also @ TechSpot: Exploit allows command prompt to launch at Windows 7 login screen

TechSpot

[Closed] Error Following 6-Step Virus Removal Guide + Google redirect virus

Discussion in 'Virus and Malware Removal' started by henrisha, Oct 13, 2011.

Thread Status:
Not open for further replies.

  1. henrisha Newcomer, in training

    Hi,

    Running Windows Vista and just discovered that every link I clicked on after doing a search on Google redirected me to another site.
    I'm not the one who uses the PC (it's my dad's) so I have no idea where the virus might have been picked up.

    I feel like my case is similar to this one: http://www.techspot.com/vb/topic171985.html
    We went through the entire step and more or less I encountered the same difficulties as that user.

    Tried following the 6-Step Virus Removal and ran into the ff. problems:
    - I installed Avast Free because when I initially checked, it didn't seem like the PC had any anti virus programs installed. After running an initial scan with Avast Free (which failed), I found that AVG was installed but it wouldn't open or run at all.
    - I restarted and Avast ran a virus scan on DOS that stalled at 28% and then proceeded to load Windows. When I tried running Avast again, a dialog box popped up that said that I had no permissions to access the AvastUI.
    - Restarted, uninstalled Avast (from Control Panel and using the Avast Uninstall Utility) then ran another scan. Still didn't scan until completion.
    - Installed and ran Anti Malware Bytes. After updating, the program froze and didn't scan at all. Rebooted again.
    - When I try running Anti Malware Bytes, an error window pops up. Program won't start anymore.
    - Downloaded and tried running GMER. It exited by itself after a few seconds and same as the previous programs, it won't run again. Double-clicking it only makes an error window pop up.
    - Downloaded and ran DDS. Thankfully, it ran to completion and generated logs.

    I feel like I probably did more to mess up the PC as it stands.
    Any help will truly be appreciated. Thanks!


    DDS TEXT:
    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 7.0.6000.17037 BrowserJavaVersion: 1.6.0_16
    Run by computer at 15:21:02 on 2011-10-13
    Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.2010.1125 [GMT 8:00]
    .
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\3338480270:1909785145.exe
    C:\Windows\system32\WerFault.exe
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\svchost.exe -k hpdevmgmt
    C:\Program Files\Intel\AMT\LMS.exe
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\System32\nvSCPAPISvr.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Intel\AMT\UNS.exe
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe
    C:\Windows\system32\WUDFHost.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Windows\RtHDVCpl.exe
    C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    C:\Program Files\AVAST Software\Avast\AvastUI.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Windows\ehome\ehtray.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Windows\system32\svchost.exe -k WindowsMobile
    \\?\C:\Windows\system32\wbem\WMIADAP.EXE
    C:\Windows\System32\mobsync.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uSearch Page =
    uStart Page = hxxp://www.ask.com?o=15161&l=dis
    uSearch Bar =
    mDefault_Search_URL = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
    mSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
    mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
    uInternet Settings,ProxyOverride = *.local
    uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
    mSearchAssistant =
    uURLSearchHooks: H - No File
    mURLSearchHooks: H - No File
    uWinlogon: Shell=c:\users\computer\appdata\local\8e2afdc6\X
    BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
    BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
    BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
    BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.4723.1820\swg.dll
    BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
    TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
    TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
    TB: {EEE6C35B-6118-11DC-9C72-001320C79847} - No File
    uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
    uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
    mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    mRun: [RtHDVCpl] RtHDVCpl.exe
    mRun: [Skytel] Skytel.exe
    mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
    mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
    mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=OQBBAFYARgBSAEUARQAtAFYATgBKADMAMgAtAEcAMwBMAEEAQQAtAEEANAA4ADkAUgAtADkAVQBKAEsARgAtAEUASwBLADMAWAA"&"inst=NwA3AC0ANAAwADQAOAAyADgAMgAyADYALQBUADUALQBCAEEAKwAxAC0ASwBWADMAKwA3AC0AWABMACsAMQAtAEIAQQBSADkARwArADEALQBUAEIAOQArADIALQBGAEwAKwA5AC0AWABPADMANgArADEALQBYAE8AOQArADEALQBEAEQAVAArADQANAAzADAANQAtAEQARAA5ADAARgArADEALQBTAFQAOQAwAEYAQQBQAFAAKwAxAA"&"prod=90"&"ver=9.0.894
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
    IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
    LSP: mswsock.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
    DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
    TCP: DhcpNameServer = 222.127.143.5 202.126.40.5
    TCP: Interfaces\{E0063284-DE6C-42AE-B716-269C69F9577D} : DhcpNameServer = 222.127.143.5 202.126.40.5
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
    Notify: igfxcui - igfxdev.dll
    LSA: Authentication Packages = msv1_0 relog_ap
    mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\users\computer\appdata\roaming\mozilla\firefox\profiles\kgemun6k.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
    FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avgb&type=yahoo_avg_hs2-tb-web_us&p=
    FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
    FF - plugin: c:\program files\google\google updater\2.4.2432.1652\npCIDetect14.dll
    FF - plugin: c:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-10-13 442200]
    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-10-13 320856]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-10-13 20568]
    R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-10-13 54616]
    R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\windows\system32\nvSCPAPISvr.exe [2009-6-10 234496]
    R2 UNS;Intel(R) Active Management Technology User Notification Service;c:\program files\intel\amt\UNS.exe [2009-3-14 2514944]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-10-13 22216]
    R3 rt61x86;Ralink RT61 Wireless Driver for Windows Vista;c:\windows\system32\drivers\netr61.sys [2009-6-10 335872]
    S2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-10-13 44768]
    S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-10-13 366152]
    .
    =============== Created Last 30 ================
    .
    2011-10-13 07:00:20 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-10-13 05:46:17 442200 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2011-10-13 05:46:15 54616 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
    2011-10-13 05:45:22 41184 ----a-w- c:\windows\avastSS.scr
    2011-10-13 03:33:01 -------- d-----w- c:\users\computer\appdata\roaming\Malwarebytes
    2011-10-13 03:32:52 -------- d-----w- c:\programdata\Malwarebytes
    2011-10-13 03:32:49 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-10-13 03:32:49 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-10-13 03:27:22 -------- d-----w- c:\programdata\AVAST Software
    2011-10-13 03:27:22 -------- d-----w- c:\program files\AVAST Software
    2011-10-13 02:45:19 -------- d-----w- C:\6b106405dde16537b2467989
    2011-10-11 07:36:19 -------- d-sh--w- c:\users\computer\appdata\local\8e2afdc6
    2011-09-17 00:24:18 -------- d-----w- C:\43b36d0721eb0ac7f8e4f139
    .
    ==================== Find3M ====================
    .
    .
    ============= FINISH: 15:22:25.37 ===============

    ATTACH TEXT:
    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft® Windows Vista™ Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 05/28/2008 09:16:31 AM
    System Uptime: 10/13/2011 03:13:37 PM (0 hours ago)
    .
    Motherboard: Intel Corporation | | DQ35MP
    Processor: Intel(R) Core(TM)2 Quad CPU Q9300 @ 2.50GHz | J1PR | 2497/333mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 244 GiB total, 133.647 GiB free.
    D: is FIXED (NTFS) - 222 GiB total, 78.256 GiB free.
    E: is CDROM ()
    G: is Removable
    H: is Removable
    I: is Removable
    J: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    .
    ==== Installed Programs ======================
    .
    Update for Microsoft Office 2007 (KB2508958)
    32 Bit HP CIO Components Installer
    Adobe AIR
    Adobe Anchor Service CS3
    Adobe Asset Services CS3
    Adobe Bridge CS3
    Adobe Bridge Start Meeting
    Adobe Camera Raw 4.0
    Adobe CMaps
    Adobe Color - Photoshop Specific
    Adobe Color Common Settings
    Adobe Color EU Extra Settings
    Adobe Color JA Extra Settings
    Adobe Color NA Recommended Settings
    Adobe Default Language CS3
    Adobe Device Central CS3
    Adobe ExtendScript Toolkit 2
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Fonts All
    Adobe Help Viewer CS3
    Adobe Linguistics CS3
    Adobe Media Player
    Adobe PDF Library Files
    Adobe Photoshop CS3
    Adobe Reader 8.2.0
    Adobe Setup
    Adobe Stock Photos CS3
    Adobe Type Support
    Adobe Update Manager CS3
    Adobe Version Cue CS3 Client
    Adobe WinSoft Linguistics Plugin
    Adobe XMP Panels CS3
    AIO_CDB_Software
    AIO_Scan
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    avast! Free Antivirus
    Bonjour
    BufferChm
    CD Asia Products
    Chikka Messenger V4
    Chinese Traditional Fonts Support For Adobe Reader 8
    Compatibility Pack for the 2007 Office system
    Copy
    CustomerResearchQFolder
    Destinations
    DeviceManagementQFolder
    DocProc
    DocProcQFolder
    EniG\Periodic Table
    eSupportQFolder
    Excel OM 2
    Fax
    Google Chrome
    Google Earth
    Google Update Helper
    Google Updater
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    HP Customer Participation Program 8.0
    HP Imaging Device Functions 8.0
    HP OCR Software 8.0
    HP Photosmart Essential
    HP Photosmart, Officejet, PSC and Deskjet All-In-One Driver Software 8.0.B
    HP Product Assistant
    HP Solution Center 8.0
    HP Update
    HPDiagnosticAlert
    HPProductAssistant
    HPSSupply
    Intel(R) PRO Network Connections 12.1.12.0
    Intel® Active Management Technology
    Intel® Management Engine Interface
    iTunes
    Java(TM) 6 Update 16
    Java(TM) 6 Update 6
    Java(TM) 6 Update 7
    Korean Fonts Support For Adobe Reader 8
    LightScribe 1.8.15.1
    Luxor
    Malwarebytes' Anti-Malware version 1.51.2.1300
    MarketResearch
    MathType 6
    Microsoft .NET Framework 3.5 SP1
    Microsoft Expression Web
    Microsoft Expression Web MUI (English)
    Microsoft Expression Web Service Pack 1 (SP1)
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office File Validation Add-In
    Microsoft Office Professional Edition 2003
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    MobileMe Control Panel
    MozBackup 1.5.1
    Mozilla Firefox 7.0.1 (x86 en-US)
    Mozilla Thunderbird (5.0)
    MSVC80_x86
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB941833)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 4.0 SP2 Parser and SDK
    MyPhoneExplorer
    Nero 7 Essentials
    neroxml
    Nokia Connectivity Cable Driver
    Nokia Ovi Player
    Nokia PC Suite
    Nokia_Multimedia_Common_Components_2_5
    NTRU TCG Software Stack
    NVIDIA Drivers
    NVIDIA PhysX
    NVIDIA Stereoscopic 3D Driver
    Octoshape add-in for Adobe Flash Player
    OpenOffice.org Installer 1.0
    PC Connectivity Solution
    PDF Settings
    QuickTime
    Realtek High Definition Audio Driver
    Safari
    Scan
    Seagate DiscWizard
    Security Update for 2007 Microsoft Office System (KB2288621)
    Security Update for 2007 Microsoft Office System (KB2288931)
    Security Update for 2007 Microsoft Office System (KB2345043)
    Security Update for 2007 Microsoft Office System (KB2553089)
    Security Update for 2007 Microsoft Office System (KB2553090)
    Security Update for 2007 Microsoft Office System (KB2584063)
    Security Update for 2007 Microsoft Office System (KB969559)
    Security Update for 2007 Microsoft Office System (KB976321)
    Security Update for Microsoft Office system 2007 (972581)
    Security Update for Microsoft Office system 2007 (KB974234)
    Sibelius Scorch (Firefox, Opera, Netscape only)
    Skype™ 3.8
    SolutionCenter
    SopCast 3.2.4
    Status
    STELLA 9.0.2 Trial
    Toolbox
    TrayApp
    UnloadSupport
    Update for 2007 Microsoft Office System (KB2284654)
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office 2007 System (KB2539530)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update Manager
    VideoLAN VLC media player 0.8.6f
    WebReg
    Windows Driver Package - Nokia Modem (06/01/2009 4.1)
    Windows Driver Package - Nokia Modem (06/01/2009 7.01.0.3)
    Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
    WinRAR archiver
    Yahoo! Messenger
    Yahoo! Messenger for Vista
    Zuma's Revenge!
    Zuma Deluxe
    .
    ==== Event Viewer Messages From Past Week ========
    .
    10/13/2011 12:26:24 AM, Error: EventLog [6008] - The previous system shutdown at 12:22:14 AM on 10/13/2011 was unexpected.
    10/13/2011 11:39:12 AM, Error: EventLog [6008] - The previous system shutdown at 11:35:11 AM on 10/13/2011 was unexpected.
    10/13/2011 10:53:47 AM, Error: EventLog [6008] - The previous system shutdown at 10:49:00 AM on 10/13/2011 was unexpected.
    10/13/2011 10:36:07 AM, Error: EventLog [6008] - The previous system shutdown at 10:33:53 AM on 10/13/2011 was unexpected.
    10/13/2011 10:22:10 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "5" attempting to start the service gusvc with arguments "" in order to run the server: {89DAE4CD-9F17-4980-902A-99BA84A8F5C8}
    10/13/2011 01:48:55 PM, Error: Service Control Manager [7000] - The avast! Antivirus service failed to start due to the following error: Access is denied.
    10/13/2011 01:48:50 PM, Error: Service Control Manager [7031] - The avast! Antivirus service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
    10/13/2011 01:24:31 PM, Error: Print [19] - The print spooler failed to share printer hp psc 1300 series with shared resource name hp psc 1300 series. Error 2114. The printer cannot be used by others on the network.
    10/12/2011 12:06:04 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "5" attempting to start the service iPod Service with arguments "" in order to run the server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE}
    10/12/2011 11:21:02 AM, Error: Service Control Manager [7001] - The Windows Firewall service depends on the Windows Firewall Authorization Driver service which failed to start because of the following error: Cannot create a file when that file already exists.
    10/12/2011 11:21:02 AM, Error: Service Control Manager [7000] - The Windows Firewall Authorization Driver service failed to start due to the following error: Cannot create a file when that file already exists.
    10/12/2011 09:50:55 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
    10/12/2011 09:50:55 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
    10/12/2011 09:50:38 AM, Error: EventLog [6008] - The previous system shutdown at 9:46:25 AM on 10/12/2011 was unexpected.
    10/12/2011 08:54:50 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    10/12/2011 08:54:18 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
    10/12/2011 08:54:17 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    10/12/2011 08:54:10 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
    10/12/2011 08:54:09 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service TermService with arguments "" in order to run the server: {F9A874B6-F8A8-4D73-B5A8-AB610816828B}
    10/12/2011 08:54:09 AM, Error: LSM [1048] - Terminal Service start failed. The relevant status code was This service cannot be started in Safe Mode .
    10/12/2011 08:54:04 AM, Error: EventLog [6008] - The previous system shutdown at 8:50:24 AM on 10/12/2011 was unexpected.
    10/12/2011 08:39:36 AM, Error: EventLog [6008] - The previous system shutdown at 8:37:50 AM on 10/12/2011 was unexpected.
    10/12/2011 08:18:11 AM, Error: Service Control Manager [7000] - The AVG WatchDog service failed to start due to the following error: Access is denied.
    10/12/2011 08:17:57 AM, Error: EventLog [6008] - The previous system shutdown at 8:15:24 AM on 10/12/2011 was unexpected.
    10/12/2011 08:08:30 AM, Error: EventLog [6008] - The previous system shutdown at 8:06:13 AM on 10/12/2011 was unexpected.
    10/12/2011 07:55:34 AM, Error: Service Control Manager [7000] - The Google Update Service (gupdate1c99568b6a4cf6b) service failed to start due to the following error: Access is denied.
    10/12/2011 07:53:58 AM, Error: Service Control Manager [7000] - The iPod Service service failed to start due to the following error: Access is denied.
    10/12/2011 07:53:40 AM, Error: Service Control Manager [7000] - The Seagate Scheduler2 Service service failed to start due to the following error: Access is denied.
    10/12/2011 07:53:40 AM, Error: Service Control Manager [7000] - The NVIDIA Stereoscopic 3D Driver Service service failed to start due to the following error: Access is denied.
    10/12/2011 07:53:40 AM, Error: Service Control Manager [7000] - The Intel(R) Active Management Technology System Status Service service failed to start due to the following error: Access is denied.
    10/12/2011 07:53:40 AM, Error: Service Control Manager [7000] - The Bonjour Service service failed to start due to the following error: Access is denied.
    10/12/2011 07:53:40 AM, Error: Service Control Manager [7000] - The Apple Mobile Device service failed to start due to the following error: Access is denied.
    10/12/2011 07:53:19 AM, Error: EventLog [6008] - The previous system shutdown at 7:51:26 AM on 10/12/2011 was unexpected.
    10/12/2011 05:21:21 PM, Error: EventLog [6008] - The previous system shutdown at 5:17:17 PM on 10/12/2011 was unexpected.
    10/12/2011 05:12:25 PM, Error: EventLog [6008] - The previous system shutdown at 5:07:07 PM on 10/12/2011 was unexpected.
    10/12/2011 04:46:34 PM, Error: EventLog [6008] - The previous system shutdown at 11:29:01 AM on 10/12/2011 was unexpected.
    10/08/2011 09:41:30 AM, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
    10/06/2011 10:52:24 PM, Error: Microsoft-Windows-ResourcePublication [1002] - Element Provider\Microsoft.Base.Publication/Publication/Computer failed to publish. Ensure that both PKEY_PUBSVCS_METADATA and PKEY_PUBSVCS_TYPE are set properly on the function instance and there were no errors adding the function instance.
    10/06/2011 07:02:50 AM, Error: TermService [1057] - The Terminal Server has failed to create a new self signed certificate to be used for Terminal Server authentication on SSL connections. The relevant status code was Key not valid for use in specified state. .
    10/06/2011 02:29:25 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.2.100 for the Network Card with network address 000E2EF47D65 has been denied by the DHCP server 192.168.2.1 (The DHCP Server sent a DHCPNACK message).
    .
    ==== End Of File ===========================
    henrisha, Oct 13, 2011
    #1

  2. Broni Malware Annihilator

    Welcome aboard [IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    =============================================================

    Please download DummyCreator.zip and unzip it.

    • Run the tool.
    • Copy and paste the following into the edit box:
    C:\Windows\3338480270
    • Press Create button and post the content of the Result.txt.
    Important: Restart the computer.

    ===============================================================

    Download TDSSKiller and save it to your desktop.
    • Doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
    Broni, Oct 13, 2011
    #2

  3. Matthew TechSpot Editor, Community Manager

    Matthew, Oct 13, 2011
    #3

  4. Broni Malware Annihilator

    Thanks Matthew :)

    I'm closing this one.
    Broni, Oct 13, 2011
    #4
Thread Status:
Not open for further replies.