Jump to content


Photo
- - - - -

Updating error PROGRAM_ERROR_UPDATING (404,0,HTTPStatusCode)


  • This topic is locked This topic is locked
10 replies to this topic

#1 Andrew_Holding

Andrew_Holding

    New Member

  • Members
  • Pip
  • 10 posts

Posted 03 September 2012 - 02:39 AM

It appears I have an infection - although there are a number of things that all happened in a short period of time.

A day or so after my McAfee subscription expired - my daughter tried to install service pack3 for windows XP (apparently the new I Pod Nano needs this to sync properly!
Windows wouldn't start up following this - and despite trying to reconfigure various .dll files etc. in the end I had to resort to the windows system disc - although I used the repair option - I went through the same process as re-installing windows. Although this got windows running - I couldn't open McAfee at all and had to remove it completely. That day my Netgear router died - and I have installed an old D-Link wireless router. Although I sometimes can get a browser connection this seems to be intermittent at best. The honest answer is I don't know if I have a windows issue, router issue / some kind of conflict - or a virus!
I posted on the link link below

http://forums.malwar...howtopic=115213

I have run DDS and the logs are attached.


I have also run Roguekiller - report attached




Any help in resolving this issue will be gratefully received

Andrew

Attached Files



#2 Maniac

Maniac

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 21,404 posts
  • Gender:Male
  • Location:Bulgaria, EU

Posted 03 September 2012 - 06:56 AM

Hello Andrew! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:
  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.

Your system is infected, so let's take care for that.

Step 1

Please uninstall the following applications:

Ask Toolbar
Ask Toolbar Updater
Ask.com Search Assistant 1.0.2
BitTorrent
Conduit Engine
Viewpoint Media Player



Step 2

Please download Rkill to your desktop. There are two main different versions. If one of them won't run then download and try to run the other one. You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.


  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the second RKill version. Do not reboot until instructed. If the tool does not run from any of the links provided, please let me know.
  • When the scan is done Notepad will open with rKill log. Post it in your next reply.

    NOTE: rKill.txt log will also be present on your desktop.


    Step 3

    [list]
  • Launch Malwarebytes' Anti-Malware
  • Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
  • Go to Scanner tab and select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.


Step 4

Download aswMBR.exe to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan
Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply
Posted Image


In your next reply, post the following log files:

  • RKill log
  • Malwarebytes' Anti-Malware log
  • aswMBR log
  • a new fresh DDS log

My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here paypal.gif

#3 Andrew_Holding

Andrew_Holding

    New Member

  • Members
  • Pip
  • 10 posts

Posted 03 September 2012 - 05:49 PM

Hi Maniac

RKill log

The second of the links provided allowed iExplore.exe to run and produce the following Rkill log:

Rkill 2.3.4 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingc...opic308364.html

Program started at: 09/03/2012 08:20:19 PM in x86 mode.
Windows Version: Microsoft Windows XP Service Pack 2

Checking for Windows services to stop.

* No malware services found to stop.

Checking for processes to terminate.

* C:\WINDOWS\stsystra.exe (PID: 800) [WD-HEUR]
* C:\WINDOWS\System32\DLA\DLACTRLW.EXE (PID: 1464) [WD-HEUR]

2 proccesses terminated!

Checking Registry for malware related settings.

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
* HKCU\SOFTWARE\Classes\.exe "@" exists and is set to exefile!
* HKCU\SOFTWARE\Classes\.exe has been deleted!
* HKCU\SOFTWARE\Classes\exefile has been deleted!


Performing miscellaneous checks.

* Windows Firewall Disabled

[HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = dword:00000000

Checking Windows Service Integrity:

* Background Intelligent Transfer Service (BITS) is not Running.
Startup Type set to: Manual

* atapi => \SystemRoot\system32\DRIVERS\atapi.sys [Incorrect ImagePath]

Searching for Missing Digital Signatures:

* No issues found.

Program finished at: 09/03/2012 08:22:10 PM
Execution time: 0 hours(s), 1 minute(s), and 50 seconds(s)

Went to Malwarebytes update and got the following error message PROGRAM_ERROR_UPDATING (0,0, Timeout)
Got a more up to date copy of the database from another laptop and ran quick scan - log below

Malwarebytes Anti-Malware (Trial) 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.27.04

Windows XP Service Pack 2 x86 NTFS
Internet Explorer 6.0.2900.2180
Andrew :: BOB [administrator]

Protection: Enabled

03/09/2012 21:02:51
mbam-log-2012-09-03 (21-02-51).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 414865
Time elapsed: 1 hour(s), 31 minute(s), 20 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 3
C:\Documents and Settings\Becky\My Documents\Downloads\CCleaner_Setup (1).exe (PUP.Bundle.Installer.OI) -> Quarantined and deleted successfully.
C:\Documents and Settings\Becky\My Documents\Downloads\CCleaner_Setup (2).exe (PUP.Bundle.Installer.OI) -> Quarantined and deleted successfully.
C:\Documents and Settings\Becky\My Documents\Downloads\CCleaner_Setup.exe (PUP.Bundle.Installer.OI) -> Quarantined and deleted successfully.

(end)
Ran aswMBR - log below

swMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-09-03 23:41:17
-----------------------------
23:41:17.921 OS Version: Windows 5.1.2600 Service Pack 2
23:41:17.921 Number of processors: 2 586 0x604
23:41:17.921 ComputerName: BOB UserName:
23:41:18.562 Initialize success
23:41:43.015 AVAST engine download error: 0
23:41:43.171 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-2
23:41:43.171 Disk 0 Vendor: WDC_WD16 10.0 Size: 152587MB BusType: 3
23:41:43.171 Disk 0 MBR read successfully
23:41:43.171 Disk 0 MBR scan
23:41:43.187 Disk 0 unknown MBR code
23:41:43.187 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 54 MB offset 63
23:41:43.187 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 109638 MB offset 112455
23:41:43.187 Disk 0 Partition - 00 0F Extended LBA 38130 MB offset 224669025
23:41:43.218 Disk 0 Partition 3 00 DB CP/M / CTOS MSDOS5.0 4753 MB offset 302760990
23:41:43.250 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 38130 MB offset 224669088
23:41:43.250 Disk 0 scanning sectors +312496380
23:41:43.312 Disk 0 scanning C:\WINDOWS\system32\drivers
23:41:54.812 Service scanning
23:42:09.703 Modules scanning
23:42:43.312 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Andrew\Desktop\MBR.dat"
23:42:43.312 The log file has been saved successfully to "C:\Documents and Settings\Andrew\Desktop\aswMBR.txt"
23:43:01.406 Module: C:\WINDOWS\System32\DLA\DLADResN.SYS **SUSPICIOUS**
23:43:17.375 Disk 0 trace - called modules:
23:43:17.375 ntkrnlpa.exe CLASSPNP.SYS disk.sys sfsync04.sys hal.dll iaStor.sys
23:43:17.390 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x871c9030]
23:43:17.390 3 CLASSPNP.SYS[f754505b] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-2[0x8715e030]
23:43:17.390 Scan finished successfully
23:43:38.843 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Andrew\Desktop\MBR.dat"
23:43:38.921 The log file has been saved successfully to "C:\Documents and Settings\Andrew\Desktop\aswMBR2.txt"

DDS log

DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 6.0.2900.2180
Run by Andrew at 23:44:37 on 2012-09-03
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1022.333 [GMT 1:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Dell Photo AIO Printer 944\memcard.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Dell Photo AIO Printer 944\dlcdmon.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\1232904073\ee\AOLSoftware.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Common Files\Panasonic\HD Writer AutoStart\HDWriterAutoStart.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\dlcdcoms.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\MICROS~2\OFFICE11\OUTLOOK.EXE
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Documents and Settings\Andrew\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Andrew\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Documents and Settings\Andrew\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Documents and Settings\Andrew\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Documents and Settings\Andrew\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Andrew\My Documents\Downloads\aswMBR.exe
C:\WINDOWS\system32\NOTEPAD.EXE
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.co.uk/ig/dell?hl=en&client=dell-usuk&channel=uk&ibd=5061010
uSearch Page = hxxp://www.google.com
uDefault_Page_URL = www.google.co.uk/ig/dell?hl=en&client=dell-usuk&channel=uk&ibd=5061010
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mDefault_Search_URL = hxxp://www.google.com/ie
mSearch Page = hxxp://www.google.com
mSearch Bar = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - No File
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7529.1424\swg.dll
BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - No File
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: Brothersoft Toolbar: {e8de9422-3b2c-4243-bf6f-235da84d8ef8} - c:\program files\brothersoft\prxtbBro2.dll
TB: Brothersoft Toolbar: {e8de9422-3b2c-4243-bf6f-235da84d8ef8} - c:\program files\brothersoft\prxtbBro2.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [DellSupport] "c:\program files\dell support\DSAgnt.exe" /startup
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Google Update] "c:\documents and settings\becky\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [Clownfish] "c:\program files\clownfish\Clownfish.exe"
uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe"
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
mRun: [DLCDCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\DLCDtime.dll,_RunDLLEntry@16
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [SpeedTouch USB Diagnostics] "c:\program files\thomson\speedtouch usb\Dragdiag.exe" /icon
mRun: [RealTray] c:\program files\real\realplayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
mRun: [NPSStartup]
mRun: [MemoryCardManager] "c:\program files\dell photo aio printer 944\memcard.exe"
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\Iaanotif.exe
mRun: [DMXLauncher] c:\program files\dell\media experience\DMXLauncher.exe
mRun: [dlcdmon.exe] "c:\program files\dell photo aio printer 944\dlcdmon.exe"
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [Corel Photo Downloader] c:\program files\corel\corel photo album 6\MediaDetect.exe
mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\cli.exe" runtime -Delay
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [AOL Spyware Protection] "c:\progra~1\common~1\aol\aolspy~1\AOLSP Scheduler.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Norton Ghost 10.0] "c:\program files\norton ghost\agent\GhostTray.exe"
mRun: [HostManager] c:\program files\common files\aol\1232904073\ee\AOLSoftware.exe
mRun: [AOLDialer] c:\program files\common files\aol\acs\AOLDial.exe
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [D-Link AirPlus G] c:\program files\d-link\airplus g\AirGCFG.exe
mRun: [ANIWZCS2Service] c:\program files\ani\aniwzcs2 service\WZCSLDR2.exe
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
dRunOnce: [RunNarrator] Narrator.exe
dRunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\aol90t~1.lnk - c:\program files\aol 9.0\aoltray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\bdarem~1.lnk - c:\program files\usb tv\em28xx\BDARemote.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hdwrit~1.lnk - c:\program files\common files\panasonic\hd writer autostart\HDWriterAutoStart.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\runnin~1.lnk - c:\program files\wificonnector\NintendoWFCReg.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\servic~1.lnk - c:\program files\microsoft sql server\80\tools\binn\sqlmangr.exe
IE: &Search
IE: &Windows Live Search - c:\program files\windows live toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
Trusted Zone: internet
Trusted Zone: mcafee.com
DPF: {00B71CFB-6864-4346-A978-C0A14556272C} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - hxxps://support.microsoft.com/OAS/ActiveX/MSDcode.cab
DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.1.71.0.cab
DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file:///C:/Program%20Files/Peggle%20Nights/Images/stg_drm.ocx
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.srtest.com/srl_bin/sysreqlab_srl.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
DPF: {40F576AD-8680-4F9E-9490-99D069CD665F} - hxxp://srtest-cdn.systemrequirementslab.com.s3.amazonaws.com/bin/sysreqlabdetect.cab
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}
DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} - hxxp://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1230296713453
DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} - hxxp://www.systemrequirementslab.com/sysreqlab2.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1345469201437
DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} - hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - hxxp://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} - hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - file:///C:/Program%20Files/Peggle%20Nights/Images/armhelper.ocx
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{593A063A-B756-4490-922A-E2B3026D0D63} : DhcpNameServer = 192.168.1.1
Filter: application/x-internet-signup - {A173B69A-1F9B-4823-9FDA-412F641E65D6} - c:\program files\tiscali\tiscali internet\dlls\tiscalifilter.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
AppInit_DLLs: whlphe.dll tfrexi.dll nyuqhx.dll ebdkpg.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Notification Packages = scecli scecli
.
============= SERVICES / DRIVERS ===============
.
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-10-6 54752]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-9-2 655944]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R3 dlcd_device;dlcd_device;c:\windows\system32\dlcdcoms.exe -service --> c:\windows\system32\dlcdcoms.exe -service [?]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-9-2 22344]
S0 sppqy;sppqy;c:\windows\system32\drivers\vrfugrz.sys --> c:\windows\system32\drivers\vrfugrz.sys [?]
S2 Apache2.2;Remote Access Media Server;"c:\program files\common files\singleclick systems\apache\bin\httpd.exe" -k runservice --> c:\program files\common files\singleclick systems\apache\bin\httpd.exe [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 dsl-db;Remote Access DB;"c:\program files\common files\singleclick systems\mysql\bin\mysqld.exe" --defaults-file="c:\program files\common files\singleclick systems\mysql\my.ini" dsl-db --> c:\program files\common files\singleclick systems\mysql\bin\mysqld.exe [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-30 135664]
S3 ActionReplayDS;ActionReplayDS;c:\windows\system32\drivers\ActionReplayDS.sys [2011-4-15 29184]
S3 bbcap;bbcap;c:\windows\system32\drivers\bbcap.sys [2011-6-21 4096]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-4-28 704872]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2010-6-1 36608]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-1-30 135664]
S3 scrcap;scrcap;c:\windows\system32\drivers\scrcap.sys [2006-12-27 9006]
S3 vidcap;vidcap;c:\windows\system32\drivers\vidcap.sys [2006-12-27 9006]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-09-02 13:34:59 -------- d-----w- c:\documents and settings\andrew\application data\Malwarebytes
2012-09-02 13:34:53 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-02 13:34:53 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-09-02 13:34:53 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2012-08-28 20:42:35 -------- d-----w- c:\program files\common files\PC Utility Kit
2012-08-28 20:42:34 -------- d-----w- c:\program files\PC Utility Kit
2012-08-28 20:42:34 -------- d-----w- c:\documents and settings\all users\application data\PC Utility Kit
2012-08-26 16:40:29 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll
2012-08-26 16:40:29 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll
2012-08-26 16:40:29 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll
2012-08-26 16:40:28 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll
2012-08-26 16:40:28 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll
2012-08-26 16:40:28 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll
2012-08-26 16:40:28 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll
2012-08-21 22:38:59 76288 -c--a-w- c:\windows\system32\dllcache\uniime.dll
2012-08-21 22:37:59 53248 -c--a-w- c:\windows\system32\dllcache\nextlink.dll
2012-08-21 22:36:55 7680 -c--a-w- c:\windows\system32\dllcache\ftpctrs2.dll
2012-08-21 22:35:58 7168 -c--a-w- c:\windows\system32\dllcache\wamregps.dll
2012-08-21 22:32:33 16384 -c--a-w- c:\windows\system32\dllcache\isignup.exe
2012-08-21 22:32:33 16384 ----a-w- c:\program files\internet explorer\connection wizard\isignup.exe
2012-08-21 21:57:32 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll
2012-08-21 21:57:32 24661 ----a-w- c:\windows\system32\spxcoins.dll
2012-08-21 21:57:32 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll
2012-08-21 21:57:32 13312 ----a-w- c:\windows\system32\irclass.dll
2012-08-21 21:57:26 22339 ----a-r- c:\windows\SET282.tmp
2012-08-21 21:57:26 10559 ----a-r- c:\windows\SET283.tmp
2012-08-21 21:57:08 13753 ----a-r- c:\windows\SET23F.tmp
2012-08-21 21:57:06 1086058 ----a-r- c:\windows\SET233.tmp
2012-08-21 21:57:05 106147 ----a-r- c:\windows\SET230.tmp
2012-08-20 15:25:12 19569 ----a-w- c:\windows\000001_.tmp
2012-08-20 15:05:01 331805736 ----a-w- c:\windows\WindowsXP-KB936929-SP3-x86-ENU.exe
2012-08-19 20:42:31 -------- d-----w- c:\program files\iPod
2012-08-19 20:42:21 -------- d-----w- c:\program files\iTunes
2012-08-19 20:41:18 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll
2012-08-19 20:41:18 43520 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2012-08-19 20:39:14 -------- d-----w- c:\program files\Bonjour
2012-08-12 22:53:45 -------- d-----w- c:\documents and settings\andrew\application data\Nectar Search Toolbar for Chrome
.
==================== Find3M ====================
.
2012-07-15 21:34:45 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-07-15 21:34:44 476976 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-07-15 21:34:44 472880 ----a-w- c:\windows\system32\deployJava1.dll
2012-07-15 21:34:23 0 ----a-w- c:\windows\system32\REN137.tmp
2012-07-15 21:34:23 0 ----a-w- c:\windows\system32\REN136.tmp
2012-07-15 21:34:23 0 ----a-w- c:\windows\system32\REN135.tmp
2012-07-15 10:41:46 4184 --sha-w- c:\windows\system32\KGyGaAvL.sys
2012-07-05 20:21:21 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2012-07-05 20:21:20 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2009-10-27 19:28:59 4727808 ----a-w- c:\program files\Works632_en-US.msi
2008-10-30 13:33:37 67167528 ----a-w- c:\program files\iTunes801Setup.exe
2008-10-26 16:34:46 183 ----a-w- c:\program files\run_mod.bat
2008-10-26 16:34:46 167 ----a-w- c:\program files\run_studiomdl.bat
2008-10-26 16:34:46 162 ----a-w- c:\program files\run_hlmv.bat
2008-10-26 16:34:46 105 ----a-w- c:\program files\run_hammer.bat
.
============= FINISH: 23:47:49.31 ===============

Attach log



UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 21/08/2012 23:40:00
System Uptime: 03/09/2012 23:00:01 (0 hours ago)
.
Motherboard: Dell Inc. | | 0WG864
Processor: Intel® Pentium® D CPU 3.40GHz | Microprocessor | 3391/800mhz
Processor: Intel® Pentium® D CPU 3.40GHz | Microprocessor | 3391/800mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 107 GiB total, 30.2 GiB free.
D: is FIXED (NTFS) - 37 GiB total, 37.165 GiB free.
E: is CDROM ()
F: is CDROM ()
G: is Removable
H: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: D-Link AirPlus G DWL-G122 Wireless USB Adapter(rev.C)
Device ID: USB\VID_07D1&PID_3C03\5&FAE28C5&0&3
Manufacturer: D-Link
Name: D-Link AirPlus G DWL-G122 Wireless USB Adapter(rev.C)
PNP Device ID: USB\VID_07D1&PID_3C03\5&FAE28C5&0&3
Service: RT73
.
==== System Restore Points ===================
.
RP1: 22/08/2012 06:31:22 - System Checkpoint
RP2: 25/08/2012 11:49:01 - System Checkpoint
RP3: 26/08/2012 15:54:14 - System Checkpoint
RP4: 26/08/2012 17:18:36 - Removed CONNECT.
RP5: 26/08/2012 17:38:19 - Installed QuickTime
RP6: 27/08/2012 14:49:54 - Removed McAfee Virtual Technician
RP7: 28/08/2012 15:10:34 - System Checkpoint
RP8: 02/09/2012 13:02:48 - System Checkpoint
RP9: 03/09/2012 13:58:54 - System Checkpoint
RP10: 03/09/2012 19:12:00 - Removed Ask Toolbar.
RP11: 03/09/2012 19:52:27 - Installed AirPlus G
.
==== Installed Programs ======================
.
2 Player Chess
944plc32
ABBYY FineReader 6.0 Sprint
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.1.3
Adobe Shockwave Player 11.5
AirPlus G
angusScreenSaver
ANIO Service
ANIWZCS2 Service
AOL Spyware Protection
AOL Uninstaller (Choose which Products to Remove)
AOL You've Got Pictures Screensaver
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ARTEuro
ATI AVIVO Codecs
ATI Catalyst Control Center
ATI Display Driver
ATI Parental Control & Encoder
Audacity 1.2.6
AXIS Media Control Embedded
Blast Thru Special Edition
Bonjour
Catz 5
Clownfish for Skype
Compatibility Pack for the 2007 Office system
Conexant D850 56K V.9x DFVc Modem
Corel Photo Album 6
Counter-Strike 2D 0.1.2.0
Crispy Splasher 1.0
CustomPlay Golf 1.52
Dell CinePlayer
Dell Driver Reset Tool
Dell Photo AIO Printer 944
Dell Resource CD
Dell Support 3.2
Dell System Restore
Digital Line Detect
DirectX Media Runtime 5.1
doctor_who Screen Saver
Dominion
Dominoes Deluxe
Driving Test Success - All Tests (2008-2009)
Drone
eGames Galaxy of WinGames
eGames Mini Golf Master 2
Elmo Screen Saver Version 1.0
ESPNMotion
Frogger v1.1e
Galaxy Man
Game Chest
GemMaster Mystic
Geo Jump
getPlus®_ocx
Google Chrome
Google Earth
Google Earth Plug-in
Google Toolbar for Internet Explorer
Google Update Helper
Google Video Player
hairspray_screensaver
Harry Potter Order of the Phoenix Screen Saver
HD Writer AE 3.0
Hotel Giant
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
In The Night Garden Screen Saver
Indeo® software
Intel® Matrix Storage Manager
Intel® PRO Network Connections
iTunes
J2SE Runtime Environment 5.0 Update 10
Java Auto Updater
Java™ 6 Update 33
Junk Mail filter update
Juxto
LazyTown ScreenSaver 6000
Learn2 Player (Uninstall Only)
Lemmings Revolution
Lexicon Special Edition
LiveUpdate 2.6 (Symantec Corporation)
MahJongg Game of Four Winds SE
Malwarebytes Anti-Malware version 1.62.0.1300
Map Button (Windows Live Toolbar)
MCU
Medal of Honor Allied Assault
MetaFrame Presentation Server Web Client for Win32
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft .NET Framework 4 Multi-Targeting Pack
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft MPEG-4 VKI Video Codec V1/V2/V3
Microsoft Office File Validation Add-In
Microsoft Office Live Add-in 1.5
Microsoft Office Outlook 2003 with Business Contact Manager Update
Microsoft Office Outlook Connector
Microsoft Office Professional Edition 2003
Microsoft Silverlight
Microsoft Speech API 3.0
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server Compact 3.5 SP2 ENU
Microsoft SQL Server Desktop Engine (MICROSOFTSMLBIZ)
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Works 6-9 Converter
Microsoft XNA Framework Redistributable 4.0
MobileMe Control Panel
Modem Helper
MSN
MSVCRT
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
MSXML 6 Service Pack 2 (KB973686)
Nectar Search Toolbar for Chrome
NetWaiting
NVIDIA Drivers
NVIDIA PhysX
OneCare Advisor (Windows Live Toolbar)
OpenAL
OpenMG Limited Patch 4.4-06-13-19-01
OpenMG Secure Module 4.4.00
Otto
Pando Media Booster
PC Connectivity Solution
PC Utility Kit
Petz 3
Pirates Of The Caribbean At Worlds End Screen Saver
Pokemon Online 2.0.05d
Pokemon Online version 1.0.51
Popup Blocker (Windows Live Toolbar)
Puppy Luv
QuickTime
RealPlayer Basic
Roll
RollerCoaster Tycoon 2
RollerCoaster Tycoon 3
Roxio DLA
Roxio MyDVD LE
Roxio RecordNow Audio
Roxio RecordNow Copy
Roxio RecordNow Data
Safari
SAMSUNG CDMA Modem Driver Set
SAMSUNG Mobile Modem V2 Software
SAMSUNG Mobile USB Modem 1.0 Software
Screensavers Installer Version 2
SearchAssist
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Sega Smash Pack
Segoe UI
Skype Toolbars
Skype™ 5.1
Smart Menus (Windows Live Toolbar)
Sonic Activation Module
Sonic Encoders
Space Solitaire
SpeedTouch USB Software
System Requirements Lab
System Requirements Lab CYRI
The Oxbridge Reference Collection
The Simpsons Movie Screen Saver
The Sims Makin' Magic
Theme Hospital
Tiscali Internet
Tiscali Music Downloads
Total Recall
Tots TV Screen Saver
tunnel Screen Saver
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update Rollup 2 for Windows XP Media Center Edition 2005
URL Assistant
Ventrilo Client
VideoEgg Publisher
VirtualCom driver
WA Update v3.50 beta2
Wanadoo Europe Installer
WebFldrs XP
Windows Driver Package - Advanced Micro Devices, Inc. (USB28xxBGA) Media (08/31/2007 5.7.0831.0)
Windows Driver Package - eMPIA Technology Inc, (emAudio) MEDIA (08/31/2007 5.7.0831.0)
Windows Driver Package - MobileTop (sshpmdm) Modem (01/26/2008 2.6.0.0)
Windows Driver Package - MobileTop (sshpmdm) Modem (02/23/2007 2.5.0.0)
Windows Driver Package - MobileTop (sshpusb) USB (02/23/2007 2.5.0.0)
Windows Driver Package - Nokia pccsmcfd (10/12/2007 6.85.4.0)
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live Favorites for Windows Live Toolbar
Windows Live Mail
Windows Live Messenger
Windows Live Outlook Toolbar (Windows Live Toolbar)
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Toolbar Extension (Windows Live Toolbar)
Windows Live Toolbar Feed Detector (Windows Live Toolbar)
Windows Live Upload Tool
Windows Live Writer
Windows Media Format 11 runtime
Windows Media Format Runtime
Windows Media Player 11
Windows PowerShell™ 1.0
Windows XP Media Center Edition 2005 KB908246
Worms Armageddon
WWRY Screensaver
XviD MPEG-4 Video Codec
YouTube Downloader 2.5.3
.
==== Event Viewer Messages From Past Week ========
.
27/08/2012 14:48:18, error: Service Control Manager [7038] - The Apache2.2 service was unable to log on as .\SingleClick Admin with the currently configured password due to the following error: Logon failure: unknown user name or bad password. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
27/08/2012 14:48:18, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Microsoft .NET Framework NGEN v4.0.30319_X86 service to connect.
27/08/2012 14:48:18, error: Service Control Manager [7000] - The Remote Access Media Server service failed to start due to the following error: The service did not start due to a logon failure.
27/08/2012 14:48:18, error: Service Control Manager [7000] - The Remote Access DB service failed to start due to the following error: The system cannot find the path specified.
27/08/2012 11:00:19, error: PlugPlayManager [11] - The device Root\LEGACY_MFESMFK\0000 disappeared from the system without first being prepared for removal.
27/08/2012 11:00:19, error: PlugPlayManager [11] - The device Root\LEGACY_MFERKDK\0000 disappeared from the system without first being prepared for removal.
27/08/2012 11:00:18, error: PlugPlayManager [11] - The device Root\LEGACY_MFEHIDK\0000 disappeared from the system without first being prepared for removal.
27/08/2012 11:00:18, error: PlugPlayManager [11] - The device Root\LEGACY_MFEBOPK\0000 disappeared from the system without first being prepared for removal.
27/08/2012 11:00:18, error: PlugPlayManager [11] - The device Root\LEGACY_MFEAVFK\0000 disappeared from the system without first being prepared for removal.
27/08/2012 10:41:03, error: DCOM [10000] - Unable to start a DCOM Server: {CDECC4C3-7377-11D3-9A6C-00C04FF40D52}. The error: "%3" Happened while starting this command: c:\PROGRA~1\mcafee.com\shared\mghtml.exe -Embedding
03/09/2012 19:21:40, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the dlcd_device service to connect.
03/09/2012 19:21:40, error: Service Control Manager [7000] - The dlcd_device service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
03/09/2012 19:21:40, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service dlcd_device with arguments "" in order to run the server: {323CE21C-A448-40AA-BA74-7FCF1E441067}
02/09/2012 23:23:26, error: DCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {D851F103-8C90-4321-AFF0-58BA5BD421C2} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18). This security permission can be modified using the Component Services administrative tool.
02/09/2012 21:28:55, error: Dhcp [1002] - The IP address lease 192.168.1.5 for the Network Card with network address 001676CC4163 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
02/09/2012 20:53:07, error: ipnathlp [32003] - The Network Address Translator (NAT) was unable to request an operation of the kernel-mode translation module. This may indicate misconfiguration, insufficient resources, or an internal error. The data is the error code.
02/09/2012 20:53:05, error: Dhcp [1002] - The IP address lease 192.168.1.4 for the Network Card with network address 001676CC4163 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
.
==== End Of File ===========================

Best Regards
Andrew

#4 Maniac

Maniac

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 21,404 posts
  • Gender:Male
  • Location:Bulgaria, EU

Posted 04 September 2012 - 06:46 AM

You still couldn't update Malwarebytes' Anti-Malware?
My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here paypal.gif

#5 Andrew_Holding

Andrew_Holding

    New Member

  • Members
  • Pip
  • 10 posts

Posted 04 September 2012 - 01:34 PM

I still couldn't update and got PROGRAM_ERROR_UPDATING (0,0, Timeout)

Andrew

#6 Andrew_Holding

Andrew_Holding

    New Member

  • Members
  • Pip
  • 10 posts

Posted 04 September 2012 - 01:58 PM

Ran mbam-rules.exe on laptop & transferred from my laptop through USB memory stick and run = database is now 7 days out of date

On start up today got the following error messages
The procedure entry point appGetInterfacecount could not be located in the dynamic link library wlanapi.dll - clicked OK and got second message The procedure entry point apsinitialize could not be located in the dynamic link library wlanapi.dll
Getting an internet connection is difficult
Andrew

#7 Maniac

Maniac

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 21,404 posts
  • Gender:Male
  • Location:Bulgaria, EU

Posted 05 September 2012 - 07:16 AM

Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here paypal.gif

#8 Andrew_Holding

Andrew_Holding

    New Member

  • Members
  • Pip
  • 10 posts

Posted 06 September 2012 - 01:28 PM

Hi

Farbar log below


Farbar Service Scanner Version: 06-08-2012
Ran by Andrew (administrator) on 06-09-2012 at 19:26:47
Running from "C:\Documents and Settings\Andrew\My Documents\Downloads"
Microsoft Windows XP Professional Service Pack 2 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys
[2004-08-10 12:00] - [2004-08-10 12:00] - 0162816 ____A (Microsoft Corporation) 0C80E410CD2F47134407EE7DD19CC86B

C:\WINDOWS\system32\Drivers\tcpip.sys
[2004-08-10 12:00] - [2004-08-10 12:00] - 0359040 ____A (Microsoft Corporation) 9F4B36614A0FC234525BA224957DE55C

C:\WINDOWS\system32\Drivers\ipsec.sys
[2004-08-10 12:00] - [2004-08-10 12:00] - 0074752 ____A (Microsoft Corporation) 64537AA5C003A6AFEEE1DF819062D0D1

C:\WINDOWS\system32\dnsrslvr.dll
[2004-08-10 12:00] - [2004-08-10 12:00] - 0045568 ____A (Microsoft Corporation) 7379DE06FD196E396A00AA97B990C00D

C:\WINDOWS\system32\ipnathlp.dll
[2004-08-10 12:00] - [2004-08-10 12:00] - 0331264 ____A (Microsoft Corporation) 36CC8C01B5E50163037BEF56CB96DEFF

C:\WINDOWS\system32\netman.dll
[2004-08-10 12:00] - [2004-08-10 12:00] - 0198144 ____A (Microsoft Corporation) DAB9E6C7105D2EF49876FE92C524F565

C:\WINDOWS\system32\wbem\WMIsvc.dll
[2005-08-16 04:37] - [2004-08-10 12:00] - 0144896 ____A (Microsoft Corporation) F399242A80C4066FD155EFA4CF96658E

C:\WINDOWS\system32\srsvc.dll
[2005-08-16 04:40] - [2004-08-10 12:00] - 0170496 ____A (Microsoft Corporation) 92BDF74F12D6CBEC43C94D4B7F804838

C:\WINDOWS\system32\Drivers\sr.sys
[2010-02-13 15:09] - [2004-08-10 12:00] - 0073472 ____A (Microsoft Corporation) E41B6D037D6CD08461470AF04500DC24

C:\WINDOWS\system32\wscsvc.dll
[2004-08-10 12:00] - [2004-08-10 12:00] - 0081408 ____A (Microsoft Corporation) 4D59DAA66C60858CDF4F67A900F42D4A

C:\WINDOWS\system32\wbem\WMIsvc.dll
[2005-08-16 04:37] - [2004-08-10 12:00] - 0144896 ____A (Microsoft Corporation) F399242A80C4066FD155EFA4CF96658E

C:\WINDOWS\system32\wuauserv.dll
[2005-08-16 04:40] - [2004-08-10 12:00] - 0006656 ____A (Microsoft Corporation) 13D72740963CBA12D9FF76A7F218BCD8

C:\WINDOWS\system32\qmgr.dll
[2010-02-13 15:11] - [2004-08-10 12:00] - 0382464 ____A (Microsoft Corporation) 2C69EC7E5A311334D10DD95F338FCCEA

C:\WINDOWS\system32\es.dll
[2004-08-10 12:00] - [2004-08-10 12:00] - 0243200 ____A (Microsoft Corporation) ACD36A2DD7D1E9D8A060AA651DC07E63

C:\WINDOWS\system32\cryptsvc.dll
[2004-08-10 12:00] - [2004-08-10 12:00] - 0060416 ____A (Microsoft Corporation) 10654F9DDCEA9C46CFB77554231BE73B

C:\WINDOWS\system32\svchost.exe
[2004-08-10 12:00] - [2004-08-10 12:00] - 0014336 ____A (Microsoft Corporation) 8F078AE4ED187AAABC0A305146DE6716

C:\WINDOWS\system32\rpcss.dll
[2004-08-10 12:00] - [2004-08-10 12:00] - 0395776 ____A (Microsoft Corporation) 5C83A4408604F737717AB96371201680

C:\WINDOWS\system32\services.exe
[2004-08-10 12:00] - [2004-08-10 12:00] - 0108032 ____A (Microsoft Corporation) C6CE6EEC82F187615D1002BB3BB50ED4


Extra List:
=======
fssfltr(13) Gpc(6) IPSec(4) NetBT(5) PSched(7) Tcpip(3) Tcpip6(14)
0x0F000000040000000100000002000000030000000B00000005000000060000000700000008000000090000000A0000000C0000000D0000000E0000000F000000
IpSec Tag value is correct.

**** End of log ****

Andrew

#9 Maniac

Maniac

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 21,404 posts
  • Gender:Male
  • Location:Bulgaria, EU

Posted 07 September 2012 - 04:07 PM

Please follow the instructions here and then post a new fresh Farbar Service Scanner log.
http://www.bleepingc...topic43051.html
My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here paypal.gif

#10 Maurice Naggar

Maurice Naggar

    Staff

  • Moderators
  • PipPipPipPipPipPip
  • 14,550 posts
  • Gender:Male
  • Location:USA
  • Interests:Security, Windows, Windows Update, malware prevention

Posted 15 September 2012 - 10:22 AM

@ Andrew_Holding

Are you still with us? Kindly provide status update, otherwise this thread is subject to being closed.
Maurice Naggar
Product Support

staff.png

Follow us: Twitter, Become a fan: Facebook

I close my threads if there is 5 days without a response.

#11 Maurice Naggar

Maurice Naggar

    Staff

  • Moderators
  • PipPipPipPipPipPip
  • 14,550 posts
  • Gender:Male
  • Location:USA
  • Interests:Security, Windows, Windows Update, malware prevention

Posted 16 September 2012 - 12:04 PM

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!
Maurice Naggar
Product Support

staff.png

Follow us: Twitter, Become a fan: Facebook

I close my threads if there is 5 days without a response.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users