Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Service pack 3 is infected


  • This topic is locked This topic is locked
2 replies to this topic

#1 whitcheywoman13

whitcheywoman13

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:10:43 PM

Posted 25 September 2013 - 07:23 PM

I noticed that my Windows updates were downloading but then there would be a problem installing them. I ran Malwarebytes, Super Anti Spyware and AVG, Avast, and Avira. Also ran Glary Utilities and when it finished it's scan it said that the Service Pack 3 was not correct and to download. Went to Microsoft downloads and downloaded it, but when it goes to install, says the version on the system is working. Also would not download MS Malicious Software removal tool. I booted in safe mode and proceeded to run all scans again. I got the Malicious to download but not the Service Pack 3. Also, I notice that in Task Manager, the system idle is usually at 99% and it will not allow any programs to run unless I kill the process and the other software kicks in and will run. I run backups but something disable my backups and restore point. Help please. Thanks

 

DDS (Ver_2012-11-20.01) - NTFS_x86 NETWORK
Internet Explorer: 6.0.2900.5512  BrowserJavaVersion: 10.25.2
Run by Administrator at 20:03:26 on 2013-09-25
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.1022.396 [GMT -4:00]
.
AV: AVG AntiVirus Free Edition 2014 *Enabled/Updated*

{17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Avira Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ================
.
C:\WINDOWS\Explorer.EXE
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Administrator\My

Documents\Downloads\Windows-KB890830-V5.4(1).exe
c:\cb5f69e50353e9a74f6b6b73\mrtstub.exe
C:\WINDOWS\system32\MRT.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
uWindow Title = Windows Internet Explorer provided by Yahoo!
uDefault_Page_URL = hxxp://www.yahoo.com/?fr=fp-yie8
uProxyOverride = ;192.168.*.*;*.local;<local>
uURLSearchHooks: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} -

c:\program files\yahoo!\companion\installs\cpn3\yt.dll
dURLSearchHooks: IObit Apps Toolbar: {03EB0E9C-7A91-4381-A220-9B52B641CDB1} -

c:\program files\iobit apps toolbar\ie\7.9\iobitappsToolbarIE.dll
dURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>
BHO: AutorunsDisabled - <orphaned>
BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - c:\program

files\yahoo!\companion\installs\cpn3\yt.dll
BHO: IObit Apps Toolbar: {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - c:\program

files\iobit apps toolbar\ie\7.9\iobitappsToolbarIE.dll
BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -

c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program

files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\program

files\spybot - search & destroy\SDHelper.dll
BHO: {95B7759C-8C7F-4BF1-B163-73684A933233} - <orphaned>
BHO: Advanced SystemCare Browser Protection:

{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - c:\program files\iobit\advanced

systemcare 6\browerprotect\ASCPlugin_Protection.dll
BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - c:\program

files\yahoo!\companion\installs\cpn2\YTSingleInstance.dll
TB: <No Name>: {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - LocalServer32 - <no file>
TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program

files\yahoo!\companion\installs\cpn3\yt.dll
TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program

files\yahoo!\companion\installs\cpn3\yt.dll
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Advanced SystemCare 6] "c:\program files\iobit\advanced systemcare

6\ASCTray.exe" /AutoStart
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
mRun: [vProt] "c:\program files\avg secure search\vprot.exe"
mRun: [EKIJ5000StatusMonitor]

c:\windows\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [AVG_UI] "c:\program files\avg\avg2014\avgui.exe" /TRAYONLY
mRun: [IObit Malware Fighter] "c:\program files\iobit\iobit malware fighter\IMF.exe"

/autostart
mRunOnce: [ (A0)] cmd /c "c:\documents and

settings\administrator\desktop\mbar\mbar.exe" /rdv /s
mRunOnce: [NoIE4StubProcessing] c:\windows\system32\reg.exe delete

"hklm\software\microsoft\active setup\Installed Components" /v "NoIE4StubProcessing" /f
dRun: [Advanced SystemCare 6] "c:\program files\iobit\advanced systemcare

6\ASCTray.exe" /AutoStart
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoSetActiveDesktop = dword:1
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} -

{53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search &

destroy\SDHelper.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network

Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program

files\messenger\msmsgs.exe
LSP: mswsock.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} -
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} -

hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA} -

hxxp://java.sun.com/update/1.3.1/jinstall-1_3_1_08-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} -

hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -

hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} -

hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{538F482E-AFF8-48AF-88F0-494FB9A4AF82} : DHCPNameServer =

192.168.1.1
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program

files\belarc\advisor\system\BAVoilaX.dll
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common

files\microsoft shared\web folders\PKMCDO.DLL
Handler: linkscanner - <Clsid value has no data>
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program

files\common files\avg secure search\viprotocolinstaller\15.5.0\ViProtocol.dll
Notify: avgrsstarter - <no file>
Notify: igfxcui - igfxsrvc.dll
Notify: PFW - <no file>
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} -

c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} -

c:\program files\superantispyware\SASSEH.DLL
mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} -

c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex

c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\administrator\application

data\mozilla\firefox\profiles\5o0a50mm.default-1371503072812\
FF - prefs.js: browser.search.selectedEngine - Yahoo!
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com
FF - prefs.js: keyword.URL -

hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=198484&p=
FF - plugin: c:\documents and settings\administrator\application

data\facebook\npfbplugin_1_0_1.dll
FF - plugin: c:\documents and settings\administrator\application

data\facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\common files\avg secure

search\sitesafetyinstaller\15.5.0\npsitesafety.dll
FF - plugin: c:\program files\iobit\advanced systemcare

6\browerprotect\np_Asc_plugin.dll
FF - plugin: c:\program files\iobit\advanced systemcare

6\browerprotect\NPASCSafariPluginProtect.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\mie\alternatiff\npzzatif.dll
FF - plugin: c:\program files\wildtangent

games\app\browserintegration\registered\0\NP_wtapp.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_8_800_168.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
FF - ExtSQL: 2013-09-20 09:38; ascsurfingprotection@iobit.com; c:\documents and

settings\administrator\application

data\mozilla\firefox\profiles\5o0a50mm.default-1371503072812\extensions\ascsurfingprot

ection@iobit.com
FF - ExtSQL: 2013-09-20 17:50; speeddial@instair.net; c:\documents and

settings\administrator\application

data\mozilla\firefox\profiles\5o0a50mm.default-1371503072812\extensions\speeddial@ins

tair.net
FF - ExtSQL: 2013-09-20 20:55; avg@toolbar; c:\documents and settings\all

users\application data\avg secure search\firefoxext\15.5.0.2
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-4-19 146232]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2013-2-8

223032]
R0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus

Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-8-8 102200]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys

[2011-7-11 26936]
R0

SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.s

ys [2013-9-14 14776]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-7-11 193848]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2013-9-20 37664]
S0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [2013-6-16 49376]
S0 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [2013-6-16 177864]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2013-6-16 770344]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-7-4 369584]
S1 Avgdiskx;AVG Disk Driver;c:\windows\system32\drivers\avgdiskx.sys [2013-8-1

120120]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys

[2011-12-23 209208]
S1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2011-12-23

22840]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys

[2011-7-11 176952]
S1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2013-6-15 37352]
S1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22

12880]
S1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12

67664]
S2 AdvancedSystemCareService6;Advanced SystemCare Service 6;c:\program

files\iobit\advanced systemcare 6\ASCService.exe [2013-6-15 574272]
S2 AntiVirSchedulerService;Avira Scheduler;c:\program files\avira\antivir

desktop\sched.exe [2013-6-15 84024]
S2 AntiVirService;Avira Real-Time Protection;c:\program files\avira\antivir

desktop\avguard.exe [2013-6-15 108088]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-7-4 29816]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-6-16 66336]
S2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe

[2012-7-4 46808]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2014\avgidsagent.exe

[2013-8-27 3534896]
S2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2013-6-15 88840]
S2 avgwd;AVG WatchDog;c:\program files\avg\avg2014\avgwdsvc.exe [2013-8-20

300640]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN

v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18

130384]
S2 HitmanProScheduler;HitmanPro Scheduler;c:\program files\hitmanpro\hmpsched.exe

[2013-9-22 106280]
S2 IMFservice;IMF Service;c:\program files\iobit\iobit malware fighter\IMFsrv.exe

[2013-9-14 335168]
S3 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe

[2011-8-11 116608]
S3 bdfm;BDFM;c:\windows\system32\drivers\bdfm.sys [2012-4-27 146312]
S3 FileMonitor;FileMonitor;c:\program files\iobit\iobit malware

fighter\drivers\wxp_x86\FileMonitor.sys [2013-9-14 247968]
S3 GamesAppService;GamesAppService;c:\program files\wildtangent

games\app\GamesAppService.exe [2010-10-12 206072]
S3 hitmanpro37;HitmanPro 3.7 Support

Driver;c:\windows\system32\drivers\hitmanpro37.sys [2013-9-25 30976]
S3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys

[2013-9-25 48728]
S3 RegFilter;RegFilter;c:\program files\iobit\iobit malware

fighter\drivers\wxp_x86\RegFilter.sys [2013-9-14 31520]
S3 UrlFilter;UrlFilter;c:\program files\iobit\iobit malware

fighter\drivers\wxp_x86\UrlFilter.sys [2013-9-14 17360]
.
=============== Created Last 30 ================
.
2013-09-25 23:21:58    --------    d-----w-    c:\documents and settings\administrator\local

settings\application data\FreeFixer
2013-09-25 23:21:58    --------    d-----w-    c:\documents and

settings\administrator\application data\FreeFixer
2013-09-25 23:21:49    --------    d-----w-    c:\program files\FreeFixer
2013-09-25 23:15:14    --------    d-----w-    c:\documents and settings\all users\application

data\CDB
2013-09-25 23:14:01    --------    d-----w-    c:\program files\Reimage
2013-09-25 23:13:53    --------    d-----w-    C:\rei
2013-09-25 23:07:06    --------    d-----w-    c:\documents and settings\all users\application

data\Licenses
2013-09-25 23:06:55    --------    d-----w-    c:\program files\SpywareBlaster
2013-09-25 20:24:05    2855    ----a-w-    c:\windows\system32\command.PIF
2013-09-25 19:19:08    --------    dc-h--w-    c:\windows\ie8
2013-09-25 18:33:19    --------    d-----w-    C:\cb5f69e50353e9a74f6b6b73
2013-09-25 18:21:16    --------    d-----w-    c:\documents and settings\all users\application

data\Malwarebytes' Anti-Malware (portable)
2013-09-25 16:41:09    48728    ----a-w-    

c:\windows\system32\drivers\mbamchameleon.sys
2013-09-25 16:30:48    --------    d-----w-    C:\AdwCleaner
2013-09-25 05:23:35    30976    ----a-w-    c:\windows\system32\drivers\hitmanpro37.sys
2013-09-25 04:12:26    --------    d-----w-    c:\windows\setup.pss
2013-09-24 22:27:11    --------    d-----w-    c:\documents and settings\all users\GlarySoft
2013-09-24 20:06:03    386560    -c----w-    c:\windows\system32\dllcache\themeui.dll
2013-09-24 20:06:03    386560    ----a-w-    c:\windows\system32\SET1CA.tmp
2013-09-24 20:04:33    852992    ----a-w-    c:\program files\common files\microsoft

shared\vgx\SET1BA.tmp
2013-09-24 20:04:33    37888    ----a-w-    c:\windows\system32\SET1B2.tmp
2013-09-24 20:04:32    668672    ----a-w-    c:\windows\system32\SET1B0.tmp
2013-09-24 20:04:32    633856    ----a-w-    c:\windows\system32\SET1B1.tmp
2013-09-24 20:04:31    1510400    ----a-w-    c:\windows\system32\SET1B4.tmp
2013-09-24 20:04:30    1025024    ----a-w-    c:\windows\system32\SET1B9.tmp
2013-09-24 20:04:29    449536    ----a-w-    c:\windows\system32\SET1B6.tmp
2013-09-24 20:03:45    1289728    ----a-w-    c:\windows\system32\SET1AD.tmp
2013-09-21 17:18:11    101664    ----a-w-    c:\windows\system32\BootDefrag.exe
2013-09-21 01:06:07    --------    d-----w-    c:\documents and

settings\administrator\application data\AVG2014
2013-09-21 00:52:58    37664    ----a-w-    c:\windows\system32\drivers\avgtpx86.sys
2013-09-21 00:52:24    --------    d-----w-    c:\program files\AVG Secure Search
2013-09-21 00:36:34    --------    d-----w-    c:\documents and settings\all users\application

data\AVG2014
2013-09-21 00:28:01    --------    d-----w-    c:\documents and settings\administrator\local

settings\application data\Avg2014
2013-09-21 00:20:05    --------    d-----w-    c:\documents and

settings\administrator\application data\IObit Apps
2013-09-20 17:47:31    --------    d-----w-    c:\documents and settings\administrator\local

settings\application data\visi_coupon
2013-09-20 17:40:39    268968    ----a-w-    c:\windows\system32\sqlite3.dll
2013-09-20 17:38:57    --------    d-----w-    c:\documents and

settings\administrator\LocalLow
2013-09-20 17:38:45    --------    d-----w-    c:\program files\Secure Speed Dial
2013-09-20 17:35:47    --------    d-----w-    c:\program files\IObit Apps Toolbar
2013-09-19 07:26:32    --------    d-----w-    c:\windows\system32\MRT
2013-09-14 16:46:32    14776    ----a-w-    

c:\windows\system32\drivers\SmartDefragDriver.sys
2013-09-14 16:27:31    --------    d-----w-    C:\abddd52352daec29b4fa39f5
2013-09-14 16:18:49    --------    d-----w-    c:\program files\BitDefender
.
==================== Find3M  ====================
.
2013-09-19 23:48:48    692616    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2013-09-19 23:48:37    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2013-09-04 12:19:11    88840    ----a-w-    c:\windows\system32\drivers\avgntflt.sys
2013-08-30 07:48:13    177864    ----a-w-    c:\windows\system32\drivers\aswVmm.sys
2013-08-30 07:48:12    770344    ----a-w-    c:\windows\system32\drivers\aswSnx.sys
2013-08-30 07:48:12    49376    ----a-w-    c:\windows\system32\drivers\aswRvrt.sys
2013-08-30 07:48:11    66336    ----a-w-    c:\windows\system32\drivers\aswMonFlt.sys
2013-08-30 07:47:40    41664    ----a-w-    c:\windows\avastSS.scr
2013-08-23 03:37:18    176952    ----a-w-    c:\windows\system32\drivers\avgldx86.sys
2013-08-23 02:56:56    209208    ----a-w-    c:\windows\system32\drivers\avgidsdriverx.sys
2013-08-23 02:56:16    223032    ----a-w-    c:\windows\system32\drivers\avglogx.sys
2013-08-23 02:56:16    146232    ----a-w-    c:\windows\system32\drivers\avgidshx.sys
2013-08-08 01:27:48    1877760    ----a-w-    c:\windows\system32\win32k.sys
2013-08-03 18:18:38    1543680    ------w-    c:\windows\system32\wmvdecod.dll
2013-08-01 20:08:52    193848    ----a-w-    c:\windows\system32\drivers\avgtdix.sys
2013-08-01 20:06:40    22840    ----a-w-    c:\windows\system32\drivers\avgidsshimx.sys
2013-08-01 20:06:14    120120    ----a-w-    c:\windows\system32\drivers\avgdiskx.sys
2013-08-01 20:05:58    26936    ----a-w-    c:\windows\system32\drivers\avgrkx86.sys
2013-08-01 13:47:52    3093504    ----a-w-    c:\windows\system32\SET1B7.tmp
2013-08-01 04:17:51    61952    ------w-    c:\windows\system32\tdc.ocx
2013-08-01 01:01:18    369664    ------w-    c:\windows\system32\html.iec
2013-07-25 08:13:01    668672    ------w-    c:\windows\system32\wininet.dll
2013-07-10 10:37:53    406016    ----a-w-    c:\windows\system32\usp10.dll
2013-07-04 02:59:11    2193536    ----a-w-    c:\windows\system32\ntoskrnl.exe
2013-07-04 02:08:30    2070144    ----a-w-    c:\windows\system32\ntkrnlpa.exe
.
============= FINISH: 20:08:35.84 ===============

 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 9/21/2011 11:45:12 AM
System Uptime: 9/25/2013 12:46:07 PM (8 hours ago)
.
Motherboard: Dell Computer Corp. |  | 0U2575
Processor:               Intel® Pentium® 4 CPU 3.00GHz | Microprocessor | 2992/800mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 298 GiB total, 84.072 GiB free.
D: - No root directory. Drive type could not be determined.
E: - No root directory. Drive type could not be determined.
F: is CDROM ()
G: - No root directory. Drive type could not be determined.
H: - No root directory. Drive type could not be determined.
I: - No root directory. Drive type could not be determined.
J: - No root directory. Drive type could not be determined.
K: - No root directory. Drive type could not be determined.
L: - No root directory. Drive type could not be determined.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP249: 6/15/2013 5:31:51 PM - Removed iTunes
RP250: 6/16/2013 11:06:07 AM - Software Distribution Service 3.0
RP251: 6/16/2013 3:47:08 PM - Removed BitDefender Free Edition 2009
RP252: 6/17/2013 4:37:34 PM - System Checkpoint
RP253: 6/18/2013 6:22:02 PM - System Checkpoint
RP254: 6/18/2013 9:26:18 PM - Removed BitDefender Free Edition 2009
RP255: 6/18/2013 10:38:18 PM - Installed QuickTime
RP256: 6/18/2013 10:53:20 PM - Installed Java 7 Update 25
RP257: 6/18/2013 11:00:28 PM - Installed Safari
RP258: 6/18/2013 11:05:48 PM - Removed Safari
RP259: 6/18/2013 11:08:43 PM - Removed Opera 10.60.
RP260: 6/21/2013 2:27:30 PM - System Checkpoint
RP261: 6/22/2013 12:13:30 PM - Installed Windows XP KB2492386.
RP262: 6/23/2013 9:08:44 PM - System Checkpoint
RP263: 6/24/2013 9:21:57 PM - System Checkpoint
RP264: 6/26/2013 2:01:24 AM - System Checkpoint
RP265: 6/27/2013 2:55:20 AM - System Checkpoint
RP266: 6/28/2013 5:10:16 AM - System Checkpoint
RP267: 6/29/2013 6:07:36 AM - System Checkpoint
RP268: 6/30/2013 7:03:16 AM - System Checkpoint
RP269: 6/30/2013 2:32:31 PM - Installed AVG 2013
RP270: 6/30/2013 2:33:55 PM - Removed AVG 2012
RP271: 6/30/2013 2:38:05 PM - Installed AVG 2013
RP272: 6/30/2013 2:53:47 PM - Removed AVG 2012
RP273: 6/30/2013 2:57:17 PM - Removed AVG 2012
RP274: 6/30/2013 3:00:26 PM - Removed AVG 2012
RP275: 6/30/2013 3:04:18 PM - Removed AVG 2012
RP276: 6/30/2013 3:10:06 PM - Removed AVG 2012
RP277: 8/16/2013 7:21:02 AM - System Checkpoint
RP278: 8/17/2013 8:39:54 AM - System Checkpoint
RP279: 8/25/2013 8:40:34 PM - System Checkpoint
RP280: 8/26/2013 9:27:29 PM - System Checkpoint
RP281: 8/27/2013 9:45:53 PM - System Checkpoint
RP282: 8/29/2013 1:15:24 AM - System Checkpoint
RP283: 8/30/2013 2:39:51 AM - System Checkpoint
RP284: 8/31/2013 5:51:31 AM - System Checkpoint
RP285: 9/1/2013 6:54:34 AM - System Checkpoint
RP286: 9/18/2013 8:53:31 PM - Software Distribution Service 3.0
RP287: 9/20/2013 8:33:12 PM - Installed AVG 2014
RP288: 9/20/2013 8:35:37 PM - Removed AVG 2013
RP289: 9/20/2013 8:39:28 PM - Installed AVG 2014
RP290: 9/20/2013 9:01:44 PM - Removed AVG 2013
RP291: 9/21/2013 11:47:19 PM - Software Distribution Service 3.0
RP292: 9/25/2013 12:02:49 AM - Software Distribution Service 3.0
.
==== Installed Programs ======================
.
µTorrent
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 9.5.5
Adobe Shockwave Player 11.6
Advanced SystemCare 6
aiofw
aioocr
aioprnt
aioscnnr
AMF CD and DVD Label Maker
Any DVD Converter Professional 4.0.1
Apple Application Support
Apple Software Update
Ashampoo Burning Studio 6 FREE v.6.80
AudioGizmo Extension
AudioGizmo Ringtone Creator 2.0.4
avast! Free Antivirus
AVG 2014
AVG Security Toolbar
Avira Free Antivirus
Belarc Advisor 8.1
BitDefender Free Edition 2009
Bonjour
Burn4Free CD and DVD
BurnAware Free 5.1
CCleaner
CCScore
center
Compatibility Pack for the 2007 Office system
COWON Media Center - jetAudio Basic VX
Dell Driver Download Manager
Dell Driver Reset Tool
DVD Decrypter (Remove Only)
ESSBrwr
ESSCDBK
ESScore
ESSgui
ESSini
ESSPCD
ESSPDock
ESSSONIC
ESSTOOLS
essvatgt
Facebook Plug-In
FATE
fflink
Free YouTube Download version 3.2.5.628
Freecorder 4
FreeFixer
Game Console - WildGames
Glary Utilities 2.37.0.1260
Glary Utilities 3.9.2
Google Update Helper
Hamster Free Video Converter
Help_CTR
helptut
helpug
HijackThis 2.0.2
HitmanPro 3.7
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Intel® PRO Network Adapters and Drivers
Intel® PROSet for Wired Connections
IObit Apps Toolbar v7.9
IObit Malware Fighter
IrfanView (remove only)
iTunes
Java 2 Runtime Environment Standard Edition v1.3.1_08
Java 7 Update 25
Java Auto Updater
Java™ 6 Update 29
kgcbaby
kgcbase
kgchday
kgchlwn
kgcinvt
kgckids
kgcmove
kgcvday
KODAK All-in-One Printer Software
ksdip
LimeWire 5.5.14
Magic DVD Ripper V5.5.0
Magic ISO Maker v5.4 (build 0239)
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2742597)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Digital Image Library 9 - Blocker
Microsoft Office 97, Professional Edition
Microsoft Picture It! Library 10
Microsoft Picture It! Premium 10
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable - KB2467175
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft Word 2002
Microsoft Works
Microsoft Works 2005 Setup Launcher
Microsoft Works Suite Add-in for Microsoft Word
Modem Helper
Modem On Hold
Mozilla Firefox 11.0 (x86 en-US)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB2721691)
MSXML 4.0 SP3 Parser (KB2758694)
MSXML 4.0 SP3 Parser (KB973685)
netbrdg
Notifier
OfotoXMI
OpenOffice.org 2.3
Opera 12.15
PeerBlock 1.1 (r518)
PeerGuardian 2.0
Poker Superstars III - Gold Chip Challenge
PowerISO
QuickTime
RealUpgrade 1.1
Recuva
Reimage Repair
RER Video Converter
Rosetta Stone Version 3
Safari
Security Task Manager 1.8d
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2832407)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Windows Media Player (KB2834904-v2)
Security Update for Windows XP (KB2727528)
Security Update for Windows XP (KB2753842-v2)
Security Update for Windows XP (KB2757638)
Security Update for Windows XP (KB2758857)
Security Update for Windows XP (KB2770660)
Security Update for Windows XP (KB2780091)
Security Update for Windows XP (KB2802968)
Security Update for Windows XP (KB2807986)
Security Update for Windows XP (KB2813345)
Security Update for Windows XP (KB2820197)
Security Update for Windows XP (KB2820917)
Security Update for Windows XP (KB2834886)
Security Update for Windows XP (KB2845187)
Security Update for Windows XP (KB2849470)
Security Update for Windows XP (KB2850851)
Security Update for Windows XP (KB2850869)
Security Update for Windows XP (KB2859537)
Security Update for Windows XP (KB2862772)
Security Update for Windows XP (KB2864063)
Security Update for Windows XP (KB2870699)
Security Update for Windows XP (KB2876217)
Security Update for Windows XP (KB2876315)
Security Update for Windows XP (KB923789)
SFR
SHASTA
skin0001
SKINXSDK
Smart Defrag 2
Sonic DLA
SoundMAX
Spybot - Search & Destroy
SpywareBlaster 5.0
staticcr
SUPERAntiSpyware
swMSM
ToneThis
tooltips
Unlocker 1.8.8
Update for Microsoft .NET Framework 3.5 SP1 (KB2836940)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
Update for Windows XP (KB2661254-v2)
Update for Windows XP (KB2749655)
Update for Windows XP (KB2863058)
Update Installer for WildTangent Games App
Virtual Vegas Slots Bonus
Visual Studio 2012 x86 Redistributables
VPRINTOL
WebFldrs XP
WildTangent Games
WildTangent Games App
Windows Genuine Advantage Notifications (KB905474)
Windows Installer Clean Up
Windows Internet Explorer 8
Windows Management Framework Core
Windows Media Format 11 runtime
Windows Media Player 11
WinRAR 5.00 beta 5 (32-bit)
WIRELESS
Works Upgrade
Xilisoft DivX to DVD Converter
Yahoo! Software Update
Yahoo! Toolbar
.
==== Event Viewer Messages From Past Week ========
.
9/25/2013 4:12:51 PM, error: DCOM [10005]  - DCOM got error "%1084" attempting to start

the service StiSvc with arguments "" in order to run the server:

{A1F4E726-8CF1-11D1-BF92-0060081ED811}
9/25/2013 2:38:42 PM, error: DCOM [10005]  - DCOM got error "%1084" attempting to start

the service wuauserv with arguments "" in order to run the server:

{E60687F7-01A1-40AA-86AC-DB1CBF673334}
9/25/2013 2:38:31 PM, error: DCOM [10005]  - DCOM got error "%1084" attempting to start

the service wuauserv with arguments "" in order to run the server:

{9B1F122C-2982-4E91-AA8B-E071D54F2A4D}
9/25/2013 12:48:08 PM, error: Service Control Manager [7026]  - The following boot-start or

system-start driver(s) failed to load:  aswRvrt aswSnx aswSP aswTdi aswVmm Avgdiskx

AVGIDSDriver AVGIDSShim Avgldx86 avipbb avkmgr BANTExt Fips intelppm SASDIFSV

SASKUTIL SCDEmu sptd ssmdrv
9/25/2013 12:48:08 PM, error: Service Control Manager [7001]  - The AVGIDSAgent service

depends on the AVGIDSDriver service which failed to start because of the following error:  

A device attached to the system is not functioning.
9/25/2013 12:47:32 PM, error: DCOM [10005]  - DCOM got error "%1084" attempting to start

the service EventSystem with arguments "" in order to run the server:

{1BE1F766-5536-11D1-B726-00C04FB926AF}
9/25/2013 12:43:28 AM, error: Service Control Manager [7032]  - The Service Control

Manager tried to take a corrective action (Restart the service) after the unexpected

termination of the Windows Management Instrumentation service, but this action failed with

the following error:  An instance of the service is already running.
9/24/2013 6:27:41 PM, error: Windows Update Agent [20]  - Installation Failure: Windows

failed to install the following update with error 0x80070643: Security Update for Microsoft

.NET Framework 1.1 SP1 on Windows XP, Windows Vista, and Windows Server 2008 x86

(KB2833941).
9/22/2013 5:43:19 PM, error: WMPNetworkSvc [14344]  - A new media server was not

initialized because WMCreateDeviceRegistration() encountered error '0xc00d2751'. The

Windows Media DRM components on your computer might be corrupted. Verify that

protected files play correctly in Windows Media Player, and then restart the

WMPNetworkSvc service.
9/21/2013 12:03:14 PM, error: Service Control Manager [7031]  - The COM+ System

Application service terminated unexpectedly.  It has done this 1 time(s).  The following

corrective action will be taken in 1000 milliseconds: Restart the service.
9/21/2013 11:41:26 PM, error: Service Control Manager [7034]  - The Yahoo! Updater

service terminated unexpectedly.  It has done this 1 time(s).
9/21/2013 11:41:26 PM, error: Service Control Manager [7034]  - The Bonjour Service

service terminated unexpectedly.  It has done this 1 time(s).
9/21/2013 11:41:24 PM, error: Service Control Manager [7026]  - The following boot-start or

system-start driver(s) failed to load:  IntelIde sptd
9/21/2013 11:41:18 PM, error: Service Control Manager [7023]  - The BitDefender Threat

Scanner service terminated with the following error:  The class is configured to run as a

security id different from the caller
9/21/2013 11:41:18 PM, error: Service Control Manager [7009]  - Timeout (30000

milliseconds) waiting for the Kodak AiO Device Service service to connect.
9/21/2013 11:41:18 PM, error: Service Control Manager [7000]  - The Windows Image

Acquisition (WIA) service failed to start due to the following error:  The executable

program that this service is configured to run in does not implement the service.
9/21/2013 11:41:18 PM, error: Service Control Manager [7000]  - The Kodak AiO Device

Service service failed to start due to the following error:  The service did not respond to

the start or control request in a timely fashion.
9/21/2013 1:09:44 PM, error: Service Control Manager [7000]  - The COM+ System

Application service failed to start due to the following error:  The service did not respond

to the start or control request in a timely fashion.
9/21/2013 1:09:41 PM, error: Service Control Manager [7009]  - Timeout (30000

milliseconds) waiting for the COM+ System Application service to connect.
9/20/2013 9:43:57 PM, error: sptd [4]  - Driver detected an internal error in its data

structures for .
9/20/2013 8:24:42 PM, error: Service Control Manager [7034]  - The Application Updater

service terminated unexpectedly.  It has done this 1 time(s).
9/20/2013 8:15:32 PM, error: Service Control Manager [7034]  - The Yahoo! Updater

service terminated unexpectedly.  It has done this 2 time(s).
9/20/2013 2:43:14 PM, error: Service Control Manager [7000]  - The Adobe Flash Player

Update Service service failed to start due to the following error:  The service did not

respond to the start or control request in a timely fashion.
9/20/2013 11:56:34 PM, error: Service Control Manager [7034]  - The

vToolbarUpdater15.5.0 service terminated unexpectedly.  It has done this 1 time(s).
9/20/2013 11:22:41 AM, error: Service Control Manager [7034]  - The Advanced

SystemCare Service 6 service terminated unexpectedly.  It has done this 1 time(s).
9/20/2013 1:33:46 PM, error: Service Control Manager [7034]  - The Advanced SystemCare

Service 6 service terminated unexpectedly.  It has done this 2 time(s).
9/19/2013 3:45:10 PM, error: Service Control Manager [7009]  - Timeout (30000

milliseconds) waiting for the Adobe Flash Player Update Service service to connect.
9/18/2013 8:40:24 PM, error: Service Control Manager [7034]  - The Java Quick Starter

service terminated unexpectedly.  It has done this 1 time(s).
9/18/2013 8:40:24 PM, error: Service Control Manager [7009]  - Timeout (30000

milliseconds) waiting for the IMAPI CD-Burning COM Service service to connect.
9/18/2013 8:40:24 PM, error: Service Control Manager [7000]  - The IMAPI CD-Burning COM

Service service failed to start due to the following error:  The service did not respond to

the start or control request in a timely fashion.
.
==== End Of File ===========================
 

 

 

 

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,788 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:43 PM

Posted 28 September 2013 - 09:10 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Running AVG, Avira and Avast in real mode can only create problems and will slow down you computer.
I suggest you disable 2 of them.
 

DDS (Ver_2012-11-20.01) - NTFS_x86 NETWORK
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 10.25.2
Run by Administrator at 20:03:26 on 2013-09-25
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.396 [GMT -4:00]
.
AV: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Avira Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}


Please run the DDS tool one more time.
Post the fresh logs.

Before you do please remove the Word Wrap in Notepad.
You will find the option under the Format Menu.

This will eliminate the blank lines and will make your log readable.

#3 nasdaq

nasdaq

  • Malware Response Team
  • 38,788 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:43 PM

Posted 04 October 2013 - 08:24 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users