Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HiJack This Log- Can't set-up any anti-virus or update system


  • This topic is locked This topic is locked
17 replies to this topic

#1 uronerose

uronerose

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:02:32 PM

Posted 04 March 2011 - 10:38 PM

Hello,

I've just recently rebooted my laptop to it's original factory settings and now I am unable to set-up any anti-virus or update because of error code 80080005. I'm not even sure if I ran the scan right for HiJackThis because right when I clicked on Scan, it said that I had a host file somewhere? I didn't completely understand it but it did the scan and came up with this log file:


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:36:12 PM, on 3/4/2011
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Sony\VAIO Wireless Wizard\AutoLaunchWLASU.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\Windows\system32\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sony.com/vaiopeople
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ISBMgr.exe] "C:\Program Files\Sony\ISB Utility\ISBMgr.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [VAIOMyMemCenter] "C:\Program Files\Sony\VAIO My Memory Center\VAIO MyMemCenter.exe" 1
O4 - HKLM\..\Run: [VWLASU] "C:\Program Files\Sony\VAIO Wireless Wizard\AutoLaunchWLASU.exe"
O4 - HKLM\..\Run: [VAIO Help and Support Demo] "C:\Program Files\Sony\VAIO Help and Support Demo\LaunchVHSD.exe"
O4 - HKLM\..\Run: [VAIORegistration] "C:\Program Files\Sony\First Experience\WelcomeLauncher.exe"
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - http://cdn.scan.onecare.live.com/resource/download/scanner/en-us/wlscctrl2.cab
O18 - Protocol: intu-help-qb1 - {9B0F96C7-2E4B-433E-ABF3-043BA1B54AE3} - C:\Program Files\Intuit\QuickBooks 2008\HelpAsyncPluggableProtocol.dll
O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll (file missing)
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: IviRegMgr - InterVideo - c:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe
O23 - Service: QBCFMonitorService - Intuit - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: VAIO Media plus Content Importer (SOHCImp) - Sony Corporation - C:\Program Files\Sony\VAIO Media plus\SOHCImp.exe
O23 - Service: VAIO Media plus Digital Media Server (SOHDms) - Sony Corporation - C:\Program Files\Sony\VAIO Media plus\SOHDms.exe
O23 - Service: VAIO Media plus Device Searcher (SOHDs) - Sony Corporation - C:\Program Files\Sony\VAIO Media plus\SOHDs.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Content Metadata Intelligent Analyzing Manager (VcmIAlzMgr) - Sony Corporation - C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
O23 - Service: VAIO Content Metadata XML Interface (VcmXmlIfHelper) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 7256 bytes

Edited by uronerose, 04 March 2011 - 10:41 PM.


BC AdBot (Login to Remove)

 


#2 uronerose

uronerose
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:02:32 PM

Posted 11 March 2011 - 12:04 AM

Hello,

I just recovered my laptop (Windows Vista) so everything is back to factory settings. I am able to download the set-up file for avg or avast but when I run the set-up, it freezes and the set-up fails. My windows update doesn't work either and I am unable to download other programs such as quicktime and microsoft office. Can't figure out what is wrong exactly. I've already done eusing free registry cleaning and malwarebytes scan. Still doesn't work. Also, I posted a hijackthis log but nobody replied back. Please help! I have posted DDS log here. My GMER scan is still going on so I will post later if anybody needs it.

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by SKY at 20:50:54.57 on Thu 03/10/2011
Internet Explorer: 7.0.6001.18000
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3062.2117 [GMT -8:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
c:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\PSIService.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Sony\VAIO Wireless Wizard\AutoLaunchWLASU.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\SKY.SKY-PC\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.sony.com/vaiopeople
uDefault_Page_URL = hxxp://www.sony.com/vaiopeople
mDefault_Page_URL = hxxp://www.sony.com/vaiopeople
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [ISBMgr.exe] "c:\program files\sony\isb utility\ISBMgr.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [VAIOMyMemCenter] "c:\program files\sony\vaio my memory center\VAIO MyMemCenter.exe" 1
mRun: [VWLASU] "c:\program files\sony\vaio wireless wizard\AutoLaunchWLASU.exe"
mRun: [VAIO Help and Support Demo] "c:\program files\sony\vaio help and support demo\LaunchVHSD.exe"
mRun: [VAIORegistration] "c:\program files\sony\first experience\WelcomeLauncher.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/en-us/wlscctrl2.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
Handler: intu-help-qb1 - {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - c:\program files\intuit\quickbooks 2008\HelpAsyncPluggableProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll
Notify: igfxcui - igfxdev.dll
Notify: VESWinlogon - VESWinlogon.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\sky~1.sky\appdata\roaming\mozilla\firefox\profiles\4ww6k3zb.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Ask Toolbar: toolbar@ask.com - %profile%\extensions\toolbar@ask.com
.
============= SERVICES / DRIVERS ===============
.
R2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-4-17 11032]
R3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys [2008-3-31 9344]
R3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [2008-3-31 812544]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2011-3-1 27192]
S3 SOHCImp;VAIO Media plus Content Importer;c:\program files\sony\vaio media plus\SOHCImp.exe [2011-2-27 104288]
S3 SOHDms;VAIO Media plus Digital Media Server;c:\program files\sony\vaio media plus\SOHDms.exe [2011-2-27 350048]
S3 SOHDs;VAIO Media plus Device Searcher;c:\program files\sony\vaio media plus\SOHDs.exe [2011-2-27 63328]
S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\sony\vcm intelligent analyzing manager\VcmIAlzMgr.exe [2008-3-31 333088]
S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\common files\sony shared\vcmxml\VcmXmlIfHelper.exe [2008-3-31 87328]
.
=============== Created Last 30 ================
.
2011-03-11 04:06:23 -------- d-----w- c:\users\sky~1.sky\appdata\roaming\Malwarebytes
2011-03-11 04:06:17 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-03-11 04:06:17 -------- d-----w- c:\progra~2\Malwarebytes
2011-03-11 04:06:14 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-03-11 04:06:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-03-11 03:44:10 -------- d-----w- c:\program files\Microsoft Application Virtualization Client
2011-03-11 03:43:39 -------- d-----w- c:\users\sky~1.sky\appdata\roaming\TP
2011-03-10 03:08:46 5943120 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{81efb832-3919-4e13-8d88-a008f8c01754}\mpengine.dll
2011-03-09 02:20:41 -------- d-----w- c:\users\sky~1.sky\appdata\local\Apple
2011-03-03 03:26:39 388096 ----a-r- c:\users\sky~1.sky\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-03-03 03:26:39 -------- d-----w- c:\program files\Trend Micro
2011-03-03 03:21:00 -------- d-----w- c:\program files\Eusing Free Registry Cleaner
2011-03-03 03:18:04 -------- d-----w- c:\program files\Ask.com
2011-03-03 02:48:22 -------- d-----w- c:\users\sky~1.sky\appdata\local\WindowsUpdate
2011-03-02 05:24:04 -------- d-----w- c:\users\sky~1.sky\appdata\local\VS Revo Group
2011-03-02 05:24:02 27192 ----a-w- c:\windows\system32\drivers\revoflt.sys
2011-03-02 05:24:00 -------- d-----w- c:\program files\VS Revo Group
2011-03-01 04:29:24 -------- d-----w- c:\program files\AVAST Software
2011-03-01 04:29:24 -------- d-----w- c:\progra~2\AVAST Software
2011-03-01 00:59:56 -------- d-----w- c:\users\sky~1.sky\appdata\local\Adobe
2011-02-28 10:03:30 5943120 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\backup\mpengine.dll
2011-02-28 10:03:28 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-02-28 06:53:16 -------- d-----w- c:\progra~2\MFAData
2011-02-28 06:43:12 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-02-28 06:08:12 171520 ----a-w- c:\windows\system32\wintrust.dll
2011-02-28 06:08:11 98304 ----a-w- c:\windows\system32\cabview.dll
2011-02-28 05:53:02 2421760 ----a-w- c:\windows\system32\wucltux.dll
2011-02-28 05:52:47 87552 ----a-w- c:\windows\system32\wudriver.dll
2011-02-28 05:52:43 33792 ----a-w- c:\windows\system32\wuapp.exe
2011-02-28 05:52:43 171608 ----a-w- c:\windows\system32\wuwebv.dll
2011-02-28 04:22:43 -------- d-----w- c:\program files\common files\InterVideo
2011-02-28 04:12:52 -------- d-----w- c:\progra~2\Uninstall
2011-02-28 04:12:39 -------- d-----w- c:\program files\Roxio
2011-02-28 04:12:14 -------- d-----w- c:\program files\common files\Sonic Shared
2011-02-28 04:11:09 -------- d-----w- c:\progra~2\Corel
2011-02-28 04:10:24 -------- d-----w- c:\program files\Corel
2011-02-28 04:10:24 -------- d-----w- c:\program files\common files\Corel
2011-02-28 04:06:33 33104 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\msonpppr.dll
2011-02-28 04:06:33 32592 ----a-w- c:\windows\system32\msonpmon.dll
2011-02-28 04:02:44 -------- d-----w- c:\program files\common files\supportsoft
2011-02-28 04:02:42 1843200 ----a-w- c:\windows\system32\acXMLParser.dll
2011-02-28 04:02:41 3518464 ----a-w- c:\windows\system32\cdintf300.dll
2011-02-28 04:01:27 -------- d-----w- c:\program files\Intuit
2011-02-28 04:01:27 -------- d-----w- c:\program files\common files\Intuit
2011-02-28 04:01:27 -------- d-----w- c:\progra~2\Intuit
2011-02-28 04:01:16 -------- d-----w- c:\progra~2\COMMON FILES
2011-02-28 04:01:13 -------- d-----w- c:\program files\MSXML 4.0
.
==================== Find3M ====================
.
.
============= FINISH: 20:51:13.22 ===============

EDIT: Topics merged ~BP

Attached Files


Edited by Budapest, 11 March 2011 - 01:24 AM.


#3 Casey_boy

Casey_boy

    Bleeping physicist


  • Malware Response Team
  • 7,765 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:09:32 PM

Posted 12 March 2011 - 11:52 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

Please take note:

  • If you have since resolved the original problem you were having, we would appreciate you letting us know.
  • If you are unable to create a log because your computer cannot start up successfully please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • If you are unable to perform the steps we have recommended please try one more time and if unsuccessful alert us of such and we will design an alternate means of obtaining the necessary information.
  • If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • Upon completing the steps below another staff member will review your topic an do their best to resolve your issues.
  • If you have already posted a DDS log, please do so again, as your situation may have changed.
  • Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


Thanks and again sorry for the delay.

Casey

If I have been helping you and I do not reply within 48hours, feel free to send me a PM.


* My Website * Am I Infected? * Malware Removal Help * If you'd like to say thanks *


#4 uronerose

uronerose
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:02:32 PM

Posted 12 March 2011 - 08:31 PM

Here's the GMER log:

GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2011-03-10 21:16:03
Windows 6.0.6001 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 ST925082 rev.3.AA
Running: gmer.exe; Driver: C:\Users\SKY~1.SKY\AppData\Local\Temp\uwldypow.sys


---- Kernel code sections - GMER 1.0.15 ----

? C:\Users\SKY~1.SKY\AppData\Local\Temp\mbr.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Mozilla Firefox\plugin-container.exe[648] USER32.dll!TrackPopupMenu 77871417 5 Bytes JMP 6BF86373 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1556] ntdll.dll!LdrLoadDll 77917933 5 Bytes JMP 001413F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\WUClient-SelfUpdate-Aux-TopLevel~31bf3856ad364e35~x86~~7.4.7600.226@PendingPackageClientID WindowsUpdateAgent
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\WUClient-SelfUpdate-Aux-TopLevel~31bf3856ad364e35~x86~~7.4.7600.226@WUClient-SelfUpdate-Aux-Neutral 6
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\WUClient-SelfUpdate-Aux-TopLevel~31bf3856ad364e35~x86~~7.4.7600.226@WUClient-SelfUpdate-Aux-en-us-LP-Toplevel 6
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\WUClient-SelfUpdate-Aux-TopLevel~31bf3856ad364e35~x86~~7.4.7600.226@WUClient-SelfUpdate-Aux-ja-jp-LP-Toplevel 6
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\WUClient-SelfUpdate-Aux-TopLevel~31bf3856ad364e35~x86~~7.4.7600.226@WUClient-SelfUpdate-Aux-ar-sa-LP-Toplevel 6
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\WUClient-SelfUpdate-Aux-TopLevel~31bf3856ad364e35~x86~~7.4.7600.226@WUClient-SelfUpdate-Aux-zh-cn-LP-Toplevel 6
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\WUClient-SelfUpdate-Aux-TopLevel~31bf3856ad364e35~x86~~7.4.7600.226@WUClient-SelfUpdate-Aux-zh-tw-LP-Toplevel 6
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\WUClient-SelfUpdate-Aux-TopLevel~31bf3856ad364e35~x86~~7.4.7600.226@WUClient-SelfUpdate-Aux-cs-cz-LP-Toplevel 6
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\WUClient-SelfUpdate-Aux-TopLevel~31bf3856ad364e35~x86~~7.4.7600.226@WUClient-SelfUpdate-Aux-da-dk-LP-Toplevel 6
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\WUClient-SelfUpdate-Aux-TopLevel~31bf3856ad364e35~x86~~7.4.7600.226@WUClient-SelfUpdate-Aux-de-de-LP-Toplevel 6
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\WUClient-SelfUpdate-Aux-TopLevel~31bf3856ad364e35~x86~~7.4.7600.226@WUClient-SelfUpdate-Aux-el-gr-LP-Toplevel 6
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\WUClient-SelfUpdate-Aux-TopLevel~31bf3856ad364e35~x86~~7.4.7600.226@WUClient-SelfUpdate-Aux-es-es-LP-Toplevel 6
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\WUClient-SelfUpdate-Aux-TopLevel~31bf3856ad364e35~x86~~7.4.7600.226@WUClient-SelfUpdate-Aux-fi-fi-LP-Toplevel 6
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\WUClient-SelfUpdate-Aux-TopLevel~31bf3856ad364e35~x86~~7.4.7600.226@WUClient-SelfUpdate-Aux-fr-fr-LP-Toplevel 6
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\WUClient-SelfUpdate-Aux-TopLevel~31bf3856ad364e35~x86~~7.4.7600.226@WUClient-SelfUpdate-Aux-he-il-LP-Toplevel 6
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\WUClient-SelfUpdate-Aux-TopLevel~31bf3856ad364e35~x86~~7.4.7600.226@WUClient-SelfUpdate-Aux-hu-hu-LP-Toplevel 6
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\WUClient-SelfUpdate-Aux-TopLevel~31bf3856ad364e35~x86~~7.4.7600.226@WUClient-SelfUpdate-Aux-it-it-LP-Toplevel 6
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\WUClient-SelfUpdate-Aux-TopLevel~31bf3856ad364e35~x86~~7.4.7600.226@WUClient-SelfUpdate-Aux-ko-kr-LP-Toplevel 6
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\WUClient-SelfUpdate-Aux-TopLevel~31bf3856ad364e35~x86~~7.4.7600.226@WUClient-SelfUpdate-Aux-nl-nl-LP-Toplevel 6
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\WUClient-SelfUpdate-Aux-TopLevel~31bf3856ad364e35~x86~~7.4.7600.226@WUClient-SelfUpdate-Aux-nb-no-LP-Toplevel 6
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\WUClient-SelfUpdate-Aux-TopLevel~31bf3856ad364e35~x86~~7.4.7600.226@WUClient-SelfUpdate-Aux-ps-ps-LP-Toplevel 6
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\WUClient-SelfUpdate-Aux-TopLevel~31bf3856ad364e35~x86~~7.4.7600.226@WUClient-SelfUpdate-Aux-pl-pl-LP-Toplevel 6
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\WUClient-SelfUpdate-Aux-TopLevel~31bf3856ad364e35~x86~~7.4.7600.226@WUClient-SelfUpdate-Aux-pt-br-LP-Toplevel 6
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\WUClient-SelfUpdate-Aux-TopLevel~31bf3856ad364e35~x86~~7.4.7600.226@WUClient-SelfUpdate-Aux-pt-pt-LP-Toplevel 6
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\WUClient-SelfUpdate-Aux-TopLevel~31bf3856ad364e35~x86~~7.4.7600.226@WUClient-SelfUpdate-Aux-ru-ru-LP-Toplevel 6
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\WUClient-SelfUpdate-Aux-TopLevel~31bf3856ad364e35~x86~~7.4.7600.226@WUClient-SelfUpdate-Aux-sv-se-LP-Toplevel 6
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\WUClient-SelfUpdate-Aux-TopLevel~31bf3856ad364e35~x86~~7.4.7600.226@WUClient-SelfUpdate-Aux-tr-tr-LP-Toplevel 6
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\WUClient-SelfUpdate-Aux-TopLevel~31bf3856ad364e35~x86~~7.4.7600.226@WUClient-SelfUpdate-Aux-bg-bg-LP-Toplevel 6
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\WUClient-SelfUpdate-Aux-TopLevel~31bf3856ad364e35~x86~~7.4.7600.226@WUClient-SelfUpdate-Aux-hr-hr-LP-Toplevel 6
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\WUClient-SelfUpdate-Aux-TopLevel~31bf3856ad364e35~x86~~7.4.7600.226@WUClient-SelfUpdate-Aux-et-ee-LP-Toplevel 6
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\WUClient-SelfUpdate-Aux-TopLevel~31bf3856ad364e35~x86~~7.4.7600.226@WUClient-SelfUpdate-Aux-lv-lv-LP-Toplevel 6
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\WUClient-SelfUpdate-Aux-TopLevel~31bf3856ad364e35~x86~~7.4.7600.226@WUClient-SelfUpdate-Aux-lt-lt-LP-Toplevel 6
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\WUClient-SelfUpdate-Aux-TopLevel~31bf3856ad364e35~x86~~7.4.7600.226@WUClient-SelfUpdate-Aux-ro-ro-LP-Toplevel 6
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\WUClient-SelfUpdate-Aux-TopLevel~31bf3856ad364e35~x86~~7.4.7600.226@WUClient-SelfUpdate-Aux-sr-latn-cs-LP-Toplevel 6
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\WUClient-SelfUpdate-Aux-TopLevel~31bf3856ad364e35~x86~~7.4.7600.226@WUClient-SelfUpdate-Aux-sk-sk-LP-Toplevel 6
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\WUClient-SelfUpdate-Aux-TopLevel~31bf3856ad364e35~x86~~7.4.7600.226@WUClient-SelfUpdate-Aux-sl-si-LP-Toplevel 6
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\WUClient-SelfUpdate-Aux-TopLevel~31bf3856ad364e35~x86~~7.4.7600.226@WUClient-SelfUpdate-Aux-th-th-LP-Toplevel 6
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\WUClient-SelfUpdate-Aux-TopLevel~31bf3856ad364e35~x86~~7.4.7600.226@WUClient-SelfUpdate-Aux-uk-ua-LP-Toplevel 6
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\WUClient-SelfUpdate-Aux-TopLevel~31bf3856ad364e35~x86~~7.4.7600.226@WUClient-SelfUpdate-Aux-zh-hk-LP-Toplevel 6
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\WUClient-SelfUpdate-Aux-TopLevel~31bf3856ad364e35~x86~~7.4.7600.226\Owners
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\WUClient-SelfUpdate-Aux-TopLevel~31bf3856ad364e35~x86~~7.4.7600.226\Owners@WUClient-SelfUpdate-Aux-TopLevel~31bf3856ad364e35~x86~~7.4.7600.226 131079

---- EOF - GMER 1.0.15 ----

#5 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:32 PM

Posted 14 March 2011 - 08:44 AM

Hello. I'll be helping you :) .

There doesn't appear to be anything wrong from what I see in the logs.

Please tell me what happens when you try to install Windows Updates. If you get any error messages, copy them for me.

With Regards,
The Panda

#6 uronerose

uronerose
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:02:32 PM

Posted 14 March 2011 - 10:54 AM

THANK YOU! Hopefully you can help me figure out what's wrong then! =)

Error Code: 80080005 Windows update encountered an unknown error.

Edited by uronerose, 14 March 2011 - 10:55 AM.


#7 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:32 PM

Posted 14 March 2011 - 10:59 AM

Hello.

Unknown error really doesn't tell us much. Let's try downloading the SP2 installation file from here:
http://www.microsoft.com/downloads/en/details.aspx?FamilyID=a4dd31d5-f907-4406-9012-a5c3199ea2b3&displaylang=en

The file will be much bigger than the Windows Update download.

Tell me how it goes.

With Regards,
The Panda

#8 uronerose

uronerose
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:02:32 PM

Posted 14 March 2011 - 03:43 PM

I tried to install but it failed, here's the message:

Install Windows Service Pack
Installation was not successful
Server execution failed


Error: CO_E_SERVER_EXEC_FAILURE(0X80080005)

That's the problem I keep running into. I am able to download the file or program but fails as I am trying to install or set-up. Any clue?

#9 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:32 PM

Posted 14 March 2011 - 05:21 PM

Hello.

It sounds like some system files may be damaged. Please follow the first set of directions here to run the System File Checker.

After, try running an installer again.

Any luck?

With Regards,
The Panda

#10 uronerose

uronerose
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:02:32 PM

Posted 14 March 2011 - 06:31 PM

I actually have tried this before! Sorry, it doesn't even run!

Here's the message:

Windows Resource Protection could not start the repair service.

#11 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:32 PM

Posted 15 March 2011 - 09:36 AM

Hello.

That error is more informative .
  • Please open your Run Box by pressing Windows+R. Type in: services.msc
  • You may be prompted for confirmation. Click OK.
  • Double click "Windows Modules Installer".
  • Set its startup type to Manual.
  • Click on Apply, then OK.
Restart your computer.

Does that make any difference to installers?

With Regards,
The Panda

Edited by PropagandaPanda, 15 March 2011 - 09:39 AM.
clarify direction


#12 uronerose

uronerose
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:02:32 PM

Posted 15 March 2011 - 10:34 AM

unfortunately, this didn't work either. Sorry. The installer freezes and fails.

#13 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:32 PM

Posted 15 March 2011 - 02:37 PM

Hello.

Please try to run the System File Checker again.

With Regards,
The Panda

#14 uronerose

uronerose
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:02:32 PM

Posted 15 March 2011 - 03:28 PM

It says the same thing.
Windows resource protection could not start the repair service.

I've checked the Windows Module Installer again and it's on manual.

#15 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:32 PM

Posted 16 March 2011 - 07:28 AM

Hello.

This is quite the problem. It does sound like some Windows services are failing to me.

Do you have your Windows Vista installation disk, by any chance? I'd like to try using the repair function from there.

With Regards,
The Panda




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users