Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Warning box


  • Please log in to reply
12 replies to this topic

#1 treplag

treplag

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:04:04 PM

Posted 28 December 2012 - 10:31 PM

At some point during every computer session, a warning box will pop up. The header is "Hardware Installation", and it says that: "The software you are installing for this hardware: "Non-plug and play" has not passed Microsoft logo verification...etc." There are two options: "Stop installation" and "Continue anyway". Whichever one I click, the box pops right back up. There is no "X" to close the box, and I can't close it by right-clicking on it in the tray, either. I assume it is a virus, but I have three anti-virus programs running. Any ideas on how I can get rid of this nuisance?

[Moderator edit and note: post moved to more appropriate forum. jgw]

Edited by jgweed, 29 December 2012 - 06:17 AM.


BC AdBot (Login to Remove)

 


#2 dev00790

dev00790

    Bleeping Chocoholic


  • Members
  • 5,037 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:09:04 PM

Posted 30 December 2012 - 12:19 PM

Hi

You say you have 3 different Antivirus Software installed. - Please tell us the names of these first.

Regards, dev00790

---------------------------------------

Marge: "Homer, the plant called. They said if you don't show up tomorrow don't bother showing up on Monday." Homer: "Woo-hoo! Four-day weekend!"I do not reply to Private Messages (PMs) asking for assistance - please use the forums instead. If I have been helping you, and I have not replied to your latest post in 48 hours please send me a PM. My Blog


#3 treplag

treplag
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:04:04 PM

Posted 30 December 2012 - 12:38 PM

Hello, I have AVG Anti-virus, Malwarebytes Anti-Malware, and Ad-Aware Anti-virus (Lavasoft) installed and running. Thanks.

P.S. Cute video on Badware. Is that you as Steve Irwin?

#4 dev00790

dev00790

    Bleeping Chocoholic


  • Members
  • 5,037 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:09:04 PM

Posted 30 December 2012 - 01:12 PM

Hi

Malwarebytes Anti-Malware (aka MBAM) is not Anti Virus software it is Anti Malware.

-------------------

I will be helping you with your problems. Please be patient while I assist you.

Some points for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do NOT run, install or uninstall any programs, unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.

NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

----------------------------------------------

Please do the following:

:step1:

Ad-Aware is no longer recommended

  • mvps.org is no longer recommending Ad-Aware due to poor testing results. See here - (scroll down and read under Freeware Antispyware Products).
  • Therefore, I strongly recommend uninstalling Ad-Aware.

------

Note:

I do not recommend that you have more than one anti-virus product installed and running on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti-virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:

1) False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.

2) System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.


:step2:

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
  • Double-click on TDSSKiller.exe on your desktop to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click on change parameters
  • Check the boxes next to Verify file digital signatures and Detect TDLFS file system, then click OK.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Note: If Cure is not an option, Skip instead, do NOT choose Delete or Quarantine unless instructed.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the full contents of that file in your next reply.


:step3:

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the full contents of that document.


:step4:

Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Press Scan.
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the full contents of the log in your next reply.


:step5:

Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices
  • List Users, Partitions and Memory size.
  • List Minidump Files
  • List Restore points
NOTE: When using "Reset FF Proxy Settings" option Firefox should be closed.

Click Go and post the full contents of the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Regards, dev00790

---------------------------------------

Marge: "Homer, the plant called. They said if you don't show up tomorrow don't bother showing up on Monday." Homer: "Woo-hoo! Four-day weekend!"I do not reply to Private Messages (PMs) asking for assistance - please use the forums instead. If I have been helping you, and I have not replied to your latest post in 48 hours please send me a PM. My Blog


#5 treplag

treplag
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:04:04 PM

Posted 30 December 2012 - 02:39 PM

I was not able to uninstall Ad-Aware. The process was interrupted and I haven't found out why yet.

I downloaded and ran the programs I was asked to run, and the logs are saved in my Notepad. However, I do not know how to post the results to this site. Can you instruct me?

Thanks.

#6 dev00790

dev00790

    Bleeping Chocoholic


  • Members
  • 5,037 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:09:04 PM

Posted 30 December 2012 - 04:47 PM

Ok

:step1:

For each file in notepad, save it to your desktop via File > Save As..., giving the logs suitable names.


:step2:

Then for the first file:

Open the file
Click Edit > Select All - All the contents should now be highlighted.
Copy it via: Edit > Copy
Paste the information via right click > Paste into one reply here

Repeat this for the other 3 files.

Edited by dev00790, 30 December 2012 - 04:47 PM.

Regards, dev00790

---------------------------------------

Marge: "Homer, the plant called. They said if you don't show up tomorrow don't bother showing up on Monday." Homer: "Woo-hoo! Four-day weekend!"I do not reply to Private Messages (PMs) asking for assistance - please use the forums instead. If I have been helping you, and I have not replied to your latest post in 48 hours please send me a PM. My Blog


#7 treplag

treplag
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:04:04 PM

Posted 30 December 2012 - 07:26 PM

MiniToolBox by Farbar Version: 25-11-2012
Ran by Rachel (administrator) on 30-12-2012 at 14:33:14
Running from "C:\Documents and Settings\Rachel\My Documents\Downloads"
Microsoft Windows XP Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

66.232.102.249 google.com
66.232.102.249 google.com.au
66.232.102.249 google.be
66.232.102.249 www.google.be
66.232.102.249 google.com.br
66.232.102.249 google.ca
66.232.102.249 www.google.ca
66.232.102.249 google.ch
66.232.102.249 www.google.ch
66.232.102.249 google.de
66.232.102.249 www.google.de
66.232.102.249 google.dk
66.232.102.249 www.google.dk
66.232.102.249 google.fr
66.232.102.249 www.google.fr
66.232.102.249 google.ie
66.232.102.249 www.google.ie
66.232.102.249 google.it
66.232.102.249 www.google.it
66.232.102.249 google.co.jp
66.232.102.249 www.google.co.jp
66.232.102.249 google.nl
66.232.102.249 www.google.nl
66.232.102.249 google.no
66.232.102.249 www.google.no
66.232.102.249 google.co.nz
66.232.102.249 www.google.co.nz
66.232.102.249 google.pl
66.232.102.249 www.google.pl
66.232.102.249 google.se
66.232.102.249 www.google.se
66.232.102.249 google.co.uk

66.232.102.249 google.co.za
66.232.102.249 www.google.co.za

66.232.102.249 www.bing.com
66.232.102.249 search.yahoo.com
66.232.102.249 www.search.yahoo.com
66.232.102.249 uk.search.yahoo.com
66.232.102.249 ca.search.yahoo.com
66.232.102.249 de.search.yahoo.com
66.232.102.249 fr.search.yahoo.com
66.232.102.249 au.search.yahoo.com

127.0.0.1 localhost

========================= IP Configuration: ================================

Broadcom 440x 10/100 Integrated Controller = Local Area Connection (Connected)
Dell Wireless 1390 WLAN Mini-Card = Wireless Network Connection 2 (Connected)
1394 Net Adapter = 1394 Connection (Connected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp

# Interface IP Configuration for "Wireless Network Connection 2"

set address name="Wireless Network Connection 2" source=dhcp
set dns name="Wireless Network Connection 2" source=dhcp register=PRIMARY
set wins name="Wireless Network Connection 2" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : GALPERT

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Hybrid

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : westell.com

westell.com



Ethernet adapter Local Area Connection:



Connection-specific DNS Suffix . : westell.com

Description . . . . . . . . . . . : Broadcom 440x 10/100 Integrated Controller

Physical Address. . . . . . . . . : 00-15-C5-A9-32-BA

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.1.46

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.1.1

DHCP Server . . . . . . . . . . . : 192.168.1.1

DNS Servers . . . . . . . . . . . : 192.168.1.1

Lease Obtained. . . . . . . . . . : Sunday, December 30, 2012 11:49:05 AM

Lease Expires . . . . . . . . . . : Monday, December 31, 2012 11:49:05 AM



Ethernet adapter Wireless Network Connection 2:



Connection-specific DNS Suffix . : westell.com

Description . . . . . . . . . . . : Dell Wireless 1390 WLAN Mini-Card

Physical Address. . . . . . . . . : 00-16-CF-1D-F6-70

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.1.15

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.1.1

DHCP Server . . . . . . . . . . . : 192.168.1.1

DNS Servers . . . . . . . . . . . : 192.168.1.1

Lease Obtained. . . . . . . . . . : Sunday, December 30, 2012 11:49:12 AM

Lease Expires . . . . . . . . . . : Monday, December 31, 2012 11:49:12 AM

Server: dslrouter.westell.com
Address: 192.168.1.1

Name: google.com
Addresses: 173.194.37.137, 173.194.37.132, 173.194.37.142, 173.194.37.128
173.194.37.133, 173.194.37.129, 173.194.37.135, 173.194.37.130, 173.194.37.134
173.194.37.131, 173.194.37.136



Pinging google.com [66.232.102.249] with 32 bytes of data:



Reply from 66.232.102.249: bytes=32 time=76ms TTL=56

Reply from 66.232.102.249: bytes=32 time=75ms TTL=56



Ping statistics for 66.232.102.249:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 75ms, Maximum = 76ms, Average = 75ms

Server: dslrouter.westell.com
Address: 192.168.1.1

Name: yahoo.com
Addresses: 98.138.253.109, 98.139.183.24, 72.30.38.140



Pinging yahoo.com [72.30.38.140] with 32 bytes of data:



Reply from 72.30.38.140: bytes=32 time=172ms TTL=56

Reply from 72.30.38.140: bytes=32 time=142ms TTL=56



Ping statistics for 72.30.38.140:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 142ms, Maximum = 172ms, Average = 157ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 15 c5 a9 32 ba ...... Broadcom 440x 10/100 Integrated Controller - Packet Scheduler Miniport
0x3 ...00 16 cf 1d f6 70 ...... Dell Wireless 1390 WLAN Mini-Card - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.15 25
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.46 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.1.0 255.255.255.0 192.168.1.15 192.168.1.15 25
192.168.1.0 255.255.255.0 192.168.1.46 192.168.1.46 20
192.168.1.15 255.255.255.255 127.0.0.1 127.0.0.1 25
192.168.1.46 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.1.255 255.255.255.255 192.168.1.15 192.168.1.15 25
192.168.1.255 255.255.255.255 192.168.1.46 192.168.1.46 20
224.0.0.0 240.0.0.0 192.168.1.15 192.168.1.15 25
224.0.0.0 240.0.0.0 192.168.1.46 192.168.1.46 20
255.255.255.255 255.255.255.255 192.168.1.15 192.168.1.15 1
255.255.255.255 255.255.255.255 192.168.1.46 192.168.1.46 1
Default Gateway: 192.168.1.1
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (12/30/2012 00:15:09 PM) (Source: Application Error) (User: )
Description: Faulting application avgtray.exe, version 12.0.0.1912, faulting module unknown, version 0.0.0.0, fault address 0x7ff00000.
Processing media-specific event for [avgtray.exe!ws!]

Error: (12/30/2012 00:03:32 PM) (Source: MsiInstaller) (User: GALPERT)
Description: SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2012 -- Error 1704. SA_Error1704: StandardAction(0xC00706A8): An installation for AVG 2012 is currently suspended. You must undo the changes made by that installation to continue. Do you want to undo those changes?

Error: (12/30/2012 11:50:37 AM) (Source: SecurityCenter) (User: )
Description: The Windows Security Center Service was unable to load instances of AntiVirusProduct from WMI.

Error: (12/30/2012 11:50:37 AM) (Source: SecurityCenter) (User: )
Description: The Windows Security Center Service was unable to load instances of FirewallProduct from WMI.

Error: (12/30/2012 11:50:37 AM) (Source: WinMgmt) (User: )
Description: Event filter with query "SELECT * FROM __InstanceOperationEvent WHERE TargetInstance ISA 'AntiVirusProduct' OR TargetInstance ISA 'FirewallProduct'" could not be (re)activated in namespace "//./ROOT/SecurityCenter"
because of error 0x80041010. Events may not be delivered through this filter until the
problem is corrected.

Error: (12/30/2012 11:15:40 AM) (Source: SecurityCenter) (User: )
Description: The Windows Security Center Service was unable to load instances of AntiVirusProduct from WMI.

Error: (12/30/2012 11:15:40 AM) (Source: SecurityCenter) (User: )
Description: The Windows Security Center Service was unable to load instances of FirewallProduct from WMI.

Error: (12/30/2012 11:15:40 AM) (Source: WinMgmt) (User: )
Description: Event filter with query "SELECT * FROM __InstanceOperationEvent WHERE TargetInstance ISA 'AntiVirusProduct' OR TargetInstance ISA 'FirewallProduct'" could not be (re)activated in namespace "//./ROOT/SecurityCenter"
because of error 0x80041010. Events may not be delivered through this filter until the
problem is corrected.

Error: (12/29/2012 09:49:07 PM) (Source: SecurityCenter) (User: )
Description: The Windows Security Center Service was unable to load instances of AntiVirusProduct from WMI.

Error: (12/29/2012 09:49:07 PM) (Source: SecurityCenter) (User: )
Description: The Windows Security Center Service was unable to load instances of FirewallProduct from WMI.


System errors:
=============
Error: (12/30/2012 00:11:21 PM) (Source: Service Control Manager) (User: )
Description: The AVGIDSAgent service depends on the AVGIDSDriver service which failed to start because of the following error:
%%1068

Error: (12/30/2012 00:11:21 PM) (Source: Service Control Manager) (User: )
Description: The AVGIDSDriver service depends on the AVGIDSFilter service which failed to start because of the following error:
%%1068

Error: (12/30/2012 00:11:20 PM) (Source: Service Control Manager) (User: )
Description: The AVGIDSFilter service depends on the AVGIDSShim service which failed to start because of the following error:
%%2

Error: (12/30/2012 00:11:20 PM) (Source: Service Control Manager) (User: )
Description: The AVGIDSShim service failed to start due to the following error:
%%2

Error: (12/30/2012 11:50:43 AM) (Source: Service Control Manager) (User: )
Description: The AVGIDSAgent service depends on the AVGIDSDriver service which failed to start because of the following error:
%%1068

Error: (12/30/2012 11:50:43 AM) (Source: Service Control Manager) (User: )
Description: The AVGIDSDriver service depends on the AVGIDSFilter service which failed to start because of the following error:
%%1068

Error: (12/30/2012 11:50:43 AM) (Source: Service Control Manager) (User: )
Description: The AVGIDSFilter service depends on the AVGIDSShim service which failed to start because of the following error:
%%2

Error: (12/30/2012 11:50:43 AM) (Source: Service Control Manager) (User: )
Description: The AVGIDSShim service failed to start due to the following error:
%%2

Error: (12/30/2012 11:15:45 AM) (Source: Service Control Manager) (User: )
Description: The AVGIDSAgent service depends on the AVGIDSDriver service which failed to start because of the following error:
%%1068

Error: (12/30/2012 11:15:45 AM) (Source: Service Control Manager) (User: )
Description: The AVGIDSDriver service depends on the AVGIDSFilter service which failed to start because of the following error:
%%1068


Microsoft Office Sessions:
=========================
Error: (12/30/2012 00:15:09 PM) (Source: Application Error)(User: )
Description: avgtray.exe12.0.0.1912unknown0.0.0.07ff00000

Error: (12/30/2012 00:03:32 PM) (Source: MsiInstaller)(User: GALPERT)
Description: SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2012 -- Error 1704. SA_Error1704: StandardAction(0xC00706A8): An installation for AVG 2012 is currently suspended. You must undo the changes made by that installation to continue. Do you want to undo those changes?(NULL)(NULL)(NULL)

Error: (12/30/2012 11:50:37 AM) (Source: SecurityCenter)(User: )
Description:

Error: (12/30/2012 11:50:37 AM) (Source: SecurityCenter)(User: )
Description:

Error: (12/30/2012 11:50:37 AM) (Source: WinMgmt)(User: )
Description: //./ROOT/SecurityCenterSELECT * FROM __InstanceOperationEvent WHERE TargetInstance ISA 'AntiVirusProduct' OR TargetInstance ISA 'FirewallProduct'0x80041010

Error: (12/30/2012 11:15:40 AM) (Source: SecurityCenter)(User: )
Description:

Error: (12/30/2012 11:15:40 AM) (Source: SecurityCenter)(User: )
Description:

Error: (12/30/2012 11:15:40 AM) (Source: WinMgmt)(User: )
Description: //./ROOT/SecurityCenterSELECT * FROM __InstanceOperationEvent WHERE TargetInstance ISA 'AntiVirusProduct' OR TargetInstance ISA 'FirewallProduct'0x80041010

Error: (12/29/2012 09:49:07 PM) (Source: SecurityCenter)(User: )
Description:

Error: (12/29/2012 09:49:07 PM) (Source: SecurityCenter)(User: )
Description:


=========================== Installed Programs ============================

7-Zip 9.20
924PLC32 (Version: 1.0.0)
ABBYY FineReader 6.0 Sprint (Version: 6.00.1395.41612)
Ad-Aware Antivirus (Version: 10.4.49.4168)
Ad-Aware Security Add-on (Version: 2.2.0.18)
Adobe AIR (Version: 2.7.0.19530)
Adobe Flash Player 10 ActiveX (Version: 10.2.152.32)
Adobe Flash Player 11 Plugin (Version: 11.1.102.55)
Adobe Reader 7.1.0 (Version: 7.1.0)
Adobe Shockwave Player 11.6 (Version: 11.6.3.633)
AnswerWorks 4.0 Runtime - English (Version: 4.0.101)
AnswerWorks 5.0 English Runtime (Version: 008.000.0003)
AOLIcon (Version: 1.00.0000)
ArcSoft PhotoStudio 5.5
AVG 2012 (Version: 12.0.1913)
AVG 2012 (Version: 12.0.2637)
AVG 2012 (Version: 2012.0.2221)
AVG PC Tuneup (Version: 10.0.0.27)
Bridge Master 2000 - Sands-Janitschke Edition
Broadcom Management Programs (Version: 8.65.05)
CCleaner (Version: 3.04)
Citrix Presentation Server Client - Web Only (Version: 10.002.54783)
COMODO System Utilities (Version: 4.0.226743.26)
Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000)
Conexant HDA D110 MDC V.92 Modem
Dell Digital Jukebox Driver
Dell Media Experience
Dell System Detect (Version: 3.3.2.1)
Dell System Restore (Version: 2.00.0000)
DellSupport (Version: 6.0.3062)
Digital Content Portal (Version: 1.00.0000)
Digital Line Detect (Version: 1.15)
Documentation & Support Launcher (Version: 1.00.0000)
EducateU (Version: 1.00.0000)
ELIcon (Version: 1.00.0000)
Foxit Reader (Version: 4.3.1.218)
Games, Music, & Photos Launcher (Version: 1.00.0000)
Get High Speed Internet! (Version: 1.00.0000)
GIMP 2.8.2 (Version: 2.8.2)
Google Chrome (Version: 23.0.1271.97)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.4.3230.2052)
Google Update Helper (Version: 1.3.21.123)
GoToAssist 8.0.0.514
HiJackThis (Version: 1.0.0)
IHA_MessageCenter (Version: 1.8.17)
Intel® Graphics Media Accelerator Driver (Version: 6.14.10.4446)
Internet Service Offers Launcher (Version: 1.00.0000)
Java 2 Runtime Environment, SE v1.4.2_03 (Version: 1.4.2_03)
Java Auto Updater (Version: 2.0.3.1)
Java™ 6 Update 24 (Version: 6.0.240)
Learn to Play Bridge
Learn to Play Bridge 2
Learn2 Player (Uninstall Only)
Malwarebytes Anti-Malware version 1.65.1.1000 (Version: 1.65.1.1000)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 1.1 Security Update (KB2698023)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Money 2001 (Version: 9.0.0.0)
Microsoft Office Basic Edition 2003 (Version: 11.0.8173.0)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office PowerPoint Viewer 2007 (English) (Version: 12.0.6612.1000)
Microsoft Plus! Digital Media Edition Installer (Version: 1.1.0.3514)
Microsoft Plus! Photo Story 2 LE (Version: 1.1.0.3463)
Microsoft Security Client (Version: 4.1.0522.0)
Microsoft Security Essentials (Version: 4.1.522.0)
Microsoft Silverlight (Version: 4.1.10329.0)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Modem Helper (Version: 3.01)
Mozilla Firefox 17.0.1 (x86 en-US) (Version: 17.0.1)
Mozilla Maintenance Service (Version: 17.0.1)
MSN
MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
My Favorite 52 Demo Version By Larry Cohen
PC Cleaners
PowerDVD 5.7
QuickTime
RealPlayer Basic
Sonic DLA (Version: 4.95)
Sonic RecordNow Audio (Version: 2.0.0)
Sonic RecordNow Copy (Version: 2.0.0)
Sonic RecordNow Data (Version: 2.0.0)
Sonic Update Manager (Version: 3.0.0)
SpeedUpMyPC (Version: 5.3.4.4)
swMSM (Version: 12.0.0.1)
Synaptics Pointing Device Driver (Version: 8.2.4.6)
System Checkup 3.3 (Version: 3.3.2.56)
TurboTax 2008
TurboTax 2008 waziper (Version: 008.000.0118)
TurboTax 2008 WinPerFedFormset (Version: 008.000.0341)
TurboTax 2008 WinPerProgramHelp (Version: 008.000.0219)
TurboTax 2008 WinPerReleaseEngine (Version: 008.000.0197)
TurboTax 2008 WinPerTaxSupport (Version: 008.000.1007)
TurboTax 2008 WinPerUserEducation (Version: 008.000.0433)
TurboTax 2008 wrapper (Version: 008.000.0065)
TurboTax 2009
TurboTax 2009 waziper (Version: 009.000.0990)
TurboTax 2009 WinPerFedFormset (Version: 009.000.2881)
TurboTax 2009 WinPerReleaseEngine (Version: 009.000.0328)
TurboTax 2009 WinPerTaxSupport (Version: 009.000.0245)
TurboTax 2009 wrapper (Version: 009.000.0145)
TurboTax ItsDeductible 2006 (Version: 10.00.0000)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Windows Internet Explorer 8 (KB973874) (Version: 1)
Update for Windows Internet Explorer 8 (KB976662) (Version: 1)
Update for Windows Internet Explorer 8 (KB976749) (Version: 1)
Update for Windows Internet Explorer 8 (KB980182) (Version: 1)
Update for Windows XP (KB2661254-v2) (Version: 2)
Update for Windows XP (KB2718704) (Version: 1)
Update for Windows XP (KB2736233) (Version: 1)
Update for Windows XP (KB2749655) (Version: 1)
Verizon Download Manager (Version: 16)
Verizon Toolbar (Version: 6.0.0.29)
Vz In Home Agent (Version: 8.03.25)
WebCyberCoach 3.2 Dell
WebFldrs XP (Version: 9.50.7523)
WexTech AnswerWorks (Version: 1.00.000)
Windows Easy Transfer for Windows 7
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Media Format 11 runtime
Windows Media Player 10 (Version: 9.00.3636)
Windows Media Player 11
Windows XP Service Pack 3 (Version: 20080414.031525)
Word Travels (Version: 32.0.0.0)

========================= Devices: ================================


========================= Memory info: ===================================

Percentage of memory in use: 66%
Total physical RAM: 1526.37 MB
Available physical RAM: 509.61 MB
Total Pagefile: 2132.75 MB
Available Pagefile: 1193.68 MB
Total Virtual: 2047.88 MB
Available Virtual: 1970.61 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:38.74 GB) (Free:19.23 GB) NTFS
2 Drive d: (Backup) (Fixed) (Total:12.17 GB) (Free:12.09 GB) NTFS
3 Drive e: (SHERLOCK_HOLMES_V17) (CDROM) (Total:7.24 GB) (Free:0 GB) UDF

========================= Users: ========================================

User accounts for \\GALPERT

Administrator Guest HelpAssistant
Rachel SUPPORT_388945a0

========================= Minidump Files ==================================

No minidump file found

========================= Restore Points ==================================

25-12-2012 00:13:33 Software Distribution Service 3.0
25-12-2012 17:04:44 Software Distribution Service 3.0
25-12-2012 20:17:35 Software Distribution Service 3.0
25-12-2012 23:20:04 Removed Ad-Aware 2007
26-12-2012 00:29:26 Software Distribution Service 3.0
26-12-2012 05:28:41 Uniblue SpeedUpMyPC installation
26-12-2012 19:43:07 Software Distribution Service 3.0
29-12-2012 02:29:20 Software Distribution Service 3.0
29-12-2012 05:55:08 Installed HiJackThis
29-12-2012 08:27:22 Software Distribution Service 3.0
30-12-2012 04:33:44 COMODO System Utilities Installaton
30-12-2012 05:04:08 Software Distribution Service 3.0

**** End of log ****

#8 treplag

treplag
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:04:04 PM

Posted 30 December 2012 - 07:28 PM

Farbar Service Scanner Version: 23-12-2012
Ran by Rachel (administrator) on 30-12-2012 at 14:26:42
Running from "C:\Documents and Settings\Rachel\My Documents\Downloads"
Microsoft Windows XP Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
Avgtdix(14) Gpc(6) IPSec(4) NetBT(5) PSched(7) Tcpip(3)
0x0E000000040000000100000002000000030000000D0000000C0000000E00000005000000060000000700000008000000090000000A0000000B000000
IpSec Tag value is correct.

**** End of log ****

#9 treplag

treplag
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:04:04 PM

Posted 30 December 2012 - 07:43 PM

Results of screen317's Security Check version 0.99.56
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
AVG 2012
AVG PC Tuneup
Ad-Aware Antivirus
Microsoft Security Essentials
AVG2012 successfully updated!
`````````Anti-malware/Other Utilities Check:`````````
Ad-Aware
Malwarebytes Anti-Malware version 1.65.1.1000
AVG PC Tuneup
CCleaner
PC Cleaners
Java™ 6 Update 24
Java 2 Runtime Environment, SE v1.4.2_03
Java version out of Date!
Adobe Flash Player 10 Flash Player out of Date!
Adobe Flash Player 11.1.102.55
Adobe Reader 7 Adobe Reader out of Date!
Mozilla Firefox (17.0.1)
Google Chrome 21.0.1180.60
Google Chrome 21.0.1180.89
Google Chrome 22.0.1229.79
Google Chrome 22.0.1229.94
Google Chrome 23.0.1271.97
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
Ad-Aware AAWService.exe is disabled!
Ad-Aware AAWTray.exe is disabled!
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
AVG avgrsx.exe
AVG avgnsx.exe
AVG avgemc.exe
Ad-Aware Antivirus AdAwareService.exe
Ad-Aware Antivirus SBAMSvc.exe
Malwarebytes' Anti-Malware mbamscheduler.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 9%
````````````````````End of Log``````````````````````

#10 treplag

treplag
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:04:04 PM

Posted 30 December 2012 - 07:49 PM

The result of the TDSS scan was that no threats were found, so I didn't copy the log.

Btw, before our conversation began, I installed "Hijack This", but whenever I tried to fix any of the errors listed, they showed up again in the next scan.

#11 dev00790

dev00790

    Bleeping Chocoholic


  • Members
  • 5,037 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:09:04 PM

Posted 31 December 2012 - 01:42 PM

Hi

Thanks for the info about Hijackthis.
Please don't run it or any other tools from now on unless asked to do so.

Next:

:step1:

Please boot your computer into Safe Mode, and try uninstalling Ad-aware there.
Reboot after it has been uninstalled, and boot the computer normally.

Let me know how that goes.

Edited by dev00790, 31 December 2012 - 01:42 PM.

Regards, dev00790

---------------------------------------

Marge: "Homer, the plant called. They said if you don't show up tomorrow don't bother showing up on Monday." Homer: "Woo-hoo! Four-day weekend!"I do not reply to Private Messages (PMs) asking for assistance - please use the forums instead. If I have been helping you, and I have not replied to your latest post in 48 hours please send me a PM. My Blog


#12 treplag

treplag
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:04:04 PM

Posted 01 January 2013 - 09:44 AM

Hi,

For some reason I didn't get your message until today. Anyway, I was able to uninstall Ad-Aware.

I have one other nuisance now. I always shut down my computer at night, but every time I turn it back on I get a message from AVG saying that "updating can't be completed until you restart your computer". Do you think that is a virus, or something is wrong with AVG?

Edited by treplag, 01 January 2013 - 09:45 AM.


#13 dev00790

dev00790

    Bleeping Chocoholic


  • Members
  • 5,037 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:09:04 PM

Posted 01 January 2013 - 02:05 PM

Hi

It is likely that AVG needs repairing now. Please do the following next:

:step1:

Please follow "How to change an installed program" only on link for AVG
- Do you get a Repair option after clicking Change or Change/Remove?

Edited by dev00790, 01 January 2013 - 02:06 PM.

Regards, dev00790

---------------------------------------

Marge: "Homer, the plant called. They said if you don't show up tomorrow don't bother showing up on Monday." Homer: "Woo-hoo! Four-day weekend!"I do not reply to Private Messages (PMs) asking for assistance - please use the forums instead. If I have been helping you, and I have not replied to your latest post in 48 hours please send me a PM. My Blog





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users