TechSpot

Frustrating...Can't seem to remove virus

By IheartCali
Oct 21, 2010
  1. Hello all. New here =)

    Starting on Monday I noticed some weird behavior. My Avast had been disabled, could not open Malwarebytes, and I'm continuously being redirected to random sites when I'm online. It took me another day and a half to finally download a new Malwarebytes and run a scan. It found 2 infected files "Rootkit.Agent". I removed and rebooted, and all appeared to be fine. I couldn't restart my Avast so I tried reinstalling a fresh copy. That worked for a few hours but now it's once again disabled :(

    I'm totally frustrated. When I logged on this morning, something weird had happened to my WLAN settings and I couldn't connect to the internet.

    I glanced at the 8-step link but so far this virus has kept disabling my antivirus. Any help would be GREATLY appreciated!
     
  2. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Can you get into Safe Mode or Safe Mode with networking?

    Boot into Safe Mode
    • Restart your computer and start pressing the F8 key on your keyboard.
    • Select the Safe Mode option when the Windows Advanced Options menu appears, and then press ENTER.

    If needed, you can download the scanning programs to a flash drive, then install them on the problem system. Run the scans in whatever mode you can, then paste the logs in. It will at least give me something to go on.
     
  3. IheartCali

    IheartCali TS Rookie Topic Starter

    Ok I was able to run the programs through safe mode. I installed yet another version of Avast, but it found 0 infected files.

    Malwarebytes:


    Malwarebytes' Anti-Malware 1.46
    www.malwarebytes.org

    Database version: 4904

    Windows 5.1.2600 Service Pack 3 (Safe Mode)
    Internet Explorer 7.0.5730.13

    10/21/2010 1:37:48 PM
    mbam-log-2010-10-21 (13-37-48).txt

    Scan type: Full scan (C:\|)
    Objects scanned: 178312
    Time elapsed: 16 minute(s), 46 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)


    I was also able to d/l GMER but I never saw the options that I was instructed to use in the 8-step link. No option available to scan rootkit. There wasn't even a scan button. I've attached a screencap for you, as I'm not even remotely sure of what I was looking at. I tried to reinstall a 2nd time but it sent me to the exact same screen.

    DDS:

    DDS (Ver_10-10-21.02) - NTFSx86 NETWORK
    Run by Administrator at 13:51:06.60 on Thu 10/21/2010
    Internet Explorer: 7.0.5730.13
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.764 [GMT -7:00]


    ============== Running Processes ===============

    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\system32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Alwil Software\Avast5\AvastUI.exe
    C:\WINDOWS\system32\igfxsrvc.exe
    C:\Documents and Settings\Administrator\My Documents\Downloads\dds.scr

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
    uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
    mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
    mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
    mSearchAssistant =
    BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\NPSWF32_FlashUtil.exe -p
    mRun: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
    mRun: [AESTFltr] %SystemRoot%\system32\AESTFltr.exe /NoDlg
    mRun: [HP BTW Detect Program] c:\program files\hp\HPBTWD.exe
    mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
    mRun: [HP Mobile Broadband] c:\swsetup\hpqwwan\HPMobileBroadband.exe /TrayMode
    mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
    mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\logitech webcam software\LWS.exe" /hide
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [Persistence] c:\windows\system32\igfxpers.exe
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
    Notify: igfxcui - igfxdev.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

    ================= FIREFOX ===================

    FF - ProfilePath - c:\docume~1\admini~1\applic~1\mozilla\firefox\profiles\5p9jkulk.default\
    FF - prefs.js: browser.search.selectedEngine - BigSeekPro
    FF - prefs.js: browser.startup.homepage - hxxp://www.bigseekpro.com/bigseekpro/{726A5B54-1743-D851-227C-05423E3AC2F6}
    FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
    FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

    ---- FIREFOX POLICIES ----
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

    ============= SERVICES / DRIVERS ===============

    S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-10-21 165584]
    S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-10-21 17744]
    S2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-10-21 40384]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-6 135664]
    S3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [2009-6-14 113664]
    S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-10-21 40384]
    S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-10-21 40384]
    S3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [2009-3-2 38912]
    S3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RTS5121.sys [2009-6-14 160256]
    S3 Rts516xIR;Realtek IR Driver;c:\windows\system32\drivers\rts516xir.sys --> c:\windows\system32\drivers\Rts516xIR.sys [?]

    =============== Created Last 30 ================

    2010-10-21 19:39:52 38848 ----a-w- c:\windows\avastSS.scr
    2010-10-20 17:37:11 -------- d-----w- c:\program files\QUITBITCH
    2010-10-18 02:21:55 -------- d-----w- c:\program files\common files\EasyInfo
    2010-10-18 01:34:08 -------- d-----w- c:\program files\Maxis
    2010-10-18 01:34:02 225280 ----a-w- c:\program files\common files\installshield\iscript\iscript.dll
    2010-10-18 01:34:02 176128 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\iuser.dll
    2010-10-18 01:34:01 77824 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\ctor.dll
    2010-10-18 01:34:01 32768 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\objectps.dll
    2010-10-18 01:34:00 614532 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\IKernel.exe
    2010-10-18 00:51:46 -------- d-----w- C:\The Sims Complete Collection
    2010-10-18 00:40:08 172032 ----a-w- c:\windows\system32\igfxres.dll
    2010-10-18 00:31:05 -------- d-----w- C:\Intel
    2010-10-17 23:50:51 5501792 ----a-w- c:\windows\system32\d3dcsx_42.dll
    2010-10-17 23:50:50 235344 ----a-w- c:\windows\system32\d3dx11_42.dll
    2010-10-17 23:50:27 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
    2010-10-17 23:50:27 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
    2010-10-17 23:50:14 453456 ----a-w- c:\windows\system32\d3dx10_41.dll
    2010-10-17 23:50:14 1846632 ----a-w- c:\windows\system32\D3DCompiler_41.dll
    2010-10-17 23:49:24 4178264 ----a-w- c:\windows\system32\D3DX9_41.dll
    2010-10-17 23:49:22 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
    2010-10-17 23:49:21 517448 ----a-w- c:\windows\system32\XAudio2_4.dll
    2010-10-17 23:49:20 235352 ----a-w- c:\windows\system32\xactengine3_4.dll
    2010-10-17 23:49:18 22360 ----a-w- c:\windows\system32\X3DAudio1_6.dll
    2010-10-17 23:48:48 452440 ----a-w- c:\windows\system32\d3dx10_40.dll
    2010-10-17 23:48:48 2036576 ----a-w- c:\windows\system32\D3DCompiler_40.dll
    2010-10-17 23:48:24 4379984 ----a-w- c:\windows\system32\D3DX9_40.dll
    2010-10-17 23:48:22 70992 ----a-w- c:\windows\system32\XAPOFX1_2.dll
    2010-10-17 23:48:22 514384 ----a-w- c:\windows\system32\XAudio2_3.dll
    2010-10-17 23:48:21 235856 ----a-w- c:\windows\system32\xactengine3_3.dll
    2010-10-17 23:48:19 23376 ----a-w- c:\windows\system32\X3DAudio1_5.dll
    2010-10-17 23:48:16 68616 ----a-w- c:\windows\system32\XAPOFX1_1.dll
    2010-10-17 23:48:15 509448 ----a-w- c:\windows\system32\XAudio2_2.dll
    2010-10-17 23:48:13 238088 ----a-w- c:\windows\system32\xactengine3_2.dll
    2010-10-17 23:46:47 1420824 ----a-w- c:\windows\system32\D3DCompiler_37.dll
    2010-10-17 23:46:34 462864 ----a-w- c:\windows\system32\d3dx10_37.dll
    2010-10-17 23:46:34 3786760 ----a-w- c:\windows\system32\D3DX9_37.dll
    2010-10-17 23:46:30 267272 ----a-w- c:\windows\system32\xactengine2_10.dll
    2010-10-17 23:45:09 444776 ----a-w- c:\windows\system32\d3dx10_36.dll
    2010-10-17 23:45:08 1374232 ----a-w- c:\windows\system32\D3DCompiler_36.dll
    2010-10-17 23:45:07 3734536 ----a-w- c:\windows\system32\d3dx9_36.dll
    2010-10-17 23:45:01 267112 ----a-w- c:\windows\system32\xactengine2_9.dll
    2010-10-17 23:43:59 251672 ----a-w- c:\windows\system32\xactengine2_5.dll
    2010-10-17 23:43:45 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
    2010-10-17 23:43:40 237848 ----a-w- c:\windows\system32\xactengine2_4.dll
    2010-10-17 23:43:40 15128 ----a-w- c:\windows\system32\x3daudio1_1.dll
    2010-10-17 23:43:36 2414360 ----a-w- c:\windows\system32\d3dx9_31.dll
    2010-10-17 23:43:34 62744 ----a-w- c:\windows\system32\xinput1_2.dll
    2010-10-17 23:43:34 236824 ----a-w- c:\windows\system32\xactengine2_3.dll
    2010-10-17 23:41:15 2297552 ----a-w- c:\windows\system32\d3dx9_26.dll
    2010-10-17 23:34:23 -------- d-----w- c:\windows\Logs
    2010-10-17 22:56:33 442368 ----a-r- c:\windows\system32\vp6vfw.dll
    2010-10-17 21:49:44 -------- d-----w- c:\program files\uTorrent
    2010-10-17 19:37:29 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
    2010-10-17 19:36:32 -------- d-----w- c:\program files\DAEMON Tools Lite
    2010-10-17 19:35:49 -------- d-----w- c:\docume~1\alluse~1\applic~1\DAEMON Tools Lite
    2010-10-13 21:41:35 954368 ------w- c:\windows\system32\dllcache\mfc40.dll
    2010-10-13 21:41:32 953856 ------w- c:\windows\system32\dllcache\mfc40u.dll
    2010-10-13 21:41:27 974848 ------w- c:\windows\system32\dllcache\mfc42.dll
    2010-10-13 21:40:39 617472 ------w- c:\windows\system32\dllcache\comctl32.dll
    2010-09-23 01:10:52 103864 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll

    ==================== Find3M ====================

    2010-09-18 19:23:26 974848 ----a-w- c:\windows\system32\mfc42u.dll
    2010-09-18 06:53:25 974848 ----a-w- c:\windows\system32\mfc42.dll
    2010-09-18 06:53:25 954368 ----a-w- c:\windows\system32\mfc40.dll
    2010-09-18 06:53:25 953856 ----a-w- c:\windows\system32\mfc40u.dll
    2010-09-09 13:38:01 832512 ----a-w- c:\windows\system32\wininet.dll
    2010-09-09 13:38:01 1830912 ----a-w- c:\windows\system32\inetcpl.cpl
    2010-09-09 13:38:00 78336 ----a-w- c:\windows\system32\ieencode.dll
    2010-09-09 13:38:00 17408 ----a-w- c:\windows\system32\corpol.dll
    2010-09-08 15:57:57 389120 ----a-w- c:\windows\system32\html.iec
    2010-09-01 11:51:14 285824 ----a-w- c:\windows\system32\atmfd.dll
    2010-08-31 13:42:52 1852800 ----a-w- c:\windows\system32\win32k.sys
    2010-08-27 08:02:29 119808 ----a-w- c:\windows\system32\t2embed.dll
    2010-08-27 05:57:43 99840 ----a-w- c:\windows\system32\srvsvc.dll
    2010-08-26 12:52:45 5120 ----a-w- c:\windows\system32\xpsp4res.dll
    2010-08-23 16:12:04 617472 ----a-w- c:\windows\system32\comctl32.dll
    2010-08-17 13:17:06 58880 ----a-w- c:\windows\system32\spoolsv.exe
    2010-08-16 08:45:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll

    ============= FINISH: 13:53:52.40 ===============
     

    Attached Files:

  4. IheartCali

    IheartCali TS Rookie Topic Starter

    I'm not sure whether or attach or copy/paste this. Instructions were a bit confusing.


    Attach.txt log

    DDS (Ver_10-10-21.02)

    Microsoft Windows XP Home Edition
    Boot Device: \Device\HarddiskVolume1
    Install Date: 10/29/2009 1:58:16 AM
    System Uptime: 10/21/2010 1:19:20 PM (0 hours ago)

    Motherboard: Hewlett-Packard | | 308F
    Processor: Intel(R) Atom(TM) CPU N270 @ 1.60GHz | CPU 1 | 1596/133mhz

    ==== Disk Partitions =========================

    C: is FIXED (NTFS) - 15 GiB total, 4.202 GiB free.

    ==== Disabled Device Manager Items =============

    Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
    Description: Atheros AR8132 PCI-E Fast Ethernet Controller
    Device ID: PCI\VEN_1969&DEV_1062&SUBSYS_308F103C&REV_C0\4&23C6FC68&0&00E1
    Manufacturer: Atheros
    Name: Atheros AR8132 PCI-E Fast Ethernet Controller
    PNP Device ID: PCI\VEN_1969&DEV_1062&SUBSYS_308F103C&REV_C0\4&23C6FC68&0&00E1
    Service: L1c

    ==== System Restore Points ===================

    RP1: 10/20/2010 11:49:46 AM - avast! Free Antivirus Setup
    RP2: 10/20/2010 12:08:31 PM - avast! Free Antivirus Setup
    RP3: 10/21/2010 12:27:18 PM - avast! Free Antivirus Setup

    ==== Installed Programs ======================

    ĀµTorrent
    AAC Decoder
    Acrobat.com
    Adobe AIR
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Reader 9.4.0
    Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
    AutoUpdate
    avast! Free Antivirus
    Broadcom 802.11 Wireless LAN Adapter
    DivX Codec
    DivX Plus DirectShow Filters
    DivX Version Checker
    Google Toolbar for Internet Explorer
    Google Update Helper
    H.264 Decoder
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Internet Explorer 7 (KB947864)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Player 11 (KB939683)
    Hotfix for Windows XP (KB2158563)
    Hotfix for Windows XP (KB949764)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB970653-v3)
    Hotfix for Windows XP (KB976098-v2)
    Hotfix for Windows XP (KB979306)
    Hotfix for Windows XP (KB981793)
    HP BatteryCheck 2.10 A2
    HP Doc Viewer
    HP Help and Support
    HP Mobile Broadband Setup Utility
    HP Wireless Assistant
    HpSdpAppCoreApp
    IDT Audio
    Intel(R) Graphics Media Accelerator Driver
    Java(TM) 6 Update 11
    LimeWire 5.3.6
    Logitech Webcam Software
    Logitech Webcam Software Driver Package
    Malwarebytes' Anti-Malware
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB2416447)
    Microsoft .NET Framework 1.1 Security Update (KB979906)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Application Error Reporting
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
    Microsoft National Language Support Downlevel APIs
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Works
    MKV Splitter
    Mozilla Firefox (3.6.10)
    MSXML 6.0 Parser
    MyFreeCams
    PhotoFiltre
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Security Update for Windows Internet Explorer 7 (KB2183461)
    Security Update for Windows Internet Explorer 7 (KB2360131)
    Security Update for Windows Internet Explorer 7 (KB938127-v2)
    Security Update for Windows Internet Explorer 7 (KB974455)
    Security Update for Windows Internet Explorer 7 (KB976325)
    Security Update for Windows Internet Explorer 7 (KB978207)
    Security Update for Windows Internet Explorer 7 (KB982381)
    Security Update for Windows Media Player (KB2378111)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB968816)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB975558)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player 11 (KB954154)
    Security Update for Windows XP (KB2079403)
    Security Update for Windows XP (KB2115168)
    Security Update for Windows XP (KB2121546)
    Security Update for Windows XP (KB2160329)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB2279986)
    Security Update for Windows XP (KB2286198)
    Security Update for Windows XP (KB2296011)
    Security Update for Windows XP (KB2347290)
    Security Update for Windows XP (KB2360937)
    Security Update for Windows XP (KB2387149)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB954459)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961371-v2)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB968537)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB969947)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971486)
    Security Update for Windows XP (KB971557)
    Security Update for Windows XP (KB971633)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB971961)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973525)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977165)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978251)
    Security Update for Windows XP (KB978262)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979559)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB979687)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB980436)
    Security Update for Windows XP (KB981322)
    Security Update for Windows XP (KB981349)
    Security Update for Windows XP (KB981852)
    Security Update for Windows XP (KB981957)
    Security Update for Windows XP (KB981997)
    Security Update for Windows XP (KB982132)
    Security Update for Windows XP (KB982214)
    Security Update for Windows XP (KB982665)
    Security Update for Windows XP (KB982802)
    Synaptics Pointing Device Driver
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Windows Internet Explorer 7 (KB976749)
    Update for Windows Internet Explorer 7 (KB980182)
    Update for Windows XP (KB2141007)
    Update for Windows XP (KB2345886)
    Update for Windows XP (KB898461)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB961503)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    USB2.0 Card Reader Software
    VC80CRTRedist - 8.0.50727.4053
    Viewpoint Media Player
    WebFldrs XP
    Windows Backup Utility
    Windows Internet Explorer 7
    Windows Live Upload Tool
    Windows Media Format 11 runtime
    Windows Media Player 11
    Yahoo! Software Update

    ==== Event Viewer Messages From Past Week ========

    10/21/2010 8:21:32 AM, error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.
    10/21/2010 12:40:06 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
    10/21/2010 12:31:51 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Fips intelppm sptd
    10/21/2010 1:41:27 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service hpqwmiex with arguments "" in order to run the server: {F5539356-2F02-40D4-999E-FA61F45FE12E}
    10/21/2010 1:39:45 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
    10/20/2010 8:23:15 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Aavmker4 aswSP aswTdi Fips intelppm sptd
    10/20/2010 8:23:15 AM, error: Service Control Manager [7023] - The Windows Firewall/Internet Connection Sharing (ICS) service terminated with the following error: The system cannot find the file specified.
    10/20/2010 8:22:00 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    10/20/2010 8:21:55 AM, error: sptd [4] - Driver detected an internal error in its data structures for .
    10/20/2010 8:21:55 AM, error: Ftdisk [49] - Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory.
    10/20/2010 8:21:55 AM, error: Ftdisk [45] - The system could not sucessfully load the crash dump driver.
    10/20/2010 11:27:40 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AliIde IntelIde ViaIde
    10/20/2010 11:27:40 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the WZCSVC service.
    10/20/2010 11:27:40 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the Netman service.
    10/20/2010 11:27:40 AM, error: Service Control Manager [7001] - The Windows Firewall/Internet Connection Sharing (ICS) service depends on the Network Connections service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion.
    10/20/2010 11:27:40 AM, error: Service Control Manager [7000] - The Network Connections service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    10/20/2010 11:26:19 AM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
    10/20/2010 10:43:32 AM, error: Service Control Manager [7034] - The Print Spooler service terminated unexpectedly. It has done this 3 time(s).
    10/20/2010 10:43:17 AM, error: Service Control Manager [7034] - The Process Monitor service terminated unexpectedly. It has done this 1 time(s).
    10/20/2010 10:34:04 AM, error: Service Control Manager [7034] - The hpqwmiex service terminated unexpectedly. It has done this 1 time(s).
    10/20/2010 10:33:58 AM, error: Service Control Manager [7034] - The Yahoo! Updater service terminated unexpectedly. It has done this 1 time(s).
    10/20/2010 10:33:42 AM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
    10/20/2010 10:33:23 AM, error: Service Control Manager [7034] - The Audio Service service terminated unexpectedly. It has done this 1 time(s).
    10/20/2010 10:32:54 AM, error: Service Control Manager [7031] - The Print Spooler service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    10/20/2010 10:29:45 AM, error: Service Control Manager [7031] - The Print Spooler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    10/20/2010 1:45:42 PM, error: Service Control Manager [7022] - The Automatic Updates service hung on starting.
    10/17/2010 4:01:49 PM, error: afiwietb [9] -

    ==== End Of File ===========================
     
  5. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    You did the right thing. The author of the program put the Zip directions in but we don't use it, using the paste feature for all logs.

    Part of the problem is the presence of BigSeekPro This toolbar can come with a download for Hypercam and/or as an addon for Firefox. Downloading the hypercan program, even directly from the manufacturer's site has been seen to hijacked IE and Firefox browsers and open "blank white" with a redirecting URL "bigseekpro.com ..." It can also "corrupt" the OS or program that caused Internet connection to become disabled.

    Please do the following:
    1. Open Firefox> Tools> Add-ons> Highlight BigSeekPro> Uninstall> Restart Firefox to complete the uninstall.
    2. Click on Start> Control Panel> Add/Remove Programs> Uninstall Hypercan if there.
    3. Open Windows Explorer: Windows key + E> My Computer> Local Drive (usually C) > Program files> Look for Hypercan and> do a right click> Delete on each of their program folders.
    Close Windows explorer

    Reboot the computer and see if you can access Normal Mode.

    There are some files that need to be removed. Run these in Normal Mode if you can. IF not, run Combofix in Safe Mode

    Please download ComboFix from Here and save to your Desktop.

    • [1]. Do NOT rename Combofix unless instructed.
      [2].Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      [3].Close any open browsers.
      [4]. Double click combofix.exe & follow the prompts to run.
    • NOTE: Combofix will disconnect your machine from the Internet as soon as it starts. The connection is automatically restored before CF completes its run. If it does not, restart your computer to restore your connection.
      [5]. If Combofix asks you to install Recovery Console, please allow it.
      [6]. If Combofix asks you to update the program, always allow.
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      [7]. A report will be generated after the scan. Please paste the C:\ComboFix.txt in next reply.
    Note: Do not mouseclick combofix's window while it's running. That may cause it to stall.
    Note: Make sure you re-enable your security programs, when you're done with Combofix..
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...