Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unable to update or install anti virus software.


  • This topic is locked This topic is locked
5 replies to this topic

#1 Halfwit

Halfwit

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:05:02 AM

Posted 08 February 2013 - 06:50 PM

I am having issues updating any anti virus software via wi fi or LAN. I have also seen the following popup when doing a restart.


CL RC Engine3 Dummy Winidow: QPService.exe - Application Error



The exception Illegal Instruction

An attempt was made to execute an illegal instruction,

(0xc000001d) occurred in the application at location 0x00988fd9.



Click OK to terminate the program.






DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16421
Run by Paul at 17:20:47 on 2013-02-08
Microsoft® Windows Vista Home Premium 6.0.6002.2.1252.2.1033.18.2814.1580 [GMT -5:00]
.
AV: AVG Anti-Virus Free Edition 2013 *Enabled/Outdated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG Anti-Virus Free Edition 2013 *Enabled/Outdated* {B5F5C120-2089-702E-0001-553BB0D5A664}
.
============== Running Processes ================
.
C:\PROGRA~1\AVG\AVG2013\avgrsx.exe
C:\Program Files\AVG\AVG2013\avgcsrvx.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\AVG\AVG2013\avgui.exe
C:\Program Files\AVG\AVG2013\avgidsagent.exe
C:\Program Files\AVG\AVG2013\avgwdsvc.exe
C:\Windows\ehome\ehRecvr.exe
C:\Windows\ehome\ehsched.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\AVG\AVG2013\avgnsx.exe
C:\Program Files\AVG\AVG2013\avgemcx.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil32_11_5_502_149_ActiveX.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\wbem\WmiPrvSE.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k WindowsMobile
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://yahoo.com/
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ca&c=83&bd=Presario&pf=cnnb
mStart Page = hxxp://www.google.com
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ca&c=83&bd=Presario&pf=cnnb
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: PlusIEEventHelper Class: {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - c:\program files\nuance\pdf viewer plus\bin\PlusIEContextMenu.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
uRunOnce: [Shockwave Updater] c:\windows\system32\adobe\shockwave 11\SwHelper_1150595.exe -Update -1150595 -"Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.0; Trident/5.0; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.0.30729; .NET4.0C; Zune 4.7; .NET CLR 3.5.30729)" -"http://www.cartoonnetwork.ca/games/ben10/battle-ready/index.php"
mRun: [hpqSRMon] <no file>
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} - hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.2.1
TCP: Interfaces\{C25FEEC6-4C0B-4B11-B539-0FC2277966AE} : DHCPNameServer = 192.168.2.1
Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - c:\program files\intuit\quickbooks 2011\HelpAsyncPluggableProtocol.dll
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-10-15 55776]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2012-9-21 177376]
R0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2012-11-15 94048]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2012-9-14 35552]
R0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys [2013-2-8 13560]
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2013-2-5 28552]
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2012-10-22 179936]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2012-9-21 19936]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2012-10-2 159712]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2012-9-21 164832]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2013\avgidsagent.exe [2012-11-15 5814904]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2013\avgwdsvc.exe [2012-10-22 196664]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R3 SYMNDISV;SYMNDISV;c:\windows\system32\drivers\symndisv.sys [2009-2-19 41008]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 a4djavs;Audio 4 DJ WDM Audio;c:\windows\system32\drivers\a4djavs.sys [2011-4-11 346192]
S3 a4djusb;a4djusb;c:\windows\system32\drivers\a4djusb.sys [2011-4-11 94288]
S3 a4djusb_svc;Audio 4 DJ;c:\windows\system32\drivers\a4djusb.sys [2011-4-11 94288]
S3 kx1avs;Traktor Kontrol X1 Midi;c:\windows\system32\drivers\kx1avs.sys [2011-7-7 346192]
S3 kx1usb_svc;Traktor Kontrol X1;c:\windows\system32\drivers\kx1usb.sys [2011-7-7 70736]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-2-8 21104]
S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [2010-4-19 18432]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\drivers\WSDScan.sys [2009-10-20 19968]
S4 BrYNSvc;BrYNSvc;c:\program files\browny02\BrYNSvc.exe [2012-1-30 245760]
S4 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2008-6-2 193840]
S4 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2013-2-8 398184]
S4 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2013-2-8 682344]
S4 NIHardwareService;NIHardwareService;c:\program files\common files\native instruments\hardware\NIHardwareService.exe [2011-8-24 4174336]
S4 PDFProFiltSrvPP;PDFProFiltSrvPP;c:\program files\nuance\paperport\PDFProFiltSrvPP.exe [2010-3-9 144672]
S4 Recovery Service for Windows;Recovery Service for Windows;c:\windows\sminst\BLService.exe [2008-6-2 361808]
S4 ScrybeUpdater;Scrybe Updater;c:\program files\synaptics\scrybe\service\ScrybeUpdater.exe [2011-5-27 1300264]
.
=============== Created Last 30 ================
.
2013-02-08 21:25:40 -------- d-----w- c:\program files\NVIDIA Corporation
2013-02-08 19:00:56 -------- d-----w- c:\users\paul\appdata\roaming\AVG2013
2013-02-08 18:59:44 -------- d-----w- c:\users\paul\appdata\roaming\TuneUp Software
2013-02-08 18:58:35 -------- d--h--w- C:\$AVG
2013-02-08 18:58:35 -------- d-----w- c:\programdata\AVG2013
2013-02-08 13:54:01 -------- d-----w- c:\users\paul\appdata\local\Downloaded Installations
2013-02-08 13:53:52 44424 ----a-w- c:\windows\system32\sbbd.exe
2013-02-08 13:53:52 13560 ----a-w- c:\windows\system32\drivers\gfibto.sys
2013-02-08 13:53:19 -------- d-----w- c:\programdata\blekko toolbars
2013-02-08 13:53:18 -------- d-----w- c:\users\paul\appdata\local\adawarebp
2013-02-08 13:53:18 -------- d-----w- c:\programdata\Ad-Aware Browsing Protection
2013-02-08 13:53:11 -------- d-----w- c:\program files\adawaretb
2013-02-08 13:53:09 -------- d-----w- c:\program files\Toolbar Cleaner
2013-02-08 13:44:49 697712 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-02-08 12:31:13 -------- d-----w- c:\users\paul\appdata\roaming\Malwarebytes
2013-02-08 12:31:05 -------- d-----w- c:\programdata\Malwarebytes
2013-02-08 12:31:04 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-02-08 12:31:04 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-02-08 03:21:40 303616 ----a-w- C:\SetACL.exe
2013-02-08 02:54:10 290304 ----a-w- C:\subinacl.exe
2013-02-07 19:24:10 -------- d-----w- c:\users\paul\appdata\local\MFAData
2013-02-07 19:24:10 -------- d-----w- c:\users\paul\appdata\local\Avg2013
2013-02-06 19:01:09 -------- d-----w- c:\windows\ERUNT
2013-02-06 19:00:48 -------- d-----w- C:\JRT
2013-02-06 04:23:45 -------- d-----w- c:\program files\ESET
2013-02-06 04:01:16 -------- d-----w- c:\windows\system32\catroot2
2013-02-06 02:36:26 -------- d-----w- C:\RegBackup
2013-02-06 02:34:02 -------- d-----w- C:\Tweaking.com_Windows_Repair_Logs
2013-02-06 02:14:47 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys
2013-02-06 02:14:39 -------- d-----w- c:\program files\Panda Security
2013-02-06 01:17:11 -------- d-----w- c:\users\paul\appdata\roaming\LavasoftStatistics
2013-02-06 01:15:04 -------- d-----w- c:\users\paul\appdata\roaming\Ad-Aware Antivirus
.
==================== Find3M ====================
.
2013-02-08 13:44:49 74096 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
============= FINISH: 17:21:55.16 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 The Dark Knight

The Dark Knight

    The Magician


  • Security Colleague
  • 661 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Krypton
  • Local time:08:02 PM

Posted 10 February 2013 - 03:42 PM

Hello and welcome to BleepingComputer. I am The Dark Knight and will be assisting you. Please ask questions if anything is unclear. :welcome:

 

Please download and run the following tool to help allow other programs to run. (courtesy of BleepingComputer.com).

  • There are 3 different versions. If one of them won't run then download and try to run the other one.
  • Vista and Win7 users need to right click and choose Run as Admin.
  • You only need to get one of them to run, not all of them.

rkill.exe
rkill.com
rkill.scr

It is possible that the infection you are trying to remove will not allow you to download files on the infected computer. If this is the case, then you will need to download the files requested on another computer and then transfer them to the Desktop of the infected computer. You can transfer the files via a CD/DVD, external drive, or USB flash drive.

Before proceeding any further the processes that belong to Windows Recovery need to be terminated so that it does not interfere with the cleaning procedure.

Double-click on the RKill.exe icon in order to automatically attempt to stop any processes associated with Windows Recovery and other Rogue programs.
===

Please do not reboot your computer.

 

 

Now, please follow these instructions to run ComboFix.exe. Please visit this webpage for download links and instructions for running this tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix (CF).

Please go here to see a list of programs that need to be disabled.

**Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall.**

**Note 2: If you get a message saying "Illegal operation attempted on a registry key that has been marked for deletion", please restart your computer.**

Please include the C:\ComboFix.txt in your next reply for further review.


If you make yourself more than just a man, if you devote yourself to an ideal...you become something else entirely. A legend, Mr. Wayne, a legend!


If I have helped you please consider donating to the Neuroscience Research Institute.


Posted Image
Posted Image


#3 Halfwit

Halfwit
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:05:02 AM

Posted 10 February 2013 - 11:07 PM

Hey Dark Knight.  Just an FYI, here is a link to my original post in which several viruses were deleted.  Thought it might help.

http://www.bleepingcomputer.com/forums/t/484288/cant-turn-on-firewall-or-update-any-software/

#4 The Dark Knight

The Dark Knight

    The Magician


  • Security Colleague
  • 661 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Krypton
  • Local time:08:02 PM

Posted 11 February 2013 - 12:31 AM

Good afternoon Halfwit,

Thank you for that link.

Please proceed with ComboFix. smile.png

If you make yourself more than just a man, if you devote yourself to an ideal...you become something else entirely. A legend, Mr. Wayne, a legend!


If I have helped you please consider donating to the Neuroscience Research Institute.


Posted Image
Posted Image


#5 The Dark Knight

The Dark Knight

    The Magician


  • Security Colleague
  • 661 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Krypton
  • Local time:08:02 PM

Posted 15 February 2013 - 04:52 PM

Are you still with us? This topic will be closed in a few days if we do not hear back from you.
 


If you make yourself more than just a man, if you devote yourself to an ideal...you become something else entirely. A legend, Mr. Wayne, a legend!


If I have helped you please consider donating to the Neuroscience Research Institute.


Posted Image
Posted Image


#6 The Dark Knight

The Dark Knight

    The Magician


  • Security Colleague
  • 661 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Krypton
  • Local time:08:02 PM

Posted 22 February 2013 - 04:16 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any [ulr=http://www.bleepingcomputer.com/forums/index.php?act=members&max_results=20&filter=9&sort_order=asc&sort_key=members_display_name]Moderator[/url] a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.


If you make yourself more than just a man, if you devote yourself to an ideal...you become something else entirely. A legend, Mr. Wayne, a legend!


If I have helped you please consider donating to the Neuroscience Research Institute.


Posted Image
Posted Image





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users