TechSpot

[A] Trojan issues (not sure which)

By Alexpt
Jul 17, 2012
  1. Hi,
    I recently started to have some issues with my computer. Long story short, my AV software (Eset at that time) indicated that I had issues with "System32\Services" (alerting me of a "Patched.B.Gen Trojan". Also it kept alerting me of an other issue about an other trojan (in a folder called "instaler" in the "windows" parent folder). I therefore tried scanning my computer with Eset in normal and safe mode but nothing changed. Then I found this forum and wondered if someone could help me. I also changed my AV software to Essential Microsoft Security thinking it could do the job... it found other version of the "serifef" trojan but did not eradicate the problem.

    Here are the logs that were indicated to be posted to get help.
     
  2. Alexpt

    Alexpt TS Rookie Topic Starter

    Malwarebytes Anti-Malware 1.62.0.1300
    www.malwarebytes.org

    Database version: v2012.07.16.08

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    Alexis :: ALEXIS-DESKTOP [administrator]

    16/07/2012 23:16:33
    mbam-log-2012-07-16 (23-16-33).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 233404
    Time elapsed: 3 minute(s), 25 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 1
    C:\Windows\Installer\{9f7b45f1-fdd7-8c17-a0c7-f1448443adca}\U\00000008.@ (Trojan.Dropper.BCMiner) -> Quarantined and deleted successfully.

    (end)
     
  3. Alexpt

    Alexpt TS Rookie Topic Starter

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2012-07-17 00:40:03
    Windows 6.1.7601 Service Pack 1
    Running: ckfq6w79.exe
    ---- Registry - GMER 1.0.15 ----
    Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\111111111111
    Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\111111111111 (not active ControlSet)
    ---- EOF - GMER 1.0.15 ----
     
  4. Alexpt

    Alexpt TS Rookie Topic Starter

    .
    DDS (Ver_2011-08-26.01) - NTFSAMD64
    Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_32
    Run by Alexis at 0:47:26 on 2012-07-17
    Microsoft Windows 7 Ultimate 6.1.7601.1.1252.2.1033.18.4095.2039 [GMT -4:00]
    .
    AV: ESET NOD32 Antivirus 5.0 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
    SP: ESET NOD32 Antivirus 5.0 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    c:\Program Files\Microsoft Security Client\MsMpEng.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\UnsignedThemesSvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\Explorer.EXE
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\lxebcoms.exe
    C:\Windows\SysWOW64\PnkBstrA.exe
    C:\Program Files\Microsoft IntelliType Pro\itype.exe
    C:\Program Files\Microsoft IntelliPoint\ipoint.exe
    C:\Program Files (x86)\Lexmark Pro200-S500 Series\lxebmon.exe
    C:\Program Files (x86)\Lexmark Pro200-S500 Series\ezprint.exe
    C:\Windows\SysWOW64\HsMgr.exe
    C:\Windows\system\HsMgr64.exe
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
    C:\Windows\SysWOW64\rundll32.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files\ASUS Xonar DG Audio\Customapp\ASUSAUDIOCENTER.EXE
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\svchost.exe -k bthsvcs
    C:\Windows\splwow64.exe
    C:\Windows\system32\WUDFHost.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
    C:\Program Files\CrashPlan\CrashPlanService.exe
    C:\program files (x86)\speedfan\speedfan.exe
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files (x86)\Druide\Antidote 7\Programmes32\agentantidote.exe
    C:\Program Files (x86)\Druide\Antidote 7\Programmes64\agentantidote64.exe
    C:\Program Files (x86)\ShareMouse\smService.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\SysWOW64\cscript.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uSearch Page = hxxp://www.google.com
    uSearch Bar = hxxp://www.google.com/ie
    uDefault_Search_URL = hxxp://www.google.com/ie
    uInternet Settings,ProxyOverride = *.local
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    mWinlogon: Userinit=userinit.exe,
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
    BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
    BHO: LastPass Browser Helper Object: {95d9ecf5-2a4d-4550-be49-70d42f71296e} - C:\Program Files (x86)\LastPass\LPBar.dll
    BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPBar.dll
    TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
    TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
    uRun: [FA8E95351A6A4D551495E69E44281FEF33D2A599._service_run] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=service
    uRun: [LogMeIn Cubby] "C:\Users\Alexis\AppData\Roaming\cubby\cubby.exe" -hidden
    uRun: [chromium] C:\Program Files (x86)\Google\Chrome\Application\chrome.exe --no-startup-window
    uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
    uRun: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
    mRun: [SPIRunE] Rundll32 SPIRunE.dll,RunDLLEntry
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    StartupFolder: C:\Users\Alexis\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\System\Startup\FACEBO~1.LNK - C:\Users\Alexis\AppData\Local\Facebook\Messenger\2.1.4570.0\FacebookMessenger.exe
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableLUA = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
    IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200
    IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
    IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~4\Office14\EXCEL.EXE/3000
    IE: LastPass - file://C:\Program Files (x86)\LastPass\context.html?cmd=lastpass
    IE: LastPass Fill Forms - file://C:\Program Files (x86)\LastPass\context.html?cmd=fillforms
    IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~4\Office14\ONBttnIE.dll/105
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPBar.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    LSP: mswsock.dll
    DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} - hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15102/CTSUEng.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
    DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
    DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
    DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab
    TCP: DhcpNameServer = 192.168.2.1
    TCP: Interfaces\{EC5993BA-38BD-4FB2-9595-E07C621E7AD4} : DhcpNameServer = 192.168.2.1
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
    BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO-X64: AcroIEHelperStub - No File
    BHO-X64: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
    BHO-X64: Increase performance and video formats for your HTML5 <video> - No File
    BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
    BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
    BHO-X64: LastPass Browser Helper Object: {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPBar.dll
    BHO-X64: LastPass Browser Helper Object - No File
    BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
    BHO-X64: URLRedirectionBHO - No File
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    TB-X64: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPBar.dll
    TB-X64: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
    TB-X64: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
    mRun-x64: [SPIRunE] Rundll32 SPIRunE.dll,RunDLLEntry
    mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Alexis\AppData\Roaming\Mozilla\Firefox\Profiles\xs6am7gn.default\
    FF - prefs.js: network.proxy.type - 0
    FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
    FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll
    FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll
    FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll
    FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
    FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
    FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
    FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
    FF - plugin: C:\Program Files (x86)\Virtual Earth 3D\npVE3D.dll
    FF - plugin: C:\Users\Alexis\AppData\Local\Facebook\Messenger\2.1.4570.0\npFbDesktopPlugin.dll
    FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll
    FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll
    FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
    R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]
    R2 lxeb_device;lxeb_device;C:\Windows\system32\lxebcoms.exe -service --> C:\Windows\system32\lxebcoms.exe -service [?]
    R2 UnsignedThemes;Unsigned Themes;C:\Windows\UnsignedThemesSvc.exe [2009-7-13 24168]
    R2 uxpatch;uxpatch;\??\C:\Windows\system32\drivers\uxpatch.sys --> C:\Windows\system32\drivers\uxpatch.sys [?]
    R3 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-4-4 63928]
    R3 cmudaxp;ASUS Xonar DG Audio Interface;C:\Windows\system32\drivers\cmudaxp.sys --> C:\Windows\system32\drivers\cmudaxp.sys [?]
    R3 CrashPlanService;CrashPlan Backup Service;C:\Program Files\CrashPlan\CrashPlanService.exe [2011-3-16 222720]
    R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
    R3 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2012-1-22 2253120]
    R3 ShareMouse Service;ShareMouse Service;C:\Program Files (x86)\ShareMouse\smService.exe [2012-5-10 192080]
    S0 Soluto;Soluto;C:\Windows\system32\DRIVERS\Soluto.sys --> C:\Windows\system32\DRIVERS\Soluto.sys [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 ekrn;ESET Service;"C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe" --> C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [?]
    S2 lxebCATSCustConnectService;lxebCATSCustConnectService;C:\Windows\System32\spool\DRIVERS\x64\3\lxebserv.exe [2010-4-14 45736]
    S2 SolutoService;Soluto PCGenome Core Service;C:\Program Files\Soluto\SolutoService.exe [2012-4-24 584224]
    S3 ABBYY.Licensing.FineReader.Professional.10.0;ABBYY FineReader 10 PE Licensing Service;C:\Program Files (x86)\Common Files\ABBYY\FineReader\10.00\Licensing\PE\NetworkLicenseServer.exe [2010-7-22 814344]
    S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-1-23 250056]
    S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2012-1-22 79360]
    S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\system32\DRIVERS\ssudbus.sys --> C:\Windows\system32\DRIVERS\ssudbus.sys [?]
    S3 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-1-22 136176]
    S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-1-22 136176]
    S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 51740536]
    S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-23 113120]
    S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
    S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696]
    S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
    S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
    S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]
    S3 t3;Sound Blaster X-Fi Xtreme Audio;C:\Windows\system32\drivers\t3.sys --> C:\Windows\system32\drivers\t3.sys [?]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
    .
    =============== Created Last 30 ================
    .
    2012-07-17 04:41:029013136----a-w-C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{D497FACF-32FB-419A-B61F-93A1E732778B}\mpengine.dll
    2012-07-16 19:17:34328704----a-w-C:\Windows\System32\services.exe.9CDA7A0ED6517B80
    2012-07-16 19:11:52328704----a-w-C:\Windows\System32\services.exe.44C9646C22E262AC
    2012-07-16 19:06:51328704----a-w-C:\Windows\System32\services.exe.ED4FF49C19C98178
    2012-07-16 19:01:55328704----a-w-C:\Windows\System32\services.exe.FCEDA1583464A31D
    2012-07-16 18:56:58328704----a-w-C:\Windows\System32\services.exe.373704F81EF3F1A6
    2012-07-16 18:51:59328704----a-w-C:\Windows\System32\services.exe.B771E0388160A5D2
    2012-07-16 18:46:06927800----a-w-C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{ECBDAAFC-D1FB-46ED-8C36-478E1DAE0408}\gapaengine.dll
    2012-07-16 18:44:07--------d-----w-C:\Program Files (x86)\Microsoft Security Client
    2012-07-16 18:44:02--------d-----w-C:\Program Files\Microsoft Security Client
    2012-07-16 17:03:57--------d-----w-C:\Program Files\ESET
    2012-07-16 16:58:14--------d-----w-C:\Users\Alexis\AppData\Roaming\Malwarebytes
    2012-07-16 16:58:0024904----a-w-C:\Windows\System32\drivers\mbam.sys
    2012-07-16 16:58:00--------d-----w-C:\ProgramData\Malwarebytes
    2012-07-16 16:58:00--------d-----w-C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-07-16 16:42:35--------d-----w-C:\Users\Alexis\AppData\Roaming\SpeedyPC Software
    2012-07-16 16:42:35--------d-----w-C:\Users\Alexis\AppData\Roaming\DriverCure
    2012-07-16 16:42:21--------d-----w-C:\ProgramData\SpeedyPC Software
    2012-07-16 00:55:52--------d-----w-C:\Users\Alexis\AppData\Roaming\LolClient
    2012-07-16 00:34:19467984----a-w-C:\Windows\SysWow64\d3dx10_39.dll
    2012-07-16 00:34:193851784----a-w-C:\Windows\SysWow64\D3DX9_39.dll
    2012-07-16 00:34:191493528----a-w-C:\Windows\SysWow64\D3DCompiler_39.dll
    2012-07-16 00:30:45--------d-----w-C:\Riot Games
    2012-07-15 23:10:17--------d-----w-C:\Users\Alexis\AppData\Local\PMB Files
    2012-07-15 23:10:13--------d-----w-C:\ProgramData\PMB Files
    2012-07-15 23:09:56--------d-----w-C:\Program Files (x86)\Pando Networks
    2012-07-15 20:59:08--------d-sh--w-C:\Windows\SysWow64\%APPDATA%
    2012-07-14 22:07:46--------d-----w-C:\Users\Alexis\AppData\Local\PassMark
    2012-07-14 22:07:21540688----a-w-C:\Windows\System32\d3dx10_39.dll
    2012-07-14 22:07:211942552----a-w-C:\Windows\System32\D3DCompiler_39.dll
    2012-07-14 22:07:144992520----a-w-C:\Windows\System32\D3DX9_39.dll
    2012-07-14 22:05:53--------d-----w-C:\ProgramData\Passmark
    2012-07-14 22:05:51--------d-----w-C:\Program Files\PerformanceTest
    2012-07-14 01:40:089013136----a-w-C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{4163441C-0F5F-4240-9CC8-BFCBCFD89066}\mpengine.dll
    2012-07-12 15:29:48--------d-----w-C:\ProgramData\Ask
    2012-07-11 18:54:59--------d-----w-C:\Users\Alexis\AppData\Roaming\SuperNZB
    2012-07-11 18:20:53--------d-----w-C:\Users\Alexis\AppData\Local\QuickPar
    2012-07-11 18:09:59--------d-----w-C:\Program Files (x86)\QuickPar
    2012-07-11 03:20:253148800----a-w-C:\Windows\System32\win32k.sys
    2012-07-11 03:12:59499200----a-w-C:\Program Files\Internet Explorer\jsdbgui.dll
    2012-07-11 03:12:59387584----a-w-C:\Program Files (x86)\Internet Explorer\jsdbgui.dll
    2012-07-11 03:12:58678912----a-w-C:\Program Files (x86)\Internet Explorer\iedvtool.dll
    2012-07-11 03:12:57887296----a-w-C:\Program Files\Internet Explorer\iedvtool.dll
    2012-07-11 03:11:26458704----a-w-C:\Windows\System32\drivers\cng.sys
    2012-07-11 03:11:26340992----a-w-C:\Windows\System32\schannel.dll
    2012-07-11 03:11:26307200----a-w-C:\Windows\System32\ncrypt.dll
    2012-07-11 03:11:26219136----a-w-C:\Windows\SysWow64\ncrypt.dll
    2012-07-11 03:11:26151920----a-w-C:\Windows\System32\drivers\ksecpkg.sys
    2012-07-11 03:11:2595600----a-w-C:\Windows\System32\drivers\ksecdd.sys
    2012-07-11 03:11:25225280----a-w-C:\Windows\SysWow64\schannel.dll
    2012-07-11 03:11:2522016----a-w-C:\Windows\SysWow64\secur32.dll
    2012-07-11 03:11:2496768----a-w-C:\Windows\SysWow64\sspicli.dll
    2012-07-10 19:31:17--------d-----w-C:\Users\Alexis\AppData\Roaming\ASUS
    2012-07-10 19:29:45805376------w-C:\Windows\System32\Cmeauoxy.exe
    2012-07-10 19:29:45--------d-----w-C:\Program Files\ASUS Xonar DG Audio
    2012-07-10 19:29:212725376----a-w-C:\Windows\System32\drivers\cmudaxp.sys
    2012-07-10 19:29:2032768----a-w-C:\Windows\System32\cmudaxp.dll
    2012-07-10 19:29:18315392----a-w-C:\Windows\SysWow64\CmiFltr.dll
    2012-07-10 19:29:18315392----a-w-C:\Windows\system\CmiFltr.dll
    2012-07-10 19:29:14359424------w-C:\Windows\System32\CmiInstallResAll64.dll
    2012-07-10 19:29:05524768----a-r-C:\Windows\difxapi.dll
    2012-07-08 23:31:57--------d-----w-C:\Users\Alexis\AppData\Roaming\enchant
    2012-07-08 23:21:26--------d-----w-C:\Program Files (x86)\Artha
    2012-07-01 05:13:50--------d-----w-C:\ProgramData\Solidshield
    2012-06-24 04:44:08--------d-----w-C:\Users\Alexis\AppData\Roaming\XBMC
    2012-06-21 14:00:172622464----a-w-C:\Windows\System32\wucltux.dll
    2012-06-21 13:59:4399840----a-w-C:\Windows\System32\wudriver.dll
    2012-06-21 13:59:1236864----a-w-C:\Windows\System32\wuapp.exe
    2012-06-21 13:59:12186752----a-w-C:\Windows\System32\wuwebv.dll
    .
    ==================== Find3M ====================
    .
    2012-07-16 19:21:10328704----a-w-C:\Windows\System32\services.exe
    2012-07-16 02:09:52466456----a-w-C:\Windows\System32\wrap_oal.dll
    2012-07-16 02:09:52444952----a-w-C:\Windows\SysWow64\wrap_oal.dll
    2012-07-16 02:09:52122904----a-w-C:\Windows\System32\OpenAL32.dll
    2012-07-16 02:09:52109080----a-w-C:\Windows\SysWow64\OpenAL32.dll
    2012-07-15 21:07:06283304----a-w-C:\Windows\SysWow64\PnkBstrB.xtr
    2012-07-15 21:07:06283304----a-w-C:\Windows\SysWow64\PnkBstrB.exe
    2012-07-15 21:06:47280904----a-w-C:\Windows\SysWow64\PnkBstrB.ex0
    2012-07-12 05:15:1270344----a-w-C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-07-12 05:15:12426184----a-w-C:\Windows\SysWow64\FlashPlayerApp.exe
    2012-06-14 20:56:22955840----a-w-C:\Windows\System32\npdeployJava1.dll
    2012-06-14 20:56:22839096----a-w-C:\Windows\System32\deployJava1.dll
    2012-06-06 06:06:162004480----a-w-C:\Windows\System32\msxml6.dll
    2012-06-06 06:06:161881600----a-w-C:\Windows\System32\msxml3.dll
    2012-06-06 06:02:541133568----a-w-C:\Windows\System32\cdosys.dll
    2012-06-06 05:05:521390080----a-w-C:\Windows\SysWow64\msxml6.dll
    2012-06-06 05:05:521236992----a-w-C:\Windows\SysWow64\msxml3.dll
    2012-06-06 05:03:06805376----a-w-C:\Windows\SysWow64\cdosys.dll
    2012-06-02 12:12:172311680----a-w-C:\Windows\System32\jscript9.dll
    2012-06-02 12:05:281392128----a-w-C:\Windows\System32\wininet.dll
    2012-06-02 12:04:501494528----a-w-C:\Windows\System32\inetcpl.cpl
    2012-06-02 12:01:40173056----a-w-C:\Windows\System32\ieUnatt.exe
    2012-06-02 11:57:082382848----a-w-C:\Windows\System32\mshtml.tlb
    2012-06-02 08:33:251800192----a-w-C:\Windows\SysWow64\jscript9.dll
    2012-06-02 08:25:081129472----a-w-C:\Windows\SysWow64\wininet.dll
    2012-06-02 08:25:031427968----a-w-C:\Windows\SysWow64\inetcpl.cpl
    2012-06-02 08:20:33142848----a-w-C:\Windows\SysWow64\ieUnatt.exe
    2012-06-02 08:16:522382848----a-w-C:\Windows\SysWow64\mshtml.tlb
    2012-05-24 21:18:404472832----a-w-C:\Windows\SysWow64\GPhotos.scr
    2012-05-23 19:07:02476960----a-w-C:\Windows\SysWow64\npdeployJava1.dll
    2012-05-23 19:07:02472864----a-w-C:\Windows\SysWow64\deployJava1.dll
    2012-05-17 19:19:0714844448----a-w-C:\Program Files (x86)\Common Files\lpuninstall.exe
    2012-05-04 11:06:225559664----a-w-C:\Windows\System32\ntoskrnl.exe
    2012-05-04 11:00:43366592----a-w-C:\Windows\System32\qdvd.dll
    2012-05-04 10:03:533968368----a-w-C:\Windows\SysWow64\ntkrnlpa.exe
    2012-05-04 10:03:503913072----a-w-C:\Windows\SysWow64\ntoskrnl.exe
    2012-05-04 09:59:54514560----a-w-C:\Windows\SysWow64\qdvd.dll
    2012-05-01 05:40:20209920----a-w-C:\Windows\System32\profsvc.dll
    2012-04-28 05:32:051112064----a-w-C:\Windows\System32\rdpcorets.dll
    2012-04-28 03:55:21210944----a-w-C:\Windows\System32\drivers\rdpwd.sys
    2012-04-26 05:41:5677312----a-w-C:\Windows\System32\rdpwsx.dll
    2012-04-26 05:41:55149504----a-w-C:\Windows\System32\rdpcorekmts.dll
    2012-04-26 05:34:279216----a-w-C:\Windows\System32\rdrmemptylst.exe
    2012-04-24 21:13:2454728----a-w-C:\Windows\System32\drivers\Soluto.sys
    2012-04-24 05:37:37184320----a-w-C:\Windows\System32\cryptsvc.dll
    2012-04-24 05:37:37140288----a-w-C:\Windows\System32\cryptnet.dll
    2012-04-24 05:37:361462272----a-w-C:\Windows\System32\crypt32.dll
    2012-04-24 04:36:42140288----a-w-C:\Windows\SysWow64\cryptsvc.dll
    2012-04-24 04:36:421158656----a-w-C:\Windows\SysWow64\crypt32.dll
    2012-04-24 04:36:42103936----a-w-C:\Windows\SysWow64\cryptnet.dll
    2012-04-22 17:56:21283200----a-w-C:\Windows\System32\drivers\dtsoftbus01.sys
    .
    ============= FINISH: 0:47:54.09 ===============
     
  5. Alexpt

    Alexpt TS Rookie Topic Starter

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows 7 Ultimate
    Boot Device: \Device\HarddiskVolume2
    Install Date: 22/01/2012 0:01:01
    System Uptime: 17/07/2012 0:13:53 (0 hours ago)
    .
    Motherboard: ASUSTeK Computer INC. | | P5QL-E
    Processor: Intel(R) Core(TM)2 Duo CPU E7200 @ 2.53GHz | LGA775 | 2533/266mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 931 GiB total, 340.478 GiB free.
    D: is FIXED (NTFS) - 75 GiB total, 74.437 GiB free.
    E: is Removable
    F: is CDROM ()
    G: is CDROM ()
    H: is CDROM ()
    I: is FIXED (NTFS) - 699 GiB total, 150.567 GiB free.
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP156: 16/07/2012 10:56:35 - Scheduled Checkpoint
    RP157: 16/07/2012 12:54:11 - Revo Uninstaller's restore point - SpeedyPC Pro
    RP158: 16/07/2012 12:54:55 - Revo Uninstaller's restore point - SpeedyPC Pro
    RP159: 16/07/2012 12:56:51 - Installed ESET NOD32 Antivirus
    RP160: 16/07/2012 14:45:11 - Windows Update
    .
    ==== Installed Programs ======================
    .
    ABBYY FineReader 10 Professional Edition
    Adobe AIR
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Photoshop CS6
    Adobe Reader X (10.1.3)
    Adobe Shockwave Player 11.6
    Alt.Binz 0.25.0
    Antidote HD
    Apple Application Support
    Apple Software Update
    Artha 1.0.2.0
    Audacity 2.0
    Audiosurf
    Auslogics Disk Defrag
    Autodesk Material Library 2013
    Autodesk Material Library Base Resolution Image Library 2013
    Battlefield 3™
    Battlelog Web Plugins
    Binreader
    Combined Community Codec Pack 2011-11-11
    Cubby
    DAEMON Tools Lite
    DiRT 3
    Disk Space Fan 4 Free (4.0.2.102)
    DivX Setup
    Dropbox
    ESN Sonar
    Facebook Messenger 2.1.4570.0
    Fences
    FileHippo.com Update Checker
    Glary Utilities 2.45.0.1486
    Google Chrome
    Google Drive
    Google Update Helper
    Guitar Pro 6
    Host OpenAL
    ImgBurn
    iSyncr
    Java Auto Updater
    Java(TM) 6 Update 32
    K-Lite Codec Pack 8.8.0 (Full)
    LastPass (uninstall only)
    League of Legends
    Malwarebytes Anti-Malware version 1.62.0.1300
    Mass Effect™ 3
    MediaHuman Audio Converter version 1.5.2
    MediaHuman Video Converter version 1.1.1
    Mendeley Desktop 1.3.2
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    Mozilla Firefox 14.0 (x86 en-US)
    Mozilla Maintenance Service
    NVIDIA PhysX
    OpenAL
    Origin
    Osmos
    Pando Media Booster
    PDF Settings CS6
    Picasa 3
    Power Tab Editor 1.7
    Power Tab Librarian
    PunkBuster Services
    QuickPar 0.9
    QuickTime
    Rapture3D 2.4.8 Game
    Real Alternative 2.0.2
    Revo Uninstaller 1.94
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
    Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
    ShareMouse v1.0.90
    SHIFT 2 UNLEASHED™
    SopCast 3.5.0
    SpeedFan (remove only)
    Steam
    swMSM
    The Elder Scrolls V Skyrim - High Resolution Texture Pack
    The KMPlayer (remove only)
    theRenamer 7.55
    Total War: SHOGUN 2
    TuneUp Companion 2.4.6.4
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Microsoft .NET Framework 4 Extended (KB2468871)
    Update for Microsoft .NET Framework 4 Extended (KB2533523)
    Update for Microsoft .NET Framework 4 Extended (KB2600217)
    VC80CRTRedist - 8.0.50727.6195
    VirtualCloneDrive
    Windows Media Player Firefox Plugin
    Winstep Start Menu Organizer 1.5
    .
    ==== Event Viewer Messages From Past Week ========
    .
    17/07/2012 0:40:34, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147024891
    17/07/2012 0:40:34, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: %%-2147024891
    17/07/2012 0:14:58, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Soluto PCGenome Core Service service to connect.
    17/07/2012 0:14:58, Error: Service Control Manager [7000] - The Soluto PCGenome Core Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    17/07/2012 0:14:27, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
    17/07/2012 0:14:27, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the lxebCATSCustConnectService service to connect.
    17/07/2012 0:14:27, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
    17/07/2012 0:14:27, Error: Service Control Manager [7000] - The lxebCATSCustConnectService service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    17/07/2012 0:14:26, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
    17/07/2012 0:14:26, Error: Service Control Manager [7000] - The ESET Service service failed to start due to the following error: The system cannot find the file specified.
    16/07/2012 14:38:45, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
    16/07/2012 14:38:45, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473535.
    16/07/2012 14:11:43, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service NVSvc with arguments "" in order to run the server: {DCAB0989-1301-4319-BE5F-ADE89F88581C}
    16/07/2012 13:55:36, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F}
    16/07/2012 13:55:36, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
    16/07/2012 13:55:28, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
    16/07/2012 13:55:28, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    16/07/2012 13:55:28, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    16/07/2012 13:55:24, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    16/07/2012 13:55:18, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
    16/07/2012 13:55:13, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache ElbyCDIO Soluto spldr Wanarpv6
    16/07/2012 13:55:09, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
    16/07/2012 13:53:45, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
    16/07/2012 13:53:26, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
    16/07/2012 13:53:26, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
    16/07/2012 13:53:14, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD CSC DfsC discache ElbyCDIO NetBIOS NetBT nsiproxy Psched rdbss Soluto spldr tdx Wanarpv6 WfpLwf
    16/07/2012 13:53:09, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    16/07/2012 13:53:09, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    16/07/2012 13:53:09, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
    16/07/2012 13:53:09, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    16/07/2012 13:53:09, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    16/07/2012 13:53:09, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
    16/07/2012 13:53:09, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    16/07/2012 13:53:09, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    16/07/2012 13:53:09, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    16/07/2012 13:39:26, Error: Service Control Manager [7030] - The ESET Service service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
    16/07/2012 13:16:55, Error: Service Control Manager [7003] - The epfwwfpr service depends the following service: BFE. This service might not be installed.
    16/07/2012 13:06:59, Error: Service Control Manager [7030] - The Eset install launcher (30040) service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
    16/07/2012 10:04:21, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk3\DR3.
    16/07/2012 0:10:17, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD CSC DfsC discache ehdrv ElbyCDIO NetBIOS NetBT nltdi nsiproxy Psched rdbss Soluto spldr tdx Wanarpv6 WfpLwf
    15/07/2012 3:20:36, Error: Service Control Manager [7023] - The Windows Time service terminated with the following error: A system shutdown is in progress.
    15/07/2012 20:41:03, Error: Service Control Manager [7034] - The CrashPlan Backup Service service terminated unexpectedly. It has done this 1 time(s).
    15/07/2012 20:31:59, Error: volsnap [25] - The shadow copies of volume C: were deleted because the shadow copy storage could not grow in time. Consider reducing the IO load on the system or choose a shadow copy storage volume that is not being shadow copied.
    15/07/2012 0:25:48, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk2\DR2.
    13/07/2012 19:16:05, Error: Service Control Manager [7034] - The Soluto PCGenome Core Service service terminated unexpectedly. It has done this 1 time(s).
    11/07/2012 16:39:02, Error: VDS Basic Provider [1] - Unexpected failure. Error code: 490@01010004
    10/07/2012 0:11:56, Error: atapi [11] - The driver detected a controller error on \Device\Ide\IdePort2.
    .
    ==== End Of File ===========================
     
  6. Broni

    Broni Malware Annihilator Posts: 52,895   +344

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ============================================

    For x32 (x86) bit systems download Farbar Recovery Scan Tool 32-Bit and save it to a flash drive.
    For x64 bit systems download Farbar Recovery Scan Tool 64-Bit and save it to a flash drive.

    Plug the flashdrive into the infected PC.

    Enter System Recovery Options.

    To enter System Recovery Options from the Advanced Boot Options:
    • Restart the computer.
    • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
    • Use the arrow keys to select the Repair your computer menu item.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account an click Next.

    To enter System Recovery Options by using Windows installation disc:
    • Insert the installation disc.
    • Restart your computer.
    • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
    • Click Repair your computer.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account and click Next.

    On the System Recovery Options menu you will get the following options:

      • Startup Repair
        System Restore
        Windows Complete PC Restore
        Windows Memory Diagnostic Tool
        Command Prompt
    • Select Command Prompt
    • In the command window type in notepad and press Enter.
    • The notepad opens. Under File menu select Open.
    • Select "Computer" and find your flash drive letter and close the notepad.
    • In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
      Note: Replace letter e with the drive letter of your flash drive.
    • The tool will start to run.
    • When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.
     
  7. Alexpt

    Alexpt TS Rookie Topic Starter

    Thanks for the answer I'll do what you wrote this evening and give you news.
     
  8. Broni

    Broni Malware Annihilator Posts: 52,895   +344

    OK.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...