Descent BB

 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

   Descent BB Forum Index > Tech Forum > Error Code: 0x80070002 Post new topic   Reply to topic
View previous topic :: View next topic  
Author Message
Mickey1
Hotshot




PostPosted: Sat Jul 10, 2010 12:49 pm View user's profile Reply with quote Send private message

I tried to install MS Security Essentials and when I click the install button I get error code: 0x80070002. I think I am a victim of the MS remote help attack through Instant Messenger. I started getting several:
(Hotmail account]@hotmail.com) has added you to his or her contact list. The only option that was clickable was add to contact list. I blocked IM but I ran out of free Zone Alarm today and wanted to use the free Ms Sec. Ess. Any one on the A-team out there that can help.
I try to think but nothing happens.

P.S. I'm going through Desent3 withdrawal and I'm running out of drugs fast.

_________________
Feel the Bern
Krom
DBB Admin




PostPosted: Sat Jul 10, 2010 1:45 pm View user's profile Reply with quote Send private message

Try the "fix it" thing here:
http://support.microsoft.com/kb/910336

_________________
(19:11) [D3k]Gooberman: pffft, I didnt get owned baal, you just got 60 lucky fusion shots
Mickey1
Hotshot




PostPosted: Sat Jul 10, 2010 4:20 pm View user's profile Reply with quote Send private message

Krom, Fix it worked to get MSSE Installed. It also fixed the grayed out options for NET Framework Assistant 1.1 in Fire Fox add-on manager. I should disable it?
Thanks for your help.

_________________
Feel the Bern
Mickey1
Hotshot




PostPosted: Sat Jul 10, 2010 6:43 pm View user's profile Reply with quote Send private message

I ran a full scan and it encountered a problem and stopped. Looks like the error code is for a Remote Procedure Call vulnerability. It might be a Blaster. I think Tcp-IP is used by Blaster so D3 crash might result. Is there a Fix It for this little bug?

_________________
Feel the Bern
Mickey1
Hotshot




PostPosted: Sun Jul 11, 2010 9:02 am View user's profile Reply with quote Send private message

Tried to run a scan again and got error code:0x80016ba. Tried again after a short time system reboot. In way over my head. I know where the task bar is. Any ideas on what to do next?

_________________
Feel the Bern
Krom
DBB Admin




PostPosted: Sun Jul 11, 2010 9:07 am View user's profile Reply with quote Send private message

http://www.safer-networking.org/en/download/index.html

http://www.malwarebytes.org/ (free version is sufficient)

Download those, update them, then run them (doesn't matter which order, but malwarebytes is faster).

Also if MSSE still doesn't cooperate, another option is the free version of avira: http://www.free-av.com/

_________________
(19:11) [D3k]Gooberman: pffft, I didnt get owned baal, you just got 60 lucky fusion shots
AceCombat
SpongeBob




PostPosted: Sun Jul 11, 2010 9:37 am View user's profile Reply with quote Send private message

dont forget


www.superantispyware.com

_________________
A United States Marine, is the last son-ova-bitch you ever want to piss off!!
When it has to be absolutely destroyed and eradicated of any and all enemy forces..... CALL THE MARINES!!!
Mickey1
Hotshot




PostPosted: Sun Jul 11, 2010 10:13 am View user's profile Reply with quote Send private message

Thanks for the Info and hope Krom and AceCombat. I'll see what I can do.

_________________
Feel the Bern
Mickey1
Hotshot




PostPosted: Sun Jul 11, 2010 3:40 pm View user's profile Reply with quote Send private message

I will keep at it but need a break. MalwareByets crashed the first time I ran it. The second time I got two false "this program has encountered a problem. I just let it run.

MalwareBytes found this:
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 3
Folders Infected: 18
Files Infected: 43

SpyBot-SD found Fraud.Sysguard and then crashed. Re-ran stopped scan when Fraud.Sysguard was found again then fixed it.Ran it again and it found another 67 other adware cookies.

During the scan with MalwareBytes MSSE found Win32/PowerRegSechulder and fixed it.

I have a feeling there may be more to find.
I will re run MSSE Full Scan again tomorrow.

Krom and AceCombat I cannot thank you enough for giving me a fighting chance.

_________________
Feel the Bern
Grendel
Ninja Admin




PostPosted: Sun Jul 11, 2010 4:03 pm View user's profile Reply with quote Send private message

If you do online banking, change the passwords ASAP. Make sure to log in from a clean computer.. Also keep an eye on you CCs or have them replaced if you used them online.

_________________
Borders? I have never seen one. But I have heard they exist in the minds of some people. -- Thor Heyerdahl
Durch einen Stich bereits geschafft, erschlafft und ohne Saft und Kraft! -- Donald, examining a Deflator Dextrospirillus
AceCombat
SpongeBob




PostPosted: Sun Jul 11, 2010 5:15 pm View user's profile Reply with quote Send private message

2nd that motion Wink


nothing will thank you even more than a secure PC

_________________
A United States Marine, is the last son-ova-bitch you ever want to piss off!!
When it has to be absolutely destroyed and eradicated of any and all enemy forces..... CALL THE MARINES!!!
Mickey1
Hotshot




PostPosted: Sun Jul 11, 2010 6:22 pm View user's profile Reply with quote Send private message

Grendel, No on line banking and we use one low limit CC for the internet.
Krom, Just installed adblockplus + noscript for Firefox.
Thanks again guys.

_________________
Feel the Bern
AceCombat
SpongeBob




PostPosted: Sun Jul 11, 2010 7:09 pm View user's profile Reply with quote Send private message

hehe sometimes i wonder about myself..... i run


MBAM Malware Bytes
SAS Super AntiSpyware
SB SpyBot
AVG Pro



Rolling Eyes Laughing

_________________
A United States Marine, is the last son-ova-bitch you ever want to piss off!!
When it has to be absolutely destroyed and eradicated of any and all enemy forces..... CALL THE MARINES!!!
MD-2389
Insane!




PostPosted: Mon Jul 12, 2010 12:55 pm View user's profile Reply with quote Send private message

Krom wrote:
http://www.safer-networking.org/en/download/index.html

http://www.malwarebytes.org/ (free version is sufficient)

Download those, update them, then run them (doesn't matter which order, but malwarebytes is faster).

Also if MSSE still doesn't cooperate, another option is the free version of avira: http://www.free-av.com/


Scan your system from SAFE MODE when you run these, for a more effective result. (Hit F8 before you see the windows logo appear.)

Also, stop using the official IM clients. Use something like Miranda IM or Trillian instead!
Mickey1
Hotshot




PostPosted: Mon Jul 12, 2010 1:55 pm View user's profile Reply with quote Send private message

Thanks MD-2389 for the tips. I don't use IM; my kids did but the last one has left the nest for now. I'll will try scanning in safe mode. Is it easy to explain why this is better?

_________________
Feel the Bern
MD-2389
Insane!




PostPosted: Mon Jul 12, 2010 2:23 pm View user's profile Reply with quote Send private message

Safe mode is just Windows with only the essential services running. This can usually prevent certain bugs from using exploits to re-infect your machine, or run altogether.
Mickey1
Hotshot




PostPosted: Mon Jul 12, 2010 4:11 pm View user's profile Reply with quote Send private message

MD-2389 thanks. I need to get this system working and can't afford to take it to a shop. I was lost on my own. Tech Forum is not Subway Dancer but feels kind of the same. More level 1 tech questions to come. I am sure. Thanks for the fun.

_________________
Feel the Bern
MD-2389
Insane!




PostPosted: Mon Jul 12, 2010 11:57 pm View user's profile Reply with quote Send private message

You might want to download and run "Hijack This!" and copy/paste the log it generates here.
Mickey1
Hotshot




PostPosted: Tue Jul 13, 2010 2:23 pm View user's profile Reply with quote Send private message

I ran windows xp in safe mode.
Malwarebytes: 0
Spybot-SD: 54 problems found and Fixed
MSSE: found Win32/PowerRegScheduler again. I deleted it again.

I'll install "Hijack This!" tomorrow.
Should I run it in safe mode.

_________________
Feel the Bern
BUBBALOU
Insane!




PostPosted: Tue Jul 13, 2010 8:19 pm View user's profile Reply with quote Send private message

You have rootkits, what version of windows are you running. Also .net framework assistant 1.1 does not work with firefox 3.6x that is why it was disabled

_________________
I seem to have a better workout dodging your stupidity than attempting to grasp the weight of your intelligence
Mickey1
Hotshot




PostPosted: Wed Jul 14, 2010 6:03 am View user's profile Reply with quote Send private message

BUBBALOU, I am running Windows XP Professional SP2.
After running the "Fix It" Krom linked me to .net framework assistant 1.1 is no longer grayed out in Firefox 3.6.6. The option button gives me options to select. I selected both. The options to disable or uninstall buttons look clickable. Should I disable or uninstall?
Being very new to troubleshooting and having an OSA Anxiety disorder sure doesn't help. Rootkits; I'll need a shot and a vicidon for that procedure.

_________________
Feel the Bern
Mickey1
Hotshot




PostPosted: Wed Jul 14, 2010 9:26 am View user's profile Reply with quote Send private message

The first unwanted result of all the scanning is I can't use the "free" version of 3DS Max5 a friend installed for me (CDILLA64.exe). I needed to learn Blender anyway.

_________________
Feel the Bern
MD-2389
Insane!




PostPosted: Wed Jul 14, 2010 2:42 pm View user's profile Reply with quote Send private message

That "free" version of 3dsmax is probably where your problems started to begin with. I would also keep that on the down low, since Autodesk has a very active lawyer department, and has the habit of suing people out of existence.

Still waiting on the Hijack This log btw...
BUBBALOU
Insane!




PostPosted: Wed Jul 14, 2010 3:42 pm View user's profile Reply with quote Send private message

my bad i was on a mobile phone when i posted that, usually people include that information in the first post for troubleshooting... well at least those that want quick answers.

32bit Windows XP + Rootkits = combofix from only the links provided at the bleepingcomputer website (run in safemode with networking)
Prior to running any malware or virus program use CleanUp! since most of the little nasties get tucked away in your browsers temp folders for later exploits

ENJOY Razz

_________________
I seem to have a better workout dodging your stupidity than attempting to grasp the weight of your intelligence
Mickey1
Hotshot




PostPosted: Thu Jul 15, 2010 7:50 am View user's profile Reply with quote Send private message

MD-2389 sorry for the delay. All of this stuff is way over my head. Trying not to make more mistakes. Should I run "Hijack This" in safe mode? Should I run CleanUp first in safe mode.
BUBBALOU, Combofix is next after I read and hopefully understand a little of how and what it is doing but more importantly what I am to be careful to do and not to do. Feeling a little senile.

"I don't want to be a newbie. What can I do to attain enlightenment?"

_________________
Feel the Bern
Mickey1
Hotshot




PostPosted: Thu Jul 15, 2010 9:36 am View user's profile Reply with quote Send private message

BUBBALOU, "Note that if you are going to run CleanUp! 4.5.2 without first making a backup of your system, then it is strongly recommended that you first run it in the new demo mode and verify the files that would be deleted before you first run it for real."
How do I make a backup of my system and use it if I need to? I need to post the Demo Mode files list because I don't know what is safe to delete.
Deeper into the dark I go. Please don't let your lights go out.

I just read I might lose my internet connection with some of these procedures. Any one willing to PM their phone number to me so I don't get lost in the heart of darkness?

"I don't want to be a newbie. What can I do to attain enlightenment?"

_________________
Feel the Bern
MD-2389
Insane!




PostPosted: Thu Jul 15, 2010 10:59 am View user's profile Reply with quote Send private message

Mickey1 wrote:
MD-2389 sorry for the delay. All of this stuff is way over my head. Trying not to make more mistakes. Should I run "Hijack This" in safe mode? Should I run CleanUp first in safe mode.
BUBBALOU, Combofix is next after I read and hopefully understand a little of how and what it is doing but more importantly what I am to be careful to do and not to do. Feeling a little senile.

"I don't want to be a newbie. What can I do to attain enlightenment?"


Run Hijack This! in normal mode. This is just to see if there is anything else lingering around that was missed from the scans you ran. All Hijack This! does, is scan IE for what add-ons it has, and makes a list of EVERYTHING you have running in the background, and what loads when windows loads. It then dumps all of this information into a simple text file. All you do is open this file, select all the contents, and copy/paste it onto a reply to this thread.
Mickey1
Hotshot




PostPosted: Thu Jul 15, 2010 12:07 pm View user's profile Reply with quote Send private message

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 2:04:04 PM, on 7/15/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
C:\WINDOWS\Logi_MwX.Exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Gigabyte\Gigabyte Windows Utility Manager\gwum.exe
C:\Program Files\Common Files\Sonic Shared\cinetray.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\WINDOWS\System32\msiexec.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://wapp.verizon.net/bookmarks/bmredir.asp?region=all&bw=fiber&cd=7.0unattached&bm=ho_central
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://localhost:4445/Maya5.0PLE/en_US/InstantMaya/index.html
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Verizon Broadband Toolbar - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - C:\WINDOWS\DOWNLO~1\vzbb.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Verizon Broadband Toolbar - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - C:\WINDOWS\DOWNLO~1\vzbb.dll (file missing)
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
O4 - HKLM\..\Run: [CTDVDDet] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [MSSE] "c:\Program Files\Microsoft Security Essentials\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: gwum.lnk = C:\Program Files\Gigabyte\Gigabyte Windows Utility Manager\gwum.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Sonic CinePlayer Quick Launch.lnk = ?
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemyfios.verizon.net/sdcCommon/download/tgctlcm.cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15015/CTSUEng.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by101fd.bay101.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/promotions/spywaredetector/ICSScanner37670.cab
O16 - DPF: {D050D736-2D21-4723-AD58-5B541FFB6C11} (DivXContentUploadPlugin Object) - http://download.divx.com/player/DivXContentUploader.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install/installer.exe
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15016/CTPID.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Alias Maya 5.0 PLE Help Server (Maya5PLEHelpServer) - Unknown owner - C:\Program Files\AliasWavefront\Maya 5.0 Personal Learning Edition\docs\Wrapper.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe

--
End of file - 9545 bytes
Hope this is what you need.

_________________
Feel the Bern
BUBBALOU
Insane!




PostPosted: Thu Jul 15, 2010 12:32 pm View user's profile Reply with quote Send private message

dude please stop listening to this witch doctor BS



Run Clean Up, Turn off all screensavers and powersave modes(sleep) reboot into safemode with networking Run combofix, reboot back into safe mode when combofix requests the reboot
Then when combofix is done reboot into standard mode, update and scan with malwarebytes.. Do not play with your machine until this is all done

I would have been done with your machine in less than an hour

you can keep playing for weeks asking questions


--------------------------------------------------------

Audigy/2 with a front bay and remote control~!~ .... lol


oh and running two antivirus programs in NOT a good thing.... (HJ Log)

-===================================

Please uninstall Spybot and tea timer - uselessly slow and annoying

java is outdated
acrobat reader 7.0?? holy holes in a BHO
look at those browser preloads
realplayer Updater?
diVx Updater>?
acrcbat32 reader updater>????

No wonder your connect skipperier than a 33LP on a rocky hill

Why is Microsoft Installer running... oh wait nvrmind that's what your trying to get rid of......... Virtumonde

_________________
I seem to have a better workout dodging your stupidity than attempting to grasp the weight of your intelligence
Mickey1
Hotshot




PostPosted: Fri Jul 16, 2010 9:10 pm View user's profile Reply with quote Send private message

BUBBALOU thanks for the analysis of the HijackThis log. I uninstalled Spybot and Tea Timer. Updated to Java 6 Update 20. I don't know how to get rid of those updaters. As for the browser preloads; what, where and how do I get rid of them. Virtumonde a Trojan horse is using windows installer? And I get rid of it by running Clean Up. I turn off all screensavers and powersave modes(sleep). Reboot into safe mode with networking. Run combofix, reboot back into safe mode (with networking?) when combofix requests the reboot.
Then when combofix is done reboot into standard mode, update and scan with malwarebytes.. and i won't play with the machine until this is all done.
I read if infected with Virtumonde entering safe mode after attempting to use HijackThis can results in a true blue screen of death, which cannot be recovered from without either restoring the deleted safe mode registry keys, or a reinstall of Windows.
BUBBALOU sorry for the the senility, my OSA has been getting the better of me lately. I have a leak in my hyprebaric chamber.

_________________
Feel the Bern
BUBBALOU
Insane!




PostPosted: Sun Jul 18, 2010 12:30 am View user's profile Reply with quote Send private message

BSOD in safe mode = malware corruption of the VGA video driver (IOW it's installed itself in your drivers)

start combofix in in a standard logon after cleanup, and then you can gert into safemode after combofix prompts for reboot to remove the rootkits

as long as you have your copy of WinXP** disc, no need to worry... please follow my instructions as listed previously


cleanup (if you do not run cleanup this can take up to 8 hours to complete depending on the amount of crap in your temp folders insted of just under an hour)
reboot hit F5 go into safe w/networking
run combofix do not touch anything except to reboot when prompted( do this 2x's if rootkits were removed as prompted by combofix)
hit f5 go into safemode w/networking
wait for combofix to finish and present its report
run malwarebytes now if you want to or reboot normally then run it
get rid of avira or M$ essentials no need to run 2

I have done this numerous times on client workstations

PS do not click inside the blue area or close combofix while it's running - you have been warned.... pretend your mouse is broken - keyboard only

----------------------------------------------------------------------
**You can insert your install disc, pretend you going to do a fresh install but when your windows disck see an existing copy already installed it will give you another option called repair.... and there is no prompt about deleting data (if you get anything else you are using a different disc than you installed with)

_________________
I seem to have a better workout dodging your stupidity than attempting to grasp the weight of your intelligence
MD-2389
Insane!




PostPosted: Sun Jul 18, 2010 3:25 pm View user's profile Reply with quote Send private message

Sorry for the delay Mickey. I got back real late last night, and was too tired to even use the computer very long.

Mickey1 wrote:
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe


Nuke these to save some resources. Honestly, why do you have realplayer installed anyways? That format died off ten years ago. As for Divx, I think you'd be better off uninstalling that garbage, and just going with the latest CCCP instead. As for Spybot, while it does have it's uses, the resident crap that it wants you to run in the background is nothing but an annoyance. (much like Vista's and 7's UAC prompts)

Quote:
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe


Like I told you via PM, just dump Adobe Acrobat and use something like FoxIt's reader instead.

Quote:
C:\WINDOWS\System32\msiexec.exe


Do you have System Restore enabled? If you do, disable it for all drives in your compter, and delete all your restore points. (right-click the My Computer icon, click properties, click the System Restore tab) I guarantee you that they are infected. If you have System Restore disabled, and aren't installing anything, then you're still infected.

Quote:
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Verizon Broadband Toolbar - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - C:\WINDOWS\DOWNLO~1\vzbb.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Verizon Broadband Toolbar - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - C:\WINDOWS\DOWNLO~1\vzbb.dll (file missing)


Unless you actually use those toolbars, uninstall them. Definitely get rid of the ones that show files missing.

Quote:
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
[b]O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemyfios.verizon.net/sdcCommon/download/tgctlcm.cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15015/CTSUEng.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by101fd.bay101.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/promotions/spywaredetector/ICSScanner37670.cab
O16 - DPF: {D050D736-2D21-4723-AD58-5B541FFB6C11} (DivXContentUploadPlugin Object) - http://download.divx.com/player/DivXContentUploader.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install/installer.exe

O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15016/CTPID.cab
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe


Unless you need these for a particular reason, I would nuke these as well. At least the ones I bolded, as they are useless, just hog resources, and are a PITA in general.

Also, you can catch me on VonRC's teamspeak3 server. Jump on his server by clicking here after you install teamspeak3. I'm usually on in the evenings.
AceCombat
SpongeBob




PostPosted: Sun Jul 18, 2010 7:01 pm View user's profile Reply with quote Send private message

hey MD, the newest Spybot tea-timer doesnt bother you anymore. he took it out or something, because i use it and i never get a alert anymore, it just runs quietly in the background with no prompts or anything unless you tell it to

_________________
A United States Marine, is the last son-ova-bitch you ever want to piss off!!
When it has to be absolutely destroyed and eradicated of any and all enemy forces..... CALL THE MARINES!!!
Flip
Ace




PostPosted: Sun Jul 18, 2010 7:15 pm View user's profile Reply with quote Send private message

Dude save yourself some time and just reinstall. You would already be done and as far as I've heard even if you get rid of the nasties theres no telling what all damage they've done. A reinstall takes a few hours and gives you the confidence of a clean PC.
BUBBALOU
Insane!




PostPosted: Mon Jul 19, 2010 11:34 am View user's profile Reply with quote Send private message

Flip, judging by the condition of the applications he has installed/ Running/Services, a reinstall will most likely put him back Prior to XP Service Pack 1! so add 2 more hours to that

he'll need SPK1 and SPK3

Smile

This is taking so fucking long I will even remote in and do it for him and I will not bill him my 295$ remote charge

_________________
I seem to have a better workout dodging your stupidity than attempting to grasp the weight of your intelligence
Goto page 1, 2  Next
View previous topic :: View next topic  
All times are GMT - 6 Hours
Post new topic   Reply to topic
Jump to:  
   Descent BB Forum Index > Tech Forum > Error Code: 0x80070002

 
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Image hosting by postimage.org Powered by phpBB © 2001, 2005 phpBB Group