Suspected Infection

[Magnesium]

well i went to the link you gave me and i manually downloaded the correct update installer for my system. once i executed the .exe file it started to install then it appeared and said install failed and it gave me this as its error number:

0x800703e3

 

[Blade81]

Hi,

Please see if clicking "Fix it" button here helps.

 

[Magnesium]

hey Blade i ran that "Fix It". I ran it all the way and when it told me to restart my comp i tried to go to the update microsoft website i still kept getting the same error.

 

[Blade81]

Hi,

Download and install service pack 3 here.

 

[Magnesium]

.
DDS (Ver_2011-06-02.03) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_26
Run by Administrator at 17:36:42 on 2011-06-24
.
============== Running Processes ===============
.
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Administrator\Desktop\dds.scr
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
.
============== Pseudo HJT Report ===============
.
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
uURLSearchHooks: AOLTBSearch Class: {ea756889-2338-43db-8f07-d1ca6fb9c90d} - c:\program files\aol\aol toolbar 2.0\aoltb.dll
mURLSearchHooks: H - No File
BHO: SpywareGuardDLBLOCK.CBrowserHelper: {4a368e80-174f-4872-96b5-0b27ddd11db2} - c:\program files\spywareguard\dlprotect.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~2\SDHelper.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll
BHO: AOL Toolbar Launcher: {7c554162-8cb7-45a4-b8f4-8ea1c75885f9} - c:\program files\aol\aol toolbar 2.0\aoltb.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: AOL Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} - c:\program files\aol\aol toolbar 2.0\aoltb.dll
uRun: [Aim] "c:\program files\aim7\aim.exe" /d locale=en-US
uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messen~1\YahooMessenger.exe" -quiet
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [OutpostMonitor] c:\progra~1\agnitum\outpos~1\op_mon.exe /tray /noservice
mRun: [OutpostFeedBack] "c:\program files\agnitum\outpost firewall\feedback.exe" /dumps_startup
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-us\local\search.html
IE: E&xport to Microsoft Excel - c:\docume~1\admini~1\office10\EXCEL.EXE/3000
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {3369AF0D-62E9-4bda-8103-B4C75499B578} - {DE9C389F-3316-41A7-809B-AA305ED9D922} - c:\program files\aol\aol toolbar 2.0\aoltb.dll
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~2\SDHelper.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.1.1 68.237.161.12
TCP: Interfaces\{7492278A-097E-49BD-B5CA-96AB647DB0D1} : DhcpNameServer = 192.168.1.1 68.237.161.12
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
SEH: SpywareGuard.Handler: {81559c35-8464-49f7-bb0e-07a383bef910} - c:\program files\spywareguard\spywareguard.dll
LSA: Notification Packages = scecli scecli
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\administrator\application data\mozilla\firefox\profiles\3zort4s4.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo! Search
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60310.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPMGWRAP.DLL
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false
.
============= SERVICES / DRIVERS ===============
.
R? acssrv;Agnitum Client Security Service
R? hwmobile;Huawei CDMA Handset USB Modem and USB Serial
R? MBAMSwissArmy;MBAMSwissArmy
S? afw;Agnitum firewall driver
S? afwcore;afwcore
S? IHA_MessageCenter;IHA_MessageCenter
S? SandBox;SandBox
S? sp_rsdrv2;Spyware Terminator Driver 2
.
=============== Created Last 30 ================
.
2011-06-24 21:20:40 -------- d-----w- c:\windows\ServicePackFiles
2011-06-24 21:20:26 294912 ------w- c:\program files\windows media player\dlimport.exe
2011-06-24 21:20:21 294912 -c----w- c:\windows\system32\dllcache\dlimport.exe
2011-06-24 21:16:57 19569 ----a-w- c:\windows\002929_.tmp
2011-06-22 20:44:52 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-17 17:32:30 -------- d-----w- c:\windows\system32\CatRoot2
2011-06-12 23:42:33 -------- d-sh--w- c:\documents and settings\administrator\IECompatCache
2011-06-12 20:29:55 -------- d-sh--w- c:\documents and settings\administrator\PrivacIE
2011-06-12 20:26:44 -------- d-sh--w- c:\documents and settings\administrator\IETldCache
2011-06-12 20:24:41 26144 ----a-w- c:\windows\system32\spupdsvc.exe
2011-06-12 20:24:01 -------- dc-h--w- c:\windows\ie8
2011-06-12 18:13:34 -------- d-----w- c:\documents and settings\administrator\local settings\application data\Temp
2011-06-12 15:59:13 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-06-12 13:58:36 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2011-06-12 13:58:35 89048 ----a-w- c:\program files\mozilla firefox\libEGL.dll
2011-06-12 13:58:35 781272 ----a-w- c:\program files\mozilla firefox\mozsqlite3.dll
2011-06-12 13:58:35 465880 ----a-w- c:\program files\mozilla firefox\libGLESv2.dll
2011-06-12 13:58:35 1974616 ----a-w- c:\program files\mozilla firefox\D3DCompiler_42.dll
2011-06-12 13:58:35 1892184 ----a-w- c:\program files\mozilla firefox\d3dx9_42.dll
2011-06-12 13:58:35 1874904 ----a-w- c:\program files\mozilla firefox\mozjs.dll
2011-06-12 13:58:35 15832 ----a-w- c:\program files\mozilla firefox\mozalloc.dll
2011-06-12 00:55:37 98816 ----a-w- c:\windows\sed.exe
2011-06-12 00:55:37 518144 ----a-w- c:\windows\SWREG.exe
2011-06-12 00:55:37 256512 ----a-w- c:\windows\PEV.exe
2011-06-12 00:55:37 208896 ----a-w- c:\windows\MBR.exe
2011-06-11 01:50:16 -------- d-----w- C:\found.001
2011-06-06 19:55:30 183696 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll
2011-06-06 19:55:30 183696 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
2011-06-03 00:08:06 -------- d--h--w- c:\documents and settings\all users\application data\Common Files
2011-06-02 23:58:48 -------- d-----w- C:\$AVG
2011-06-02 22:58:35 -------- d-----w- c:\documents and settings\all users\application data\MFAData
2011-06-01 21:03:12 0 ----a-w- c:\documents and settings\administrator\ntuser.tmp
2011-06-01 20:30:19 260 ----a-w- c:\windows\system32\cmdVBS.vbs
2011-06-01 20:30:19 256 ----a-w- c:\windows\system32\MSIevent.bat
2011-06-01 19:16:49 -------- d-----w- c:\program files\Verizon
2011-06-01 19:06:14 -------- d-----w- c:\documents and settings\administrator\application data\TechWizard
.
==================== Find3M ====================
.
2011-06-12 15:58:56 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-05-29 13:11:30 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-29 13:11:20 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
.
============= FINISH: 17:37:54.35 ===============

I downloaded the Service Pack 3, finally! here is the fresh DDS logs as requested.

 

[Blade81]

Good. Have you tried to access Windows Update after SP3 installation?

 

[Blade81]

Still there?

 

[Magnesium]

hey blade yeah sorry i was busy with visiting relatives. but i tried to download the updates from the micorsoft support site. i installed the activeX control when the prompt came up but, it jus came up an error again.

 

[Blade81]

Hi,

Could you temporarily uninstall Outpost Firewall to see if it makes any difference with accessing the Windows Update site?

 

[Blade81]

Due to inactivity, this thread will now be closed.

Note:If it has been three days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh DDS log and a link to your previous thread. Please do not add any logs that might have been requested in the closed topic, you would be starting fresh.

If it has been less than three days since your last response and you need the thread re-opened, please send me or other MOD a private message (pm). A valid, working link to the closed topic is required.