[Closed] Error Following 6-Step Virus Removal Guide + Google redirect virus

Status
Not open for further replies.

henrisha

Posts: 12   +0
Hi,

Running Windows Vista and just discovered that every link I clicked on after doing a search on Google redirected me to another site.
I'm not the one who uses the PC (it's my dad's) so I have no idea where the virus might have been picked up.

I feel like my case is similar to this one: https://www.techspot.com/vb/topic171985.html
We went through the entire step and more or less I encountered the same difficulties as that user.

Tried following the 6-Step Virus Removal and ran into the ff. problems:
- I installed Avast Free because when I initially checked, it didn't seem like the PC had any anti virus programs installed. After running an initial scan with Avast Free (which failed), I found that AVG was installed but it wouldn't open or run at all.
- I restarted and Avast ran a virus scan on DOS that stalled at 28% and then proceeded to load Windows. When I tried running Avast again, a dialog box popped up that said that I had no permissions to access the AvastUI.
- Restarted, uninstalled Avast (from Control Panel and using the Avast Uninstall Utility) then ran another scan. Still didn't scan until completion.
- Installed and ran Anti Malware Bytes. After updating, the program froze and didn't scan at all. Rebooted again.
- When I try running Anti Malware Bytes, an error window pops up. Program won't start anymore.
- Downloaded and tried running GMER. It exited by itself after a few seconds and same as the previous programs, it won't run again. Double-clicking it only makes an error window pop up.
- Downloaded and ran DDS. Thankfully, it ran to completion and generated logs.

I feel like I probably did more to mess up the PC as it stands.
Any help will truly be appreciated. Thanks!


DDS TEXT:
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 7.0.6000.17037 BrowserJavaVersion: 1.6.0_16
Run by computer at 15:21:02 on 2011-10-13
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.2010.1125 [GMT 8:00]
.
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\3338480270:1909785145.exe
C:\Windows\system32\WerFault.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Intel\AMT\LMS.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Intel\AMT\UNS.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
\\?\C:\Windows\system32\wbem\WMIADAP.EXE
C:\Windows\System32\mobsync.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page =
uStart Page = hxxp://www.ask.com?o=15161&l=dis
uSearch Bar =
mDefault_Search_URL = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
mSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
mSearchAssistant =
uURLSearchHooks: H - No File
mURLSearchHooks: H - No File
uWinlogon: Shell=c:\users\computer\appdata\local\8e2afdc6\X
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.4723.1820\swg.dll
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
TB: {EEE6C35B-6118-11DC-9C72-001320C79847} - No File
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [Skytel] Skytel.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=OQBBAFYARgBSAEUARQAtAFYATgBKADMAMgAtAEcAMwBMAEEAQQAtAEEANAA4ADkAUgAtADkAVQBKAEsARgAtAEUASwBLADMAWAA"&"inst=NwA3AC0ANAAwADQAOAAyADgAMgAyADYALQBUADUALQBCAEEAKwAxAC0ASwBWADMAKwA3AC0AWABMACsAMQAtAEIAQQBSADkARwArADEALQBUAEIAOQArADIALQBGAEwAKwA5AC0AWABPADMANgArADEALQBYAE8AOQArADEALQBEAEQAVAArADQANAAzADAANQAtAEQARAA5ADAARgArADEALQBTAFQAOQAwAEYAQQBQAFAAKwAxAA"&"prod=90"&"ver=9.0.894
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
LSP: mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
TCP: DhcpNameServer = 222.127.143.5 202.126.40.5
TCP: Interfaces\{E0063284-DE6C-42AE-B716-269C69F9577D} : DhcpNameServer = 222.127.143.5 202.126.40.5
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
LSA: Authentication Packages = msv1_0 relog_ap
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\computer\appdata\roaming\mozilla\firefox\profiles\kgemun6k.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avgb&type=yahoo_avg_hs2-tb-web_us&p=
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.2432.1652\npCIDetect14.dll
FF - plugin: c:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-10-13 442200]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-10-13 320856]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-10-13 20568]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-10-13 54616]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\windows\system32\nvSCPAPISvr.exe [2009-6-10 234496]
R2 UNS;Intel(R) Active Management Technology User Notification Service;c:\program files\intel\amt\UNS.exe [2009-3-14 2514944]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-10-13 22216]
R3 rt61x86;Ralink RT61 Wireless Driver for Windows Vista;c:\windows\system32\drivers\netr61.sys [2009-6-10 335872]
S2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-10-13 44768]
S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-10-13 366152]
.
=============== Created Last 30 ================
.
2011-10-13 07:00:20 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-10-13 05:46:17 442200 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-10-13 05:46:15 54616 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-10-13 05:45:22 41184 ----a-w- c:\windows\avastSS.scr
2011-10-13 03:33:01 -------- d-----w- c:\users\computer\appdata\roaming\Malwarebytes
2011-10-13 03:32:52 -------- d-----w- c:\programdata\Malwarebytes
2011-10-13 03:32:49 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-10-13 03:32:49 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-10-13 03:27:22 -------- d-----w- c:\programdata\AVAST Software
2011-10-13 03:27:22 -------- d-----w- c:\program files\AVAST Software
2011-10-13 02:45:19 -------- d-----w- C:\6b106405dde16537b2467989
2011-10-11 07:36:19 -------- d-sh--w- c:\users\computer\appdata\local\8e2afdc6
2011-09-17 00:24:18 -------- d-----w- C:\43b36d0721eb0ac7f8e4f139
.
==================== Find3M ====================
.
.
============= FINISH: 15:22:25.37 ===============

ATTACH TEXT:
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 05/28/2008 09:16:31 AM
System Uptime: 10/13/2011 03:13:37 PM (0 hours ago)
.
Motherboard: Intel Corporation | | DQ35MP
Processor: Intel(R) Core(TM)2 Quad CPU Q9300 @ 2.50GHz | J1PR | 2497/333mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 244 GiB total, 133.647 GiB free.
D: is FIXED (NTFS) - 222 GiB total, 78.256 GiB free.
E: is CDROM ()
G: is Removable
H: is Removable
I: is Removable
J: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
32 Bit HP CIO Components Installer
Adobe AIR
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Default Language CS3
Adobe Device Central CS3
Adobe ExtendScript Toolkit 2
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Linguistics CS3
Adobe Media Player
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Reader 8.2.0
Adobe Setup
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
AIO_CDB_Software
AIO_Scan
Apple Application Support
Apple Mobile Device Support
Apple Software Update
avast! Free Antivirus
Bonjour
BufferChm
CD Asia Products
Chikka Messenger V4
Chinese Traditional Fonts Support For Adobe Reader 8
Compatibility Pack for the 2007 Office system
Copy
CustomerResearchQFolder
Destinations
DeviceManagementQFolder
DocProc
DocProcQFolder
EniG\Periodic Table
eSupportQFolder
Excel OM 2
Fax
Google Chrome
Google Earth
Google Update Helper
Google Updater
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Customer Participation Program 8.0
HP Imaging Device Functions 8.0
HP OCR Software 8.0
HP Photosmart Essential
HP Photosmart, Officejet, PSC and Deskjet All-In-One Driver Software 8.0.B
HP Product Assistant
HP Solution Center 8.0
HP Update
HPDiagnosticAlert
HPProductAssistant
HPSSupply
Intel(R) PRO Network Connections 12.1.12.0
Intel® Active Management Technology
Intel® Management Engine Interface
iTunes
Java(TM) 6 Update 16
Java(TM) 6 Update 6
Java(TM) 6 Update 7
Korean Fonts Support For Adobe Reader 8
LightScribe 1.8.15.1
Luxor
Malwarebytes' Anti-Malware version 1.51.2.1300
MarketResearch
MathType 6
Microsoft .NET Framework 3.5 SP1
Microsoft Expression Web
Microsoft Expression Web MUI (English)
Microsoft Expression Web Service Pack 1 (SP1)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office File Validation Add-In
Microsoft Office Professional Edition 2003
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
MobileMe Control Panel
MozBackup 1.5.1
Mozilla Firefox 7.0.1 (x86 en-US)
Mozilla Thunderbird (5.0)
MSVC80_x86
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
MyPhoneExplorer
Nero 7 Essentials
neroxml
Nokia Connectivity Cable Driver
Nokia Ovi Player
Nokia PC Suite
Nokia_Multimedia_Common_Components_2_5
NTRU TCG Software Stack
NVIDIA Drivers
NVIDIA PhysX
NVIDIA Stereoscopic 3D Driver
Octoshape add-in for Adobe Flash Player
OpenOffice.org Installer 1.0
PC Connectivity Solution
PDF Settings
QuickTime
Realtek High Definition Audio Driver
Safari
Scan
Seagate DiscWizard
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2553089)
Security Update for 2007 Microsoft Office System (KB2553090)
Security Update for 2007 Microsoft Office System (KB2584063)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Sibelius Scorch (Firefox, Opera, Netscape only)
Skype™ 3.8
SolutionCenter
SopCast 3.2.4
Status
STELLA 9.0.2 Trial
Toolbox
TrayApp
UnloadSupport
Update for 2007 Microsoft Office System (KB2284654)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office Script Editor Help (KB963671)
Update Manager
VideoLAN VLC media player 0.8.6f
WebReg
Windows Driver Package - Nokia Modem (06/01/2009 4.1)
Windows Driver Package - Nokia Modem (06/01/2009 7.01.0.3)
Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
WinRAR archiver
Yahoo! Messenger
Yahoo! Messenger for Vista
Zuma's Revenge!
Zuma Deluxe
.
==== Event Viewer Messages From Past Week ========
.
10/13/2011 12:26:24 AM, Error: EventLog [6008] - The previous system shutdown at 12:22:14 AM on 10/13/2011 was unexpected.
10/13/2011 11:39:12 AM, Error: EventLog [6008] - The previous system shutdown at 11:35:11 AM on 10/13/2011 was unexpected.
10/13/2011 10:53:47 AM, Error: EventLog [6008] - The previous system shutdown at 10:49:00 AM on 10/13/2011 was unexpected.
10/13/2011 10:36:07 AM, Error: EventLog [6008] - The previous system shutdown at 10:33:53 AM on 10/13/2011 was unexpected.
10/13/2011 10:22:10 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "5" attempting to start the service gusvc with arguments "" in order to run the server: {89DAE4CD-9F17-4980-902A-99BA84A8F5C8}
10/13/2011 01:48:55 PM, Error: Service Control Manager [7000] - The avast! Antivirus service failed to start due to the following error: Access is denied.
10/13/2011 01:48:50 PM, Error: Service Control Manager [7031] - The avast! Antivirus service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
10/13/2011 01:24:31 PM, Error: Print [19] - The print spooler failed to share printer hp psc 1300 series with shared resource name hp psc 1300 series. Error 2114. The printer cannot be used by others on the network.
10/12/2011 12:06:04 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "5" attempting to start the service iPod Service with arguments "" in order to run the server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE}
10/12/2011 11:21:02 AM, Error: Service Control Manager [7001] - The Windows Firewall service depends on the Windows Firewall Authorization Driver service which failed to start because of the following error: Cannot create a file when that file already exists.
10/12/2011 11:21:02 AM, Error: Service Control Manager [7000] - The Windows Firewall Authorization Driver service failed to start due to the following error: Cannot create a file when that file already exists.
10/12/2011 09:50:55 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
10/12/2011 09:50:55 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
10/12/2011 09:50:38 AM, Error: EventLog [6008] - The previous system shutdown at 9:46:25 AM on 10/12/2011 was unexpected.
10/12/2011 08:54:50 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
10/12/2011 08:54:18 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
10/12/2011 08:54:17 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
10/12/2011 08:54:10 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
10/12/2011 08:54:09 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service TermService with arguments "" in order to run the server: {F9A874B6-F8A8-4D73-B5A8-AB610816828B}
10/12/2011 08:54:09 AM, Error: LSM [1048] - Terminal Service start failed. The relevant status code was This service cannot be started in Safe Mode .
10/12/2011 08:54:04 AM, Error: EventLog [6008] - The previous system shutdown at 8:50:24 AM on 10/12/2011 was unexpected.
10/12/2011 08:39:36 AM, Error: EventLog [6008] - The previous system shutdown at 8:37:50 AM on 10/12/2011 was unexpected.
10/12/2011 08:18:11 AM, Error: Service Control Manager [7000] - The AVG WatchDog service failed to start due to the following error: Access is denied.
10/12/2011 08:17:57 AM, Error: EventLog [6008] - The previous system shutdown at 8:15:24 AM on 10/12/2011 was unexpected.
10/12/2011 08:08:30 AM, Error: EventLog [6008] - The previous system shutdown at 8:06:13 AM on 10/12/2011 was unexpected.
10/12/2011 07:55:34 AM, Error: Service Control Manager [7000] - The Google Update Service (gupdate1c99568b6a4cf6b) service failed to start due to the following error: Access is denied.
10/12/2011 07:53:58 AM, Error: Service Control Manager [7000] - The iPod Service service failed to start due to the following error: Access is denied.
10/12/2011 07:53:40 AM, Error: Service Control Manager [7000] - The Seagate Scheduler2 Service service failed to start due to the following error: Access is denied.
10/12/2011 07:53:40 AM, Error: Service Control Manager [7000] - The NVIDIA Stereoscopic 3D Driver Service service failed to start due to the following error: Access is denied.
10/12/2011 07:53:40 AM, Error: Service Control Manager [7000] - The Intel(R) Active Management Technology System Status Service service failed to start due to the following error: Access is denied.
10/12/2011 07:53:40 AM, Error: Service Control Manager [7000] - The Bonjour Service service failed to start due to the following error: Access is denied.
10/12/2011 07:53:40 AM, Error: Service Control Manager [7000] - The Apple Mobile Device service failed to start due to the following error: Access is denied.
10/12/2011 07:53:19 AM, Error: EventLog [6008] - The previous system shutdown at 7:51:26 AM on 10/12/2011 was unexpected.
10/12/2011 05:21:21 PM, Error: EventLog [6008] - The previous system shutdown at 5:17:17 PM on 10/12/2011 was unexpected.
10/12/2011 05:12:25 PM, Error: EventLog [6008] - The previous system shutdown at 5:07:07 PM on 10/12/2011 was unexpected.
10/12/2011 04:46:34 PM, Error: EventLog [6008] - The previous system shutdown at 11:29:01 AM on 10/12/2011 was unexpected.
10/08/2011 09:41:30 AM, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
10/06/2011 10:52:24 PM, Error: Microsoft-Windows-ResourcePublication [1002] - Element Provider\Microsoft.Base.Publication/Publication/Computer failed to publish. Ensure that both PKEY_PUBSVCS_METADATA and PKEY_PUBSVCS_TYPE are set properly on the function instance and there were no errors adding the function instance.
10/06/2011 07:02:50 AM, Error: TermService [1057] - The Terminal Server has failed to create a new self signed certificate to be used for Terminal Server authentication on SSL connections. The relevant status code was Key not valid for use in specified state. .
10/06/2011 02:29:25 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.2.100 for the Network Card with network address 000E2EF47D65 has been denied by the DHCP server 192.168.2.1 (The DHCP Server sent a DHCPNACK message).
.
==== End Of File ===========================
 
Welcome aboard
yahooo.gif


Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running tools or applying updates other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

=============================================================

Please download DummyCreator.zip and unzip it.

  • Run the tool.
  • Copy and paste the following into the edit box:
C:\Windows\3338480270
  • Press Create button and post the content of the Result.txt.
Important: Restart the computer.

===============================================================

Download TDSSKiller and save it to your desktop.
  • Doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
 
Status
Not open for further replies.
Back