Inactive Can only boot into safe mode

Status
Not open for further replies.

johnpb

Posts: 14   +0
Hello everyone and thanks in advance for your help

I have a dell inspiron 1501 runing windows Vista Home SP2
32 bit operating system

My problem started yesterday when I started the computer. It will show the Dell Inspiron screen, go to windows password logon screen. Once you enter the password windows will boot and go to the desktop. Once the desktop comes up, the screen goes blue with scattered small white boxes for a few seconds then reboots.

My first though was a virus so I attempted to load avira to do the first 6 steps. I downloaded Avira free version and attempted to install, it extracted all files then when attempting to install I received the following message

"Installation of the microsoft runtime redistributable kit has failed"

I then attempted to install vcredis_x86 and received the following error message

"windows installer could not be accessed"

So I attempted to install windows installer and recieved the following error

"not enough storage is available to process this command"

I then attempted to and sucessfully installed Avast but when I try to open it I get the following error

"The application has failed to start because it's side by side configuration is incorrect"

At this point I ran TFC, Malwarebytes, gmer and dds, all logs to follow

Any and all help is greatly appreciated. If you do not feel this is a virus problem please direct me to the proper forum.

Thanks in advance
John
 
Malwarebytes log part 1

Here is the corect log, Sorry about that

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4417

Windows 6.0.6002 Service Pack 2 (Safe Mode)
Internet Explorer 8.0.6001.18928

8/11/2010 5:57:05 AM
mbam-log-2010-08-11 (05-57-05).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 283107
Time elapsed: 1 hour(s), 9 minute(s), 6 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MyWebSearchService (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
 
GMER log

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-08-11 08:01:11
Windows 6.0.6002 Service Pack 2
Running: lg3kox9b.exe; Driver: C:\Users\kameron\AppData\Local\Temp\uxddafow.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

Device \FileSystem\fastfat \Fat 8299AA7A

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----
 
DDS log

DDS (Ver_10-03-17.01) - NTFSx86 MINIMAL
Run by kameron at 8:01:23.91 on Wed 08/11/2010
Internet Explorer: 8.0.6001.18928
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1917.1324 [GMT -6:00]


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\Explorer.EXE
C:\Users\kameron\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uSearch Page =
uStart Page = hxxp://www.google.com/
uDefault_Page_URL = hxxp://www.msn.com
mDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=2071031
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll
BHO: PlaySushi: {21608b66-026f-4dcb-9244-0daca328dced} - c:\program files\playsushi\PSText.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.5126.1836\swg.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
BHO: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.1203.0\msneshellx.dll
TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll
TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.1203.0\msneshellx.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [Weather] c:\program files\aws\weatherbug\Weather.exe 1
uRun: [RegistryMechanic] c:\program files\registry mechanic\RMTray.exe /H
uRunOnce: [Shockwave Updater] c:\windows\system32\adobe\shockwave 11\SwHelper_1151601.exe -Update -1151601 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; FunWebProducts; GTB6.3; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.5.30729; .NET CLR 3.0.30618)" -"http://www.miniclip.com/games/basketball-slam/en/"
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [ECenter] c:\dell\e-center\EULALauncher.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\CLIStart.exe"
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [SigmatelSysTrayApp] sttray.exe
mRun: [SSDMonitor] c:\program files\common files\pc tools\smonitor\SSDMonitor.exe
mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
StartupFolder: c:\users\kameron\appdata\roaming\microsoft\windows\start menu\programs\startup\desktop(585).ini
StartupFolder: c:\programdata\microsoft\windows\start menu\programs\startup\desktop(504).ini
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickset.lnk - c:\windows\installer\{7f0c4457-8e64-491b-8d7b-991504365d1e}\NewShortcut2_53A01CC614B04512A2E710D39BF83DC4.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &Search
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0\bin\npjpi160.dll
Trusted Zone: microsoft.com\*.windowsupdate
Trusted Zone: microsoft.com\update
Trusted Zone: windowsupdate.com
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/en-US/wlscctrl2.cab
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://photo2.walgreens.com/WalgreensActivia.cab
DPF: {75A6AEA3-F26E-4608-AE9B-8DA78C87576E} - hxxps://kingsisle.hs.llnwd.net/e1/static/themes/wizard101A/activex/Wizard101GameLauncher.CAB
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} - hxxp://a.download.toontown.com/sv1.0.39.5/ttinst.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
AppInit_DLLs: c:\progra~1\google\google~2\GOEC62~1.DLL

============= SERVICES / DRIVERS ===============

S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-8-11 162768]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-8-11 19024]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-8-11 51792]
S2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-8-11 40384]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 MyWebSearchService;My Web Search Service;c:\progra~1\mywebs~1\bar\1.bin\mwssvc.exe --> c:\progra~1\mywebs~1\bar\1.bin\mwssvc.exe [?]
S2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\common files\pc tools\smonitor\StartManSvc.exe [2010-7-11 632792]
S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-8-11 40384]
S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-8-11 40384]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2009-1-28 21504]
S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\google\google desktop search\GoogleDesktop.exe [2007-10-31 30192]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2009-3-7 38224]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

=============== Created Last 30 ================

2010-08-11 13:15:24 51792 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-08-11 13:15:15 0 d-----w- c:\programdata\Alwil Software
2010-08-11 12:50:58 65536 --sha-w- c:\users\kameron\ntuser.dat{eed2f275-a546-11df-9cda-a164f8e91013}.TM.blf
2010-08-11 12:50:58 524288 --sha-w- c:\users\kameron\ntuser.dat{eed2f275-a546-11df-9cda-a164f8e91013}.TMContainer00000000000000000002.regtrans-ms
2010-08-11 12:50:58 524288 --sha-w- c:\users\kameron\ntuser.dat{eed2f275-a546-11df-9cda-a164f8e91013}.TMContainer00000000000000000001.regtrans-ms
2010-08-11 12:48:25 0 --sha-w- c:\users\kameron\ntuser.dat{9f9b1014-a546-11df-bddb-001c23b33ad9}.TMContainer00000000000000000002.regtrans-ms
2010-08-11 12:48:25 0 --sha-w- c:\users\kameron\ntuser.dat{9f9b1014-a546-11df-bddb-001c23b33ad9}.TMContainer00000000000000000001.regtrans-ms
2010-08-11 12:48:25 0 --sha-w- c:\users\kameron\ntuser.dat{9f9b1014-a546-11df-bddb-001c23b33ad9}.TM.blf
2010-08-07 14:46:46 139624 ---ha-w- c:\windows\system32\mlfcache.dat
2010-07-19 19:59:33 0 d-----w- c:\windows\CheckSur
2010-07-16 02:49:12 65536 --sha-w- c:\users\kameron\ntuser.dat{953f4095-9084-11df-a0c1-001c23b33ad9}.TM.blf
2010-07-16 02:49:12 524288 --sha-w- c:\users\kameron\ntuser.dat{953f4095-9084-11df-a0c1-001c23b33ad9}.TMContainer00000000000000000002.regtrans-ms
2010-07-16 02:49:12 524288 --sha-w- c:\users\kameron\ntuser.dat{953f4095-9084-11df-a0c1-001c23b33ad9}.TMContainer00000000000000000001.regtrans-ms

==================== Find3M ====================

2010-08-11 03:30:09 1366 ----a-w- c:\users\kameron\appdata\roaming\wklnhst.dat
2010-07-12 01:26:38 665600 ----a-w- c:\windows\inf\drvindex.dat
2010-07-12 01:26:38 51200 ----a-w- c:\windows\inf\infpub.dat
2010-07-12 01:26:37 86016 ----a-w- c:\windows\inf\infstor.dat
2010-07-12 01:26:36 143360 ----a-w- c:\windows\inf\infstrng.dat
2010-07-12 01:26:05 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
2010-07-12 01:25:38 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2010-07-12 00:17:55 37665 ----a-w- c:\windows\fonts\GlobalUserInterface.CompositeFont
2010-07-11 06:40:57 766656 ----a-w- c:\windows\fonts\arial.ttf
2010-05-26 17:06:41 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-05-26 14:47:41 289792 ----a-w- c:\windows\system32\atmfd.dll
2010-05-21 20:14:28 221568 ------w- c:\windows\system32\MpSigStub.exe
2009-01-28 17:49:58 174 --sha-w- c:\program files\desktop.ini
2007-12-25 13:52:53 51200 ----a-w- c:\windows\inf\infpub(751).dat
2007-12-25 13:52:36 665600 ----a-w- c:\windows\inf\drvindex(749).dat
2007-12-25 13:52:35 86016 ----a-w- c:\windows\inf\infstrng(753).dat
2007-12-25 13:52:35 86016 ----a-w- c:\windows\inf\infstor(752).dat
2006-11-02 12:50:50 174 --sha-w- c:\program files\desktop(277).ini
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-03-07 20:38:36 16384 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\local\temp\cookies\index.dat
2009-03-07 20:38:36 16384 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\local\temp\history\history.ie5\index.dat
2009-03-07 20:58:07 32768 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\local\temp\temporary internet files\content.ie5\index.dat
2009-12-15 04:40:57 245760 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat
2009-12-15 04:38:53 245760 --sha-w- c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\windows\ietldcache\index.dat
2007-10-31 13:21:36 8192 --sha-w- c:\windows\users\default\NTUSER(896).DAT
2007-10-31 13:21:36 8192 --sha-w- c:\windows\users\default\NTUSER.DAT

============= FINISH: 8:02:00.36 ===============
 
DDS attach log

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume3
Install Date: 10/30/2007 11:29:29 PM
System Uptime: 8/11/2010 7:20:53 AM (1 hours ago)

Motherboard: Dell Inc. | | 0UW744
Processor: AMD Athlon(tm) 64 X2 Dual-Core Processor TK-55 | Socket M2/S1G1 | 1800/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 64 GiB total, 22.522 GiB free.
D: is FIXED (NTFS) - 10 GiB total, 6.089 GiB free.
E: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP525: 7/20/2010 11:20:33 AM - Windows Update
RP526: 8/3/2010 10:01:17 AM - Windows Update
RP527: 8/5/2010 7:32:00 PM - Windows Update
RP528: 8/5/2010 7:40:14 PM - Windows Update
RP529: 8/7/2010 11:35:34 PM - Scheduled Checkpoint
RP530: 8/9/2010 8:31:48 AM - Windows Update

==== Installed Programs ======================

Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 8.1.0
Adobe Shockwave Player 11.5
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Ask Toolbar
ATI Catalyst Control Center Ex
ATI PCI Express (3GIO) Filter Driver
avast! Free Antivirus
Bonjour
Browser Address Error Redirector
Canon RAW Image Task for ZoomBrowser EX
Canon Utilities CameraWindow
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
Canon Utilities Digital Photo Professional 3.3
Canon Utilities EOS Utility
Canon Utilities MyCamera
Canon Utilities Original Data Security Tools
Canon Utilities PhotoStitch
Canon Utilities Picture Style Editor
Canon Utilities RemoteCapture Task for ZoomBrowser EX
Canon Utilities WFT-E1/E2/E3 Utility
Canon Utilities ZoomBrowser EX
Canon ZoomBrowser EX Memory Card Utility
Conexant HDA D110 MDC V.92 Modem
Conquer 2.0
DeductionPro 2008
Dell Support Center (Support Software)
Dell System Customization Wizard
Dell Wireless WLAN Card
DellSupport
Digital Line Detect
Disney Pirates of the Caribbean Online
Disney Toontown Online
EOS USB WIA Driver
FamilyFeudOnlineParty (remove only)
Free Realms
Free Realms Installer
Games, Music, & Photos Launcher
Google Desktop
Google Toolbar for Internet Explorer
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Internet Service Offers Launcher
iTunes
Java(TM) SE Runtime Environment 6
LimeWire 4.14.12
Malwarebytes' Anti-Malware
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
MobileMe Control Panel
Modem Diagnostic Tool
MSN Toolbar
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NetWaiting
Pdf995 (installed by TaxCut)
PdfEdit995 (installed by TaxCut)
PL-2303 USB-to-Serial
PL-2303 Vista Driver Installer
Playsushi
Product Documentation Launcher
QuickSet
QuickTime
RCA Detective™ 2.0.0.99
RCA easyRip 2.1.6.0
RCA SMV Video Converter
Registry Mechanic 9.0
Roxio Creator Audio
Roxio Creator BDAV Plugin
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Express Labeler
Roxio MyDVD DE
Roxio Update Manager
RTC Client API v1.2
Safari
Shareaza 2.4.0.0
SigmaTel Audio
Sonic Activation Module
Synaptics Pointing Device Driver
TaxCut Premium + Efile 2008
Unity Web Player
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
User's Guides
Viewpoint Media Player
W Photo Studio
WeatherBug
Windows Live OneCare safety scanner
WinRAR archiver
Wise Disk Cleaner 4.83
Wise Registry Cleaner 4 Free 4.92
Wizard101

==== Event Viewer Messages From Past Week ========

8/9/2010 6:46:51 PM, Error: EventLog [6008] - The previous system shutdown at 6:45:00 PM on 8/9/2010 was unexpected.
8/9/2010 6:42:05 PM, Error: EventLog [6008] - The previous system shutdown at 6:30:28 PM on 8/9/2010 was unexpected.
8/9/2010 3:40:35 PM, Error: EventLog [6008] - The previous system shutdown at 9:03:13 AM on 8/9/2010 was unexpected.
8/8/2010 8:06:10 AM, Error: EventLog [6008] - The previous system shutdown at 8:04:40 AM on 8/8/2010 was unexpected.
8/8/2010 7:42:42 PM, Error: EventLog [6008] - The previous system shutdown at 4:59:46 PM on 8/8/2010 was unexpected.
8/8/2010 4:01:55 PM, Error: EventLog [6008] - The previous system shutdown at 3:59:45 PM on 8/8/2010 was unexpected.
8/8/2010 2:37:42 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
8/7/2010 4:54:11 PM, Error: EventLog [6008] - The previous system shutdown at 1:52:23 PM on 8/7/2010 was unexpected.
8/7/2010 12:10:31 PM, Error: EventLog [6008] - The previous system shutdown at 11:20:58 AM on 8/7/2010 was unexpected.
8/11/2010 7:23:28 AM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
8/11/2010 7:23:26 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
8/11/2010 7:23:25 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
8/11/2010 7:22:56 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD aswRdr aswSP aswTdi DfsC NetBIOS netbt nsiproxy PSched RasAcd rdbss Smb spldr tdx Wanarpv6
8/11/2010 7:22:56 AM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
8/11/2010 7:22:56 AM, Error: Service Control Manager [7001] - The WebDav Client Redirector Driver service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
8/11/2010 7:22:56 AM, Error: Service Control Manager [7001] - The WebClient service depends on the WebDav Client Redirector Driver service which failed to start because of the following error: The dependency service or group failed to start.
8/11/2010 7:22:56 AM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
8/11/2010 7:22:56 AM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
8/11/2010 7:22:56 AM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
8/11/2010 7:22:56 AM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
8/11/2010 7:22:56 AM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service service which failed to start because of the following error: A device attached to the system is not functioning.
8/11/2010 7:22:56 AM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
8/11/2010 7:22:56 AM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
8/11/2010 7:22:56 AM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
8/11/2010 7:22:56 AM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
8/11/2010 7:22:56 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
8/11/2010 7:22:48 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
8/11/2010 7:22:48 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
8/11/2010 7:22:48 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
8/11/2010 7:22:44 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
8/11/2010 7:22:36 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
8/11/2010 7:15:22 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
8/11/2010 7:10:31 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: spldr Wanarpv6
8/11/2010 7:06:46 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC NetBIOS netbt nsiproxy PSched RasAcd rdbss Smb spldr tdx Wanarpv6
8/11/2010 7:03:18 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
8/11/2010 6:58:15 AM, Error: Microsoft-Windows-Windows Defender [2004] - Windows Defender has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures. Signatures Attempted: Current Error Code: 0x8050a001 Error description: The program can't find definition files that help detect unwanted software. Check for updates to the definition files, and then try again. For information on installing updates, see Help and Support. Signatures loading: Backup Loading signature version: 1.87.1293.0 Loading engine version: 1.1.6004.0
8/11/2010 6:53:19 AM, Error: Microsoft-Windows-Windows Defender [2004] - Windows Defender has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures. Signatures Attempted: Current Error Code: 0x8050a001 Error description: The program can't find definition files that help detect unwanted software. Check for updates to the definition files, and then try again. For information on installing updates, see Help and Support. Signatures loading: Backup Loading signature version: 1.87.1293.0 Loading engine version: 1.1.6004.0
8/11/2010 6:50:34 AM, Error: EventLog [6008] - The previous system shutdown at 6:48:51 AM on 8/11/2010 was unexpected.
8/10/2010 9:52:03 PM, Error: Service Control Manager [7000] - The My Web Search Service service failed to start due to the following error: The system cannot find the path specified.
8/10/2010 7:52:49 PM, Error: R300 [43015] - I2c return failed
8/10/2010 10:01:06 PM, Error: EventLog [6008] - The previous system shutdown at 9:56:50 PM on 8/10/2010 was unexpected.

==== End Of File ===========================
 
Anything missing?

Please let me know if you need any further information or logs/programs ran.

Thanks again
 
Hi and welcome to TechSpot forums :)

==

First thing I would like you to do is update MBA-M. Yours is woefully out of date and if that version found all that stuff on there, I would wager my next fortnights pay that when it is up-to-date, it will find a lot more.
 
Correct Malwarebytes log

Sorry, just realized that I posted the wrong log. I replaced the log posted at top of thread. I knew it was up to date, glad you caught that. Thanks and I will await further instructions.
 
Please download and save SecurityCheck.exe to your Desktop from one of the links below.

Link 1
Link 2

Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt
Please post the contents of that document in your next reply.

=============

Please download ComboFix by sUBs from HERE or HERE
  • You must download it to and run it from your Desktop
  • Physically disconnect from the internet.
  • Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
  • Double click combofix.exe & follow the prompts.
  • When finished, it will produce a log. Please save that log to post in your next reply.
  • Re-enable all the programs that were disabled during the running of ComboFix..

Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.

CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Run Combofix ONCE only!!
 
security log

Results of screen317's Security Check version 0.99.5
Windows Vista Service Pack 2 (UAC is disabled!)
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Enabled!
avast! Free Antivirus
[size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size]
```````````````````````````````
Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware
Wise Disk Cleaner 4.83
Wise Registry Cleaner 4 Free 4.92
Java(TM) SE Runtime Environment 6
Adobe Flash Player 10.0.12.36
Adobe Reader 8.1.0
Out of date Adobe Reader installed!
````````````````````````````````
Process Check:
objlist.exe by Laurent

````````````````````````````````
DNS Vulnerability Check:

GREAT! (Not vulnerable to DNS cache poisoning)

``````````End of Log````````````
 
combofix log

Hope these help. Awaiting further instructions, Thanks you for your help, it is greatly appreciated.
John

ComboFix 10-08-11.05 - kameron 08/12/2010 6:57.2.2 - x86 NETWORK
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1917.1421 [GMT -6:00]
Running from: c:\users\kameron\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_MyWebSearchService


((((((((((((((((((((((((( Files Created from 2010-07-12 to 2010-08-12 )))))))))))))))))))))))))))))))
.

2010-08-12 13:05 . 2010-08-12 13:05 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-08-12 12:56 . 2010-08-12 12:56 -------- d-----w- C:\32788R22FWJFW
2010-08-12 12:46 . 2010-08-12 13:05 -------- d-----w- c:\users\kameron\AppData\Local\temp
2010-08-11 13:15 . 2010-04-14 16:31 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-08-11 13:15 . 2010-04-14 16:35 162768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-08-11 13:15 . 2010-04-14 16:31 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-08-11 13:15 . 2010-04-14 16:35 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-08-11 13:15 . 2010-04-14 16:31 51792 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-08-11 13:15 . 2010-04-14 16:47 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-08-11 13:15 . 2010-04-14 16:47 153184 ----a-w- c:\windows\system32\aswBoot.exe
2010-08-11 13:15 . 2010-08-11 13:15 -------- d-----w- c:\programdata\Alwil Software
2010-08-11 13:15 . 2010-08-11 13:15 -------- d-----w- c:\program files\Alwil Software
2010-08-07 14:46 . 2010-08-07 14:46 139624 ---ha-w- c:\windows\system32\mlfcache.dat
2010-07-19 19:59 . 2010-07-19 19:59 -------- d-----w- c:\windows\CheckSur

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-12 12:46 . 2009-10-02 23:36 -------- d-----w- c:\program files\PlaySushi
2010-08-12 02:12 . 2010-01-06 23:05 680 ----a-w- c:\users\kameron\AppData\Local\d3d9caps.dat
2010-08-11 14:06 . 2009-03-07 23:40 -------- d-----w- c:\programdata\pdf995
2010-08-11 03:38 . 2008-03-01 18:53 -------- d-----w- c:\program files\iWin
2010-08-11 03:30 . 2008-01-08 03:47 1366 ----a-w- c:\users\kameron\AppData\Roaming\wklnhst.dat
2010-07-16 15:15 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-07-12 15:35 . 2008-03-14 22:26 -------- d-----w- c:\program files\Microsoft Silverlight
2010-07-12 02:54 . 2010-07-12 02:54 -------- d-----w- c:\program files\Common Files\PC Tools
2010-07-12 02:23 . 2007-10-31 06:04 -------- d-----w- c:\program files\Microsoft Works
2010-07-12 02:07 . 2010-07-12 02:07 -------- d-----w- c:\program files\Microsoft.NET
2010-07-12 01:26 . 2010-07-12 01:26 -------- d-----w- c:\program files\Windows Portable Devices
2010-07-12 01:26 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2010-07-12 01:26 . 2010-07-12 01:26 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
2010-07-12 01:25 . 2010-07-12 01:25 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2010-07-12 00:55 . 2009-12-19 15:39 -------- d-----w- c:\program files\Conquer 2.0
2010-07-12 00:28 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2010-07-12 00:28 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2010-07-12 00:28 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal
2010-07-12 00:28 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
2010-07-12 00:28 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2010-07-12 00:28 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2010-07-11 06:04 . 2009-03-07 08:03 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-26 17:06 . 2010-07-11 06:37 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-05-26 14:47 . 2010-07-11 06:37 289792 ----a-w- c:\windows\system32\atmfd.dll
2010-05-21 20:14 . 2009-10-02 20:43 221568 ------w- c:\windows\system32\MpSigStub.exe
2006-11-02 12:50 . 2006-11-02 12:50 174 --sha-w- c:\program files\desktop(277).ini
2007-10-31 13:21 . 2007-10-31 13:11 8192 --sha-w- c:\windows\Users\Default\NTUSER(896).DAT
2007-10-31 13:21 . 2007-10-31 13:11 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-10-30 03:55 333192 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-10-30 333192]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"Weather"="c:\program files\AWS\WeatherBug\Weather.exe" [2007-08-29 1347584]
"RegistryMechanic"="c:\program files\Registry Mechanic\RMTray.exe" [2010-04-08 292824]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Shockwave Updater"="c:\windows\system32\Adobe\Shockwave 11\SwHelper_1151601.exe" [2009-07-21 468408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2007-05-25 17920]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-20 815104]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-07-11 90112]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2006-11-22 1540096]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 81920]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-12-09 30192]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 221184]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
"SigmatelSysTrayApp"="sttray.exe" [2007-02-08 303104]
"SSDMonitor"="c:\program files\Common Files\PC Tools\sMonitor\SSDMonitor.exe" [2010-04-08 104408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]

c:\users\kameron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
desktop(585).ini [2007-12-3 174]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
desktop(504).ini [2006-11-2 174]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-10-30 50688]
QuickSet.lnk - c:\windows\Installer\{7F0C4457-8E64-491B-8D7B-991504365D1E}\NewShortcut2_53A01CC614B04512A2E710D39BF83DC4.exe [2007-10-30 45056]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):6d,25,e0,17,5a,21,cb,01

R1 aswSP;aswSP; [x]
R2 aswFsBlk;aswFsBlk; [x]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-04-14 51792]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [2010-04-08 632792]
R3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2009-12-09 30192]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]


--- Other Services/Drivers In Memory ---

*NewlyCreated* - PXHELP20

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder

2010-07-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-11 06:13]

2009-12-16 c:\windows\Tasks\Wise Disk Cleaner 4.job
- c:\program files\Wise Disk Cleaner\WiseDiskCleaner.exe [2009-12-14 21:03]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
Trusted Zone: microsoft.com\*.windowsupdate
Trusted Zone: microsoft.com\update
Trusted Zone: windowsupdate.com
DPF: {75A6AEA3-F26E-4608-AE9B-8DA78C87576E} - hxxps://kingsisle.hs.llnwd.net/e1/static/themes/wizard101A/activex/Wizard101GameLauncher.CAB
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
HKLM-RunOnce-<NO NAME> - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-12 07:06
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2010-08-12 07:09:09
ComboFix-quarantined-files.txt 2010-08-12 13:08

Pre-Run: 23,591,489,536 bytes free
Post-Run: 23,367,536,640 bytes free

- - End Of File - - 599FBC04D9A98B03E9B12A914C0355B9
 
Additional Information

Tried to reboot and got the blue creen with scattered white blocks. Once I rebooted into safe mode I recieved an error box stating windows recovered from an unexpected shutdown. Under addition information it list:

problem signature:
Problem Event Name BlueScreen
OS Version 6.0.6002.2.2.0.768.3
Local ID: 1033

Addition Information about the problem
BC Code 1000008e
BCP1: c0000005
BCP2 8B025FF0
BCP3: 95F11684
BCP4: 00000000
OS Version: 6_0_6002
Service Pack: 2_0
Product: 768_1


I am attaching the dump file it shows as I am unable to open it to copy and paste
 

Attachments

  • Mini081210-02.dmp
    135.2 KB · Views: 2
You should probably re-enable UAC (even though it can be a pain :)) and also update Adobe Reader.

Other than My Web Search, I don't see much there.

Are the vents clear of dust for the internals cooling?

Does it feel like it is getting hot?

Try and run disk check as well to see if there are any problem there.

Right click on the C drive and click properties, then under Tools > Error Checking, select Check Now.

It will check the disk and attempt repair if there is anything wrong.

Let me know how it goes.

Also, when did you first run Combofix? Log says it has been run twice and I wouldn't mind seeing the first run. Log should be in C:\qoobox.
 
Hello,

As for the cooling vents they are clear of dust and it doesnt appear to be getting hot.

I will run the disk check and let you know how it goes.

Also, I ran combofix this morning but the first failed and rebooted and no log was created. I am not sure at what point it failed, when I returned back to the computer it was on the login screen. I did check for a log before re running it. I also just posted a little infor while you were replying, let me know what you think.

Thanks again
 
disk check

I ran the diskcheck and everything checked out ok, no repairs were made. Let me know if you have any other advice.

Thanks
 
I am not convinced (looking at the logs) that this is actually malware related. Maybe you should post those error codes above to the Windows OS forum.
If it is not solved there, you are welcome to come back and we will have another look :).
 
Status
Not open for further replies.
Back