avg free notification won't go away

Toobroketopay · July 30, 2011, 01:50:10 PM

I keep getting an AVG Free notification pop up that won't go away. I see from the scans and logs that I need to update everything. I won't get started on that until I've heard from you. Here's the logs, and thanks!

Results of screen317's Security Check version 0.99.18
Windows XP Service Pack 2
Out of date service pack!!
Internet Explorer 7 Out of date!
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Disabled!
AVG 7.5
Antivirus out of date!
```````````````````````````````
Anti-malware/Other Utilities Check:
Flash Player Out of Date!
Mozilla Firefox (2.0.0) Firefox Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent
AVG avgemc.exe
``````````End of Log````````````

.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 7.0.5730.13
Run by Default at 8:40:52 on 2011-07-30
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.503.213 [GMT -5:00]
.
AV: AVG 7.5.560 *Enabled/Outdated* {41564737-3200-1071-989B-0000E87B4FB1}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\GEARSec.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [AVG7_CC] c:\progra~1\grisoft\avg7\avgcc.exe /STARTUP
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
dRun: [AVG7_Run] c:\progra~1\grisoft\avg7\avgw.exe /RUNONCE
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1195671301531
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.0.1 192.168.0.1
TCP: Interfaces\{00397074-39E9-4452-BD3B-C4B48886ADE9} : DhcpNameServer = 192.168.0.1 192.168.0.1
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\default\application data\mozilla\firefox\profiles\10snmvk5.default\
.
============= SERVICES / DRIVERS ===============
.
R1 Avg7Core;AVG7 Kernel;c:\windows\system32\drivers\avg7core.sys [2007-12-23 821856]
R1 Avg7RsW;AVG7 Wrap Driver;c:\windows\system32\drivers\avg7rsw.sys [2007-12-23 4224]
R1 Avg7RsXP;AVG7 Resident Driver XP;c:\windows\system32\drivers\avg7rsxp.sys [2007-12-23 27776]
R1 AvgClean;AVG7 Clean Driver;c:\windows\system32\drivers\avgclean.sys [2007-12-23 10760]
R2 Avg7Alrt;AVG7 Alert Manager Server;c:\progra~1\grisoft\avg7\avgamsvr.exe [2007-12-23 418816]
R2 Avg7UpdSvc;AVG7 Update Service;c:\progra~1\grisoft\avg7\avgupsvc.exe [2007-12-23 49664]
R2 AVGEMS;AVG E-mail Scanner;c:\progra~1\grisoft\avg7\avgemc.exe [2007-12-23 406528]
R2 AvgTdi;AVG Network Redirector;c:\windows\system32\drivers\avgtdi.sys [2007-12-23 4960]
R4 PQIMount;PQIMount;

R4 PQV2i;PQV2i;
.
=============== Created Last 30 ================
.
.
==================== Find3M ====================
.
.
============= FINISH: 8:41:20.10 ===============

Corrine · July 30, 2011, 02:17:45 PM

Hi, Toobroketopay. Welcome to LandzDown Forum.

We will do our best to assist you. However, in order to do so, please follow all instructions provided in the sequence given. Do not install/re-install any programs or run any fixes or scanners that you have not been instructed to use. This may cause conflicts with the tools being used in the cleanup process.

If you have questions regarding any of the instructions or problems running any tools, please let us know.

Please note: I will be tied up much of today and tomorrow.

1. You should have an additional log named attach.txt. Please copy/paste that with your next reply.

2. If you are keeping AVG, you need to update it to the latest version ASAP and run a full system scan.

3. Please download Malwarebytes' Anti-Malware to your desktop.

Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to
Update Malwarebytes' Anti-Malware and
Launch Malwarebytes' Anti-Malware
Click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, be sure Quick scan is selected, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, EXCEPT items in System Restore as shown in this sample:
Click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See the Note below)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Please post contents of that file in your next reply.

** Note **

If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

Toobroketopay · July 31, 2011, 05:37:44 PM

I'm usually a serious rule follower, but I didn't do so good this time. I went to update AVG, and was too scared to click on anything, because I was afraid of the AVG hoax screens. I uninstalled AVG and was too scared (I see a pattern here) to go unprotected, so I installed Microsoft Essentials. When trying to do so, I had to update to IE 8, and then SP3. Yikes! I really didn't intend to do any of that, I think I was in panic mode or something.

Anyway, I did run the MBAM and am posting the log for that. I also re-ran all the other desktop things you had me do earlier, so you could get a new picture of what is going on. Sorry!

The Attach.txt log says it needs to be "zipped" before I post it. I don't know how to do that.

Results of screen317's Security Check version 0.99.18
Windows XP Service Pack 3
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
Microsoft Security Essentials
Antivirus up to date!
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
Flash Player Out of Date!
Mozilla Firefox (2.0.0) Firefox Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent
Windows Defender MSMpEng.exe
Malwarebytes' Anti-Malware mbam.exe
Microsoft Security Essentials msseces.exe
Microsoft Security Client Antimalware MsMpEng.exe
``````````End of Log````````````

.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Default at 13:32:10 on 2011-07-31
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.503.107 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1312038487875
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.0.1 192.168.0.1
TCP: Interfaces\{00397074-39E9-4452-BD3B-C4B48886ADE9} : DhcpNameServer = 192.168.0.1 192.168.0.1
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\default\application data\mozilla\firefox\profiles\10snmvk5.default\
.
============= SERVICES / DRIVERS ===============
.
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 165648]
R1 MpKsl2b7db04e;MpKsl2b7db04e;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{132a4440-3857-4fa3-b778-1ad88c57fee9}\MpKsl2b7db04e.sys [2011-7-31 28752]
R1 MpKslf2825b30;MpKslf2825b30;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{132a4440-3857-4fa3-b778-1ad88c57fee9}\MpKslf2825b30.sys [2011-7-31 28752]
.
=============== Created Last 30 ================
.
2011-07-31 16:52:13   28752   ----a-w-   c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{132a4440-3857-4fa3-b778-1ad88c57fee9}\MpKsl2b7db04e.sys
2011-07-31 16:46:20   --------   d-----w-   c:\program files\Microsoft CAPICOM 2.1.0.2
2011-07-31 16:33:05   --------   d-----w-   c:\documents and settings\default\application data\Malwarebytes
2011-07-31 16:32:47   41272   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-31 16:32:43   --------   d-----w-   c:\documents and settings\all users\application data\Malwarebytes
2011-07-31 16:32:34   22712   ----a-w-   c:\windows\system32\drivers\mbam.sys
2011-07-31 16:32:33   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2011-07-31 14:09:26   953856   -c----w-   c:\windows\system32\dllcache\mfc40u.dll
2011-07-31 14:08:30   617472   -c----w-   c:\windows\system32\dllcache\comctl32.dll
2011-07-31 13:59:40   40960   -c----w-   c:\windows\system32\dllcache\ndproxy.sys
2011-07-31 13:52:19   105472   -c----w-   c:\windows\system32\dllcache\mup.sys
2011-07-31 13:14:07   45568   -c----w-   c:\windows\system32\dllcache\wab.exe
2011-07-31 13:10:07   274288   ----a-w-   c:\windows\system32\mucltui.dll
2011-07-31 13:10:07   215920   ----a-w-   c:\windows\system32\muweb.dll
2011-07-31 13:10:07   16736   ----a-w-   c:\windows\system32\mucltui.dll.mui
2011-07-31 13:08:39   28752   ----a-w-   c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{132a4440-3857-4fa3-b778-1ad88c57fee9}\MpKslf2825b30.sys
2011-07-30 21:28:40   6881616   ----a-w-   c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{132a4440-3857-4fa3-b778-1ad88c57fee9}\mpengine.dll
2011-07-30 21:28:22   222080   ------w-   c:\windows\system32\MpSigStub.exe
2011-07-30 20:56:16   --------   d-----w-   c:\program files\Microsoft Security Client
2011-07-30 18:05:09   --------   d-----w-   c:\windows\system32\scripting
2011-07-30 18:05:09   --------   d-----w-   c:\windows\l2schemas
2011-07-30 18:05:08   --------   d-----w-   c:\windows\system32\en
2011-07-30 18:05:08   --------   d-----w-   c:\windows\system32\bits
2011-07-30 17:56:41   --------   d-----w-   c:\windows\system32\ReinstallBackups
2011-07-30 17:18:11   --------   d-----w-   C:\b1a88682a31231f442a7
2011-07-30 17:05:36   --------   d-----w-   C:\6aceacfb1a7de0cce4af97
2011-07-30 16:53:48   --------   d-sh--w-   c:\documents and settings\default\PrivacIE
2011-07-30 16:38:49   --------   d-sh--w-   c:\documents and settings\default\IETldCache
2011-07-30 16:34:16   --------   d-----w-   c:\program files\MSXML 4.0
2011-07-30 16:27:11   --------   d-----w-   c:\windows\ie8updates
2011-07-30 16:26:48   12800   -c----w-   c:\windows\system32\dllcache\xpshims.dll
2011-07-30 16:26:46   247808   -c----w-   c:\windows\system32\dllcache\ieproxy.dll
2011-07-30 16:26:45   743424   -c----w-   c:\windows\system32\dllcache\iedvtool.dll
2011-07-30 16:24:33   --------   dc-h--w-   c:\windows\ie8
2011-07-30 16:15:13   --------   d-----w-   c:\windows\ServicePackFiles
2011-07-30 16:04:26   456320   -c----w-   c:\windows\system32\dllcache\mrxsmb.sys
2011-07-30 16:04:20   357888   -c----w-   c:\windows\system32\dllcache\srv.sys
2011-07-30 16:03:36   471552   -c----w-   c:\windows\system32\dllcache\aclayers.dll
2011-07-30 16:03:09   744448   -c----w-   c:\windows\system32\dllcache\helpsvc.exe
2011-07-30 15:59:47   81920   -c----w-   c:\windows\system32\dllcache\fontsub.dll
2011-07-30 15:59:46   119808   -c----w-   c:\windows\system32\dllcache\t2embed.dll
2011-07-30 15:42:10   730112   -c----w-   c:\windows\system32\dllcache\lsasrv.dll
2011-07-30 15:42:10   473600   -c----w-   c:\windows\system32\dllcache\fastprox.dll
2011-07-30 15:42:10   453120   -c----w-   c:\windows\system32\dllcache\wmiprvsd.dll
2011-07-30 15:42:10   401408   -c----w-   c:\windows\system32\dllcache\rpcss.dll
2011-07-30 15:42:10   284160   -c----w-   c:\windows\system32\dllcache\pdh.dll
2011-07-30 15:42:10   227840   -c----w-   c:\windows\system32\dllcache\wmiprvse.exe
2011-07-30 15:42:10   110592   -c----w-   c:\windows\system32\dllcache\services.exe
2011-07-30 15:42:09   718336   -c----w-   c:\windows\system32\dllcache\ntdll.dll
2011-07-30 15:42:09   617472   -c----w-   c:\windows\system32\dllcache\advapi32.dll
2011-07-30 15:42:09   2148864   -c----w-   c:\windows\system32\dllcache\ntkrnlmp.exe
2011-07-30 15:42:08   2192768   -c----w-   c:\windows\system32\dllcache\ntoskrnl.exe
2011-07-30 15:42:08   2027008   -c----w-   c:\windows\system32\dllcache\ntkrpamp.exe
2011-07-30 15:25:09   337408   -c----w-   c:\windows\system32\dllcache\netapi32.dll
2011-07-30 15:22:33   5120   ----a-w-   c:\windows\system32\xpsp4res.dll
2011-07-30 15:22:32   218112   -c----w-   c:\windows\system32\dllcache\wordpad.exe
2011-07-30 15:09:20   15064   ----a-w-   c:\windows\system32\wuapi.dll.mui
.
==================== Find3M ====================
.
2011-06-02 14:02:05   1858944   ----a-w-   c:\windows\system32\win32k.sys
.
============= FINISH: 13:33:04.54 ===============

Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7339

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

7/31/2011 1:22:15 PM
mbam-log-2011-07-31 (13-22-15).txt

Scan type: Quick scan
Objects scanned: 159695
Time elapsed: 21 minute(s), 51 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Corrine · August 01, 2011, 01:58:27 AM

Hi, Toobroketopay.

Some of the sites prefer the attach.txt, well, attached. For that reason, the developer included the instructions to zip the file so the attachment would be smaller. Here at LandzDown, we like to see the logs posted in the forum, not attached. So if you would copy/paste the attach.txt log here as a reply, that would be perfect!

Has the AVG notification stopped not that you have uninstalled it and installed MSE?

Toobroketopay · August 01, 2011, 02:34:47 AM

I've had no weird pop-ups yet! So far so good.... Here is the "unattached" attach.txt. Thank you so much!

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-23.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 12/19/2007 2:16:43 PM
System Uptime: 7/31/2011 12:49:04 PM (1 hours ago)
.
Motherboard: Hewlett-Packard | | 085Ch
Processor: Intel(R) Pentium(R) 4 CPU 2.80GHz | XU1 PROCESSOR | 2793/533mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 37 GiB total, 23.43 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP48: 7/26/2011 9:15:47 PM - System Checkpoint
RP49: 7/28/2011 11:16:24 AM - System Checkpoint
RP50: 7/30/2011 9:10:53 AM - Removed Norton Ghost 9.0
RP51: 7/30/2011 9:11:38 AM - Removed Windows Defender
RP52: 7/30/2011 10:50:11 AM - Removed AVG 7.5
RP53: 7/30/2011 10:51:20 AM - Installed AVG 7.5
RP54: 7/30/2011 11:35:37 AM - Software Distribution Service 3.0
RP55: 7/30/2011 12:11:49 PM - Software Distribution Service 3.0
RP56: 7/30/2011 12:52:08 PM - Installed Windows XP WgaNotify.
RP57: 7/30/2011 1:00:15 PM - Software Distribution Service 3.0
RP58: 7/30/2011 1:41:34 PM - Printer Driver Microsoft XPS Document Writer Installed
RP59: 7/30/2011 1:43:27 PM - Software Distribution Service 3.0
RP60: 7/30/2011 5:28:22 PM - Software Distribution Service 3.0
RP61: 7/31/2011 12:00:23 PM - Software Distribution Service 3.0
RP62: 7/31/2011 12:52:24 PM - Software Distribution Service 3.0
.
==== Installed Programs ======================
.
32 Bit HP CIO Components Installer
Adobe Flash Player ActiveX
Adobe Flash Player Plugin
Adobe Reader 8.1.1
Broadcom Management Programs
Broadcom NetXtreme Ethernet Controller
BufferChm
Copy
D2300
D2300_Help
Destination Component
DeviceDiscovery
DJ_AIO_03_F2200_ProductContext
DJ_AIO_03_F2200_Software
DJ_AIO_03_F2200_Software_Min
F2200
F2200_Help
GPBaseService
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB981793)
HP Customer Participation Program 10.0
HP Deskjet F2200 All-In-One Driver Software 10.0 Rel .3
HP Imaging Device Functions 10.0
HP Photosmart and Deskjet 7.0 Software
HP Photosmart Essential
HP Photosmart Essential 2.5
HP Smart Web Printing
HP Solution Center 10.0
HP Update
hph_ProductContext
hph_readme
hph_software
hph_software_req
HPPhotoSmartExpress
HPProductAssistant
HPSSupply
Intel(R) Extreme Graphics 2 Driver
InterVideo WinDVD 4
Malwarebytes' Anti-Malware version 1.51.1.1800
MarketResearch
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Antimalware
Microsoft Application Error Reporting
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 Professional
Microsoft Security Client
Microsoft Security Essentials
Microsoft User-Mode Driver Framework Feature Pack 1.0
Minnesota Cuke
Mozilla Firefox (2.0.0.9)
MSN
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB973686)
Nero Suite
PSSWCORE
Scan
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982665)
Shop for HP Supplies
SmartWebPrintingOC
SolutionCenter
Status
Toolbox
TrayApp
Unload
UnloadSupport
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2541763)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VideoToolkit01
WebFldrs XP
WebReg
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Format SDK Hotfix - KB891122
Windows Media Player 11
Windows Presentation Foundation
Windows XP Service Pack 3
XML Paper Specification Shared Components Pack 1.0
.
==== Event Viewer Messages From Past Week ========
.
7/31/2011 12:51:08 PM, error: System Error [1003] - Error code 10000050, parameter1 ee7d5000, parameter2 00000000, parameter3 804f3ccb, parameter4 00000000.
7/30/2011 8:51:31 AM, error: Dhcp [1002] - The IP address lease 192.168.1.64 for the Network Card with network address 000E7FA9E33D has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
7/30/2011 8:47:30 AM, error: Service Control Manager [7022] - The HP CUE DeviceDiscovery Service service hung on starting.
7/30/2011 5:14:46 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures.    New Signature Version:    Previous Signature Version: 0.0.0.0    Update Source: Microsoft Malware Protection Center    Update Stage: Download    Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=0.0.0.0&avdelta=0.0.0.0&asdelta=0.0.0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094    Signature Type: AntiVirus    Update Type: Full    User: VERNSCPU\Default    Current Engine Version:    Previous Engine Version: 0.0.0.0    Error code: 0x80072efe    Error description: The connection with the server was terminated abnormally
7/30/2011 5:14:46 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures.    New Signature Version:    Previous Signature Version: 0.0.0.0    Update Source: Microsoft Malware Protection Center    Update Stage: Download    Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=0.0.0.0&avdelta=0.0.0.0&asdelta=0.0.0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094    Signature Type: AntiVirus    Update Type: Full    User: VERNSCPU\Default    Current Engine Version:    Previous Engine Version: 0.0.0.0    Error code: 0x80072efe    Error description: The connection with the server was terminated abnormally
7/30/2011 5:14:46 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures.    New Signature Version:    Previous Signature Version: 0.0.0.0    Update Source: Microsoft Malware Protection Center    Update Stage: Download    Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=0.0.0.0&avdelta=0.0.0.0&asdelta=0.0.0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094    Signature Type: AntiSpyware    Update Type: Full    User: VERNSCPU\Default    Current Engine Version:    Previous Engine Version: 0.0.0.0    Error code: 0x80072efe    Error description: The connection with the server was terminated abnormally
7/30/2011 5:14:46 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures.    New Signature Version:    Previous Signature Version: 0.0.0.0    Update Source: Microsoft Malware Protection Center    Update Stage: Download    Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=0.0.0.0&avdelta=0.0.0.0&asdelta=0.0.0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094    Signature Type: AntiSpyware    Update Type: Full    User: VERNSCPU\Default    Current Engine Version:    Previous Engine Version: 0.0.0.0    Error code: 0x80072efe    Error description: The connection with the server was terminated abnormally
7/30/2011 5:10:32 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures.    New Signature Version:    Previous Signature Version: 0.0.0.0    Update Source: Microsoft Update Server    Update Stage: Download    Source Path: http://www.microsoft.com    Signature Type: AntiVirus    Update Type: Full    User: NT AUTHORITY\SYSTEM    Current Engine Version:    Previous Engine Version: 0.0.0.0    Error code: 0x80240022    Error description: The program can't check for definition updates.
7/30/2011 5:10:32 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures.    New Signature Version:    Previous Signature Version: 0.0.0.0    Update Source: Microsoft Update Server    Update Stage: Download    Source Path: http://www.microsoft.com    Signature Type: AntiVirus    Update Type: Full    User: NT AUTHORITY\SYSTEM    Current Engine Version:    Previous Engine Version: 0.0.0.0    Error code: 0x80240022    Error description: The program can't check for definition updates.
7/30/2011 5:10:29 PM, error: Dhcp [1002] - The IP address lease 76.226.111.21 for the Network Card with network address 000E7FA9E33D has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
7/26/2011 6:50:15 PM, error: Dhcp [1002] - The IP address lease 76.226.164.108 for the Network Card with network address 000E7FA9E33D has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
7/26/2011 6:44:47 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
7/26/2011 6:44:18 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the crd service to connect.
7/26/2011 6:44:18 PM, error: Service Control Manager [7000] - The crd service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
.
==== End Of File ===========================

Toobroketopay · August 01, 2011, 03:04:21 AM

I have the Windows XP virus, too (and I think some other viruses as well) in an old computer I thought I could raise from the dead. I was following Corrine's instructions (very closely), and got to the "select Quick Scan" part of running the MBAM. After about 10 seconds, the MBAM box disappeared! It's not minimized, it's just gone. I tried the whole instruction thread over again after restarting my computer (in case it was a fluke or something) and got the same results. I tried it in "safe mode", also. Now what? Here's the rKill log:

This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on 01/06/2002 at 4:06:23.
Operating System: Microsoft Windows XP

Processes terminated by Rkill or while it was running:

\\.\globalroot\Device\svchost.exe\svchost.exe

Rkill completed on 01/06/2002 at 4:06:27.

Corrine · August 01, 2011, 05:08:32 PM

Hi, Toobroketopay.

I split your post about the Windows XP Repair rogue from another person's topic and merged it here for the time being. First, is your Windows XP Professional computer running ok now?

Toobroketopay · August 02, 2011, 02:06:27 AM

Yes, I believe so. Nothing weird has happened.

Corrine · August 06, 2011, 07:31:20 PM

Hi, Toobroketopay.

Since the problem seems to have been solved for this computer, what is left is to update the outdated, vulnerable software. You can also right-click on SecurityCheck and delete it from your desktop.

Both Adobe Flashplayer and Adobe Reader are out of date. Go to http://adobe.com to update Adobe Reader. You can use the following links for updating Flash Player:

Direct download for IE: http://fpdownload.adobe.com/get/flashplayer/current/install_flash_player_ax.exe
Direct Download for non-IE (Opera, Firefox etc): http://fpdownload.adobe.com/get/flashplayer/current/install_flash_player.exe

After install, verify Flash Player version for each browser installed at About Flash Player page.

If you are no longer using Mozilla Firefox. Otherwise, if you wish to keep Firefox, since you have an extremely old version (2.0.0), you need to update it to the current version 5.

Having a firewall, anti-virus and anti-malware software are not enough. You also need to stay current with security updates. If you don't have your computer set to automatically install the Microsoft Security Updates, please check for updates now. For additional information, see my blog post Understanding Microsoft Updates

To check if your system is missing security updates or has insecure applications, you may wish to install Secunia Personal Software Inspector. Since you do not have Java installed on the comuter, the online http://secunia.com/software_inspector/ will not work for you.

Install and update SpywareBlaster to prevent the installation of spyware and other potentially unwanted software: http://www.javacoolsoftware.com/spywareblaster.html

My favorite security software is WinPatrol which includes the features described at http://www.winpatrol.com/features.html

Please let me know if you have any questions.

If you wish to see if we can help with the second computer, please start a new topic with the requested logs. Thanks!

Toobroketopay · August 07, 2011, 03:01:46 PM

Thanks! It feels so good to get this taken care of. I deleted Security Check. Should I also delete the dds. , registry review, rkill. , mbam-setup, fixncr., and the log texts?
I updated both adobe reader and adobe flash player.
I got rid of Mozilla Firefox.
I updated Microsoft Updates and enabled auto updates.
I ran Secunia and came up with 8 "End of Life" cautions. One is for Adobe 9, one for HP, one is for WINDVD 4.x , and the rest are for Microsoft applications (Access, Excel, Powerpoint, Word, Outlook). I don't know what "End of Life" means, so I don't know what to do with these.

Are you letting me know about Winpatrol so that I use that instead of Security Essentials?
I'll do the Spywareblaster after I hear from you about the Secunia.

Thanks again!

winchester73 · August 07, 2011, 09:58:27 PM

Quote from: Toobroketopay on August 07, 2011, 03:01:46 PM
I ran Secunia and came up with 8 "End of Life" cautions. One is for Adobe 9, one for HP, one is for WINDVD 4.x , and the rest are for Microsoft applications (Access, Excel, Powerpoint, Word, Outlook). I don't know what "End of Life" means, so I don't know what to do with these.

"End of life" means you have old versions that are nearing the end of support. That happens when several updates/releases have occurred and the older versions become "obsolete". EOL warnings indicate that a product is nearing or at the end of its useful lifetime, and that the company will no longer be selling or supporting it.

QuoteAre you letting me know about Winpatrol so that I use that instead of Security Essentials?
I'll do the Spywareblaster after I hear from you about the Secunia.

No, WinPatrol is a different product, the features are described in the link Corrine gave you. MSE is an anti-virus/anti-malware application that plays nicely with WinPatrol, so no worries about adding it to your layered arsenal of protection.

SpywareBlaster doesn't "run" per se. It sets kill bits that prevent known malicious sites from downloading things in the first place.

Toobroketopay · August 08, 2011, 04:27:46 PM

Great info, thanks! I'll go ahead and add Winpatrol and Spywareblaster. What should I do with the EOL programs?

Corrine · August 08, 2011, 10:41:41 PM

Unless you are in a position to upgrade Microsoft Office to Office 2010, there isn't much you can do at this point, other than making sure you have all the Microsoft security updates installed. What version of Office do you have?

Toobroketopay · August 09, 2011, 03:08:48 PM

Microsoft Office 2000 Professional. Would I need to purchase an update, or is this something I could download for free? It suits our needs, so I'm not willing to purchase if that is the case.

Corrine · August 09, 2011, 09:42:00 PM

It wouldn't be a matter of purchasing an update. Two new versions of Office have been released (Office 2007 and Office 2010). You would need to purchase a new version. There have been significant changes in Office since 2000 was released.

To continue using Office 2000, make sure you have the latest Service Pack installed. The current is SP3. See How to obtain the latest service pack for Office 2000.