Dred

It has been about three weeks since my last post and I've had no reply. Does this mean that everyone is all out of ideas?? If so please let me know so that I can move on to another site and hopefully get help elsewhere. Thanks.

I don't think i'm running in safe mode. The resolution is the same as it ever was. Graphics wise everything looks ok. The things that are different are, the blue bar that pops up at the bottom with tabs on for the different programs is now grey. The minimise/maximise and close icons in the top right corner are all grey as opposed to the close button being red usually. And the start menu that you normally use to find and open programs is grey. As I said before, classic mode. The only reason I have to believe it might be in safe mode is the message I got when trying to remove MSN messenger from my PC. I was attempting to remove it because it automatically tries to sign in whenever my PC is restarted and as combofix restarts the PC a few times I didn't want MSN interfering with combofix. This is the message I got when trying to remove it using add/remove programs... The windows Installer service could not be accessed. This can occur if you are running windows in safe mode, or if the windows installer is not correctly installed. Contact your support personnel for assistance. If anyone knows a test that would determine for sure wether or not i'm in safe mode, please tell me what to do and i'll do it. Also I have tried to rename malwarebytes to the name given to me by Muppet Rebecca but it still doesn't work. I have removed it completely and re-installed it. I even updated it using my laptop and tried again to run it but get the same message everytime. This is the message... Run-time error '372': Failed to load control 'vbalGrid' from vbalsgrid6.ocx. Your version of vbalsgrid.ocx may be outdated. Make sure you are using the version of the control that was provided with your application. I noticed that there is a file in the Malwarebytes folder named vbalsgrid6.ocx and the description beneath it said that it was Active X control. I am not sure if that helps anyone. I have tried to be as specific as I can but if you need to know anything else at all just ask. Help me to help you help me...;)

Ok first of all i'd like to point out the fact that combofix isn't on my desktop it is on my external hard drive. Secondly I think my pc is running in safe mode as it wouldn't let me delete MSN and the message it displayed said so. And finally I tried to go ahead and do what you said anyway. So I copied the text into notepad and saved it onto the external HDD from the laptop. Then I plugged the HDD into the PC and tried to drag it on to the combofix logo as you said and nothing happened. It wouldn't even let me drag anything. As I have said before I cannot copy and paste or drag or move any files!!!

Hello again. I hope you all had a great Christmas and New Year. I had another go at fixing the pc after a break from it. These things really stress me out. So here's what I did... I downloaded combofix onto the external hard drive using the laptop and transfered it onto the pc. Before installing it I tried to install the recovery thing which was a pain. I'm not sure what I was doing wrong but I just couldn't get it onto the pc desktop. In the end I had to put it onto 6 floppies. Following this I couldn't install it. Gave up on that and thought I'd try combofix anyway to see what would happen. It warned me about the recovery thing and prompted me to download and install. Tried and failed as it still isn't recognising an active internet connection. Continued anyway and combofix went to work. In the end I had a log which I saved to my external harddrive. This is it... ComboFix 10-01-02.05 - Fred 03/01/2010 18:44:48.1.2 - x86 Running from: L:\ComboFix.exe * Resident AV is active WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Fred\Favorites\Online Security Test.url C:\install.exe c:\windows\system32\SIntf16.dll L:\Autorun.inf c:\windows\system32\eventlog.dll . . . is infected!! . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED} ((((((((((((((((((((((((( Files Created from 2009-12-03 to 2010-01-03 ))))))))))))))))))))))))))))))) . No new files created in this timespan . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-01-03 19:12 . 2004-10-12 14:14 13440 ----a-w- c:\windows\system32\drivers\USBCRFT.SYS 2010-01-03 17:41 . 2009-12-01 19:55 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-01-03 16:13 . 2009-09-19 17:09 0 ----a-r- c:\windows\win32k.sys 2009-12-01 19:55 . 2009-12-01 19:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-10-13 19:40 . 2005-03-05 21:18 32596 ----a-w- c:\documents and settings\Jenny\Application Data\wklnhst.dat 2005-07-07 13:56 . 2005-07-07 13:55 3130340 ----a-w- c:\program files\DCPlusPlus-0.674.exe 2005-06-05 17:28 . 2005-06-05 17:28 19846914 ----a-w- c:\program files\71.89_win2kxp_english.exe 2005-05-01 11:30 . 2005-05-01 11:30 3365344 ----a-w- c:\program files\PartyPokerSetup.exe 2005-04-09 11:51 . 2005-04-09 11:51 823296 ----a-w- c:\program files\winmx353.exe 2003-08-28 04:19 . 2004-10-02 03:05 36963 ----a-r- c:\program files\Common Files\SM1updtr.dll 2005-03-05 18:05 . 2005-03-05 18:05 0 --sha-w- c:\windows\SMINST\HPCD.sys . ------- Sigcheck ------- Cryptography Services Error !! c:\windows\System32\eventlog.dll ... is missing !! . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "High Definition Audio Property Page Shortcut"="HDAudPropShortcut.exe" [2004-03-17 61952] "Dit"="Dit.exe" [2004-04-02 86016] "AGRSMMSG"="AGRSMMSG.exe" [2005-03-04 88209] "CHotkey"="mHotkey.exe" [2004-02-24 508416] "ledpointer"="CNYHKey.exe" [2004-02-03 5794816] "Lexmark X1100 Series"="c:\program files\Lexmark X1100 Series\lxbkbmgr.exe" [2003-08-19 57344] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-12-10 7311360] "nwiz"="nwiz.exe" [2005-12-10 1519616] "WatchDog"="c:\program files\mobile PhoneTools\WatchDog.exe" [2004-08-14 36864] "WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2006-10-01 255552] "mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-07-09 645328] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648] "McENUI"="c:\progra~1\McAfee\MHN\McENUI.exe" [2009-07-07 1176808] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-09-01 282624] "Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 57344] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Valve\\Steam\\Steam.exe"= "c:\\WINDOWS\\system32\\LEXPPS.EXE"= "c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= "c:\\Program Files\\uTorrent\\utorrent.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\McAfee\\MBK\\McAfeeDataBackup.exe"= "c:\\Program Files\\mswt kart\\MSWorldTour.exe"= "c:\\Program Files\\TmNationsForever\\TmForever.exe"= "c:\\Program Files\\TrackMania United\\TmUnited.exe"= "c:\\Program Files\\TmUnitedForever\\TmForever.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "c:\\Program Files\\TrackMania Sunrise\\TmSunrise.exe"= "c:\\WINDOWS\\system32\\dplaysvr.exe"= "c:\\Program Files\\MiniRacingOnline\\MiniRacingOnLine.exe"= "c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 R3 iMSPQMn;iMSPQMn;c:\docume~1\Fred\LOCALS~1\Temp\iMSPQMn.sys [x] R3 PhTVTune;MEDION TV-TUNER 7134 MK2/3;c:\windows\system32\DRIVERS\PhTVTune.sys [2003-06-12 24704] R3 UKBFLT;UKBFLT;c:\windows\system32\DRIVERS\UKBFLT.sys [2003-12-19 11672] R3 ZY202_XP;ZyXEL 802.11g XG202 1211 Driver;c:\windows\system32\DRIVERS\WlanUZXP.sys [2006-10-27 437760] R4 0261561174499821mcinstcleanup;McAfee Application Installer Cleanup (0261561174499821);c:\windows\TEMP\026156~1.EXE [x] S0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\System32\drivers\sfdrv01a.sys [2006-07-05 63352] S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2007-03-23 648952] S2 PStrip;PStrip;c:\windows\system32\drivers\pstrip.sys [2006-09-30 27936] S3 3xHybrid;3xHybrid service;c:\windows\system32\DRIVERS\3xHybrid.sys [2004-10-06 945152] S3 CardReaderFilter;Card Reader Filter;c:\windows\system32\Drivers\USBCRFT.SYS [2010-01-03 13440] S3 cmudax;C-Media High Definition Audio Interface;c:\windows\system32\drivers\cmudax.sys [2005-05-12 1287296] S3 PRISM_A00;CREATIX 802.11g Driver;c:\windows\system32\DRIVERS\PRISMA00.sys [2004-01-16 380736] . Contents of the 'Scheduled Tasks' folder 2009-04-15 c:\windows\Tasks\McDefragTask.job - c:\program files\mcafee\mqc\QcConsol.exe [2007-03-15 20:26] 2009-06-01 c:\windows\Tasks\McQcTask.job - c:\program files\mcafee\mqc\QcConsol.exe [2007-03-15 20:26] . . ------- Supplementary Scan ------- . uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uStart Page = hxxp://www.essexbikers.co.uk/forum/index.php uInternet Connection Wizard,ShellNext = hxxp://www.ntlworld.com/broadband IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 IE: {{08E730A4-FB02-45BD-A900-01E4AD8016F6} - Sky.com - your home for the latest news, sport and entertainment . - - - - ORPHANS REMOVED - - - - HKLM-Run-Cmaudio - cmicnfg.cpl AddRemove-Macromedia Shockwave Player - c:\windows\system32\Macromed\SHOCKW~1\UNWISE.EXE ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2010-01-03 19:11 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, GMER - Rootkit Detector and Remover device: opened successfully user: MBR read successfully called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll sfsync02.sys atapi.sys sptd.sys >>UNKNOWN [0x833807B8]<< kernel: MBR read successfully detected MBR rootkit hooks: \Driver\Disk -> CLASSPNP.SYS @ 0xf85aef28 \Driver\ACPI -> ACPI.sys @ 0xf839ecb8 \Driver\atapi -> sfsync02.sys @ 0xf84fb8b4 IoDeviceObjectType -> ParseProcedure -> ntoskrnl.exe @ 0x8057b6b1 \Device\Harddisk0\DR0 -> ParseProcedure -> ntoskrnl.exe @ 0x8057b6b1 NDIS: VIA VT6105 Rhine III Fast Ethernet Adapter -> SendCompleteHandler -> NDIS.sys @ 0xf820abb0 PacketIndicateHandler -> NDIS.sys @ 0xf8217a21 SendHandler -> NDIS.sys @ 0xf81f587b user & kernel MBR OK ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-3080256723-2762235172-3309541003-1007\Software\Microsoft\SystemCertificates\AddressBook*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) [HKEY_USERS\S-1-5-21-3080256723-2762235172-3309541003-1007\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] "??"=hex:76,21,53,39,1a,69,89,21,0c,db,83,96,80,80,42,03,c5,47,f4,c9,b8,cf,1c, c6,69,66,7b,86,1e,bb,4b,be,36,f5,5d,0c,a2,24,b9,c7,5d,5f,1a,5b,9b,57,f3,f8,\ "??"=hex:9e,d9,fa,96,14,24,4b,9d,3d,1b,79,a6,91,a2,e5,52 . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(912) c:\windows\system32\vorbis.acm c:\windows\system32\mp3fhg.acm c:\windows\system32\ac3filter.acm c:\windows\system32\lameACM.acm c:\windows\system32\IEFRAME.dll c:\windows\system32\divxa32.acm - - - - - - - > 'explorer.exe'(748) c:\windows\system32\WININET.dll . ------------------------ Other Running Processes ------------------------ . c:\progra~1\McAfee\MSC\mcmscsvc.exe c:\progra~1\COMMON~1\mcafee\mcproxy\mcproxy.exe c:\progra~1\McAfee\VIRUSS~1\mcshield.exe c:\program files\McAfee\MPF\MPFSrv.exe c:\program files\McAfee\MSK\MskSrver.exe c:\windows\system32\nvsvc32.exe c:\program files\SiteAdvisor\6172\SAService.exe c:\windows\system32\UAService7.exe c:\windows\system32\RunDll32.exe c:\windows\Dit.exe c:\windows\AGRSMMSG.exe c:\windows\mHotkey.exe c:\windows\CNYHKey.exe c:\program files\Lexmark X1100 Series\lxbkbmon.exe . ************************************************************************** . Completion time: 2010-01-03 19:26:19 - machine was rebooted ComboFix-quarantined-files.txt 2010-01-03 19:26 Pre-Run: 53,615,419,392 bytes free Post-Run: 54,291,812,352 bytes free Current=4 Default=4 Failed=2 LastKnownGood=5 Sets=2,3,4,5 - - End Of File - - 14A60170D97E5167C7980325C75A74E1 The pc is still exactly the same as it was when I started. Forgive me if anything I have done is extremely stupid but I do have very limited knowledge of how to deal with these kinds of problems. Thanks again for any help on this matter.

I tried to download combofix from your link and after saving it to my laptop I had a pop up from McAfee telling me a trojan had been removed... McAfee has automatically blocked and removed a Trojan. About this Trojan Detected: Artemis!2DD45AF9152B (Trojan), Artemis!2DD45AF9152B (Trojan) Location: C:\Users\Fred\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DHO5TRR1\ComboFix[1].exe Trojans appear as legitimate programs but can damage valuable files, disrupt performance, and allow unauthorized access to your computer. I haven't even run anything yet. Does this mean i've just downloaded another virus??:confused: I have cancelled the download that had stopped on 99%. My hopes of being able to fix this are fading fast...:(

Ok. I downloaded Malwarebytes and installed it to my laptop with no problems. When I tried to install it on my "infected" desktop, I got this message... Run-time error '372': Failed to load control 'vbalGrid' from vbalsgrid6.ocx. Your version of vbalsgrid.ocx may be outdated. Make sure you are using the version of the control that was provided with your application. Please remember, I cannot connect to the internet on my desktop at the moment because of this problem. Therefore I first tried to install Malwarebytes to the external harddrive (which was fine) the run it on the desktop. I got this message. So then I tried to install it straight to the desktop and this message came up once during install, then twice when I tried to run the application.

Hi there. The problem is with my desktop which is an Advent T11. These are the specifications... Intel Pentium 4 HT Processor 550 3.4 Ghz 250GB hard disk (7200 rpm) 512MB DDR memory nVidia GeForce 6600 PCI Express graphics card The operating system is Windows XP Home Edition. I always keep it updated so I guess its the latest service pack. The problem occured about 2-3 months ago and I have just left it as I have been using my laptop. The first thing I noticed is that all of the windows have gone back to classic mode. Secondly I couldn't connect to the internet so I went to my AV which is McAfee and the icon disappeared from the bar at the bottom and doesn't look like it's working. To try and solve the problem I did what I always do and tried a system restore. I got a message pop up saying unable to do a restore at this time. Fearing the worst I decided to completely restart my pc from scratch and so the first thing i wanted to do was to copy everything I wanted to keep onto my external hard drive. It was then that I found out I can't copy and paste OR move any files! It does look as though I can open up most applications though. I have tried to look for a solution myself by browsing this forum but it looks as though this repair could get complicated. If nobody on this site can help me could somone at least point me in the right direction for help. ANY help at all on this matter is greatly appreciated. Thanks in advance.