Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Ran CF on XP Home and everything deleted


  • This topic is locked This topic is locked
44 replies to this topic

#1 jonnyhendo

jonnyhendo

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:06:13 AM

Posted 08 November 2013 - 11:55 AM

Hi,

     I ran CF on an XP machine and everything is now gone (just IE and Recycle Bin).  In other threads I found that I should download combofix.exe and CFDQ-UsrPrf to my desktop and run CFDQ-UsrPrf.  When I do that I get an error:

 

Error: 0x00007766  !! Aborting

 

Please find the output from dds, attach, and CF log:

 

Attached File  dds.txt   15.87KB   4 downloads

Attached File  attach.txt   20.44KB   3 downloads

Attached File  ComboFix.zip   151.75KB   8 downloads
 



BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,665 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:13 AM

Posted 13 November 2013 - 11:55 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/513437 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 jonnyhendo

jonnyhendo
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:06:13 AM

Posted 13 November 2013 - 10:17 PM

Hi,
     I ran CF on an XP machine and everything is now gone (just IE and Recycle Bin).  In other threads I found that I should download combofix.exe and CFDQ-UsrPrf to my desktop and run CFDQ-UsrPrf.  When I do that I get an error:
 
Error: 0x00007766  !! Aborting
 
I am not sure what to do at this point?  Please help.

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702
Run by Donald Whitaker at 21:02:08 on 2013-11-13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1278.300 [GMT -6:00]
.
AV: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: Norton Internet Worm Protection *Disabled*
.
============== Running Processes ================
.
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVG\AVG2014\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
C:\Program Files\AVG\AVG2014\avgnsx.exe
C:\Program Files\AVG\AVG2014\avgemcx.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\Program Files\Citrix\ICA Client\concentr.exe
C:\Program Files\AVG\AVG2014\avgui.exe
C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files\Citrix\ICA Client\wfcrun32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WinZip\WZQKPICK32.EXE
C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12\ToolbarUpdater.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12\loggingserver.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\program files\real\realplayer\update\realsched.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\PROGRA~1\COMMON~1\MICROS~1\DW\DWTRIG20.EXE
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\AVG\AVG2014\avgmfapx.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchAssistant = hxxp://www.google.com
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
dURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>
BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} -
BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -
BHO: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\avg secure search\17.0.1.12\AVG Secure Search_toolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} -
TB: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\avg secure search\17.0.1.12\AVG Secure Search_toolbar.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [vProt] "c:\program files\avg secure search\vprot.exe"
mRun: [ConnectionCenter] "c:\program files\citrix\ica client\concentr.exe" /startup
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [AVG_UI] "c:\program files\avg\avg2014\avgui.exe" /TRAYONLY
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [Monitor] "c:\program files\leapfrog\leapfrog connect\Monitor.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SDTray] "c:\program files\spybot - search & destroy 2\SDTray.exe"
mRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK32.EXE
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDrives = dword:0
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: Add to AMV Converter... - c:\program files\mp3 player utilities 4.13\amvconverter\grab.html
IE: Add to Media Manager... - c:\program files\mp3 player utilities 4.13\mediamanager\grab.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll/cmsidewiki.html
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?LinkID=39204
DPF: {2D337EB0-3BFB-42A3-B314-A24BBA8C085B} - hxxp://download.yahoo.com/dl/mail/yautoiol1.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc2.cab
DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} - hxxp://fb.familylink.com/we_are_related/stream/core/lib/AurigmaImageUploader/ImageUploader5.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1224504470578
DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
DPF: {75A6AEA3-F26E-4608-AE9B-8DA78C87576E} - hxxps://kingsisle.hs.llnwd.net/e1/static/themes/wizard101A/activex/Wizard101GameLauncher.CAB
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} - hxxp://www.linksysfix.com/netcheck/67/install/gtdownls.cab
DPF: {BEA7310D-06C4-4339-A784-DC3804819809} - hxxp://samsclubus.pnimedia.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
DPF: {C49134CC-B5EF-458C-A442-E8DFE7B4645F} - hxxp://www.yoyogames.com/downloads/activex/YoYo.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 64.233.207.8 64.233.207.9
TCP: Interfaces\{A3BA9D8F-F0C4-4CA3-9F77-13358B685FBA} : DHCPNameServer = 64.233.207.8 64.233.207.9
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\17.0.12\ViProtocol.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12
.
================= FIREFOX ===================
.
FF - ProfilePath -
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-4-19 145720]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2012-8-9 223032]
R0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-12-23 102200]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2012-1-31 27448]
R1 Avgdiskx;AVG Disk Driver;c:\windows\system32\drivers\avgdiskx.sys [2013-8-1 120632]
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2011-12-23 209208]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2011-12-23 22840]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2012-3-19 193848]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2012-8-29 37664]
R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [2010-7-14 65584]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2014\avgwdsvc.exe [2013-9-25 301152]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\realnetworks\realdownloader\rndlresolversvc.exe [2013-4-16 39056]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\spybot - search & destroy 2\SDFSSvc.exe [2013-11-6 3921880]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\spybot - search & destroy 2\SDUpdSvc.exe [2013-11-6 1042272]
R2 vToolbarUpdater17.0.12;vToolbarUpdater17.0.12;c:\program files\common files\avg secure search\vtoolbarupdater\17.0.12\ToolbarUpdater.exe [2013-10-2 1734680]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2012-2-22 176952]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2014\avgidsagent.exe [2013-10-3 3538480]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files\spybot - search & destroy 2\SDWSCSvc.exe [2013-11-6 171416]
S3 ActionReplayDS;ActionReplayDS;c:\windows\system32\drivers\ActionReplayDS.sys [2010-3-5 29184]
S3 Leapfrog-USBLAN;Leapfrog-USBLAN;c:\windows\system32\drivers\btblan.sys [2012-1-7 33792]
.
=============== Created Last 30 ================
.
2013-11-10 18:30:39 -------- d-----w- c:\documents and settings\donald whitaker\application data\AVG2014
2013-11-10 18:30:36 -------- d-----w- c:\documents and settings\all users\application data\MFAData
2013-11-08 16:46:41 -------- d-----w- c:\documents and settings\donald whitaker\local settings\application data\WinZip
2013-11-08 14:59:31 -------- d-----w- c:\documents and settings\all users\application data\AVG Secure Search
2013-11-08 14:55:15 -------- d-----w- c:\documents and settings\all users\application data\RealNetworks
2013-11-08 14:53:31 -------- d-----w- c:\windows\system32\wbem\repository\FS
2013-11-08 14:53:31 -------- d-----w- c:\windows\system32\wbem\Repository
2013-11-08 14:43:17 -------- d-----w- c:\documents and settings\donald whitaker\local settings\application data\Citrix
2013-11-08 13:28:20 -------- d-----w- C:\ComboFix
2013-11-08 13:27:57 -------- d-----r- c:\documents and settings\all users\Documents
2013-11-08 13:02:42 -------- d-sh--w- c:\documents and settings\donald whitaker\PrivacIE
2013-11-08 13:02:30 -------- d-sh--w- c:\documents and settings\donald whitaker\IECompatCache
2013-11-08 07:16:18 -------- d-----w- c:\documents and settings\donald whitaker\local settings\application data\AVG Secure Search
2013-11-08 07:13:06 -------- d-----w- c:\documents and settings\donald whitaker\application data\AVG Secure Search
2013-11-08 07:13:04 -------- d-----w- c:\documents and settings\all users\application data\Spybot - Search & Destroy
2013-11-08 07:12:44 -------- d-----w- c:\documents and settings\donald whitaker\application data\ICAClient
2013-11-08 07:12:42 -------- d-----w- c:\documents and settings\all users\application data\Leapfrog
2013-11-08 07:12:39 -------- d-----w- c:\documents and settings\donald whitaker\local settings\application data\Avg2014
2013-11-08 07:12:35 -------- d-sh--w- c:\documents and settings\donald whitaker\IETldCache
2013-11-07 02:25:02 18968 ----a-w- c:\windows\system32\sdnclean.exe
2013-11-07 02:24:38 -------- d-----w- c:\program files\Spybot - Search & Destroy 2
.
==================== Find3M ====================
.
2013-10-08 20:39:34 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-10-08 20:39:34 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-10-02 15:58:47 37664 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2013-09-26 01:57:14 120632 ----a-w- c:\windows\system32\drivers\avgdiskx.sys
2013-09-23 18:33:58 920064 ----a-w- c:\windows\system32\wininet.dll
2013-09-23 18:33:57 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-09-23 18:33:57 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-09-23 18:33:56 18944 ----a-w- c:\windows\system32\corpol.dll
2013-09-23 18:06:48 385024 ----a-w- c:\windows\system32\html.iec
2013-09-11 03:11:44 22840 ----a-w- c:\windows\system32\drivers\avgidsshimx.sys
2013-09-09 03:12:16 27448 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2013-09-02 15:39:32 176952 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2013-09-02 15:28:06 145720 ----a-w- c:\windows\system32\drivers\avgidshx.sys
2013-09-02 15:28:04 209208 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys
2013-09-02 15:28:00 223032 ----a-w- c:\windows\system32\drivers\avglogx.sys
2013-08-29 01:31:44 1878656 ----a-w- c:\windows\system32\win32k.sys
.
============= FINISH: 21:08:43.98 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 5/26/2005 8:58:03 PM
System Uptime: 11/8/2013 8:54:24 AM (2 hours ago)
.
Motherboard: Dell Computer Corp. | | 0R8060
Processor: Intel® Pentium® 4 CPU 3.00GHz | Microprocessor | 2992/800mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 71 GiB total, 20.196 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP2602: 9/14/2013 8:31:10 AM - System Checkpoint
RP2603: 9/15/2013 3:00:55 AM - Software Distribution Service 3.0
RP2604: 9/16/2013 3:48:30 AM - System Checkpoint
RP2605: 9/17/2013 4:24:58 AM - System Checkpoint
RP2606: 9/18/2013 8:19:44 AM - System Checkpoint
RP2607: 9/19/2013 12:57:35 PM - System Checkpoint
RP2608: 9/20/2013 6:45:35 PM - System Checkpoint
RP2609: 9/20/2013 9:51:05 PM - Installed AVG 2014
RP2610: 9/20/2013 9:51:41 PM - Removed AVG 2013
RP2611: 9/20/2013 9:52:36 PM - Installed AVG 2014
RP2612: 9/20/2013 9:57:28 PM - Removed AVG 2013
RP2613: 9/22/2013 2:00:59 AM - System Checkpoint
RP2614: 9/22/2013 3:00:20 AM - Software Distribution Service 3.0
RP2615: 9/23/2013 9:41:57 AM - System Checkpoint
RP2616: 9/24/2013 11:23:49 AM - System Checkpoint
RP2617: 9/25/2013 5:40:30 PM - System Checkpoint
RP2618: 9/26/2013 6:47:14 PM - System Checkpoint
RP2619: 9/27/2013 11:14:47 PM - System Checkpoint
RP2620: 9/29/2013 7:58:32 AM - Software Distribution Service 3.0
RP2621: 9/30/2013 8:02:57 AM - System Checkpoint
RP2622: 10/1/2013 2:13:56 PM - System Checkpoint
RP2623: 10/2/2013 9:09:42 PM - System Checkpoint
RP2624: 10/3/2013 8:45:09 PM - Software Distribution Service 3.0
RP2625: 10/5/2013 2:03:53 AM - System Checkpoint
RP2626: 10/5/2013 7:47:23 AM - Software Distribution Service 3.0
RP2627: 10/6/2013 7:41:45 AM - Software Distribution Service 3.0
RP2628: 10/7/2013 1:37:43 PM - System Checkpoint
RP2629: 10/8/2013 7:41:32 PM - System Checkpoint
RP2630: 10/9/2013 9:04:13 PM - System Checkpoint
RP2631: 10/11/2013 1:33:42 AM - System Checkpoint
RP2632: 10/12/2013 10:33:17 AM - System Checkpoint
RP2633: 10/13/2013 7:42:55 AM - Software Distribution Service 3.0
RP2634: 10/14/2013 8:01:45 AM - System Checkpoint
RP2635: 10/15/2013 8:50:28 AM - System Checkpoint
RP2636: 10/16/2013 9:20:19 AM - System Checkpoint
RP2637: 10/17/2013 1:20:39 PM - System Checkpoint
RP2638: 10/19/2013 9:38:09 AM - System Checkpoint
RP2639: 10/20/2013 8:27:14 AM - Software Distribution Service 3.0
RP2640: 10/21/2013 8:43:58 AM - System Checkpoint
RP2641: 10/22/2013 2:30:04 PM - System Checkpoint
RP2642: 10/22/2013 4:10:49 PM - Software Distribution Service 3.0
RP2643: 10/23/2013 10:22:52 PM - System Checkpoint
RP2644: 10/25/2013 3:33:10 AM - System Checkpoint
RP2645: 10/26/2013 3:45:09 AM - System Checkpoint
RP2646: 10/27/2013 3:00:28 AM - Software Distribution Service 3.0
RP2647: 10/28/2013 3:33:20 AM - System Checkpoint
RP2648: 10/29/2013 3:45:16 AM - System Checkpoint
RP2649: 10/30/2013 4:20:29 AM - System Checkpoint
RP2650: 10/31/2013 10:42:32 AM - System Checkpoint
RP2651: 10/31/2013 11:29:02 PM - Software Distribution Service 3.0
RP2652: 11/2/2013 1:34:24 AM - System Checkpoint
RP2653: 11/3/2013 1:22:29 AM - System Checkpoint
RP2654: 11/3/2013 2:00:27 AM - Software Distribution Service 3.0
RP2655: 11/3/2013 3:00:18 AM - Software Distribution Service 3.0
RP2656: 11/3/2013 8:36:17 AM - Software Distribution Service 3.0
RP2657: 11/3/2013 8:58:28 AM - Software Distribution Service 3.0
RP2658: 11/4/2013 6:26:42 AM - Software Distribution Service 3.0
RP2659: 11/6/2013 9:48:48 PM - Software Distribution Service 3.0
RP2660: 11/8/2013 1:40:25 AM - System Checkpoint
RP2661: 11/8/2013 7:44:10 AM - Restore Operation
RP2662: 11/8/2013 7:56:26 AM - Restore Operation
RP2663: 11/8/2013 8:10:45 AM - Restore Operation
RP2664: 11/8/2013 8:47:15 AM - Restore Operation
RP2665: 11/8/2013 8:52:07 AM - Restore Operation
.
==== Installed Programs ======================
.
32 Bit HP CIO Components Installer
5600
5600_Help
5600Trb
Acrobat.com
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.8)
Adobe Shockwave Player 11.5
AdwareAlert
AIO_Scan
AiOSoftware
AnyDVD
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AVG 2014
AVG PC Tuneup
AVG Security Toolbar
BlackBerry Desktop Software 4.6
Bonjour
BufferChm
C4200
c4200_Help
Canon Camera Access Library
CANON iMAGE GATEWAY MyCamera Download Plugin
CANON iMAGE GATEWAY Task for ZoomBrowser EX
Canon MOV Decoder
Canon MOV Encoder
Canon MovieEdit Task for ZoomBrowser EX
Canon Utilities CameraWindow DC 8
Canon Utilities CameraWindow Launcher
Canon Utilities MyCamera
Canon Utilities ZoomBrowser EX
Canon ZoomBrowser EX Memory Card Utility
Citrix online plug-in (DV)
Citrix online plug-in (HDX)
Citrix online plug-in (USB)
Citrix online plug-in (Web)
Copy
CP_Package_Variety1
CP_Package_Variety2
CP_Package_Variety3
CustomerResearchQFolder
Dell Driver Reset Tool
Dell Media Experience
Dell System Restore
Destination Component
DeviceDiscovery
DocProc
DocProcQFolder
Driver Detective
Fax
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows XP (KB2756822)
Hotfix for Windows XP (KB2779562)
HP Customer Participation Program 8.0
HP Imaging Device Functions 8.0
HP OCR Software 8.0
HP Photosmart All-In-One Software 8.0
HP Photosmart Essential
HP Product Assistant
HP PSC & OfficeJet 5.3.B
HP Solution Center 8.0
HP Update
HPProductAssistant
HPSSupply
Intel® 537EP V9x DF PCI Modem
Intel® Extreme Graphics 2 Driver
Intel® PRO Network Adapters and Drivers
Intel® PROSet for Wired Connections
Internet Explorer Default Page
iTunes
League of Legends
LeapFrog Connect
LeapFrog Leapster Explorer Plugin
Malwarebytes Anti-Malware version 1.75.0.1300
MarketResearch
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Basic 2007
Microsoft Office Converter Pack
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Live Meeting 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft Software Update for Web Folders (English) 12
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Web Publishing Wizard 1.52
MobileMe Control Panel
Modem Event Monitor
Modem Helper
Modem On Hold
Mozilla Firefox 24.0 (x86 en-US)
Mozilla Maintenance Service
MSN
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
My Way Search Assistant
NewCopy
Pando Media Booster
PhoTags Express
ProductContext
PS_AIO_ProductContext
PS_AIO_Software
PS_AIO_Software_min
Readme
RealDownloader
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealNetworks - Microsoft Visual C++ 2010 Runtime
RealPlayer
RealUpgrade 1.1
Roxio Media Manager
Scan
ScannerCopy
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2861697)
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687309) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2827326) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2827324) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office Outlook 2007 (KB2825999) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2827330) 32-Bit Edition
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB2699988)
Security Update for Windows Internet Explorer 8 (KB2722913)
Security Update for Windows Internet Explorer 8 (KB2744842)
Security Update for Windows Internet Explorer 8 (KB2761465)
Security Update for Windows Internet Explorer 8 (KB2792100)
Security Update for Windows Internet Explorer 8 (KB2797052)
Security Update for Windows Internet Explorer 8 (KB2799329)
Security Update for Windows Internet Explorer 8 (KB2809289)
Security Update for Windows Internet Explorer 8 (KB2817183)
Security Update for Windows Internet Explorer 8 (KB2829530)
Security Update for Windows Internet Explorer 8 (KB2838727)
Security Update for Windows Internet Explorer 8 (KB2846071)
Security Update for Windows Internet Explorer 8 (KB2847204)
Security Update for Windows Internet Explorer 8 (KB2862772)
Security Update for Windows Internet Explorer 8 (KB2870699)
Security Update for Windows Internet Explorer 8 (KB2879017)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2834904-v2)
Security Update for Windows Media Player (KB2834904)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2685939)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219)
Security Update for Windows XP (KB2707511)
Security Update for Windows XP (KB2709162)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2718523)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2723135)
Security Update for Windows XP (KB2724197)
Security Update for Windows XP (KB2727528)
Security Update for Windows XP (KB2731847)
Security Update for Windows XP (KB2753842-v2)
Security Update for Windows XP (KB2753842)
Security Update for Windows XP (KB2757638)
Security Update for Windows XP (KB2758857)
Security Update for Windows XP (KB2761226)
Security Update for Windows XP (KB2770660)
Security Update for Windows XP (KB2778344)
Security Update for Windows XP (KB2779030)
Security Update for Windows XP (KB2780091)
Security Update for Windows XP (KB2799494)
Security Update for Windows XP (KB2802968)
Security Update for Windows XP (KB2807986)
Security Update for Windows XP (KB2808735)
Security Update for Windows XP (KB2813170)
Security Update for Windows XP (KB2813345)
Security Update for Windows XP (KB2820197)
Security Update for Windows XP (KB2820917)
Security Update for Windows XP (KB2829361)
Security Update for Windows XP (KB2834886)
Security Update for Windows XP (KB2839229)
Security Update for Windows XP (KB2845187)
Security Update for Windows XP (KB2847311)
Security Update for Windows XP (KB2849470)
Security Update for Windows XP (KB2850851)
Security Update for Windows XP (KB2850869)
Security Update for Windows XP (KB2859537)
Security Update for Windows XP (KB2862330)
Security Update for Windows XP (KB2862335)
Security Update for Windows XP (KB2864063)
Security Update for Windows XP (KB2868038)
Security Update for Windows XP (KB2876217)
Security Update for Windows XP (KB2876315)
Security Update for Windows XP (KB2883150)
SolutionCenter
Spybot - Search & Destroy
Status
The Spiderwick Chronicles
Toolbox
TrayApp
Uninstall Dual Mode Camera
Unity Web Player
Unload
UnloadSupport
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2827325) 32-Bit Edition
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB982632)
Update for Windows XP (KB2661254-v2)
Update for Windows XP (KB2718704)
Update for Windows XP (KB2736233)
Update for Windows XP (KB2749655)
Update for Windows XP (KB2863058)
Use the entry named LeapFrog Connect to uninstall (LeapFrog Leapster Explorer Plugin)
Visual Studio 2012 x86 Redistributables
WebFldrs XP
WebReg
Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 10
Windows Media Player 11
Windows XP Service Pack 3
Wizard101
Yahoo! Software Update
.
==== Event Viewer Messages From Past Week ========
.
11/8/2013 1:14:57 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Avgldx86
11/8/2013 1:13:32 AM, error: Service Control Manager [7024] - The AVGIDSAgent service terminated with service-specific error 3758213659 (0xE001CA1B).
11/8/2013 1:13:32 AM, error: Service Control Manager [7001] - The Windows Media Player Network Sharing Service service depends on the Universal Plug and Play Device Host service which failed to start because of the following error: The operation completed successfully.
11/7/2013 7:43:51 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Spybot-S&D 2 Scanner Service service to connect.
11/7/2013 7:43:51 AM, error: Service Control Manager [7000] - The Spybot-S&D 2 Scanner Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
11/7/2013 7:19:35 AM, error: Service Control Manager [7031] - The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
11/6/2013 9:53:26 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 1.1 SP1 on Windows XP, Windows Vista, and Windows Server 2008 x86 (KB2833941).
11/6/2013 9:46:46 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: abp480n5 adpu160m agp440 agpCPQ Aha154x aic78u2 aic78xx AliIde alim1541 amdagp amsint asc asc3350p asc3550 cbidf cd20xrnt CmdIde Cpqarray dac2w2k dac960nt dpti2o hpn i2omp ini910u IntelIde mraid35x perc2 perc2hib ql1080 Ql10wnt ql12160 ql1240 ql1280 sisagp Sparrow symc810 symc8xx sym_hi sym_u3 TosIde ultra viaagp ViaIde
11/6/2013 9:42:06 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
11/6/2013 9:20:38 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MDM with arguments "" in order to run the server: {0C0A3666-30C9-11D0-8F20-00805F2CD064}
11/6/2013 9:10:29 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Avgdiskx AVGIDSDriver AVGIDSShim Avgldx86 ctxusbm Fips intelppm
11/6/2013 9:10:29 PM, error: Service Control Manager [7001] - The AVGIDSAgent service depends on the AVGIDSDriver service which failed to start because of the following error: A device attached to the system is not functioning.
11/6/2013 8:25:17 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
11/6/2013 8:09:59 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
11/6/2013 7:22:56 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
11/6/2013 11:01:46 PM, error: Service Control Manager [7022] - The HP CUE DeviceDiscovery Service service hung on starting.
11/6/2013 11:00:10 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Spybot-S&D 2 Security Center Service service to connect.
11/6/2013 11:00:10 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Roxio Hard Drive Watcher 9 service to connect.
11/6/2013 11:00:10 PM, error: Service Control Manager [7000] - The Spybot-S&D 2 Security Center Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
.
==== End Of File ===========================

Attached Files

  • Attached File  dds.txt   16.21KB   1 downloads

Edited by Oh My, 18 November 2013 - 10:36 AM.
Posted logs


#4 jonnyhendo

jonnyhendo
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:06:13 AM

Posted 13 November 2013 - 10:19 PM

...and I do NOT have the original Windows CD/DVD.



#5 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,798 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:13 AM

Posted 18 November 2013 - 10:11 AM

Greetings jonnyhendo and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. Please allow me some time to review the information you have provided and I will reply as soon as possible.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,798 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:13 AM

Posted 19 November 2013 - 09:40 AM

Greetings,

Let's see if your files still exist. Please do this.

===================================================

SystemLook by jpshortstuff

--------------------
  • Please download SystemLook from one of the links below and save it to your Desktop.

Download Mirror #1
Download Mirror #2
Download Mirror #3 For 64-bit users

  • Double-click SystemLook.exe to run it.
  • Vista\Windows 7 users:: Right click on SystemLook.exe, click Run As Administrator
  • Copy the content of the following codebox into the main textfield:
:dir
C:\Qoobox\Quarantine /s
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please zip the file and attach it to your reply.
===================================================

Things I would like to see in your next reply. :thumbsup2:
  • SystemLook file (zipped and attached)

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 jonnyhendo

jonnyhendo
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:06:13 AM

Posted 19 November 2013 - 02:02 PM

Thanks for you help, but this doesn't look good.

Attached Files



#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,798 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:13 AM

Posted 19 November 2013 - 02:28 PM

That is not the kind of start we wanted but please do this.

===================================================

SystemLook by jpshortstuff

--------------------
  • Double-click SystemLook.exe to run it.
  • Vista\Windows 7 users:: Right click on SystemLook.exe, click Run As Administrator
  • Copy the content of the following codebox into the main textfield:
:filefind
SIGHTLINES.*
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • SystemLook log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#9 jonnyhendo

jonnyhendo
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:06:13 AM

Posted 19 November 2013 - 08:19 PM

Hi Gary,

     Thanks again for spending your time helping me.  I noticed there are a lot of files in:

 

C:\Qoobox\Quarantine\C\Documents and Settings\Donald Whitaker

 

Donald Whitaker is the administrative user that I am logged in as.  I see a lot of files that look like they just have a .vir extension added.  I copied a few of the jpegs to the desktop and removed the .vir and the pictures showed up.  I think we found the backups!!

 

I reran SystemLook with the following parameters and am attaching the new file:

 

:dir
C:\Qoobox\Quarantine\C\Documents and Settings\Donald Whitaker /s

 

The text file is the one you asked for, and the zip file is the result using the above parameters.

 

Attached File  SystemLook.txt   1.9KB   1 downloadsAttached File  SystemLook_DonaldWhitaker.zip   214.84KB   2 downloads



#10 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,798 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:13 AM

Posted 19 November 2013 - 10:10 PM

We need to be very cautious in our steps because of the numerous steps taken before posting here. I don't want to risk losing your information because of an errant step on our part.

When you downloaded and saved Combofix did you save the program to your desktop or somewhere else?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#11 jonnyhendo

jonnyhendo
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:06:13 AM

Posted 19 November 2013 - 10:26 PM

Hi Gary,

     It is saved on my desktop.  Should I make a copy of C:\Qoobox\Quarantine\C\Documents and Settings\Donald Whitaker just in case?

 

Thanks again!

Jon



#12 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,798 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:13 AM

Posted 19 November 2013 - 11:11 PM

Let me think about this a bit. You ran Combofix several times. The quarantined files were not saved in the normal location. I am wondering if that is why you got the aborting error. Normally Combofix is run under supervision so it is a more controlled environment allowing for recovery if something has gone wrong, as it has here.

I will be posting tomorrow after I have had time to evaluate our options.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#13 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,798 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:13 AM

Posted 20 November 2013 - 09:28 AM

I think I understand what may have happened.  Please rerun SystemLook from Post #6.  Make sure to copy and paste the entire script, including :dir.  We may have left that out the last time and that might be why we didn't get any results.  If we find success I will feel better about taking our next step.


Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#14 jonnyhendo

jonnyhendo
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:06:13 AM

Posted 20 November 2013 - 06:57 PM

It looks better, but even the zip file was too big to attach  (316K).  Here is the first few lines:

 

SystemLook 30.07.11 by jpshortstuff
Log created at 17:53 on 20/11/2013 by Donald Whitaker
Administrator - Elevation successful

========== dir ==========

C:\Qoobox\Quarantine - Parameters: "/s"

---Files---
catchme.log --a---- 68673 bytes [23:46 27/04/2012] [13:28 08/11/2013]
MBR_HardDisk0.mbr --a---- 512 bytes [00:44 07/11/2013] [04:51 08/11/2013]

C:\Qoobox\Quarantine\C d------ [23:54 27/04/2012]

C:\Qoobox\Quarantine\C\data d------ [00:15 28/04/2012]

C:\Qoobox\Quarantine\C\data\data d------ [11:52 04/11/2010]

C:\Qoobox\Quarantine\C\data\data\default d------ [11:52 04/11/2010]

C:\Qoobox\Quarantine\C\Documents and Settings d------ [00:12 28/04/2012]

C:\Qoobox\Quarantine\C\Documents and Settings\Administrator d------ [05:12 08/11/2013]

C:\Qoobox\Quarantine\C\Documents and Settings\Administrator\Application Data d------ [05:12 08/11/2013]

C:\Qoobox\Quarantine\C\Documents and Settings\Administrator\Application Data\Microsoft d------ [05:12 08/11/2013]

C:\Qoobox\Quarantine\C\Documents and Settings\Administrator\Application Data\Microsoft\CLR Security Config d------ [05:12 08/11/2013]

C:\Qoobox\Quarantine\C\Documents and Settings\Administrator\Application Data\Microsoft\CLR Security Config\v1.1.4322 d------ [05:12 08/11/2013]
security.config.cch.vir --a--c- 39488 bytes [16:08 28/05/2009] [18:12 10/08/2004]

C:\Qoobox\Quarantine\C\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer d------ [05:12 08/11/2013]
BRNDLOG.BAK.vir --a--c- 141 bytes [16:08 28/05/2009] [18:03 10/08/2004]
BRNDLOG.TXT.vir --a--c- 10381 bytes [16:08 28/05/2009] [18:08 10/08/2004]
Desktop.htt.vir --a--c- 2128 bytes [16:08 28/05/2009] [05:32 18/05/2005]

C:\Qoobox\Quarantine\C\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch d------ [05:12 08/11/2013]
Show Desktop.scf.vir --a--c- 79 bytes [16:08 28/05/2009] [18:08 10/08/2004]

C:\Qoobox\Quarantine\C\Documents and Settings\Administrator\Application Data\Microsoft\Protect d------ [05:12 08/11/2013]
CREDHIST.vir --a--c- 24 bytes [16:08 28/05/2009] [05:45 18/05/2005]

C:\Qoobox\Quarantine\C\Documents and Settings\Administrator\Application Data\Microsoft\Protect\S-1-5-21-3490953406-1262077240-46926586-1003 d------ [05:12 08/11/2013]
44562a6e-a30c-4784-aba6-0aae12aae80f.vir --a--c- 388 bytes [16:08 28/05/2009] [05:45 18/05/2005]
Preferred.vir --a--c- 24 bytes [16:08 28/05/2009] [05:45 18/05/2005]

C:\Qoobox\Quarantine\C\Documents and Settings\Administrator\Application Data\Sonic d------ [05:12 08/11/2013]

C:\Qoobox\Quarantine\C\Documents and Settings\Administrator\Application Data\Sonic\Update Manager d------ [05:12 08/11/2013]
sumdb.dat.vir --a--c- 31 bytes [16:08 28/05/2009] [05:59 18/05/2005]

C:\Qoobox\Quarantine\C\Documents and Settings\Administrator\Favorites d------ [05:12 08/11/2013]
MSN.com.url.vir --a--c- 119 bytes [16:07 28/05/2009] [18:08 10/08/2004]
Radio Station Guide.url.vir --a--c- 197 bytes [16:07 28/05/2009] [18:08 10/08/2004]
RealPlayer Home Page.url.vir --a--c- 114 bytes [16:07 28/05/2009] [05:50 18/05/2005]



#15 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,798 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:13 AM

Posted 20 November 2013 - 07:16 PM

Thanks Jon, that does look better. It is going to take a bit of time for me to put a fix together because of the number of items quarantined. Please be patient while I work through it. I will post as soon as I am able.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users