Cannot install Microsoft Updates

[srfndave]

I cannot install any updates recommended by Microsoft. They are all failing. I tried to run the HiJack This tool, but it closes in the middle of running, and afterwards gives a permissions error when trying to run it again. Please help!

Thanks,

Dave

 

[Blade81]

Hi,

Please save this file to your desktop. Double-click on it to run a scan. When it's finished, there will be a log called Win32kDiag.txt on your desktop. Please open it with notepad and post the contents here.


Download GMER here by clicking download exe -button and then saving it your desktop:

• Double-click .exe that you downloaded
• Click rootkit-tab and then scan.
• Don't check
  Show All
  box while scanning in progress!
• When scanning is ready, click Copy.
• This copies log to clipboard
• Post log (if the log is long, archive it into a zip file and attach instead of posting) in your reply.

 

[srfndave]

Win32kDiag.txt

Here's the Win32kDiag.txt output (had to zip it because it was too big for pasting). I'm rerunning the GMER because my PC rebooted last time so I lost whatever output it had generated. Thanks for your help!!

 

[Blade81]

Hi,

If it reboots again let me know and we'll take different action.

 

[srfndave]

It rebooted again. I did get a copy of the output a little bit before reboot, but I don't know if something was missed right before reboot. I've attached the output.

Thanks!

 

[Blade81]

Hi,

• Download The Avenger by Swandog46 from here.
• Unzip/extract it to a folder on your desktop.
• Double click on avenger.exe to run The Avenger.
• Click OK.
• Make sure that the box next to Scan for rootkits has a tick in it and that the box next to Automatically disable any rootkits found does not have a tick in it.
• Copy all of the text in the below textbox to the clibpboard by highlighting it and then pressing Ctrl+C.
  

  Files to move:
  C:\WINDOWS\system32\logevent.dll|C:\WINDOWS\system32\eventlog.dll

• In the avenger window, click the Paste Script from Clipboard,
  
  button.
• Click the Execute button.
• You will be asked Are you sure you want to execute the current script?.
• Click Yes.
• You will now be asked First step completed --- The Avenger has been successfully set up to run on next boot. Reboot now?.
• Click Yes.
• Your PC will now be rebooted.
• Note: If the above script contains Drivers to delete: or Drivers to disable:, then The Avenger will require two reboots to complete its operation.
• If that is the case, it will force a BSOD on the first reboot. This is normal & expected behaviour.
• After your PC has completed the necessary reboots, a log should automatically open. If it does not automatically open, then the log can be found at %systemdrive%\avenger.txt (typically C:\avenger.txt).
• Please post this log in your next reply.

 

[srfndave]

Here's the output from The Avenger:

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

File move operation "C:\WINDOWS\system32\logevent.dll|C:\WINDOWS\system32\eventlog.dll" completed successfully.

Completed script processing.

*******************

Finished! Terminate.


Also when the PC came back up, an error message popped up:

(in title bar) Windows - No Disk
(message) Exception Processing Message c0000013 Parameters 75b6bf7c 4 75b6bf7c 75b6bf7c

Thanks!

 

[srfndave]

Also when the PC came back up, an error message popped up:

(in title bar) Windows - No Disk
(message) Exception Processing Message c0000013 Parameters 75b6bf7c 4 75b6bf7c 75b6bf7c

Thanks!

Using Task Manager, it appears this error message is tied to the csrss.exe process.

 

[Blade81]

Hi,

Download DDS and save it to your desktop from here or here or here.
Disable any script blocker, and then double click dds.scr to run the tool.

• When done, DDS will open two (2) logs:
  1. DDS.txt
  2. Attach.txt
• Save both reports to your desktop. Post them back to your topic.

 

[srfndave]

Here's DDS.txt:


DDS (Ver_09-12-01.01) - NTFSx86
Run by David Sedovic at 11:07:51.75 on Tue 01/05/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17

============== Running Processes ===============


============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/ig
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar =
uInternet Settings,ProxyOverride = 127.0.0.1;*.local;<local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: FPBrowserHelperObject Class: {6427806d-3820-11d5-9939-00b0d0522eb5} - c:\palm\FireConverterBrowserHelperObject.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: OToolbarHelper Class: {ead3a971-6a23-4246-8691-c9244e858967} - c:\program files\paypal\paypal plug-in\PayPalHelper.dll
TB: PayPal Plug-In: {dc0f2f93-27fa-4f84-acaa-9416f90b9511} - c:\program files\paypal\paypal plug-in\OToolbar.dll
TB: &NetWorx Desk Band: {feea54b4-d80f-41c7-87b9-dc08e6d3255f} - c:\progra~1\networx\deskband.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
TB: {3E1201F4-1707-409F-BB45-A5F192381DA0} - No File
EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
EB: {6A80972B-ACC9-4BB9-A1E0-69F2EAEA763D} - No File
uRun: [Weather] c:\progra~1\aws\weathe~1\Weather.exe 1
uRun: [cryptoexpert] "c:\program files\cryptoexpert 2005 lite\cexpert.exe" /T
uRun: [Creative Detector] "c:\program files\creative\mediasource\detector\CTDetect.exe" /R
uRun: [PhotoShow Deluxe Media Manager] c:\progra~1\ahead\neroph~2\data\xtras\mssysmgr.exe
uRun: [QuickenScheduledUpdates] \bagent.exe
uRun: [Google Update] "c:\documents and settings\david sedovic\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [Lala Music Mover] "c:\program files\lala.com\lala music mover\LalaMover.exe" /minimized
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [iPhone PC Suite] c:\program files\netdragon\91 mobile\iphone\iPhone PC Suite.exe /start
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [S3TRAY2] S3tray2.exe
mRun: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
mRun: [VTTimer] VTTimer.exe
mRun: [HorngTech4D] c:\progra~1\mouses~1\bally4d.exe
mRun: [DAEMON Tools-1033] "c:\program files\d-tools\daemon.exe" -lang 1033
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [C-Media Mixer] Mixer.exe /startup
mRun: [InCD] c:\program files\nero\nero 7\incd\InCD.exe
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [Vonage] c:\program files\vonage\vonage click-2-call\click2call.exe
mRun: [basicsmssmenu] "c:\program files\seagate\basics\basics status\MaxMenuMgrBasics.exe"
mRun: [ClamWin] "c:\program files\clamwin\bin\ClamTray.exe" --logon
mRun: [NetWorx] "c:\program files\networx\networx.exe" /auto
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
dRunOnce: [FlashPlayerUpdate] c:\program files\opera\program\plugins\NPSWF32_FlashUtil.exe -p
StartupFolder: c:\docume~1\davids~1\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\docume~1\davids~1\startm~1\programs\startup\foldin~1.lnk - c:\program files\folding@home\winFAH.exe
StartupFolder: c:\docume~1\davids~1\startm~1\programs\startup\warftp~1.lnk - c:\program files\war-ftpd\WarTrayIcon.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\cgcall~1.lnk - c:\program files\cg@work\bin\UwaCallLogSvr.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\cyberg~1.lnk - c:\program files\cg@work\bin\watchdog.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\epad995.lnk - c:\program files\epad995\ePad995.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\google~1.lnk - c:\program files\google\google calendar sync\GoogleCalendarSync.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hppsc2~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpobnz08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpoddt~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpotdd01.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\monito~1.lnk - c:\program files\apache group\apache2\bin\ApacheMonitor.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\myihom~1.lnk - c:\program files\myihome\app\myiHome-server.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: Send To &Bluetooth - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501}
IE: {4B30061A-5B39-11D3-80F8-0090276F843F} - c:\program files\net2phone\Net2fone.exe
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {F1296981-399F-11D5-993C-00B0D0522EB5} - {A59CE2AD-38C6-11D5-82DA-C7B092035D71} - c:\palm\FireConverterIEToolbarButton.dll
Trusted Zone: aol.com\free
Trusted Zone: astarnow.com\www
Trusted Zone: hotcountrynightslive.com\www
Trusted Zone: internet
Trusted Zone: listen.com
Trusted Zone: livetest.com\www
Trusted Zone: mcafee.com
Trusted Zone: rexplorer.net\mlsni
Trusted Zone: surfindave.com\www
Trusted Zone: turbotax.com
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: YExplorer1_8US.CAB - hxxp://photos.groups.yahoo.com/ocx/us/yexplorer1_8us.cab
DPF: {00000075-9980-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/voxacm.CAB
DPF: {0006F063-0000-0000-C000-000000000046} - hxxp://activex.microsoft.com/activex/controls/office/outlctlx.CAB
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} - hxxp://www.creative.com/su/ocx/15030/CTSUEng.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {10D671B0-1254-4376-9348-590133D7B948} - hxxp://foxmovies.a.content.maven.net/mvms/vfs/fox/foxmovies/live/install/installerAX.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?LinkID=39204
DPF: {1DF36010-E276-11D4-A7C0-00C04F0453DD} - hxxps://secure.stamps.com/download/us/registration/3_0_0_832/sdcregie.cab
DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} - hxxp://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
DPF: {2871FC9B-5E34-4AAE-9E9C-EBD1652D5C92} - hxxp://forms.real.com/real/player/download.html?f=windows/mrkt/rhapx/RhapsodyPlayerEngine_Inst_Win.cab
DPF: {28D47530-CCC7-11D6-936F-00105A5D1C08} - hxxp://www.dyosa.com/download/pei/pei.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\yinsthelper.dll
DPF: {33363249-0000-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/i263_32.cab
DPF: {41F17733-B041-4099-A042-B518BB6A408C} - hxxp://a1540.g.akamai.net/7/1540/52/20031216/qtinstall.info.apple.com/mickey/us/win/QuickTimeInstaller.exe
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} - hxxp://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab
DPF: {6CB5E471-C305-11D3-99A8-000086395495} - hxxp://toolbar.google.com/data/en/big/1.1.62-big/GoogleNav.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1221437425268
DPF: {7FE26BE2-B923-4B41-9834-E84DA1CC1F96} - hxxp://vsp.closetmaid.com/vsp/cmaidctl_vsp.closetmaid.com_downloader.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {8EDAD21C-3584-4E66-A8AB-EB0E5584767D} - hxxp://toolbar.google.com/data/GoogleActivate.cab
DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} - hxxp://66.99.115.203/activex/AxisCamControl.cab
DPF: {94B82441-A413-4E43-8422-D49930E69764} - hxxp://66.179.44.121./MediaCM/VisitorChat/TLIEFlash.CAB
DPF: {9DBAFCCF-592F-FFFF-FFFF-00608CEC297C} - hxxp://wdownload.weatherbug.com/minibug/tricklers/AWS/minibuginstaller.cab
DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37398.6598611111
DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} - hxxp://www.filelodge.com/ImageUploader3.cab
DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - hxxp://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
DPF: {BD11A280-2E73-11CF-B6CF-00AA00A74DAF} - hxxp://www.talkingbuddy.com/characters/cupid.exe
DPF: {C3B7AF3F-DFBB-4CA2-8B16-781DAE1CC583} - hxxps://www.shmedlic.com/V3/Consumer/ActivatorComponent/SML.cab
DPF: {CAFEEFAC-0014-0001-0003-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0014-0002-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - hxxp://www.adobe.com/products/acrobat/nos/gp.cab
DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} - hxxp://games.myspace.com/Gameshell/GameHost/1.0/OberonGameHost.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} - hxxp://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab
DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} - hxxps://na.webaccess.hp.com/dana-cached/setup/JuniperSetupSP1.cab
DPF: {E7D2588A-7FB5-47DC-8830-832605661009} - hxxp://livenj02.custhelp.com/7560-b440h/rnl/java/RntX.cab
DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - hxxp://us.dl1.yimg.com/download.yahoo.com/dl/toolbar/my/yiebio5_0_2_5.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://www.creative.com/su/ocx/15030/CTPID.cab
DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} - hxxp://utilities.pcpitstop.com/optimize2/pcpitstop2.dll
TCP: {4717CF57-2E5F-4FC3-B445-048633CD4EB3} = 192.168.0.101
TCP: {AA8166B6-3201-485F-ADE8-42633B3D8C40} = 192.168.0.103,192.168.0.1
TCP: {C719C20D-C945-4710-BED2-23D2ABB86C02} = 192.168.0.101,192.168.0.112
Handler: maven-8110 - {24425AC3-8BB6-4EAA-A1C5-EBCFDA0E08DC} - c:\program files\foxmovies\bin\bin-0\protocolHandler.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Eudora's Shell Extension: {edb0e980-90bd-11d4-8599-0008c7d3b6f8} - c:\progra~1\qualcomm\eudora\EuShlExt.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll
LSA: Notification Packages = scecli scecli
Hosts: 192.168.0.112 dev.srfndave.com

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\davids~1\applic~1\mozilla\firefox\profiles\bjcp0qi8.default\
FF - component: c:\program files\paypal\paypal plug-in\components\PayPalPlugin.dll
FF - plugin: c:\documents and settings\david sedovic\local settings\application data\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\progra~1\yahoo!\common\npyaxmpb.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npgcplug.dll
FF - plugin: c:\program files\mozilla firefox\plugins\nplalaDl.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npstrlnk.dll
FF - plugin: c:\program files\opera\program\plugins\npdivx32.dll
FF - plugin: c:\program files\opera\program\plugins\NPJava11.dll
FF - plugin: c:\program files\opera\program\plugins\NPJava12.dll
FF - plugin: c:\program files\opera\program\plugins\NPJava13.dll
FF - plugin: c:\program files\opera\program\plugins\NPJava14.dll
FF - plugin: c:\program files\opera\program\plugins\NPJava32.dll
FF - plugin: c:\program files\opera\program\plugins\NPJPI142_18.dll
FF - plugin: c:\program files\opera\program\plugins\NPOJI610.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============


=============== Created Last 30 ================

2009-12-30 23:13:07 0 d-----w- c:\program files\XviD
2009-12-30 23:10:12 0 d-----w- c:\program files\AutoGK
2009-12-30 23:06:13 0 d-----w- c:\program files\ProjectX
2009-12-28 18:33:59 0 ----a-w- C:\UnInstall.dat
2009-12-28 17:48:48 0 d-----w- c:\program files\TrendMicro

==================== Find3M ====================

2010-01-05 16:29:02 2532 ----a-w- c:\documents and settings\david sedovic\David Sedovic_notes.dat
2009-12-07 21:05:22 94104 ----a-w- c:\windows\News Rover Uninstaller.exe
2009-11-24 15:56:40 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-10-11 10:17:27 411368 ----a-w- c:\windows\system32\deploytk.dll
2002-01-06 17:55:30 266 --sha-w- c:\program files\desktop.ini
2002-01-06 17:55:30 11079 ---ha-w- c:\program files\folder.htt
2005-01-04 22:19:02 56 --sha-r- c:\windows\system32\5CB57C0587.sys
2006-05-03 09:06:54 163328 --sh--r- c:\windows\system32\flvDX.dll
2007-02-21 10:47:16 31232 --sh--r- c:\windows\system32\msfDX.dll
2008-03-16 12:30:52 216064 --sh--r- c:\windows\system32\nbDX.dll
2008-09-15 01:18:35 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008091420080915\index.dat

============= FINISH: 11:09:14.88 ===============

And the Attach.txt is attached.

Thanks!!!!

 

[Blade81]

Hi,

IMPORTANT I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.


eMule


I'd like you to read this thread.

Please go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red).

After that:



Please visit this webpage for download links, and instructions for running ComboFix tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please ensure you read this guide carefully first.


Please continue as follows:

1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
   Remember to re-enable them afterwards.
   
   
2. Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.

 

[srfndave]

ComboFix has been run, and I've attached the output.

Thanks!!!

 

[Blade81]

Hi again,

Open notepad and copy/paste the text in the quotebox below into it:

Driver::
UDZJNRZNSAZS
File::
c:\docume~1\DAVIDS~1\LOCALS~1\Temp\UDZJNRZNSAZS.exe
Folder::
c:\program files\eMule
DDS::
mSearch Bar = 
Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000000

Save this as
CFScript

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.

Close all browser windows and refering to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log.


Uninstall old Adobe Reader versions and get the latest one (9.2) here or get Foxit Reader here. Make sure you don't install toolbar if choose Foxit Reader! You may also check free readers introduced here.

Uninstall your current Adobe shockwave player and get the fresh one here if needed.

Check here to see if your Flash is up-to-date (do it separately with each of your browsers). If not, uninstall vulnerable versions by following instructions here. Fresh version can be obtained here.


Uninstall these vulnerable Javas:
J2SE Runtime Environment 5.0 Update 11
Java 2 Runtime Environment, SE v1.4.2_18
Java 2 SDK, SE v1.4.2_18
Java(TM) SE Runtime Environment 6 Update 1



Download ATF (Atribune Temp File) Cleaner© by Atribune to your desktop.

Double-click ATF Cleaner.exe to open it

Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache
*The other boxes are optional*
Then click the Empty Selected button.

If you use Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

If you use Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Click Exit on the Main menu to close the program.


Please run an online scan with Kaspersky Online Scanner as instructed in the screenshot here.


Post back its report, a fresh dds.txt log and above mentioned ComboFix resultant log. Any issues left?

 

[srfndave]

I haven't forgotten or disappeared, it's just taking forever for Kaspersky scan to run. I have a slow PC, and way too many files.

Thanks!

 

[Blade81]

Thanks for the heads up. Make sure protection software is disabled during Kaspersky run. That may make scanning process run faster.

 

[srfndave]

PC froze up last night while still running Kaspersky. I had to reboot and start again. Meanwhile, here's the DDS.txt and and ComboFix.txt.

Thanks!

 

[Blade81]

Ok. Shall wait for Kaspersky results before giving further instructions

 

[srfndave]

The online Kaspersky scan wasn't working for me, so I downloaded the Kaspersky software and ran it that way. The results are attached.

Thanks!

 

[Blade81]

Ok. If you're not going to buy Kaspersky license then you should uninstall it since program is only a trial that will expire after trial period and won't get updates after that.

How's the system running now?

 

[srfndave]

It seems to be running much better now. I had to uninstall and reinstall all the .NET versions because one of the Microsoft Updates was failing. I have been able to install all of the Microsoft Updates so far, but still have one that even after it completes successfully, it pops back up again saying it needs to be installed.

I'm going to trial the Kaspersky software for awhile, because obviously the Clamwin one I was using didn't work very well. Do you have any other recommendations for anti-virus software? The ones I've tried in the past have always caused performance problems on my PC.

Thanks for all your help!!!