Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Redirect, Antivir Desktop Virus, Windows Update Virus, Lost Desktop, Failed System Restore (twice), Drivers/ Installer Nonfunctional, ect.


  • This topic is locked This topic is locked
2 replies to this topic

#1 lobita

lobita

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:CO Springs, CO
  • Local time:03:37 AM

Posted 12 June 2011 - 03:40 AM

Attached File  Attach.txt   11.47KB   0 downloadsAttached File  ark.txt   3.01KB   0 downloadsSo far I've managed to contract a couple different types of viruses (half of them from antivirus programs or cleaners), failed miserably at a system restore (Backup just threw everything in with no rhyme or reason-unrelated files together in same folder and some even in a folder, files and folders put in places they don't belong, duplicates, etc. The COMPUTER doesn't even know where it put them), deleted vital files and folders, restored the registry to the last good, which happened to be a day when I had the Avira desktop virus AND my keyboard didn't work due to IDVault, and restored the registry to around the time dinosaurs roamed the earth.

Last night, after a failed installation of installer files, most of my drivers stopped working. I'm getting Errors 3, 31,0x80004005 and some I can't remember and when I go into Microsoft Defrag, the bar is almost completely red. My CPU's are at 100%. . I tried lowering priority of winlogon and csrss, but it says "access denied." It also says that when I try to do anything with Avira in Services. I can't find any form of the word "Avira" when I search, but you see on the log that it's there's a file called "avgio" and a couple others. I tried to run system restore again this morning, but it kept saying nothing was changed when I logged back on. My computer has been very slow, files are missing, in the wrong place or corrupt, several drives and msiexec won't work, so it's hard for me to install updates, I've lost desktop settings, screen flickers alot and when I run my mouse over any folders at the top of my desktop I get a popup supposedly from Internet Explorer, stating "This page has an unspecified security risk would you like to comtinue?". This is when my browser is closed! None of the programs that are supposed to be able to connect directly to the net are able to. I even have to do the net diagnostic manually. I cleaned my laptop and I'm about halfway through the instructions for slow computer. I've tried several different forums, downloaded numerous articles and files, tried Mr. Fix-it and other cleaning/repair tools, tried Norton (can't even get it to install correctly), Malwarebytes, Superantispyware, ConsantGuard, ASC4, AVG, Avast, Combofix, Desktop Dr, Comcast Antispyware, Registry Fix8, Windows Registry Repair, CCleaner and a couple others. Thank you for taking the time to read this. P.S. Some icon called webhlp from Google just appeared on my desktop while I was typing this letter. Then Malwarebytes did a scan that I didn't request. SCARY! ___________________________________________________________________________________________
DDS (Ver_2011-06-11.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by user at 15:35:28 on 2011-06-11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.502.253 [GMT -6:00]
.
AV: AntiVir Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\System32\svchost.exe -k eapsvcs
svchost.exe
C:\WINDOWS\System32\svchost.exe -k dot3svc
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\system32\netdde.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\sessmgr.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\dmadmin.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Documents and Settings\user\Desktop\defogger\Defogger.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.comcast.net?cid=tbid06072011
uInternet Connection Wizard,ShellNext = iexplore
BHO: 1 (0x1): {02478d38-c3f9-4efb-9b51-7695eca05670} - &Yahoo! Toolbar Helper
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: XFINITY Toolbar: {4b9bcce8-a70b-402a-a7e1-db96831ee26f} - c:\program files\xfin_portal\comcastdx.dll
BHO: {9030d464-4c02-4abf-8ecc-5164760863c6} - Windows Live ID Sign-in Helper
BHO: Updater For XFIN_PORTAL: {bb46be07-13eb-4c49-b0f0-fc78b9ea4983} - c:\program files\xfin_portal\auxi\comcastAu.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - SingleInstance Class
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
TB: XFINITY Toolbar: {4b9bcce8-a70b-402a-a7e1-db96831ee26f} - c:\program files\xfin_portal\comcastdx.dll
EB: {ff059e31-cc5a-4e2e-bf3b-96e929d65503} - &Research
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [ComcastAntispyClient] "c:\program files\comcasttb\comcastspywarescan\ComcastAntispy.exe" /hide
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
uPolicies-explorer: NoThumbnailCache = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {d9288080-1baa-4bc4-9cf8-a92d743db949}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C}
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
Trusted Zone: comcast.com\www
Trusted Zone: comcast.net\xfinity
Trusted Zone: microsoft.com\social.technet
Trusted Zone: microsoft.com\technet
Trusted Zone: us.com\www.smartestcomputing
Trusted Zone: yahoo.com\login
DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file:///C:/Program%20Files/Family%20Feud%202/Images/stg_drm.ocx
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - file:///C:/Program%20Files/Text%20Twist/Images/armhelper.ocx
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: Interfaces\{3CD2A031-DB7A-4421-A546-FC6F0F9E7FA7} : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{673B9EF9-95BF-4838-BB9A-50FEF8699972} : NameServer = 68.87.66.10,68.87.69.150
TCP: Interfaces\{CE8F2BA3-5AB6-4615-A454-FAB7F54CBF24} : NameServer = 68.87.66.10,68.87.69.150
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
.
============= SERVICES / DRIVERS ===============
.
R1 ASMBATT;ASMBATT;c:\windows\system32\drivers\ASMBATT.SYS [2010-3-23 4992]
R1 HWiNFO32;HWiNFO32 Kernel Driver;c:\program files\hwinfo32\HWiNFO32.SYS [2010-5-20 19064]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R1 TPPWR;TPPWR;c:\windows\system32\drivers\TPPWR.SYS [2010-3-23 16384]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-5-24 61960]
R3 AEIWL;IBM High Rate Wireless LAN MiniPCI Combo Card Driver;c:\windows\system32\drivers\AEIWLNDS.sys [2002-9-23 611328]
S1 avgio;avgio;\??\c:\program files\avira\antivir desktop\avgio.sys --> c:\program files\avira\antivir desktop\avgio.sys [?]
S2 AMPingService;AMPingService; [x]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;"c:\program files\avira\antivir desktop\sched.exe" --> c:\program files\avira\antivir desktop\sched.exe [?]
S2 AntiVirService;Avira AntiVir Guard;"c:\program files\avira\antivir desktop\avguard.exe" --> c:\program files\avira\antivir desktop\avguard.exe [?]
S3 cpuz132;cpuz132;\??\c:\docume~1\user\locals~1\temp\cpuz132\cpuz132_x32.sys --> c:\docume~1\user\locals~1\temp\cpuz132\cpuz132_x32.sys [?]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-6-4 22712]
S4 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-6-4 366640]
.
=============== Created Last 30 ================
.
2011-06-11 02:20:00 -------- dc-h--w- c:\windows\ie8
2011-06-11 02:16:18 -------- d-----w- C:\22f16ec3e593b250bf20ee
2011-06-11 02:03:17 -------- d-----w- c:\program files\NortonInstaller
2011-06-11 02:03:16 -------- d-----w- c:\documents and settings\all users\application data\NortonInstaller
2011-06-11 01:47:20 -------- d-----w- c:\documents and settings\all users\application data\Norton
2011-06-11 01:21:31 -------- d-----w- c:\documents and settings\user\application data\xfin_portal
2011-06-11 01:21:26 -------- d-----w- c:\program files\xfin_portal
2011-06-11 01:07:19 -------- d-----w- c:\windows\system32\Adobe
2011-06-11 01:04:43 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-10 20:14:16 52800 ----a-w- c:\windows\system32\drivers\PCASp50.sys
2011-06-10 20:14:16 41280 ----a-w- c:\windows\system32\drivers\PCASp50a64.sys
2011-06-10 05:03:42 61440 ----a-w- c:\windows\system32\ASIW32N50.dll
2011-06-10 05:03:42 16302 ----a-w- c:\windows\system32\ASINDIS5.sys
2011-06-10 05:03:42 15577 ----a-w- c:\windows\system32\ASINDIS3.vxd
2011-06-10 02:48:43 -------- d-----w- c:\program files\ASUS
2011-06-07 14:17:15 -------- d-----w- c:\documents and settings\user\application data\TP
2011-06-07 14:11:33 -------- d-----w- c:\documents and settings\user\application data\ElevatedDiagnostics
2011-06-07 09:18:23 -------- d-----w- c:\documents and settings\user\application data\comcasttb
2011-06-07 09:18:00 -------- d-----w- c:\documents and settings\user\application data\CallingID
2011-06-07 09:16:07 -------- d-----w- c:\program files\common files\scanner
2011-06-07 09:16:06 -------- d-----w- c:\program files\comcasttb
2011-06-07 09:15:29 -------- d-----w- c:\windows\Downloaded Installations
2011-06-06 08:44:29 -------- d-----w- c:\windows\Network Diagnostic
2011-06-05 21:59:42 -------- d-----w- c:\program files\FinalWire
2011-06-05 20:13:06 68608 ----a-w- c:\windows\system32\dllcache\iisext51.dll
2011-06-05 20:12:33 46592 ----a-w- c:\windows\system32\dllcache\coadmin.dll
2011-06-05 20:07:29 290816 ----a-w- c:\windows\system32\dllcache\adsiis51.dll
2011-06-05 20:07:28 43520 ----a-w- c:\windows\system32\dllcache\admwprox.dll
2011-06-05 00:17:46 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-06-05 00:17:40 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-05 00:17:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-06-04 22:53:27 -------- d-----w- c:\documents and settings\user\application data\SUPERAntiSpyware.com
2011-06-04 22:53:27 -------- d-----w- c:\documents and settings\all users\application data\SUPERAntiSpyware.com
2011-06-04 22:53:12 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-06-04 05:09:29 -------- d-----w- c:\documents and settings\user\local settings\application data\SupportSoft
2011-06-04 03:56:26 -------- d-----w- c:\program files\ACW
2011-06-04 01:31:33 -------- d-----w- c:\documents and settings\user\local settings\application data\RcIncidents
2011-05-24 07:37:52 -------- d-----w- c:\documents and settings\user\application data\Malwarebytes
2011-05-24 07:37:43 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2011-05-24 01:01:27 -------- d-----w- c:\documents and settings\user\application data\Windows Search
2011-05-24 00:35:38 -------- d-----w- c:\windows\system32\winrm
2011-05-24 00:35:34 -------- dc----w- c:\windows\$968930Uinstall_KB968930$
2011-05-24 00:07:27 -------- d-----w- c:\program files\Windows Desktop Search
2011-05-20 12:29:13 -------- d-----w- c:\documents and settings\all users\application data\IsolatedStorage
2011-05-20 12:29:09 -------- d-----w- c:\documents and settings\user\local settings\application data\ID Vault
2011-05-19 20:12:17 -------- d-----w- c:\documents and settings\all users\New Folder
2011-05-19 07:15:47 -------- d-----w- C:\UnknownFolder25826
2011-05-19 06:32:39 -------- d-----w- c:\windows\PIF
2011-05-18 12:33:54 -------- d-----w- c:\program files\sherlock
2011-05-18 12:33:54 -------- d-----w- c:\program files\mpc
2011-05-18 12:33:52 421888 ----a-w- c:\windows\system32\ac3filter.acm
2011-05-18 12:33:44 -------- d-----w- c:\program files\licenses
2011-05-18 12:33:40 107157 ----a-w- c:\program files\Uninstall.exe
2011-05-18 12:33:40 -------- d-----w- c:\windows\system32\XP Codec Pack2.5.1
2011-05-18 12:33:40 -------- d-----w- c:\program files\filters
2011-05-18 08:25:03 -------- d-----w- c:\program files\common files\ODBC
2011-05-18 08:14:43 -------- d-----w- C:\logs
2011-05-17 19:31:05 13824 -c----w- c:\windows\system32\dllcache\ieudinit.exe
2011-05-17 19:31:02 59904 -c--a-w- c:\windows\system32\dllcache\icardie.dll
2011-05-17 19:31:02 445952 -c--a-w- c:\windows\system32\dllcache\ieapfltr.dll
2011-05-17 19:31:02 3698584 -c--a-w- c:\windows\system32\dllcache\ieapfltr.dat
2011-05-17 05:09:17 -------- d-----w- C:\Inetpub
2011-05-17 03:57:27 -------- d-----w- c:\documents and settings\user\Incomplete
2011-05-16 23:01:50 -------- d-----w- c:\program files\Fax
2011-05-16 13:04:08 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-05-16 07:28:41 -------- d-----w- c:\windows\system32\msmq
.
==================== Find3M ====================
.
2011-06-11 13:11:18 95744 -c--a-w- c:\windows\system32\msiexec.exe
2011-06-06 22:45:04 13312 -c--a-w- c:\windows\system32\win87em.dll
2011-06-06 01:11:46 131331 -c--a-w- c:\windows\UNINST32.EXE
2011-06-05 22:56:25 126464 -c--a-w- c:\windows\system32\wbem\wmiapsrv.exe
2011-06-05 22:55:41 507904 ----a-w- c:\windows\system32\winlogon.exe
2011-05-19 04:02:51 57600 ----a-w- c:\windows\system32\drivers\redbook.sys
2011-05-16 13:03:46 472808 -c--a-w- c:\windows\system32\deployJava1.dll
.
============= FINISH: 15:36:44.15 ===============
Help me Obi1Kenobi. You're my only hope!


BC AdBot (Login to Remove)

 


#2 lobita

lobita
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:CO Springs, CO
  • Local time:03:37 AM

Posted 12 June 2011 - 04:01 AM

There was a glitch when I was posting this so it doubled. How do I delete a post?
Help me Obi1Kenobi. You're my only hope!


#3 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:06:37 AM

Posted 12 June 2011 - 12:46 PM

As this is a double post of this thread here: http://www.bleepingcomputer.com/forums/topic403263.html

This thread will now be closed.

Kindest Regards,
SweetTech

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users