November 2009 - 11:05 AM
Awesome.
Log looks good
Time for some housekeeping
- Click START then RUN
- Now type Combofix /Uninstall in the runbox and click OK
- Note the space between the X and the U, it needs to be there.
- Implement some cleanup procedures.
- Reset System Restore.
Please re-enable any security that was disabled.
Cleanup
- Double click on OTM to run it.
- Click on CleanUp!
- When done, you will be prompted to restart your computer. Please restart your computer.
The following is my standard advice for the future. Use what you can and pat yourself on the back for what you're already doing.
Please take time to read Preventing Malware - Tools and Practices for Safe Computing. Very important information for your consideration is contained therein.
I would also suggest you read this:
So how did I get infected in the first place?
by Tony Klein
Also: "How to prevent malware"
by miekiemoes
Please respond back that you understand the above and let me know if you have any questions. Otherwise, this thread will be closed Resolved.
------------------------------------------------------------
Microsoft MVP 2010-2014
Register to Remove
#41
Posted 29 November 2009 - 07:21 PM
------------------------------------------------------------
Microsoft MVP 2010-2014
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users