Jump to content

Recommended Posts

Hi,

I was advised after trying MBAM to remove a virus that has disable both windows updates and firewall in security center. It completely removed the security center from the services list along with the windows update listing. I was able to get the security center back on the services list but nothing I try restores the updates. BTW I am running the trial period of Malwarebytes which is suppose to be blocking all the time, apparently not? Not sure I want to pay for a program that will not stop this type of action. I appreciate any help you may be able to provide. Here is the dds text I was advised to post here:

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702

Run by H B at 14:03:17 on 2011-12-23

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1298 [GMT -5:00]

.

AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

.

============== Running Processes ===============

.

D:\PROGRA~1\AVG\AVG2012\avgrsx.exe

D:\Program Files\AVG\AVG2012\avgcsrvx.exe

D:\WINDOWS\system32\Ati2evxx.exe

D:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

D:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

D:\WINDOWS\system32\spoolsv.exe

D:\WINDOWS\system32\Ati2evxx.exe

D:\WINDOWS\Explorer.EXE

D:\WINDOWS\RTHDCPL.EXE

D:\Program Files\AVG\AVG2012\avgtray.exe

D:\WINDOWS\system32\ctfmon.exe

D:\Program Files\PeerBlock\peerblock.exe

svchost.exe

D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

D:\Program Files\SUPERAntiSpyware\SASCORE.EXE

D:\Program Files\AVG\AVG2012\avgwdsvc.exe

D:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

D:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

D:\WINDOWS\System32\svchost.exe -k HPZ12

D:\WINDOWS\system32\IoctlSvc.exe

D:\WINDOWS\System32\svchost.exe -k HPZ12

D:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe

D:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe

D:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe

D:\WINDOWS\system32\svchost.exe -k imgsvc

D:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

D:\Program Files\Xobni\XobniService.exe

D:\Program Files\AVG\AVG2012\avgnsx.exe

D:\WINDOWS\system32\wscntfy.exe

D:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

D:\Program Files\AVG\AVG2012\AVGIDSAgent.exe

D:\WINDOWS\System32\svchost.exe -k HTTPFilter

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://my.yahoo.com/

BHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - d:\program files\techsmith\snagit 9\SnagItBHO.dll

BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - d:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll

BHO: Virtual Account Numbers Helper: {17424104-1444-4810-85d7-b4da413c5a9a} - d:\program files\virtual account numbers\CitiVANHelper.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - d:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - d:\program files\avg\avg2012\avgssie.dll

BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - d:\program files\java\jre1.6.0_05\bin\ssv.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - d:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - d:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll

BHO: OToolbarHelper Class: {ead3a971-6a23-4246-8691-c9244e858967} - d:\program files\paypal\paypal plug-in\PayPalHelper.dll

BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - d:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll

BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - d:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll

TB: PayPal Plug-In: {dc0f2f93-27fa-4f84-acaa-9416f90b9511} - d:\program files\paypal\paypal plug-in\OToolbar.dll

TB: SnagIt: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - d:\program files\techsmith\snagit 9\SnagItIEAddin.dll

TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - d:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll

TB: Virtual Account Numbers: {7a21a046-b886-4a62-9d69-ef2059b0a27b} - d:\program files\virtual account numbers\CitiVANToolbar.dll

uRun: [ctfmon.exe] d:\windows\system32\ctfmon.exe

uRun: [PeerBlock] d:\program files\peerblock\peerblock.exe

uRun: [LockMagic] g:\\lockmagic.exe -pnp

mRun: [skyTel] SkyTel.EXE

mRun: [RTHDCPL] RTHDCPL.EXE

mRun: [AVG_TRAY] "d:\program files\avg\avg2012\avgtray.exe"

mRun: [<NO NAME>]

mRun: [startCCC] "d:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun

mRun: [ATICustomerCare] "d:\program files\ati\aticustomercare\ATICustomerCare.exe"

mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

mRun: [systemTray] SysTray.Exe

mRun: [Malwarebytes' Anti-Malware] "d:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

mRunServices: [Driver32]

dRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uPolicies-explorer: NoRecent DocsHistory = 1 (0x1)

mPolicies-explorer: NoRecentDocuments = 1 (0x1)

IE: Append Link Target to Existing PDF - d:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Append to Existing PDF - d:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert Link Target to Adobe PDF - d:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert to Adobe PDF - d:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xport to Microsoft Excel - d:\progra~1\micros~2\office12\EXCEL.EXE/3000

IE: LockMagic - file://g:\\lockmagic.htm

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683}

IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} - d:\program files\java\jre1.6.0_05\bin\ssv.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - d:\progra~1\micros~2\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - d:\progra~1\micros~2\office12\REFIEBAR.DLL

IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - d:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll

LSP: mswsock.dll

DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} - hxxp://support.asus.com/common/asusTek_sys_ctrl.cab

DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://javadl.sun.com/webapps/download/AutoDL?BundleId=19588

DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab

DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.4.22.0.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100

TCP: Interfaces\{56EE59B9-2DB4-4EA8-BA27-94E2331D81FF} : NameServer = 192.168.1.1

Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - d:\program files\hp\hpcoretech\comp\hpuiprot.dll

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - d:\program files\microsoft office\office12\GrooveSystemServices.dll

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - d:\program files\avg\avg2012\avgpp.dll

Notify: !SASWinLogon - d:\program files\superantispyware\SASWINLO.DLL

Notify: AtiExtEvent - Ati2evxx.dll

Notify: igfxcui - igfxdev.dll

Notify: LMIinit - LMIinit.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - d:\windows\system32\WPDShServiceObj.dll

SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - d:\program files\superantispyware\SASSEH.DLL

.

============= SERVICES / DRIVERS ===============

.

R0 AVGIDSEH;AVGIDSEH;d:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 23120]

R0 Avgrkx86;AVG Anti-Rootkit Driver;d:\windows\system32\drivers\avgrkx86.sys [2010-9-7 32592]

R1 Avgldx86;AVG AVI Loader Driver;d:\windows\system32\drivers\avgldx86.sys [2010-9-7 230608]

R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;d:\windows\system32\drivers\avgmfx86.sys [2010-9-7 40016]

R1 Avgtdix;AVG TDI Driver;d:\windows\system32\drivers\avgtdix.sys [2010-9-7 295248]

R1 SafDskNT;SafeHouse;d:\windows\system32\drivers\SafDskNT.sys [2009-12-7 78336]

R1 SASDIFSV;SASDIFSV;d:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]

R1 SASKUTIL;SASKUTIL;d:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]

R2 !SASCORE;SAS Core Service;d:\program files\superantispyware\SASCore.exe [2011-8-11 116608]

R2 AVGIDSAgent;AVGIDSAgent;d:\program files\avg\avg2012\AVGIDSAgent.exe [2011-10-12 4433248]

R2 avgwd;AVG WatchDog;d:\program files\avg\avg2012\avgwdsvc.exe [2011-8-2 192776]

R2 LMIRfsDriver;LogMeIn Remote File System Driver;d:\windows\system32\drivers\LMIRfsDriver.sys [2010-12-10 47640]

R2 MBAMService;MBAMService;d:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-7-11 366152]

R2 XobniService;XobniService;d:\program files\xobni\XobniService.exe [2010-10-21 62184]

R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;d:\windows\system32\drivers\l151x86.sys [2008-4-6 37376]

R3 AVGIDSDriver;AVGIDSDriver;d:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-19 134608]

R3 AVGIDSFilter;AVGIDSFilter;d:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-19 24272]

R3 AVGIDSShim;AVGIDSShim;d:\windows\system32\drivers\AVGIDSShim.sys [2010-8-19 16720]

R3 CH341;CH341WDM;d:\windows\system32\drivers\CH341WDM.SYS [2008-4-5 9600]

R3 MBAMProtector;MBAMProtector;d:\windows\system32\drivers\mbam.sys [2010-7-11 22216]

R3 pbfilter;pbfilter;d:\program files\peerblock\pbfilter.sys [2010-7-23 19056]

S0 pxww;pxww;d:\windows\system32\drivers\htls.sys --> d:\windows\system32\drivers\htls.sys [?]

S2 BulkUsb;USB Scanner;d:\windows\system32\drivers\usbscan.sys [2008-4-6 15104]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;d:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 LMIInfo;LogMeIn Kernel Information Provider;\??\d:\program files\logmein\x86\rainfo.sys --> d:\program files\logmein\x86\RaInfo.sys [?]

S3 Ad-Watch Connect Filter;Ad-Watch Connect Kernel Filter;\??\d:\windows\system32\drivers\nsdriver.sys --> d:\windows\system32\drivers\NSDriver.sys [?]

S3 Ad-Watch Real-Time Scanner;AW Real-Time Scanner;\??\d:\windows\system32\drivers\awrtpd.sys --> d:\windows\system32\drivers\AWRTPD.sys [?]

S3 Ad-Watch Registry Filter;Ad-Watch Registry Kernel Filter;\??\d:\windows\system32\drivers\awrtrd.sys --> d:\windows\system32\drivers\AWRTRD.sys [?]

S3 cpudrv;cpudrv;d:\program files\systemrequirementslab\cpudrv.sys [2009-12-18 11336]

S3 JBIA;JBIA;d:\docume~1\hb0166~1\locals~1\temp\jbia.exe --> d:\docume~1\hb0166~1\locals~1\temp\JBIA.exe [?]

S3 MatSvc;Microsoft Automated Troubleshooting Service;d:\program files\microsoft fix it center\Matsvc.exe [2011-6-13 267568]

S3 MBAMSwissArmy;MBAMSwissArmy;\??\d:\windows\system32\drivers\mbamswissarmy.sys --> d:\windows\system32\drivers\mbamswissarmy.sys [?]

S3 NVHDA;Service for NVIDIA High Definition Audio Driver;d:\windows\system32\drivers\nvhda32.sys --> d:\windows\system32\drivers\nvhda32.sys [?]

S3 rkhdrv40;Rootkit Unhooker Driver; [x]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;d:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

S4 LMIRfsClientNP;LMIRfsClientNP; [x]

.

=============== Created Last 30 ================

.

2011-12-23 01:58:33 -------- d-----w- d:\documents and settings\h b\local settings\application data\FixItCenter

2011-12-23 01:55:37 -------- d-----w- d:\windows\MATS

2011-12-23 01:55:37 -------- d-----w- d:\program files\Microsoft Fix it Center

2011-12-16 15:13:23 -------- d-s---w- d:\documents and settings\h b\local settings\application data\Temporary Internet Files

2011-12-14 20:56:23 -------- d-----w- D:\Macromedia

2011-12-13 17:17:19 -------- d-----w- d:\program files\SUPERAntiSpyware

2011-12-13 17:07:33 -------- d-----w- d:\documents and settings\h b\application data\SUPERAntiSpyware.com

2011-12-13 17:07:33 -------- d-----w- d:\documents and settings\all users\application data\SUPERAntiSpyware.com

2011-12-13 15:28:01 62976 -c--a-w- d:\windows\system32\dllcache\cdrom.sys

2011-12-13 15:28:01 62976 ----a-w- d:\windows\system32\drivers\cdrom.sys

2011-12-13 13:31:03 -------- d-----w- d:\documents and settings\h b\application data\AVG

2011-12-13 13:09:58 -------- d-----w- d:\documents and settings\h b\application data\AVG10

2011-12-11 23:39:26 -------- d-----w- d:\windows\system32\wbem\repository\FS

2011-12-11 23:39:26 -------- d-----w- d:\windows\system32\wbem\Repository

2011-12-06 15:15:27 -------- d-sh--r- d:\documents and settings\h b\2397-5973-7874-8623

.

==================== Find3M ====================

.

2011-12-08 13:44:12 2828 --sha-w- d:\documents and settings\all users\application data\KGyGaAvL.sys

2011-11-11 19:53:05 414368 ----a-w- d:\windows\system32\FlashPlayerCPLApp.cpl

2011-10-10 14:22:41 692736 ----a-w- d:\windows\system32\inetcomm.dll

2011-10-07 11:23:48 230608 ----a-w- d:\windows\system32\drivers\avgldx86.sys

2011-10-04 11:21:42 16720 ----a-w- d:\windows\system32\drivers\AVGIDSShim.sys

2011-09-28 07:06:50 599040 ----a-w- d:\windows\system32\crypt32.dll

2011-09-26 15:41:20 611328 ----a-w- d:\windows\system32\uiautomationcore.dll

2011-09-26 15:41:20 220160 ----a-w- d:\windows\system32\oleacc.dll

2011-09-26 15:41:14 20480 ----a-w- d:\windows\system32\oleaccrc.dll

.

============= FINISH: 14:04:04.90 ===============

attach.txt

Link to post
Share on other sites

  • 1 month later...
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.