[Active] Frustrating...Can't seem to remove virus

IheartCali · Oct 21, 2010

Hello all. New here =)

Starting on Monday I noticed some weird behavior. My Avast had been disabled, could not open Malwarebytes, and I'm continuously being redirected to random sites when I'm online. It took me another day and a half to finally download a new Malwarebytes and run a scan. It found 2 infected files "Rootkit.Agent". I removed and rebooted, and all appeared to be fine. I couldn't restart my Avast so I tried reinstalling a fresh copy. That worked for a few hours but now it's once again disabled

I'm totally frustrated. When I logged on this morning, something weird had happened to my WLAN settings and I couldn't connect to the internet.

I glanced at the 8-step link but so far this virus has kept disabling my antivirus. Any help would be GREATLY appreciated!

Bobbye · Oct 21, 2010

Can you get into Safe Mode or Safe Mode with networking?

Boot into Safe Mode

Restart your computer and start pressing the F8 key on your keyboard.

Select the Safe Mode option when the Windows Advanced Options menu appears, and then press ENTER.

If needed, you can download the scanning programs to a flash drive, then install them on the problem system. Run the scans in whatever mode you can, then paste the logs in. It will at least give me something to go on.

IheartCali · Oct 21, 2010

Ok I was able to run the programs through safe mode. I installed yet another version of Avast, but it found 0 infected files.

Malwarebytes:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4904

Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 7.0.5730.13

10/21/2010 1:37:48 PM
mbam-log-2010-10-21 (13-37-48).txt

Scan type: Full scan (C:\|)
Objects scanned: 178312
Time elapsed: 16 minute(s), 46 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

I was also able to d/l GMER but I never saw the options that I was instructed to use in the 8-step link. No option available to scan rootkit. There wasn't even a scan button. I've attached a screencap for you, as I'm not even remotely sure of what I was looking at. I tried to reinstall a 2nd time but it sent me to the exact same screen.

DDS:

DDS (Ver_10-10-21.02) - NTFSx86 NETWORK
Run by Administrator at 13:51:06.60 on Thu 10/21/2010
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.764 [GMT -7:00]

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Documents and Settings\Administrator\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
mSearchAssistant =
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\NPSWF32_FlashUtil.exe -p
mRun: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
mRun: [AESTFltr] %SystemRoot%\system32\AESTFltr.exe /NoDlg
mRun: [HP BTW Detect Program] c:\program files\hp\HPBTWD.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [HP Mobile Broadband] c:\swsetup\hpqwwan\HPMobileBroadband.exe /TrayMode
mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\logitech webcam software\LWS.exe" /hide
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\admini~1\applic~1\mozilla\firefox\profiles\5p9jkulk.default\
FF - prefs.js: browser.search.selectedEngine - BigSeekPro
FF - prefs.js: browser.startup.homepage - hxxp://www.bigseekpro.com/bigseekpro/{726A5B54-1743-D851-227C-05423E3AC2F6}
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

============= SERVICES / DRIVERS ===============

S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-10-21 165584]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-10-21 17744]
S2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-10-21 40384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-6 135664]
S3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [2009-6-14 113664]
S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-10-21 40384]
S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-10-21 40384]
S3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [2009-3-2 38912]
S3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RTS5121.sys [2009-6-14 160256]
S3 Rts516xIR;Realtek IR Driver;c:\windows\system32\drivers\rts516xir.sys --> c:\windows\system32\drivers\Rts516xIR.sys [?]

=============== Created Last 30 ================

2010-10-21 19:39:52 38848 ----a-w- c:\windows\avastSS.scr
2010-10-20 17:37:11 -------- d-----w- c:\program files\QUITBITCH
2010-10-18 02:21:55 -------- d-----w- c:\program files\common files\EasyInfo
2010-10-18 01:34:08 -------- d-----w- c:\program files\Maxis
2010-10-18 01:34:02 225280 ----a-w- c:\program files\common files\installshield\iscript\iscript.dll
2010-10-18 01:34:02 176128 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\iuser.dll
2010-10-18 01:34:01 77824 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\ctor.dll
2010-10-18 01:34:01 32768 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\objectps.dll
2010-10-18 01:34:00 614532 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\IKernel.exe
2010-10-18 00:51:46 -------- d-----w- C:\The Sims Complete Collection
2010-10-18 00:40:08 172032 ----a-w- c:\windows\system32\igfxres.dll
2010-10-18 00:31:05 -------- d-----w- C:\Intel
2010-10-17 23:50:51 5501792 ----a-w- c:\windows\system32\d3dcsx_42.dll
2010-10-17 23:50:50 235344 ----a-w- c:\windows\system32\d3dx11_42.dll
2010-10-17 23:50:27 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2010-10-17 23:50:27 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2010-10-17 23:50:14 453456 ----a-w- c:\windows\system32\d3dx10_41.dll
2010-10-17 23:50:14 1846632 ----a-w- c:\windows\system32\D3DCompiler_41.dll
2010-10-17 23:49:24 4178264 ----a-w- c:\windows\system32\D3DX9_41.dll
2010-10-17 23:49:22 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2010-10-17 23:49:21 517448 ----a-w- c:\windows\system32\XAudio2_4.dll
2010-10-17 23:49:20 235352 ----a-w- c:\windows\system32\xactengine3_4.dll
2010-10-17 23:49:18 22360 ----a-w- c:\windows\system32\X3DAudio1_6.dll
2010-10-17 23:48:48 452440 ----a-w- c:\windows\system32\d3dx10_40.dll
2010-10-17 23:48:48 2036576 ----a-w- c:\windows\system32\D3DCompiler_40.dll
2010-10-17 23:48:24 4379984 ----a-w- c:\windows\system32\D3DX9_40.dll
2010-10-17 23:48:22 70992 ----a-w- c:\windows\system32\XAPOFX1_2.dll
2010-10-17 23:48:22 514384 ----a-w- c:\windows\system32\XAudio2_3.dll
2010-10-17 23:48:21 235856 ----a-w- c:\windows\system32\xactengine3_3.dll
2010-10-17 23:48:19 23376 ----a-w- c:\windows\system32\X3DAudio1_5.dll
2010-10-17 23:48:16 68616 ----a-w- c:\windows\system32\XAPOFX1_1.dll
2010-10-17 23:48:15 509448 ----a-w- c:\windows\system32\XAudio2_2.dll
2010-10-17 23:48:13 238088 ----a-w- c:\windows\system32\xactengine3_2.dll
2010-10-17 23:46:47 1420824 ----a-w- c:\windows\system32\D3DCompiler_37.dll
2010-10-17 23:46:34 462864 ----a-w- c:\windows\system32\d3dx10_37.dll
2010-10-17 23:46:34 3786760 ----a-w- c:\windows\system32\D3DX9_37.dll
2010-10-17 23:46:30 267272 ----a-w- c:\windows\system32\xactengine2_10.dll
2010-10-17 23:45:09 444776 ----a-w- c:\windows\system32\d3dx10_36.dll
2010-10-17 23:45:08 1374232 ----a-w- c:\windows\system32\D3DCompiler_36.dll
2010-10-17 23:45:07 3734536 ----a-w- c:\windows\system32\d3dx9_36.dll
2010-10-17 23:45:01 267112 ----a-w- c:\windows\system32\xactengine2_9.dll
2010-10-17 23:43:59 251672 ----a-w- c:\windows\system32\xactengine2_5.dll
2010-10-17 23:43:45 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
2010-10-17 23:43:40 237848 ----a-w- c:\windows\system32\xactengine2_4.dll
2010-10-17 23:43:40 15128 ----a-w- c:\windows\system32\x3daudio1_1.dll
2010-10-17 23:43:36 2414360 ----a-w- c:\windows\system32\d3dx9_31.dll
2010-10-17 23:43:34 62744 ----a-w- c:\windows\system32\xinput1_2.dll
2010-10-17 23:43:34 236824 ----a-w- c:\windows\system32\xactengine2_3.dll
2010-10-17 23:41:15 2297552 ----a-w- c:\windows\system32\d3dx9_26.dll
2010-10-17 23:34:23 -------- d-----w- c:\windows\Logs
2010-10-17 22:56:33 442368 ----a-r- c:\windows\system32\vp6vfw.dll
2010-10-17 21:49:44 -------- d-----w- c:\program files\uTorrent
2010-10-17 19:37:29 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-10-17 19:36:32 -------- d-----w- c:\program files\DAEMON Tools Lite
2010-10-17 19:35:49 -------- d-----w- c:\docume~1\alluse~1\applic~1\DAEMON Tools Lite
2010-10-13 21:41:35 954368 ------w- c:\windows\system32\dllcache\mfc40.dll
2010-10-13 21:41:32 953856 ------w- c:\windows\system32\dllcache\mfc40u.dll
2010-10-13 21:41:27 974848 ------w- c:\windows\system32\dllcache\mfc42.dll
2010-10-13 21:40:39 617472 ------w- c:\windows\system32\dllcache\comctl32.dll
2010-09-23 01:10:52 103864 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll

==================== Find3M ====================

2010-09-18 19:23:26 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53:25 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53:25 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53:25 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-09 13:38:01 832512 ----a-w- c:\windows\system32\wininet.dll
2010-09-09 13:38:01 1830912 ----a-w- c:\windows\system32\inetcpl.cpl
2010-09-09 13:38:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-09-09 13:38:00 17408 ----a-w- c:\windows\system32\corpol.dll
2010-09-08 15:57:57 389120 ----a-w- c:\windows\system32\html.iec
2010-09-01 11:51:14 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-08-31 13:42:52 1852800 ----a-w- c:\windows\system32\win32k.sys
2010-08-27 08:02:29 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-27 05:57:43 99840 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-26 12:52:45 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-08-23 16:12:04 617472 ----a-w- c:\windows\system32\comctl32.dll
2010-08-17 13:17:06 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-16 08:45:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll

============= FINISH: 13:53:52.40 ===============

IheartCali · Oct 21, 2010

I'm not sure whether or attach or copy/paste this. Instructions were a bit confusing.

Attach.txt log

DDS (Ver_10-10-21.02)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 10/29/2009 1:58:16 AM
System Uptime: 10/21/2010 1:19:20 PM (0 hours ago)

Motherboard: Hewlett-Packard | | 308F
Processor: Intel(R) Atom(TM) CPU N270 @ 1.60GHz | CPU 1 | 1596/133mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 15 GiB total, 4.202 GiB free.

==== Disabled Device Manager Items =============

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Atheros AR8132 PCI-E Fast Ethernet Controller
Device ID: PCI\VEN_1969&DEV_1062&SUBSYS_308F103C&REV_C0\4&23C6FC68&0&00E1
Manufacturer: Atheros
Name: Atheros AR8132 PCI-E Fast Ethernet Controller
PNP Device ID: PCI\VEN_1969&DEV_1062&SUBSYS_308F103C&REV_C0\4&23C6FC68&0&00E1
Service: L1c

==== System Restore Points ===================

RP1: 10/20/2010 11:49:46 AM - avast! Free Antivirus Setup
RP2: 10/20/2010 12:08:31 PM - avast! Free Antivirus Setup
RP3: 10/21/2010 12:27:18 PM - avast! Free Antivirus Setup

==== Installed Programs ======================

µTorrent
AAC Decoder
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.4.0
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
AutoUpdate
avast! Free Antivirus
Broadcom 802.11 Wireless LAN Adapter
DivX Codec
DivX Plus DirectShow Filters
DivX Version Checker
Google Toolbar for Internet Explorer
Google Update Helper
H.264 Decoder
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB949764)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP BatteryCheck 2.10 A2
HP Doc Viewer
HP Help and Support
HP Mobile Broadband Setup Utility
HP Wireless Assistant
HpSdpAppCoreApp
IDT Audio
Intel(R) Graphics Media Accelerator Driver
Java(TM) 6 Update 11
LimeWire 5.3.6
Logitech Webcam Software
Logitech Webcam Software Driver Package
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft National Language Support Downlevel APIs
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Works
MKV Splitter
Mozilla Firefox (3.6.10)
MSXML 6.0 Parser
MyFreeCams
PhotoFiltre
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Windows Internet Explorer 7 (KB2183461)
Security Update for Windows Internet Explorer 7 (KB2360131)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Synaptics Pointing Device Driver
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Internet Explorer 7 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
USB2.0 Card Reader Software
VC80CRTRedist - 8.0.50727.4053
Viewpoint Media Player
WebFldrs XP
Windows Backup Utility
Windows Internet Explorer 7
Windows Live Upload Tool
Windows Media Format 11 runtime
Windows Media Player 11
Yahoo! Software Update

==== Event Viewer Messages From Past Week ========

10/21/2010 8:21:32 AM, error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.
10/21/2010 12:40:06 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
10/21/2010 12:31:51 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Fips intelppm sptd
10/21/2010 1:41:27 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service hpqwmiex with arguments "" in order to run the server: {F5539356-2F02-40D4-999E-FA61F45FE12E}
10/21/2010 1:39:45 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
10/20/2010 8:23:15 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Aavmker4 aswSP aswTdi Fips intelppm sptd
10/20/2010 8:23:15 AM, error: Service Control Manager [7023] - The Windows Firewall/Internet Connection Sharing (ICS) service terminated with the following error: The system cannot find the file specified.
10/20/2010 8:22:00 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
10/20/2010 8:21:55 AM, error: sptd [4] - Driver detected an internal error in its data structures for .
10/20/2010 8:21:55 AM, error: Ftdisk [49] - Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory.
10/20/2010 8:21:55 AM, error: Ftdisk [45] - The system could not sucessfully load the crash dump driver.
10/20/2010 11:27:40 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AliIde IntelIde ViaIde
10/20/2010 11:27:40 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the WZCSVC service.
10/20/2010 11:27:40 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the Netman service.
10/20/2010 11:27:40 AM, error: Service Control Manager [7001] - The Windows Firewall/Internet Connection Sharing (ICS) service depends on the Network Connections service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion.
10/20/2010 11:27:40 AM, error: Service Control Manager [7000] - The Network Connections service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
10/20/2010 11:26:19 AM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
10/20/2010 10:43:32 AM, error: Service Control Manager [7034] - The Print Spooler service terminated unexpectedly. It has done this 3 time(s).
10/20/2010 10:43:17 AM, error: Service Control Manager [7034] - The Process Monitor service terminated unexpectedly. It has done this 1 time(s).
10/20/2010 10:34:04 AM, error: Service Control Manager [7034] - The hpqwmiex service terminated unexpectedly. It has done this 1 time(s).
10/20/2010 10:33:58 AM, error: Service Control Manager [7034] - The Yahoo! Updater service terminated unexpectedly. It has done this 1 time(s).
10/20/2010 10:33:42 AM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
10/20/2010 10:33:23 AM, error: Service Control Manager [7034] - The Audio Service service terminated unexpectedly. It has done this 1 time(s).
10/20/2010 10:32:54 AM, error: Service Control Manager [7031] - The Print Spooler service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
10/20/2010 10:29:45 AM, error: Service Control Manager [7031] - The Print Spooler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
10/20/2010 1:45:42 PM, error: Service Control Manager [7022] - The Automatic Updates service hung on starting.
10/17/2010 4:01:49 PM, error: afiwietb [9] -

==== End Of File ===========================

Bobbye · Oct 23, 2010

You did the right thing. The author of the program put the Zip directions in but we don't use it, using the paste feature for all logs.

Part of the problem is the presence of BigSeekPro This toolbar can come with a download for Hypercam and/or as an addon for Firefox. Downloading the hypercan program, even directly from the manufacturer's site has been seen to hijacked IE and Firefox browsers and open "blank white" with a redirecting URL "bigseekpro.com ..." It can also "corrupt" the OS or program that caused Internet connection to become disabled.

Please do the following:

Open Firefox> Tools> Add-ons> Highlight BigSeekPro> Uninstall> Restart Firefox to complete the uninstall.

Click on Start> Control Panel> Add/Remove Programs> Uninstall Hypercan if there.

Open Windows Explorer: Windows key + E> My Computer> Local Drive (usually C) > Program files> Look for Hypercan and> do a right click> Delete on each of their program folders.

Close Windows explorer

Reboot the computer and see if you can access Normal Mode.

There are some files that need to be removed. Run these in Normal Mode if you can. IF not, run Combofix in Safe Mode

Please download ComboFix from Here and save to your Desktop.

[1]. Do NOT rename Combofix unless instructed.
[2].Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
[3].Close any open browsers.
[4]. Double click combofix.exe & follow the prompts to run.

NOTE: Combofix will disconnect your machine from the Internet as soon as it starts. The connection is automatically restored before CF completes its run. If it does not, restart your computer to restore your connection.
[5]. If Combofix asks you to install Recovery Console, please allow it.
[6]. If Combofix asks you to update the program, always allow.

Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
[7]. A report will be generated after the scan. Please paste the C:\ComboFix.txt in next reply.

Note: Do not mouseclick combofix's window while it's running. That may cause it to stall.
Note: Make sure you re-enable your security programs, when you're done with Combofix..

TechSpot

[Active] Frustrating...Can't seem to remove virus

IheartCali Newcomer, in training

Bobbye Helper on the Fringe

IheartCali Newcomer, in training

Attached Files:

Gmerscreencap.jpg

IheartCali Newcomer, in training

Bobbye Helper on the Fringe