Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

I cannot install updates and system restore does not work.

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

I cannot install updates and system restore does not work.

Unread postby sundial03 » May 12th, 2009, 4:48 pm

I cannot install updates for SpySweeper, Trend-Micro Anti-Virus, Windows Update, Internet Explorer 8, etc. System restore just sits there, no error, no freezing, just click on the button and inactive like a dead button. It clicks but doesn't go anywhere. When I go to Start>My computer, it takes about 10 minutes for it to come up with the contents of "my computer". All adobe applications freeze during initialization, even after uninstall>re-install. That is all I have found so far, but it really has me crippled at this point. Thanks for the help! Ian

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:32:39 PM, on 5/12/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\eFax Messenger 4.2\J2GDllCmd.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Zinio\ZinioReader.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\eFax Messenger 4.2\J2GTray.exe
C:\Program Files\PaperMaster Pro 7.0\J2GDllCmd.exe
C:\Program Files\PaperMaster Pro 7.0\J2GTray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Ian B. Jones\Desktop\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie8
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sparkpeople.com/websearch/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/def ... earch.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://downloads.yahoo.com/internetexplorer/welcome
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O4 - HKLM\..\Run: [eFax 4.2] "C:\Program Files\eFax Messenger 4.2\J2GDllCmd.exe" /R
O4 - HKLM\..\Run: [Logitech Utility] "C:\WINDOWS\LOGI_MWX.EXE"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] "c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [LDM] "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"
O4 - HKCU\..\Run: [ctfmon.exe] "C:\WINDOWS\system32\ctfmon.exe"
O4 - HKCU\..\Run: [Zinio DLM] "C:\Program Files\Zinio\ZinioReader.exe" /autostart
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: PaperMaster Live Menu 7.0.lnk = C:\Program Files\PaperMaster Pro 7.0\J2GDllCmd.exe
O4 - Startup: PaperMaster Tray Menu 7.0.lnk = C:\Program Files\PaperMaster Pro 7.0\J2GTray.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: eFax 4.2.lnk = C:\Program Files\eFax Messenger 4.2\J2GTray.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resour ... se5483.cab
O16 - DPF: {87C434E6-67DF-4D2C-9136-49E98C15FCD7} (BravaClientXView 6.0 Class) - https://eplans.atlantaga.gov/ProjectDox ... lientX.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/S ... anager.ocx
O16 - DPF: {AD58C149-8AE2-4878-99DC-3A164E32F814} (SAXFileEE FileDownload ActiveX Control) - http://appsnet.bentley.com/myselectcd/SAXFileEE.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.co ... nos/gp.cab
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crl ... crlocx.ocx
O16 - DPF: {DB90DEA9-0897-4B02-9FE0-1E321A22EAB0} (Chilkat Zip2) - https://eplans.atlantaga.gov/ProjectDox ... atZip2.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30155.www3.hp.com/ediags/hpfix/ ... gh.cab?326
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Proxy Service (TmProxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. (www.webroot.com) - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 8490 bytes
sundial03
Active Member
 
Posts: 13
Joined: May 12th, 2009, 4:41 pm
Advertisement
Register to Remove

Re: I cannot install updates and system restore does not work.

Unread postby MWR 3 day Mod » May 16th, 2009, 2:05 am

Hi,

We are sorry to see your topic is over three days old and no one has yet been able to respond and offer help.

If you still require assistance, please post a link to your topic in our Waiting for help with malware removal? forum, and our staff will make an effort to assist you as promptly as possible. Only post a LINK to this topic, DO NOT post your DDS log!

Please do not reply to this topic.

If you haven't posted within two days in the "Waiting for help with malware removal?" forum, we will assume you have been able to get assistance in other ways and this topic will be closed.
MWR 3 day Mod
MRU Undergrad
MRU Undergrad
 
Posts: 2534
Joined: April 4th, 2008, 8:40 am

Re: I cannot install updates and system restore does not work.

Unread postby Rodav » May 17th, 2009, 2:11 pm

Hello! :hello2: and welcome to the Malware Removal forums.
I would be glad to take a look at your log and help you with solving any malware problems. HijackThis logs can take a while to research so please be patient while I work on your log and I will post back here with any recommendations.

  • I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for this issue on this machine.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.
User avatar
Rodav
MRU Master Emeritus
 
Posts: 1481
Joined: April 19th, 2007, 6:44 am
Location: Here, there and yonder.

Re: I cannot install updates and system restore does not work.

Unread postby Rodav » May 17th, 2009, 2:21 pm

Not too much showing so far, I'll take a deeper look.

Step 1:
Download RootRepeal.zip and unzip it to your Desktop.

  • Double click RootRepeal.exe to start the program
  • Click on the Report tab at the bottom of the program window
  • Clickthe Scan button
  • In the Select Scan dialog, check:
    • Drivers
    • Files
    • Processes
    • SSDT
    • Stealth Objects
    • Hidden Services
  • Click the OK button
  • In the next dialog, select all drives showing
  • Click OK to start the scan

    The scan can take some time. DO NOT run any other programs while the scan is running
  • When the scan is complete, the Save Report button will become available
  • Click this and save the report to your Desktop as RootRepeal.txt
  • Go to File, then Exit to close the program

Step 2:
Download at your desktop DDS from one of the links below:

Link 1
Link 2
  • Double click the tool to run it.
  • A black Screen will open, just read the contents and do nothing.
  • When the tool finish it will open 2 reports.
  • Copy/paste both reports back here along with the rootrepeal log.
User avatar
Rodav
MRU Master Emeritus
 
Posts: 1481
Joined: April 19th, 2007, 6:44 am
Location: Here, there and yonder.

Re: I cannot install updates and system restore does not work.

Unread postby sundial03 » May 19th, 2009, 11:44 am

ROOTREPEAL (c) AD, 2007-2008
==================================================
Scan Time: 2009/05/19 11:03
Program Version: Version 1.2.3.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: dump_iastor.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_iastor.sys
Address: 0x9F6EC000 Size: 749568 File Visible: No
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xA35ED000 Size: 45056 File Visible: No
Status: -

Hidden/Locked Files
-------------------
Path: C:\hiberfil.sys
Status: Locked to the Windows API!

Path: C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb
Status: Visible to the Windows API, but not on disk.

Path: C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Ian B. Jones\Data\D0000000.FCS
Status: Allocation size mismatch (API: 512, Raw: 0)

SSDT
-------------------
#: 017 Function Name: NtAllocateVirtualMemory
Status: Hooked by "<unknown>" at address 0x8a611e40

#: 031 Function Name: NtConnectPort
Status: Hooked by "<unknown>" at address 0x8961f258

#: 041 Function Name: NtCreateKey
Status: Hooked by "<unknown>" at address 0x88172cc0

#: 047 Function Name: NtCreateProcess
Status: Hooked by "<unknown>" at address 0x881721c0

#: 048 Function Name: NtCreateProcessEx
Status: Hooked by "<unknown>" at address 0x88172480

#: 053 Function Name: NtCreateThread
Status: Hooked by "<unknown>" at address 0x88173b20

#: 063 Function Name: NtDeleteKey
Status: Hooked by "<unknown>" at address 0x88173240

#: 065 Function Name: NtDeleteValueKey
Status: Hooked by "<unknown>" at address 0x88173500

#: 097 Function Name: NtLoadDriver
Status: Hooked by "<unknown>" at address 0x88173cc0

#: 122 Function Name: NtOpenProcess
Status: Hooked by "<unknown>" at address 0x88172740

#: 180 Function Name: NtQueueApcThread
Status: Hooked by "<unknown>" at address 0x8a611eb8

#: 186 Function Name: NtReadVirtualMemory
Status: Hooked by "<unknown>" at address 0x8a611d50

#: 192 Function Name: NtRenameKey
Status: Hooked by "<unknown>" at address 0x8a5dc1a0

#: 213 Function Name: NtSetContextThread
Status: Hooked by "<unknown>" at address 0x8a611fa8

#: 226 Function Name: NtSetInformationKey
Status: Hooked by "<unknown>" at address 0x8a614238

#: 228 Function Name: NtSetInformationProcess
Status: Hooked by "<unknown>" at address 0x8a6212c8

#: 229 Function Name: NtSetInformationThread
Status: Hooked by "<unknown>" at address 0x8a583170

#: 247 Function Name: NtSetValueKey
Status: Hooked by "<unknown>" at address 0x88172f80

#: 253 Function Name: NtSuspendProcess
Status: Hooked by "<unknown>" at address 0x8a619630

#: 254 Function Name: NtSuspendThread
Status: Hooked by "<unknown>" at address 0x8a611f30

#: 257 Function Name: NtTerminateProcess
Status: Hooked by "<unknown>" at address 0x88172a00

#: 258 Function Name: NtTerminateThread
Status: Hooked by "<unknown>" at address 0x8a5831e8

#: 277 Function Name: NtWriteVirtualMemory
Status: Hooked by "<unknown>" at address 0x88173980

Stealth Objects
-------------------
Object: Hidden Code [Driver: Tcpip, IRP_MJ_CREATE]
Process: System Address: 0x899f3360 Size: -

Object: Hidden Code [Driver: Tcpip, IRP_MJ_CREATE_NAMED_PIPE]
Process: System Address: 0x899f32e8 Size: -

Object: Hidden Code [Driver: Tcpip, IRP_MJ_CLOSE]
Process: System Address: 0x899f3270 Size: -

Object: Hidden Code [Driver: Tcpip, IRP_MJ_READ]
Process: System Address: 0x899f31f8 Size: -

Object: Hidden Code [Driver: Tcpip, IRP_MJ_WRITE]
Process: System Address: 0x899f3180 Size: -

Object: Hidden Code [Driver: Tcpip, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x899f3108 Size: -

Object: Hidden Code [Driver: Tcpip, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x899f8520 Size: -

Object: Hidden Code [Driver: Tcpip, IRP_MJ_QUERY_EA]
Process: System Address: 0x899f84a8 Size: -

Object: Hidden Code [Driver: Tcpip, IRP_MJ_SET_EA]
Process: System Address: 0x899f8430 Size: -

Object: Hidden Code [Driver: Tcpip, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x899f83b8 Size: -

Object: Hidden Code [Driver: Tcpip, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x899f8340 Size: -

Object: Hidden Code [Driver: Tcpip, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x899f82c8 Size: -

Object: Hidden Code [Driver: Tcpip, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x899f8250 Size: -

Object: Hidden Code [Driver: Tcpip, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x899f7020 Size: -

Object: Hidden Code [Driver: Tcpip, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x899f7360 Size: -

Object: Hidden Code [Driver: Tcpip, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x899f72e8 Size: -

Object: Hidden Code [Driver: Tcpip, IRP_MJ_SHUTDOWN]
Process: System Address: 0x899f7270 Size: -

Object: Hidden Code [Driver: Tcpip, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x899f71f8 Size: -

Object: Hidden Code [Driver: Tcpip, IRP_MJ_CLEANUP]
Process: System Address: 0x899f7180 Size: -

Object: Hidden Code [Driver: Tcpip, IRP_MJ_CREATE_MAILSLOT]
Process: System Address: 0x899f7108 Size: -

Object: Hidden Code [Driver: Tcpip, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x896be020 Size: -

Object: Hidden Code [Driver: Tcpip, IRP_MJ_SET_SECURITY]
Process: System Address: 0x896be368 Size: -

Object: Hidden Code [Driver: Tcpip, IRP_MJ_POWER]
Process: System Address: 0x896be2f0 Size: -

Object: Hidden Code [Driver: Tcpip, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x896be278 Size: -

Object: Hidden Code [Driver: Tcpip, IRP_MJ_DEVICE_CHANGE]
Process: System Address: 0x896be200 Size: -

Object: Hidden Code [Driver: Tcpip, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x896be188 Size: -

Object: Hidden Code [Driver: Tcpip, IRP_MJ_SET_QUOTA]
Process: System Address: 0x896be110 Size: -

Object: Hidden Code [Driver: Tcpip, IRP_MJ_PNP]
Process: System Address: 0x89bc0020 Size: -


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-05-14.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 10/23/2006 4:10:11 PM
System Uptime: 5/17/2009 3:19:02 PM (44 hours ago)

Motherboard: Dell Inc. | | 0WG860
Processor: Intel(R) Core(TM)2 CPU 6600 @ 2.40GHz | Microprocessor | 2394/1066mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 146 GiB total, 118.411 GiB free.
D: is CDROM ()
Y: is NetworkDisk (NTFS) - 37 GiB total, 2.798 GiB free.
Z: is NetworkDisk (NTFS) - 37 GiB total, 2.798 GiB free.

==== Disabled Device Manager Items =============

==== System Restore Points ===================

No restore point in system.

==== Installed Programs ======================

Adobe Acrobat 5.0
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe PageMaker 6.5
Adobe PageMaker 7.0
Adobe Photoshop 6.0
Adobe Reader 7.1.0
Adobe SVG Viewer
Adobe Type Manager 4.1
Alohabob PC Relocator Ultra Control
Andrea VoiceCenter
Apple Mobile Device Support
Apple Software Update
ATI Catalyst Control Center
ATI Display Driver
Bentley MicroStation (V 08.05.02.55) - 1
Compatibility Pack for the 2007 Office system
Conexant HDA D110 MDC V.92 Modem
Creative Audio Pack
Creative MediaSource 5
Critical Update for Windows Media Player 11 (KB959772)
Dell CinePlayer
Dell Driver Reset Tool
Dell Support 3.2
Dell System Restore
Digital Canal Steel Design Series
Digital Content Portal
Digital Line Detect
eFax Messenger 4.2
getPlus(R) for Adobe
GhostFill 4
Google Earth
High Definition Audio Driver Package - KB835221
HijackThis 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
HP Memories Disc
HP Photo and Imaging 2.2 - Scanjet 3970 Series
Intel(R) Matrix Storage Manager
Intel(R) PRO Network Connections
iTunes
J2SE Runtime Environment 5.0 Update 6
Logitech Desktop Messenger
Logitech MouseWare 9.79.1
Logitech Resource Center
MCU
Media Library Management Wizard
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Small Business Edition 2003
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft User-Mode Driver Framework Feature Pack 1.0
Modem Helper
Move Networks Media Player for Internet Explorer
Movie Maker Background Music Files
Movie Maker Sound Effects
Movie Maker Title Images
Mozilla Firefox (3.0.10)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
Netflix Movie Viewer
NetWaiting
PaperMaster Pro 7.0
PCFriendly
Pdf995
Personal License Update Wizard for Windows Media Player
Plus! MP3 Audio Converter LE
ProjectDox Components
Qualxserve Service Agreement
QuickTime
RedistSysFiles
Registry Mechanic 6.0
Roxio DLA
Roxio MyDVD LE
Roxio RecordNow Audio
Roxio RecordNow Copy
Roxio RecordNow Data
SearchAssist
Security Update for CAPICOM (KB931906)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961373)
ShareIns
Sonic Activation Module
Sonic Advanced Decoder
Sonic Update Manager
Sound Blaster ADVANCED MB Drivers
Sound Blaster Audigy ADVANCED MB
Sound Blaster Audigy ADVANCED MB Product Registration
Spy Sweeper
Spy Sweeper Core
Symantec Network Drivers Update
Trend Micro AntiVirus
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
URL Assistant
VBA (2627.01)
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live OneCare safety scanner
Windows Media Bonus Pack for Windows XP
Windows Media Format 11 runtime
Windows Media Player 10
Windows Media Player 11
Windows Media Player Playlist Import to Excel Wizard
Windows Media Player Skin Importer
Windows Media Player Tray Control
Windows XP Service Pack 3
WinZip
Zinio Reader

==== End Of File ===========================

DDS (Ver_09-05-14.01) - NTFSx86
Run by Ian B. Jones at 11:34:27.78 on Tue 05/19/2009
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1378 [GMT -4:00]

AV: *On-access scanning enabled* (Outdated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
AV: Trend Micro AntiVirus *On-access scanning enabled* (Updated) {7D2296BC-32CC-4519-917E-52E652474AF5}
FW: *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Zinio\ZinioReader.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\eFax Messenger 4.2\J2GTray.exe
C:\Program Files\PaperMaster Pro 7.0\J2GTray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Documents and Settings\Ian B. Jones\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uWindow Title = Windows Internet Explorer provided by Yahoo!
uStart Page = hxxp://www.sparkpeople.com/websearch/
uDefault_Page_URL = hxxp://www.yahoo.com/?fr=fp-yie8
uSearch Bar = hxxp://www.google.com/ie
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/def ... earch.html
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = localhost
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: {02478D38-C3F9-4EFB-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar3.dll
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
uRun: [LDM] "c:\program files\logitech\desktop messenger\8876480\program\LogitechDesktopMessenger.exe"
uRun: [ctfmon.exe] "c:\windows\system32\ctfmon.exe"
uRun: [Zinio DLM] "c:\program files\zinio\ZinioReader.exe" /autostart
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
mRun: [eFax 4.2] "c:\program files\efax messenger 4.2\J2GDllCmd.exe" /R
mRun: [Logitech Utility] "c:\windows\LOGI_MWX.EXE"
mRun: [Share-to-Web Namespace Daemon] "c:\program files\hewlett-packard\hp share-to-web\hpgs2wnd.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [UfSeAgnt.exe] "c:\program files\trend micro\internet security\UfSeAgnt.exe"
mRun: [SpySweeper] "c:\program files\webroot\spy sweeper\SpySweeperUI.exe" /startintray
StartupFolder: c:\docume~1\ianb~1.jon\startm~1\programs\startup\paperm~1.lnk - c:\program files\papermaster pro 7.0\J2GDllCmd.exe
StartupFolder: c:\docume~1\ianb~1.jon\startm~1\programs\startup\paperm~2.lnk - c:\program files\papermaster pro 7.0\J2GTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\acroba~1.lnk - c:\program files\adobe\acrobat 5.0\distillr\AcroTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\efax42~1.lnk - c:\program files\efax messenger 4.2\J2GTray.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - hxxp://support.dell.com/systemprofiler/SysPro.CAB
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - hxxps://support.microsoft.com/OAS/ActiveX/MSDcode.cab
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdat ... /opuc3.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resour ... se5483.cab
DPF: {87C434E6-67DF-4D2C-9136-49E98C15FCD7} - hxxps://eplans.atlantaga.gov/ProjectDox ... lientX.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinsta ... s-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/fl ... rashim.cab
DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} - hxxps://h17000.www1.hp.com/ewfrf-JAVA/S ... anager.ocx
DPF: {AD58C149-8AE2-4878-99DC-3A164E32F814} - hxxp://appsnet.bentley.com/myselectcd/SAXFileEE.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinsta ... s-i586.cab
DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - hxxp://wwwimages.adobe.com/www.adobe.co ... nos/gp.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shoc ... wflash.cab
DPF: {D821DC4A-0814-435E-9820-661C543A4679} - hxxp://drmlicense.one.microsoft.com/crl ... crlocx.ocx
DPF: {DB90DEA9-0897-4B02-9FE0-1E321A22EAB0} - hxxps://eplans.atlantaga.gov/ProjectDox ... atZip2.cab
DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} - hxxp://h30155.www3.hp.com/ediags/hpfix/ ... gh.cab?326
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\ianb~1.jon\applic~1\mozilla\firefox\profiles\2j9b9s2u.default\
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava11.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava12.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava13.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava14.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava32.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJPI150_06.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPOJI610.dll

============= SERVICES / DRIVERS ===============

R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [2008-8-9 29808]
R2 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [2009-3-30 50192]
R2 tmpreflt;tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [2009-3-30 36368]
R2 TmProxy;Trend Micro Proxy Service;c:\program files\trend micro\internet security\TmProxy.exe [2009-3-30 677128]
R2 WebrootSpySweeperService;Webroot Spy Sweeper Engine;c:\program files\webroot\spy sweeper\SpySweeper.exe [2008-8-9 3585384]
S3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\nos\bin\getPlus_HelperSvc.exe [2008-9-19 33752]

=============== Created Last 30 ================

2009-05-06 18:26 <DIR> --d----- c:\windows\system32\KB905474
2009-05-04 09:54 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-05-04 09:54 <DIR> --d----- c:\program files\SUPERAntiSpyware
2009-05-04 09:54 <DIR> --d----- c:\docume~1\ianb~1.jon\applic~1\SUPERAntiSpyware.com
2009-04-27 19:17 <DIR> --d-h--- c:\windows\msdownld.tmp

==================== Find3M ====================

2009-04-02 19:08 50,192 a----r-- c:\windows\system32\drivers\tmactmon.sys
2009-04-02 19:08 50,192 a----r-- c:\windows\system32\drivers\tmevtmgr.sys
2009-04-02 19:08 153,104 a----r-- c:\windows\system32\drivers\tmcomm.sys
2009-03-30 16:32 1,195,512 a----r-- c:\windows\system32\drivers\vsapint.sys
2009-03-30 16:32 205,328 a----r-- c:\windows\system32\drivers\tmxpflt.sys
2009-03-30 16:32 80,400 a----r-- c:\windows\system32\drivers\tmtdi.sys
2009-03-30 16:32 36,368 a----r-- c:\windows\system32\drivers\tmpreflt.sys
2009-03-21 10:06 989,696 -----r-- c:\windows\system32\dllcache\kernel32.dll
2009-03-06 10:22 284,160 a----r-- c:\windows\system32\pdh.dll
2009-03-06 10:22 284,160 -----r-- c:\windows\system32\dllcache\pdh.dll
2009-03-02 20:18 826,368 a----r-- c:\windows\system32\wininet.dll
2009-03-02 20:18 826,368 a----r-- c:\windows\system32\dllcache\wininet.dll
2009-02-28 00:54 636,072 -----r-- c:\windows\system32\dllcache\iexplore.exe
2009-02-20 06:20 70,656 -----r-- c:\windows\system32\dllcache\ie4uinit.exe
2009-02-20 06:20 13,824 -----r-- c:\windows\system32\dllcache\ieudinit.exe
2009-02-20 01:14 161,792 -----r-- c:\windows\system32\dllcache\ieakui.dll
2006-10-31 18:45 88 -c-shr-- c:\windows\system32\138EC67ADF.sys
2006-10-31 18:45 3,350 ac-shr-- c:\windows\system32\KGyGaAvL.sys
2008-09-12 11:39 32,768 a--shr-- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008091220080913\index.dat

============= FINISH: 11:37:37.01 ===============
sundial03
Active Member
 
Posts: 13
Joined: May 12th, 2009, 4:41 pm

Re: I cannot install updates and system restore does not work.

Unread postby Rodav » May 19th, 2009, 3:51 pm

I don't see anything malicious. I do see you have Registry Mechanic 6.0, while it is a legitimate program, automated registry cleaners have a tendency to do more bad than good. Miekiemoes a malware removal expert has a write up on them: http://miekiemoes.blogspot.com/2008/02/ ... ng_13.html

You have a very old version of Java which needs to be removed:
J2SE Runtime Environment 5.0 Update 6

You can download and install the latest version JRE 6 Update 13 here:
http://java.sun.com/javase/downloads/index.jsp


How long has your issues been happening? I'll have another look.

  • Download OTScanIt2 by Oldtimer to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt2 on your desktop.

      NOTE: You must be logged on to the system with an account that has Administrator privileges to run this program.
  • Close ALL OTHER PROGRAMS.
  • Open the OTScanIt2 folder and double-click on OTScanIt2.exe to start the program.
  • Click the Scan All Users checkbox on the toolbar.
  • Do not change any other settings.
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
  • Close Notepad (saving the change if necessry).

NOTE:Use the Add Reply button and Attach the scan back here (do not copy/paste it as it will be too big to fit into the post). It will be located in the OTScanIt2 folder and named OTScanIt.txt.
User avatar
Rodav
MRU Master Emeritus
 
Posts: 1481
Joined: April 19th, 2007, 6:44 am
Location: Here, there and yonder.

Re: I cannot install updates and system restore does not work.

Unread postby sundial03 » May 21st, 2009, 7:03 am

I tried your instruction for download and install of OTScan, tried scanning and it keeps freezing up when the staus line reads "Performing MountPoints2 Scan" Can't get past this point. Tried re-running, re-installing, etc. to no avail.
sundial03
Active Member
 
Posts: 13
Joined: May 12th, 2009, 4:41 pm

Re: I cannot install updates and system restore does not work.

Unread postby Rodav » May 21st, 2009, 3:59 pm

There is a new version of the tool that has just been released which should hopefully fix that error, you can download it: here

Under Additional Scans, click "Extras", otherwise it's the same instructions as before.
User avatar
Rodav
MRU Master Emeritus
 
Posts: 1481
Joined: April 19th, 2007, 6:44 am
Location: Here, there and yonder.

Re: I cannot install updates and system restore does not work.

Unread postby sundial03 » May 21st, 2009, 4:52 pm

I did as instructed and it scans for about 3 seconds and then disappears.
Not in the task manager either.
As if I did not even start it.
sundial03
Active Member
 
Posts: 13
Joined: May 12th, 2009, 4:41 pm

Re: I cannot install updates and system restore does not work.

Unread postby Rodav » May 21st, 2009, 5:47 pm

I'll ask the developer about it, in the meantime we can see if malwarebytes can find anything.

Step 1:
Please download Malwarebytes' Anti-Malware to your desktop.

  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform full scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Check (tick) all items except items in the C:\System Volume Information folder, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location.
  • The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
  • Post that log back here along with a new dds log.
User avatar
Rodav
MRU Master Emeritus
 
Posts: 1481
Joined: April 19th, 2007, 6:44 am
Location: Here, there and yonder.

Re: I cannot install updates and system restore does not work.

Unread postby Rodav » May 22nd, 2009, 6:37 am

There is a good chance of a sneaky rootkit is at the crux of your issues, lets see if it shows up.

GMER
  • Download GMER by GMER from one of the links below:
    Link1
    Link2
  • Unzip it to a folder on your desktop
  • Double click on gmer.exe to launch GMER
  • If asked, allow the gmer.sys driver load
  • If it warns you about rootkit activity and asks if you want to run scan, click OK
  • If you don't get a warning then
    • Click the rootkit tab
    • Click Scan
  • Once the scan has finished, click copy
  • Paste the log into notepad using Ctrl+V
  • Save it to your desktop as gmerrk.txt
  • Click on the >>> tab
  • This will open up the rest of the tabs for you
  • Click on the Autostart tab
  • Click on Scan
  • Once the scan has finished, click copy
  • Paste the log into notepad using Ctrl+V
  • Save it to your desktop as gmerautos.txt
  • Copy and paste the contents of gmerautos.txt and gmerrk.txt as a reply to this topic
User avatar
Rodav
MRU Master Emeritus
 
Posts: 1481
Joined: April 19th, 2007, 6:44 am
Location: Here, there and yonder.

Re: I cannot install updates and system restore does not work.

Unread postby sundial03 » May 22nd, 2009, 2:37 pm

GMER 1.0.15.14972 - http://www.gmer.net
Autostart scan 2009-05-22 14:35:32
Windows 5.1.2600 Service Pack 3


HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems@Windows = %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon@Userinit = C:\WINDOWS\system32\userinit.exe,

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ >>>
dimsntfy@DLLName = %SystemRoot%\System32\dimsntfy.dll
WgaLogon@DLLName = WgaLogon.dll

HKLM\SYSTEM\CurrentControlSet\Services\ >>>
Apple Mobile Device@ = "C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe"
JavaQuickStarterService@ = "C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf"
MDM@ = "C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE"
ScsiPort@ = %SystemRoot%\system32\drivers\scsiport.sys
SfCtlCom@ = "C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe"
TMBMServer@ = "C:\Program Files\Trend Micro\BM\TMBMSRV.exe" /service
TmProxy@ = "C:\Program Files\Trend Micro\Internet Security\TmProxy.exe"
WebrootSpySweeperService@ = "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe"

HKLM\Software\Microsoft\Windows\CurrentVersion\Run >>>
@eFax 4.2"C:\Program Files\eFax Messenger 4.2\J2GDllCmd.exe" /R = "C:\Program Files\eFax Messenger 4.2\J2GDllCmd.exe" /R
@Logitech Utility"C:\WINDOWS\LOGI_MWX.EXE" = "C:\WINDOWS\LOGI_MWX.EXE"
@Share-to-Web Namespace Daemon"c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" = "c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe"
@QuickTime Task"C:\Program Files\QuickTime\QTTask.exe" -atboottime = "C:\Program Files\QuickTime\QTTask.exe" -atboottime
@iTunesHelper"C:\Program Files\iTunes\iTunesHelper.exe" = "C:\Program Files\iTunes\iTunesHelper.exe"
@UfSeAgnt.exe"C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe" = "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
@Adobe Reader Speed Launcher"C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" = "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
@SunJavaUpdateSched"C:\Program Files\Java\jre6\bin\jusched.exe" = "C:\Program Files\Java\jre6\bin\jusched.exe"
@SpySweeper"C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray = "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray

HKCU\Software\Microsoft\Windows\CurrentVersion\Run >>>
@LDM"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" = "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"
@ctfmon.exe"C:\WINDOWS\system32\ctfmon.exe" = "C:\WINDOWS\system32\ctfmon.exe"
@Zinio DLMC:\Program Files\Zinio\ZinioReader.exe /autostart /*file not found*/ = C:\Program Files\Zinio\ZinioReader.exe /autostart /*file not found*/
@MSMSGS"C:\Program Files\Messenger\msmsgs.exe" /background = "C:\Program Files\Messenger\msmsgs.exe" /background

HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad@WPDShServiceObj = C:\WINDOWS\system32\WPDShServiceObj.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved >>>
@{42071714-76d4-11d1-8b24-00a0c9068ff3} /*Display Panning CPL Extension*/(null) =
@{88895560-9AA2-1069-930E-00AA0030EBC8} /*HyperTerminal Icon Ext*/(null) =
@{596AB062-B4D2-4215-9F74-E9109B0A8153} /*Previous Versions Property Page*/C:\WINDOWS\system32\twext.dll = C:\WINDOWS\system32\twext.dll
@{9DB7A13C-F208-4981-8353-73CC61AE2783} /*Previous Versions*/C:\WINDOWS\system32\twext.dll = C:\WINDOWS\system32\twext.dll
@{30D02401-6A81-11d0-8274-00C04FD5AE38} /*IE Search Band*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{E7E4BC40-E76A-11CE-A9BB-00AA004AE837} /*Shell DocObject Viewer*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{FBF23B40-E3F0-101B-8488-00AA003E56F8} /*InternetShortcut*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{3C374A40-BAE4-11CF-BF7D-00AA006946EE} /*Microsoft Url History Service*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{FF393560-C2A7-11CF-BFF4-444553540000} /*History*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{7BD29E00-76C1-11CF-9DD0-00A0C9034933} /*Temporary Internet Files*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{7BD29E01-76C1-11CF-9DD0-00A0C9034933} /*Temporary Internet Files*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{CFBFAE00-17A6-11D0-99CB-00C04FD64497} /*Microsoft Url Search Hook*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{3DC7A020-0ACD-11CF-A9BB-00AA004AE837} /*The Internet*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{871C5380-42A0-1069-A2EA-08002B30309D} /*Internet Name Space*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{00E7B358-F65B-4dcf-83DF-CD026B94BFD4} /*Autoplay for SlideShow*/(null) =
@{692F0339-CBAA-47e6-B5B5-3B84DB604E87} /*Extensions Manager Folder*/C:\WINDOWS\system32\extmgr.dll = C:\WINDOWS\system32\extmgr.dll
@{BDEADF00-C265-11D0-BCED-00A0C90AB50F} /*Web Folders*/C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL = C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
@{00020D75-0000-0000-C000-000000000046} /*Microsoft Office Outlook Desktop Icon Handler*/C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL = C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL
@{0006F045-0000-0000-C000-000000000046} /*Microsoft Office Outlook Custom Icon Handler*/C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL = C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL
@{42042206-2D85-11D3-8CFF-005004838597} /*Microsoft Office HTML Icon Handler*/C:\Program Files\Microsoft Office\OFFICE11\msohev.dll = C:\Program Files\Microsoft Office\OFFICE11\msohev.dll
@{5CA3D70E-1895-11CF-8E15-001234567890} /*DriveLetterAccess*/C:\WINDOWS\System32\DLA\DLASHX_W.DLL = C:\WINDOWS\System32\DLA\DLASHX_W.DLL
@{E0D79304-84BE-11CE-9641-444553540000} /*WinZip*/C:\WINZIP32\WZSHLSTB.DLL = C:\WINZIP32\WZSHLSTB.DLL
@{E0D79305-84BE-11CE-9641-444553540000} /*WinZip*/C:\WINZIP32\WZSHLSTB.DLL = C:\WINZIP32\WZSHLSTB.DLL
@{E0D79306-84BE-11CE-9641-444553540000} /*WinZip*/C:\WINZIP32\WZSHLSTB.DLL = C:\WINZIP32\WZSHLSTB.DLL
@{E0D79307-84BE-11CE-9641-444553540000} /*WinZip*/C:\WINZIP32\WZSHLSTB.DLL = C:\WINZIP32\WZSHLSTB.DLL
@{6ff26905-5466-4722-a301-08e22f780280} /*eFax Messenger - Shell Extension*/C:\Program Files\eFax Messenger 4.2\J2GShell.dll = C:\Program Files\eFax Messenger 4.2\J2GShell.dll
@{07C45BB1-4A8C-4642-A1F5-237E7215FF66} /*IE Microsoft BrowserBand*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{1C1EDB47-CE22-4bbb-B608-77B48F83C823} /*IE Fade Task*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{205D7A97-F16D-4691-86EF-F3075DCCA57D} /*IE Menu Desk Bar*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{3028902F-6374-48b2-8DC6-9725E775B926} /*IE AutoComplete*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{43886CD5-6529-41c4-A707-7B3C92C05E68} /*IE Navigation Bar*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{44C76ECD-F7FA-411c-9929-1B77BA77F524} /*IE Menu Site*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{4B78D326-D922-44f9-AF2A-07805C2A3560} /*IE Menu Band*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{6038EF75-ABFC-4e59-AB6F-12D397F6568D} /*IE Microsoft History AutoComplete List*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{6B4ECC4F-16D1-4474-94AB-5A763F2A54AE} /*IE Tracking Shell Menu*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{6CF48EF8-44CD-45d2-8832-A16EA016311B} /*IE IShellFolderBand*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{73CFD649-CD48-4fd8-A272-2070EA56526B} /*IE BandProxy*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{98FF6D4B-6387-4b0a-8FBD-C5C4BB17B4F8} /*IE MRU AutoComplete List*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{9A096BB5-9DC3-4D1C-8526-C3CBF991EA4E} /*IE RSS Feeder Folder*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{9D958C62-3954-4b44-8FAB-C4670C1DB4C2} /*IE Microsoft Shell Folder AutoComplete List*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{B31C5FAE-961F-415b-BAF0-E697A5178B94} /*IE Microsoft Multiple AutoComplete List Container*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{BC476F4C-D9D7-4100-8D4E-E043F6DEC409} /*Microsoft Browser Architecture*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{BFAD62EE-9D54-4b2a-BF3B-76F90697BD2A} /*IE Shell Rebar BandSite*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{E6EE9AAC-F76B-4947-8260-A9F136138E11} /*IE Shell Band Site Menu*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{F2CF5485-4E02-4f68-819C-B92DE9277049} /*&Links*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{F83DAC1C-9BB9-4f2b-B619-09819DA81B0E} /*IE Registry Tree Options Utility*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} /*IE User Assist*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{FDE7673D-2E19-4145-8376-BBD58C4BC7BA} /*IE Custom MRU AutoCompleted List*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{35786D3C-B075-49b9-88DD-029876E11C01} /*Portable Devices*/%SystemRoot%\system32\wpdshext.dll = %SystemRoot%\system32\wpdshext.dll
@{D6791A63-E7E2-4fee-BF52-5DED8E86E9B8} /*Portable Devices Menu*/%SystemRoot%\system32\wpdshext.dll = %SystemRoot%\system32\wpdshext.dll
@{15d97b29-af41-4891-9206-4385aa4cabb5} /*PaperMaster - Shell Extension*/C:\Program Files\PaperMaster Pro 7.0\J2GShell.dll = C:\Program Files\PaperMaster Pro 7.0\J2GShell.dll
@{A4DF5659-0801-4A60-9607-1C48695EFDA9} /*Share-to-Web Upload Folder*/c:\Program Files\Hewlett-Packard\HP Share-to-Web\HPGS2WNS.DLL = c:\Program Files\Hewlett-Packard\HP Share-to-Web\HPGS2WNS.DLL
@{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} /*Microsoft Office Metadata Handler*/C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll = C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
@{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} /*Microsoft Office Thumbnail Handler*/C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll = C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
@{AC0B5D2E-B691-4E12-A4F9-CA88492579A2} /*Zinio Shell Extension*/C:\Program Files\Common Files\Zinio\ZShext.dll = C:\Program Files\Common Files\Zinio\ZShext.dll
@{A9AACA72-1C51-4F84-804D-90EDBA0D58F4} /*Zinio Magazine Column Provider*/C:\Program Files\Common Files\Zinio\ZShext.dll = C:\Program Files\Common Files\Zinio\ZShext.dll
@{7C9D5882-CB4A-4090-96C8-430BFE8B795B} /*Webroot Spy Sweeper Context Menu Integration*/C:\PROGRA~1\Webroot\SPYSWE~1\SSCtxMnu.dll = C:\PROGRA~1\Webroot\SPYSWE~1\SSCtxMnu.dll
@{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} /*iTunes*/C:\Program Files\iTunes\iTunesMiniPlayer.dll = C:\Program Files\iTunes\iTunesMiniPlayer.dll
@{48F45200-91E6-11CE-8A4F-0080C81A28D4} /*TMD Shell Extension*/C:\Program Files\Trend Micro\Internet Security\Tmdshell.dll = C:\Program Files\Trend Micro\Internet Security\Tmdshell.dll
@{771A9DA0-731A-11CE-993C-00AA004ADB6C} /*VBPropSheet*/C:\Program Files\Trend Micro\Internet Security\VBProp.dll = C:\Program Files\Trend Micro\Internet Security\VBProp.dll

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ >>>
HotShellExtPM@{15D97B29-AF41-4891-9206-4385AA4CABB5} = C:\Program Files\PaperMaster Pro 7.0\J2GShell.dll
HotShellExt_40@{6FF26905-5466-4722-A301-08E22F780280} = C:\Program Files\eFax Messenger 4.2\J2GShell.dll
WinZip@{E0D79304-84BE-11CE-9641-444553540000} = C:\WINZIP32\WZSHLSTB.DLL

HKLM\Software\Classes\*\shellex\ContextMenuHandlers@{48F45200-91E6-11CE-8A4F-0080C81A28D4} = C:\Program Files\Trend Micro\Internet Security\Tmdshell.dll

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\WinZip@{E0D79304-84BE-11CE-9641-444553540000} = C:\WINZIP32\WZSHLSTB.DLL

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ >>>
SpySweeper@{7C9D5882-CB4A-4090-96C8-430BFE8B795B} = C:\PROGRA~1\Webroot\SPYSWE~1\SSCtxMnu.dll
WinZip@{E0D79304-84BE-11CE-9641-444553540000} = C:\WINZIP32\WZSHLSTB.DLL

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers@{48F45200-91E6-11CE-8A4F-0080C81A28D4} = C:\Program Files\Trend Micro\Internet Security\Tmdshell.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects >>>
@{18DF081C-E8AD-4283-A596-FA578C2EBDC3}C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll = C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
@{5CA3D70E-1895-11CF-8E15-001234567890}C:\WINDOWS\System32\DLA\DLASHX_W.DLL = C:\WINDOWS\System32\DLA\DLASHX_W.DLL
@{CA6319C0-31B7-401E-A518-A07C3DB8F777}C:\Program Files\BAE\BAE.dll = C:\Program Files\BAE\BAE.dll
@{DBC80044-A445-435b-BC74-9C25C1C588A9}C:\Program Files\Java\jre6\bin\jp2ssv.dll = C:\Program Files\Java\jre6\bin\jp2ssv.dll
@{E7E6F031-17CE-4C07-BC86-EABFE594F69C}C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll = C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

HKCU\Control Panel\Desktop@SCRNSAVE.EXE = C:\WINDOWS\system32\logon.scr

HKLM\Software\Microsoft\Internet Explorer\Main >>>
@Default_Page_URLhttp://go.microsoft.com/fwlink/?LinkId=69157 = http://go.microsoft.com/fwlink/?LinkId=69157
@Start Pagehttp://go.microsoft.com/fwlink/?LinkId=69157 = http://go.microsoft.com/fwlink/?LinkId=69157
@Local Page%SystemRoot%\system32\blank.htm = %SystemRoot%\system32\blank.htm

HKCU\Software\Microsoft\Internet Explorer\Main >>>
@Default_Page_URLhttp://www.yahoo.com/?fr=fp-yie8 = http://www.yahoo.com/?fr=fp-yie8
@Start Pagehttp://www.sparkpeople.com/websearch/ = http://www.sparkpeople.com/websearch/
@Local PageC:\WINDOWS\system32\blank.htm = C:\WINDOWS\system32\blank.htm

HKLM\Software\Classes\PROTOCOLS\Filter\text/xml@CLSID = C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL

HKLM\Software\Classes\PROTOCOLS\Handler\ >>>
bwfile-8876480@CLSID = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
dvd@CLSID = C:\WINDOWS\system32\msvidctl.dll
its@CLSID = C:\WINDOWS\system32\itss.dll
mhtml@CLSID = %SystemRoot%\system32\inetcomm.dll
ms-its@CLSID = C:\WINDOWS\system32\itss.dll
ms-itss@CLSID = C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL
mso-offdap11@CLSID = C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
tv@CLSID = C:\WINDOWS\system32\msvidctl.dll

HKLM\Software\Classes\PROTOCOLS\Handler\wia@CLSID = C:\WINDOWS\system32\wiascr.dll

C:\Documents and Settings\Ian B. Jones\Start Menu\Programs\Startup >>>
PaperMaster Live Menu 7.0.lnk = PaperMaster Live Menu 7.0.lnk
PaperMaster Tray Menu 7.0.lnk = PaperMaster Tray Menu 7.0.lnk

C:\Documents and Settings\All Users\Start Menu\Programs\Startup >>>
Acrobat Assistant.lnk = Acrobat Assistant.lnk
Adobe Gamma Loader.exe.lnk = Adobe Gamma Loader.exe.lnk
eFax 4.2.lnk = eFax 4.2.lnk

---- EOF - GMER 1.0.15 ----
GMER 1.0.15.14972 - http://www.gmer.net
Rootkit scan 2009-05-22 14:33:32
Windows 5.1.2600 Service Pack 3


---- System - GMER 1.0.15 ----

SSDT 8A5A8CD8 ZwAllocateVirtualMemory
SSDT 89688CC8 ZwConnectPort
SSDT 88994CC0 ZwCreateKey
SSDT 889941C0 ZwCreateProcess
SSDT 88994480 ZwCreateProcessEx
SSDT 88995B20 ZwCreateThread
SSDT 88995240 ZwDeleteKey
SSDT 88995500 ZwDeleteValueKey
SSDT 88995CC0 ZwLoadDriver
SSDT 88994740 ZwOpenProcess
SSDT 8A5A8D50 ZwQueueApcThread
SSDT 8A5A8BE8 ZwReadVirtualMemory
SSDT 8A5D7648 ZwRenameKey
SSDT 8A5A8E40 ZwSetContextThread
SSDT 8A5D8238 ZwSetInformationKey
SSDT 8A5A91E8 ZwSetInformationProcess
SSDT 8A5A8EB8 ZwSetInformationThread
SSDT 88994F80 ZwSetValueKey
SSDT 8A5A9170 ZwSuspendProcess
SSDT 8A5A8DC8 ZwSuspendThread
SSDT 88994A00 ZwTerminateProcess
SSDT 8A5A8F30 ZwTerminateThread
SSDT 88995980 ZwWriteVirtualMemory

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 2C08 805044A4 2 Bytes [D8, 8C]
.text ntkrnlpa.exe!ZwCallbackReturn + 2EAC 80504748 4 Bytes CALL E0DAA1D8
.text ntkrnlpa.exe!ZwCallbackReturn + 2F54 805047F0 8 Bytes CALL 38DAA286

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Webroot\Spy Sweeper\SSU.EXE[920] ntdll.dll!KiUserExceptionDispatcher + 9 7C90E485 5 Bytes JMP 00016B10 C:\Program Files\Webroot\Spy Sweeper\SSU.EXE (Spy Sweeper SSU/Webroot Software, Inc. (www.webroot.com))
.text C:\Program Files\Webroot\Spy Sweeper\SSU.EXE[920] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00017260 C:\Program Files\Webroot\Spy Sweeper\SSU.EXE (Spy Sweeper SSU/Webroot Software, Inc. (www.webroot.com))
.text C:\Program Files\Webroot\Spy Sweeper\SSU.EXE[920] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00017AB0 C:\Program Files\Webroot\Spy Sweeper\SSU.EXE (Spy Sweeper SSU/Webroot Software, Inc. (www.webroot.com))
.text C:\Program Files\Webroot\Spy Sweeper\SSU.EXE[920] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00017260 C:\Program Files\Webroot\Spy Sweeper\SSU.EXE (Spy Sweeper SSU/Webroot Software, Inc. (www.webroot.com))
.text C:\Program Files\Webroot\Spy Sweeper\SSU.EXE[920] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00017A60 C:\Program Files\Webroot\Spy Sweeper\SSU.EXE (Spy Sweeper SSU/Webroot Software, Inc. (www.webroot.com))
.text C:\Program Files\Webroot\Spy Sweeper\SSU.EXE[920] kernel32.dll!VirtualFree 7C809B84 5 Bytes JMP 00017A90 C:\Program Files\Webroot\Spy Sweeper\SSU.EXE (Spy Sweeper SSU/Webroot Software, Inc. (www.webroot.com))
.text C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe[3704] kernel32.dll!CreateThread + 1B 7C8106F2 3 Bytes CALL 004505CE C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe (Spy Sweeper Client Executable/Webroot Software, Inc.)

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisDeregisterProtocol] 8A5A8A78
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisRegisterProtocol] 8A5A8B70
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] 8A5A8B70
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol] 8A5A8A78
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisDeregisterProtocol] 8A5A8A78
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol] 8A5A8B70
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] 8A5A8B70
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] 8A5A8A78
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] 8A5A8B70
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] 8A5A8A78
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] 8A5A8B70
IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisDeregisterProtocol] 8A5A8A78
IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisRegisterProtocol] 8A5A8B70
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] 8A5A8B70
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol] 8A5A8A78

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs ssfs0bbc.sys (Spy Sweeper FileSystem Filter Driver/Webroot Software, Inc. (www.webroot.com))
AttachedDevice \FileSystem\Ntfs \Ntfs SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)

Device \Driver\Tcpip \Device\Ip 89683128
Device \Driver\Tcpip \Device\Ip 8926D020

AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)

Device \Driver\Tcpip \Device\Tcp 89683128
Device \Driver\Tcpip \Device\Tcp 8926D020

AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)

Device \Driver\Tcpip \Device\Udp 89683128
Device \Driver\Tcpip \Device\Udp 8926D020

AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)

Device \Driver\Tcpip \Device\RawIp 89683128
Device \Driver\Tcpip \Device\RawIp 8926D020

AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)

Device \Driver\Tcpip \Device\IPMULTICAST 89683128
Device \Driver\Tcpip \Device\IPMULTICAST 8926D020
Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)

AttachedDevice \FileSystem\Fastfat \Fat ssfs0bbc.sys (Spy Sweeper FileSystem Filter Driver/Webroot Software, Inc. (www.webroot.com))
AttachedDevice \FileSystem\Fastfat \Fat SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \FileSystem\Cdfs \Cdfs DLAIFS_M.SYS (Drive Letter Access Component/Sonic Solutions)

---- EOF - GMER 1.0.15 ----
sundial03
Active Member
 
Posts: 13
Joined: May 12th, 2009, 4:41 pm

Re: I cannot install updates and system restore does not work.

Unread postby sundial03 » May 22nd, 2009, 3:44 pm

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-05-14.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 10/23/2006 4:10:11 PM
System Uptime: 5/22/2009 3:23:38 PM (0 hours ago)

Motherboard: Dell Inc. | | 0WG860
Processor: Intel(R) Core(TM)2 CPU 6600 @ 2.40GHz | Microprocessor | 2393/1066mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 146 GiB total, 118.099 GiB free.
D: is CDROM ()
Y: is NetworkDisk (NTFS) - 37 GiB total, 2.369 GiB free.
Z: is NetworkDisk (NTFS) - 37 GiB total, 2.369 GiB free.

==== Disabled Device Manager Items =============

==== System Restore Points ===================

No restore point in system.

==== Installed Programs ======================

Acrobat.com
Adobe Acrobat 5.0
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe PageMaker 6.5
Adobe PageMaker 7.0
Adobe Photoshop 6.0
Adobe Reader 9.1.1
Adobe SVG Viewer
Adobe Type Manager 4.1
Alohabob PC Relocator Ultra Control
Andrea VoiceCenter
Apple Mobile Device Support
Apple Software Update
ATI Catalyst Control Center
ATI Display Driver
Bentley MicroStation (V 08.05.02.55) - 1
Compatibility Pack for the 2007 Office system
Conexant HDA D110 MDC V.92 Modem
Creative Audio Pack
Creative MediaSource 5
Critical Update for Windows Media Player 11 (KB959772)
Dell CinePlayer
Dell Driver Reset Tool
Dell Support 3.2
Dell System Restore
Digital Canal Steel Design Series
Digital Content Portal
Digital Line Detect
eFax Messenger 4.2
getPlus(R) for Adobe
GhostFill 4
Google Earth
High Definition Audio Driver Package - KB835221
HijackThis 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
HP Memories Disc
HP Photo and Imaging 2.2 - Scanjet 3970 Series
Intel(R) Matrix Storage Manager
Intel(R) PRO Network Connections
iTunes
Java(TM) 6 Update 13
Logitech Desktop Messenger
Logitech MouseWare 9.79.1
Logitech Resource Center
Malwarebytes' Anti-Malware
MCU
Media Library Management Wizard
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Small Business Edition 2003
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft User-Mode Driver Framework Feature Pack 1.0
Modem Helper
Move Networks Media Player for Internet Explorer
Movie Maker Background Music Files
Movie Maker Sound Effects
Movie Maker Title Images
Mozilla Firefox (3.0.10)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
Netflix Movie Viewer
NetWaiting
PaperMaster Pro 7.0
PCFriendly
Pdf995
Personal License Update Wizard for Windows Media Player
Plus! MP3 Audio Converter LE
ProjectDox Components
Qualxserve Service Agreement
QuickTime
RedistSysFiles
Registry Mechanic 6.0
Roxio DLA
Roxio MyDVD LE
Roxio RecordNow Audio
Roxio RecordNow Copy
Roxio RecordNow Data
SearchAssist
Security Update for CAPICOM (KB931906)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961373)
ShareIns
Sonic Activation Module
Sonic Advanced Decoder
Sonic Update Manager
Sound Blaster ADVANCED MB Drivers
Sound Blaster Audigy ADVANCED MB
Sound Blaster Audigy ADVANCED MB Product Registration
Spy Sweeper
Spy Sweeper Core
Symantec Network Drivers Update
Trend Micro AntiVirus
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
URL Assistant
VBA (2627.01)
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live OneCare safety scanner
Windows Media Bonus Pack for Windows XP
Windows Media Format 11 runtime
Windows Media Player 10
Windows Media Player 11
Windows Media Player Playlist Import to Excel Wizard
Windows Media Player Skin Importer
Windows Media Player Tray Control
Windows XP Service Pack 3
WinZip
Zinio Reader

==== End Of File ===========================

DDS (Ver_09-05-14.01) - NTFSx86
Run by Ian B. Jones at 15:30:03.62 on Fri 05/22/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1495 [GMT -4:00]

AV: *On-access scanning enabled* (Outdated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
AV: Trend Micro AntiVirus *On-access scanning enabled* (Updated) {7D2296BC-32CC-4519-917E-52E652474AF5}
FW: *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Zinio\ZinioReader.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\eFax Messenger 4.2\J2GTray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\PaperMaster Pro 7.0\J2GTray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Ian B. Jones\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uWindow Title = Windows Internet Explorer provided by Yahoo!
uStart Page = hxxp://www.sparkpeople.com/websearch/
uDefault_Page_URL = hxxp://www.yahoo.com/?fr=fp-yie8
uSearch Bar = hxxp://www.google.com/ie
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/def ... earch.html
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = localhost
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: {02478D38-C3F9-4EFB-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar3.dll
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
uRun: [LDM] "c:\program files\logitech\desktop messenger\8876480\program\LogitechDesktopMessenger.exe"
uRun: [ctfmon.exe] "c:\windows\system32\ctfmon.exe"
uRun: [Zinio DLM] "c:\program files\zinio\ZinioReader.exe" /autostart
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
mRun: [eFax 4.2] "c:\program files\efax messenger 4.2\J2GDllCmd.exe" /R
mRun: [Logitech Utility] "c:\windows\LOGI_MWX.EXE"
mRun: [Share-to-Web Namespace Daemon] "c:\program files\hewlett-packard\hp share-to-web\hpgs2wnd.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [UfSeAgnt.exe] "c:\program files\trend micro\internet security\UfSeAgnt.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [SpySweeper] "c:\program files\webroot\spy sweeper\SpySweeperUI.exe" /startintray
StartupFolder: c:\docume~1\ianb~1.jon\startm~1\programs\startup\paperm~1.lnk - c:\program files\papermaster pro 7.0\J2GDllCmd.exe
StartupFolder: c:\docume~1\ianb~1.jon\startm~1\programs\startup\paperm~2.lnk - c:\program files\papermaster pro 7.0\J2GTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\acroba~1.lnk - c:\program files\adobe\acrobat 5.0\distillr\AcroTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\efax42~1.lnk - c:\program files\efax messenger 4.2\J2GTray.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - hxxp://support.dell.com/systemprofiler/SysPro.CAB
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - hxxps://support.microsoft.com/OAS/ActiveX/MSDcode.cab
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdat ... /opuc3.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resour ... se5483.cab
DPF: {87C434E6-67DF-4D2C-9136-49E98C15FCD7} - hxxps://eplans.atlantaga.gov/ProjectDox ... lientX.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/fl ... rashim.cab
DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} - hxxps://h17000.www1.hp.com/ewfrf-JAVA/S ... anager.ocx
DPF: {AD58C149-8AE2-4878-99DC-3A164E32F814} - hxxp://appsnet.bentley.com/myselectcd/SAXFileEE.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - hxxp://wwwimages.adobe.com/www.adobe.co ... nos/gp.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shoc ... wflash.cab
DPF: {D821DC4A-0814-435E-9820-661C543A4679} - hxxp://drmlicense.one.microsoft.com/crl ... crlocx.ocx
DPF: {DB90DEA9-0897-4B02-9FE0-1E321A22EAB0} - hxxps://eplans.atlantaga.gov/ProjectDox ... atZip2.cab
DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} - hxxp://h30155.www3.hp.com/ediags/hpfix/ ... gh.cab?326
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\ianb~1.jon\applic~1\mozilla\firefox\profiles\2j9b9s2u.default\

============= SERVICES / DRIVERS ===============

R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [2008-8-9 29808]
R2 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [2009-3-30 50192]
R2 tmpreflt;tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [2009-3-30 36368]
R2 TmProxy;Trend Micro Proxy Service;c:\program files\trend micro\internet security\TmProxy.exe [2009-3-30 677128]
R2 WebrootSpySweeperService;Webroot Spy Sweeper Engine;c:\program files\webroot\spy sweeper\SpySweeper.exe [2008-8-9 3585384]
S3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\nos\bin\getPlus_HelperSvc.exe [2008-9-19 33176]
S3 rootrepeal;rootrepeal;\??\c:\windows\system32\drivers\rootrepeal.sys --> c:\windows\system32\drivers\rootrepeal.sys [?]

=============== Created Last 30 ================

2009-05-22 15:25 <DIR> --d----- c:\docume~1\ianb~1.jon\applic~1\Malwarebytes
2009-05-22 14:54 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-05-22 14:54 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-22 14:54 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-05-22 14:54 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-05-19 16:02 410,984 a------- c:\windows\system32\deploytk.dll
2009-05-19 16:02 73,728 a------- c:\windows\system32\javacpl.cpl
2009-05-06 18:26 <DIR> --d----- c:\windows\system32\KB905474
2009-05-04 09:54 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-05-04 09:54 <DIR> --d----- c:\program files\SUPERAntiSpyware
2009-05-04 09:54 <DIR> --d----- c:\docume~1\ianb~1.jon\applic~1\SUPERAntiSpyware.com
2009-04-27 19:17 <DIR> --d-h--- c:\windows\msdownld.tmp

==================== Find3M ====================

2009-04-02 19:08 50,192 a----r-- c:\windows\system32\drivers\tmactmon.sys
2009-04-02 19:08 50,192 a----r-- c:\windows\system32\drivers\tmevtmgr.sys
2009-04-02 19:08 153,104 a----r-- c:\windows\system32\drivers\tmcomm.sys
2009-03-30 16:32 1,195,512 a----r-- c:\windows\system32\drivers\vsapint.sys
2009-03-30 16:32 205,328 a----r-- c:\windows\system32\drivers\tmxpflt.sys
2009-03-30 16:32 80,400 a----r-- c:\windows\system32\drivers\tmtdi.sys
2009-03-30 16:32 36,368 a----r-- c:\windows\system32\drivers\tmpreflt.sys
2009-03-21 10:06 989,696 -----r-- c:\windows\system32\dllcache\kernel32.dll
2009-03-06 10:22 284,160 a----r-- c:\windows\system32\pdh.dll
2009-03-06 10:22 284,160 -----r-- c:\windows\system32\dllcache\pdh.dll
2009-03-02 20:18 826,368 a----r-- c:\windows\system32\wininet.dll
2009-03-02 20:18 826,368 a----r-- c:\windows\system32\dllcache\wininet.dll
2009-02-28 00:54 636,072 -----r-- c:\windows\system32\dllcache\iexplore.exe
2006-10-31 18:45 88 -c-shr-- c:\windows\system32\138EC67ADF.sys
2006-10-31 18:45 3,350 ac-shr-- c:\windows\system32\KGyGaAvL.sys
2008-09-12 11:39 32,768 a--shr-- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008091220080913\index.dat

============= FINISH: 15:33:35.57 ===============
Malwarebytes' Anti-Malware 1.36
Database version: 2166
Windows 5.1.2600 Service Pack 3

5/22/2009 3:22:03 PM
mbam-log-2009-05-22 (15-22-03).txt

Scan type: Full Scan (C:\|)
Objects scanned: 168608
Time elapsed: 23 minute(s), 20 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


Here is the MalwareBytes scan log and new dds stuff.
I could not run the program as long as I was the user.
I had to start in safe mode and log in as the administrator to run it.
It then ran fine and the log is enclosed above.
sundial03
Active Member
 
Posts: 13
Joined: May 12th, 2009, 4:41 pm

Re: I cannot install updates and system restore does not work.

Unread postby Rodav » May 23rd, 2009, 8:47 pm

Sorry for the delay, I have asked for some second opinions. Hang on in there.
User avatar
Rodav
MRU Master Emeritus
 
Posts: 1481
Joined: April 19th, 2007, 6:44 am
Location: Here, there and yonder.

Re: I cannot install updates and system restore does not work.

Unread postby Rodav » May 24th, 2009, 1:12 pm

Have you ever used Symantec or are currently using any of its products? If not we can clear out any leftovers in case it may be causing any issues. Also Spy Sweeper has a reputation of sometimes interfering with the scans we use, ideally I would like you to uninstall it until after we are finished but at the very least it should be disabled.

When you have Spy Sweeper uninstalled or disabled, please try running OTS again and see if it manages to run correctly.
User avatar
Rodav
MRU Master Emeritus
 
Posts: 1481
Joined: April 19th, 2007, 6:44 am
Location: Here, there and yonder.
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 367 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware