TechSpot

Could "System Check" removal attempt have ruined my PC?

Inactive
By bichons9
Jan 19, 2012
  1. After following various instructions and then running malwarebytes, I cannot open any programs or connect to the internet or restore to previous time. One instruction had me go in and unhide hidden files and rename 2 exe files that has many numbers in front. Then suddenly, many files appeared on my desktop. Another had me go to cmd and write something into black box but it was not accepted as legitimate. I did notice that "System Check" no longer had its icon-only showed that square box that usually means it's not functioning. Malwarebytes from my laptop transferred to pc showed 3 trojans but unable to remove due to ?? or need to restart. And so I am wondering if I am past the point of being able to do anything to fix this problem sicnce i have been trying all of the wrong things, not knowing what I was dealing with? I also have spybot search and destroy on this pc that probably removed tmp files; that I was not suppose to let happen. Any advice since I can only open photos, videos...not programs, apps and can't connect to the internet? Thanks for reading.
     
  2. Broni

    Broni Malware Annihilator Posts: 48,044   +271

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    =============================================================

    What happens when you try to open any program?
     
  3. bichons9

    bichons9 TS Rookie Topic Starter Posts: 39

    System check

    It asks me if I would like to remove the shortcut since it has been changed or moved. Restore said it could not restore because files were not there to restore. However, from what I have read, this virus is sophisticated enough to make everything appear as if files do not exist. I did follow someone's advice..went to control panel and was able to connect to IE through there.I did that one hour ago . i must admit that i am overly tired and don't remember exactly what i did. Above search, nothing appears, until i press 'all programs', and then they all appear. the programs either do nothing or ask if i would like to remove shortcut.
     
  4. Broni

    Broni Malware Annihilator Posts: 48,044   +271

    OK, do NOT follow any other advice from now on.

    It looks like just bad shortcut.
    Create new shortcut for any program which says that.

    Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
    Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
    Attached logs won't be reviewed.
     
  5. bichons9

    bichons9 TS Rookie Topic Starter Posts: 39

    addendum

    windows DVD maker just opened after attempting to open it about 4 minutes ago???
     
  6. bichons9

    bichons9 TS Rookie Topic Starter Posts: 39

    final adendum

    AOL just opened from 5 minutes ago...haven't clicked it on for years..didn't have to go into control panel. i am sooo confused..
     
  7. Broni

    Broni Malware Annihilator Posts: 48,044   +271

    Read my previous reply.
     
  8. bichons9

    bichons9 TS Rookie Topic Starter Posts: 39

    Last malwarebyte scan

    Last scan just done....
    Internet Explorer 8.0.6001.19170
    fran :: FRAN-PC [administrator]

    Protection: Disabled

    1/19/2012 1:37:23 PM
    mbam-log-2012-01-19 (13-37-23).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 219494
    Time elapsed: 11 minute(s), 24 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)
     
  9. Broni

    Broni Malware Annihilator Posts: 48,044   +271

    [​IMG]

    Your MBAM log has a header missing.
    Re-run it or post correct log.
     
  10. bichons9

    bichons9 TS Rookie Topic Starter Posts: 39

    Malwarebyte scan last night

    alwarebytes Anti-Malware (PRO) 1.60.0.1800
    www.malwarebytes.org

    Database version: v2012.01.18.06

    Windows Vista Service Pack 2 x86 NTFS
    Internet Explorer 8.0.6001.19170
    fran :: FRAN-PC [administrator]

    Protection: Enabled

    1/18/2012 5:15:42 PM
    mbam-log-2012-01-18 (17-15-42).txt

    Scan type: Full scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 573966
    Time elapsed: 2 hour(s), 35 minute(s), 55 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 3
    HKCR\sp (TrojanProxy.Agent) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\sp (TrojanProxy.Agent) -> Quarantined and deleted successfully.
    HKLM\System\CurrentControlSet\Services\SPService (TrojanProxy.Agent) -> Quarantined and deleted successfully.

    Registry Values Detected: 1
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost|netsvc (TrojanProxy.Agent) -> Data: SPService^^ -> Quarantined and deleted successfully.

    Registry Data Items Detected: 3
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System|DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 7
    C:\ProgramData\123.exe (Trojan.FakeAV) -> Quarantined and deleted successfully.
    C:\ProgramData\456.exe (Rogue.FakeAlert) -> Quarantined and deleted successfully.
    C:\WINDOWS\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9\7ce9e4c9-4b60b112 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\WINDOWS\Temp\2FF5.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\WINDOWS\Temp\F4B.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\WINDOWS\Temp\malremtool.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\WINDOWS\Temp\oiu0.8303515172382331.exe (Trojan.FakeMS) -> Quarantined and deleted successfully.

    (end)
     
  11. bichons9

    bichons9 TS Rookie Topic Starter Posts: 39

    Clarification?

    I am sorry. I am trying to follow...I don't see a header. I tried to c+p a screenshot because there are so many logs. Did you want all logs? Also, accidentally, i just noticed that under quarantine, many things are listed. I thought malware took care of threats, but it looks like the program is waiting for me to delete them. I am unable to c+p them to show you the threats. I guess I will try to send logs again? I was about to attempt d/l GMER.. I am sure this gets on your nerves, I am sorry and thankyou. I am glad to donate-Your time is valuable!!!
     
     
  12. bichons9

    bichons9 TS Rookie Topic Starter Posts: 39

    Gmer.exe

    GMER.EXE loads and runs and then goes to black screen shutting my pc down immediately. I will try a few more times -no time to look in pane tp uncheck anything.
     
  13. Broni

    Broni Malware Annihilator Posts: 48,044   +271

    Skip GMER and continue with DDS.
     
  14. bichons9

    bichons9 TS Rookie Topic Starter Posts: 39

    New malware Byte log

    As i was trying to d/l a version of GMER the entire "System Check" reappeared, after being absent for a few hours, even though programs were still missing. I ran another malwarebytes scan. maybe I can d/l the DDS in awhile. I don't blame you if you give up. I am wondering if I should consider going back to factory settings in a day or so..if I can!! Anyway, I am orking and trying to follow your directions.
     
  15. bichons9

    bichons9 TS Rookie Topic Starter Posts: 39

    The LOG

    Malwarebytes Anti-Malware (PRO) 1.60.0.1800
    www.malwarebytes.org

    Database version: v2012.01.18.06

    Windows Vista Service Pack 2 x86 NTFS
    Internet Explorer 8.0.6001.19170
    fran :: FRAN-PC [administrator]

    Protection: Enabled

    1/19/2012 4:42:54 PM
    mbam-log-2012-01-19 (16-42-54).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 219701
    Time elapsed: 10 minute(s), 22 second(s)

    Memory Processes Detected: 1
    C:\ProgramData\q5Tf4nr63zhUx2.exe (Rogue.FakeAlert) -> 3876 -> Delete on reboot.

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 2
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 3
    C:\ProgramData\q5Tf4nr63zhUx2.exe (Rogue.FakeAlert) -> Delete on reboot.
    C:\Users\fran\AppData\Local\Temp\16DA.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\Users\fran\AppData\Local\Temp\Reinstall.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

    (end)
     
  16. Broni

    Broni Malware Annihilator Posts: 48,044   +271

    We're not giving up :)

    See if you can run GMER, DDS now.
     
  17. bichons9

    bichons9 TS Rookie Topic Starter Posts: 39

    starting to work again

    I had to sleep and am trying to do the DDS now. didn't want you to think i was giving up when you were so nice to help me!!!! I don't know WHY people would try to ruin individual's PC's. I am sure there are cxorrupt causes they could go after!!!!
     
  18. bichons9

    bichons9 TS Rookie Topic Starter Posts: 39

    Trying to display DDS

    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 8.0.6001.19170
    Run by fran at 13:45:52 on 2012-01-20
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3062.468 [GMT -6:00]
    .
    AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
    SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\Dwm.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
    C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe
    C:\WINDOWS\System32\igfxpers.exe
    C:\WINDOWS\System32\hkcmd.exe
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\WINDOWS\RtHDVCpl.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
    C:\hp\support\hpsysdrv.exe
    C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    C:\Users\fran\Program Files\DNA\btdna.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
    C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
    C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
    C:\Windows\system32\svchost.exe -k hpdevmgmt
    C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
    c:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\PROGRA~1\SPEEDB~2\VideoAcceleratorService.exe
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\system32\DRIVERS\xaudio.exe
    C:\Windows\system32\WUDFHost.exe
    C:\PROGRA~1\SPEEDB~2\VideoAcceleratorEngine.exe
    C:\Windows\system32\svchost.exe -k HPService
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqbam08.exe
    C:\hp\kbd\kbd.exe
    C:\PROGRA~1\Java\jre6\bin\jp2launcher.exe
    C:\Program Files\Java\jre6\bin\java.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Windows\system32\wuauclt.exe
    C:\Windows\servicing\TrustedInstaller.exe
    C:\Windows\system32\rundll32.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\system32\Macromed\Flash\FlashUtil11c_ActiveX.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.com/
    uSearch Page =
    uSearch Bar =
    mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=desktop
    mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=desktop
    uInternet Settings,ProxyOverride = *.local
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: SearchPredictObj Class: {389943b0-c3a2-4e69-82cb-8596a84cb3dc} - c:\progra~1\search~2\SEARCH~1.DLL
    BHO: SBCONVERT Class: {4af9df3e-17a4-428f-a39e-28ada0a3a522} - c:\program files\speedbit video downloader\toolbar\tbcore3.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: WinAVI FLVSense: {e8df67a1-b618-4f3f-9e7c-cbe175adef5b} - c:\program files\winavi flv converter\FLVTune.dll
    BHO: Yontoo Layers (Drop Down Deals): {fd72061e-9fde-484d-a58a-0bab4151cad8} - c:\program files\yontoo layers runtime (drop down deals)\YontooIEClient.dll
    BHO: GrabberObj Class: {ff7c3cf0-4b15-11d1-abed-709549c10000} - c:\progra~1\speedb~1\toolbar\grabber.dll
    TB: {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - No File
    TB: SpeedBit Video Downloader: {0329e7d6-6f54-462d-93f6-f5c3118badf2} - c:\program files\speedbit video downloader\toolbar\tbcore3.dll
    TB: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File
    uRun: [BitTorrent DNA] "c:\users\fran\program files\dna\btdna.exe"
    uRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
    uRun: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\nero\lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
    uRun: [hbcVhKDrqeOuR.exe] c:\programdata\hbcVhKDrqeOuR.exe
    mRun: [<NO NAME>]
    mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
    mRun: [SearchSettings] "c:\program files\common files\spigot\search settings\SearchSettings.exe"
    mRun: [Persistence] c:\windows\system32\igfxpers.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
    mRun: [RtHDVCpl] RtHDVCpl.exe
    mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
    mRun: [QuickTime Task] "c:\program files\vistacodecpack\qt\QTTask.exe" -atboottime
    mRun: [CamMonitor] c:\program files\hewlett-packard\digital imaging\\unload\hpqcmon.exe
    mRun: [CCUTRAYICON] FactoryMode
    mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe
    mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
    mRun: [hpsysdrv] c:\hp\support\hpsysdrv.exe
    mRun: [KBD] c:\hp\kbd\KbdStub.EXE
    mRun: [Share-to-Web Namespace Daemon] c:\program files\hewlett-packard\hp share-to-web\hpgs2wnd.exe
    mRun: [UIWWFDnoJEOaR.exe] c:\programdata\UIWWFDnoJEOaR.exe
    mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
    dRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10d.exe
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpqtra08.exe
    mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
    mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    dPolicies-explorer: HideSCAHealth = 1 (0x1)
    dPolicies-system: DisableTaskMgr = 1 (0x1)
    IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
    IE: {DE365254-2F9B-4908-9E3A-7AAA6EC90BCC} - {EC83A912-7EF4-410D-9CC7-3BDAA709CA71} - c:\program files\winavi flv converter\FLVTune.dll
    LSP: mswsock.dll
    Trusted Zone: internet
    Trusted Zone: intuit.com
    Trusted Zone: intuit.com\ttlc
    Trusted Zone: mcafee.com
    Trusted Zone: turbotax.com
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
    DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    TCP: Interfaces\{AD2DED2D-53DE-44A7-9B4B-8442CE66B60F} : NameServer = 68.87.68.162,68.87.74.162
    TCP: Interfaces\{B0DC0797-6583-4D36-B4C6-351CF9AB503E} : NameServer = 205.188.146.145
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
    Notify: igfxcui - igfxdev.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 AFS;AFS;c:\windows\system32\drivers\AFS.SYS [2007-8-24 77004]
    R1 ATMhelpr;ATMhelpr;c:\windows\system32\drivers\ATMHELPR.SYS [2007-8-23 4064]
    R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165648]
    R2 DQLWinService;DQLWinService;c:\program files\common files\intel\inteldh\nms\adpplugins\DQLWinService.exe [2006-9-3 208896]
    R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-7-18 21504]
    R2 FreeAgentGoNext Service;Seagate Service;c:\program files\seagate\seagatemanager\sync\FreeAgentService.exe [2009-9-25 189736]
    R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2009-6-8 652872]
    R2 VideoAcceleratorService;VideoAcceleratorService;c:\progra~1\speedb~2\videoacceleratorservice.exe -start -scm --> c:\progra~1\speedb~2\VideoAcceleratorService.exe -start -scm [?]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-6-8 20464]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 IntelDHSvcConf;Intel DH Service;c:\program files\intel\inteldh\intel media server\tools\IntelDHSvcConf.exe [2006-5-10 29696]
    S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2011-4-9 39272]
    S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-22 1493352]
    S3 MCLServiceATL;Intel(R) Application Tracker;c:\program files\intel\inteldh\intel media server\shells\MCLServiceATL.exe [2006-9-11 167936]
    S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2010-10-24 43392]
    S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2010-10-24 65024]
    S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2011-4-27 208944]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
    S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
    .
    =============== Created Last 30 ================
    .
    2012-01-19 22:15:47 448768 ---ha-w- c:\programdata\123.exe
    2012-01-16 21:41:34 56200 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{2717fe26-07a3-4ddf-a9ab-3a168037b67c}\offreg.dll
    2012-01-16 21:41:27 6823496 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{2717fe26-07a3-4ddf-a9ab-3a168037b67c}\mpengine.dll
    2011-12-29 01:48:36 -------- d--h--w- c:\programdata\Spybot - Search & Destroy
    2011-12-29 01:48:36 -------- d-----w- c:\program files\Spybot - Search & Destroy
    .
    ==================== Find3M ====================
    .
    2011-12-10 21:24:06 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-11-25 15:59:48 376320 ----a-w- c:\windows\system32\winsrv.dll
    2011-11-23 13:37:27 2043904 ----a-w- c:\windows\system32\win32k.sys
    2011-11-18 20:23:34 1205064 ----a-w- c:\windows\system32\ntdll.dll
    2011-11-18 17:47:03 66560 ----a-w- c:\windows\system32\packager.dll
    2011-11-17 06:48:37 440192 ----a-w- c:\windows\system32\drivers\ksecdd.sys
    2011-11-16 16:23:44 377344 ----a-w- c:\windows\system32\winhttp.dll
    2011-11-16 16:23:08 72704 ----a-w- c:\windows\system32\secur32.dll
    2011-11-16 16:23:05 278528 ----a-w- c:\windows\system32\schannel.dll
    2011-11-16 16:21:57 1259008 ----a-w- c:\windows\system32\lsasrv.dll
    2011-11-16 14:12:25 9728 ----a-w- c:\windows\system32\lsass.exe
    2011-11-08 14:42:19 2048 ----a-w- c:\windows\system32\tzres.dll
    2011-11-03 06:22:04 916992 ----a-w- c:\windows\system32\wininet.dll
    2011-11-03 06:17:38 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2011-11-03 06:17:23 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
    2011-11-03 06:17:08 71680 ----a-w- c:\windows\system32\iesetup.dll
    2011-11-03 06:17:08 109056 ----a-w- c:\windows\system32\iesysprep.dll
    2011-11-03 05:22:43 385024 ----a-w- c:\windows\system32\html.iec
    2011-11-03 04:45:39 133632 ----a-w- c:\windows\system32\ieUnatt.exe
    2011-11-03 04:43:59 1638912 ----a-w- c:\windows\system32\mshtml.tlb
    2011-10-27 08:01:53 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2011-10-27 08:01:53 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
    2011-10-25 15:58:55 1314816 ----a-w- c:\windows\system32\quartz.dll
    2011-10-25 15:58:54 497152 ----a-w- c:\windows\system32\qdvd.dll
    2011-10-25 15:56:04 49152 ----a-w- c:\windows\system32\csrsrv.dll
    .
    ============= FINISH: 13:49:02.29 ===============
     
  19. bichons9

    bichons9 TS Rookie Topic Starter Posts: 39

    DDS ?reads not to post???

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft® Windows Vista™ Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 8/23/2007 11:57:59 AM
    System Uptime: 1/20/2012 1:30:28 PM (0 hours ago)
    .
    Motherboard: ASUSTek Computer INC. | | LEONITE
    Processor: Intel(R) Core(TM)2 CPU 4400 @ 2.00GHz | Socket 775 | 2000/200mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 365 GiB total, 27.088 GiB free.
    D: is FIXED (NTFS) - 8 GiB total, 1.554 GiB free.
    E: is CDROM ()
    F: is CDROM (CDFS)
    I: is Removable
    J: is Removable
    K: is Removable
    L: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    .
    ==== Installed Programs ======================
    .
    .
    Update for Microsoft Office 2007 (KB2508958)
    32 Bit HP CIO Components Installer
    Activation Assistant for the 2007 Microsoft Office suites
    Adobe Acrobat Reader 3.01
    Adobe AIR
    Adobe Flash Player 10 Plugin
    Adobe Flash Player 11 ActiveX
    Adobe Help Center 2.1
    Adobe PhotoDeluxe Home Edition 3.1
    Adobe Photoshop Elements 5.0
    Adobe Reader X
    Adobe Type Manager 4.0
    AIO_CDA_ProductContext
    AIO_CDA_Software
    AIO_Scan
    AnswerWorks 4.0 Runtime - English
    AOL Uninstaller (Choose which Products to Remove)
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    ArcSoft Panorama Maker 4
    AutoUpdate
    AVS Video Converter 6
    Bing Rewards Client Installer
    BitTorrent
    Bonjour
    BufferChm
    C6100
    c6100_Help
    Carbonite Online Backup Setup
    Combined Community Codec Pack 2007-07-22
    Copy
    Coupon Printer for Windows
    CustomerResearchQFolder
    D3DX10
    Dealio Toolbar v4.0
    Destination Component
    DeviceDiscovery
    DeviceManagementQFolder
    Digital Photo Navigator 1.5
    DNA
    DocProc
    DocProcQFolder
    Enhanced Multimedia Keyboard Solution
    eSupportQFolder
    Fax
    ffdshow [rev 2527] [2008-12-19]
    File Uploader
    Free FLV Converter V 6.91.0
    Free WMA to MP3 Converter 1.16
    Hardware Diagnostic Tools
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    HP Active Support Library
    HP Active Support Library 32 bit components
    HP Customer Experience Enhancements
    HP Customer Feedback
    HP Customer Participation Program 8.0
    HP Easy Setup - Core
    HP Easy Setup - Frontend
    HP Imaging Device Functions 8.0
    HP Memories Disc
    HP OCR Software 8.0
    HP On-Screen Caps/Num/Scroll Lock Indicator
    HP Photo and Imaging 2.0 - Photosmart Cameras
    HP Photosmart Essential
    HP Photosmart.All-In-One Driver Software 8.0 .A
    HP Picasso Media Center Add-In
    HP Product Assistant
    HP Solution Center 8.0
    HP Update
    HP_Network_UserGuide
    HPProductAssistant
    HPSSupply
    Intel(R) Graphics Media Accelerator Driver
    Intel(R) Matrix Storage Manager
    Intel® Viiv™ Software
    iTunes
    Java Auto Updater
    Java(TM) 6 Update 2
    Java(TM) 6 Update 26
    Java(TM) 6 Update 3
    Java(TM) 6 Update 5
    Java(TM) 6 Update 7
    Junk Mail filter update
    LightScribe 1.4.136.1
    LiveUpdate 3.2 (Symantec Corporation)
    LiveUpdate Notice (Symantec Corporation)
    MagicDisc 2.7.106
    Malwarebytes Anti-Malware version 1.60.0.1800
    MarketResearch
    MediaInfo 0.7.18
    Mesh Runtime
    Messenger Companion
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4 Client Profile
    Microsoft Antimalware
    Microsoft Application Error Reporting
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Home and Student 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Security Client
    Microsoft Security Essentials
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft SQL Server Compact 3.5 Design Tools ENU
    Microsoft SQL Server Compact 3.5 ENU
    Microsoft Visual Basic 2008 Express Edition - ENU
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Windows SDK for Visual Studio 2008 Express Tools for .NET Framework
    Microsoft Windows SDK for Visual Studio 2008 Express Tools for Win32
    Microsoft Works
    Microsoft WSE 3.0 Runtime
    Microsoft XML Parser
    MSVCRT
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB941833)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    muvee autoProducer 5.0
    muvee Reveal
    My HP Games
    Nero 7 Ultra Edition
    neroxml
    Network
    Nikon Message Center
    Nikon Transfer
    NVIDIA Drivers
    Oblivion
    OGA Notifier 2.0.0048.0
    PeerBlock 1.1 (r518)
    Picture Control Utility
    PowerDirector Express
    PowerDVD
    Python 2.4.3
    QuickTime
    RAR Key 8.1 Demo
    RealPlayer
    Realtek High Definition Audio Driver
    Registry Mechanic 5.2
    Rhapsody
    Rhapsody Player Engine
    Rosetta Stone V3
    Roxio Creator Audio
    Roxio Creator Basic v9
    Roxio Creator Copy
    Roxio Creator Data
    Roxio Creator EasyArchive
    Roxio Creator Tools
    Roxio Express Labeler 3
    Roxio MyDVD Basic v9
    RTC Client API v1.2
    Safari
    Scan
    Seagate Manager Installer
    Security Update for 2007 Microsoft Office System (KB2288621)
    Security Update for 2007 Microsoft Office System (KB2288931)
    Security Update for 2007 Microsoft Office System (KB2345043)
    Security Update for 2007 Microsoft Office System (KB2553089)
    Security Update for 2007 Microsoft Office System (KB2553090)
    Security Update for 2007 Microsoft Office System (KB2584063)
    Security Update for 2007 Microsoft Office System (KB969559)
    Security Update for 2007 Microsoft Office System (KB976321)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
    Security Update for Microsoft Office InfoPath 2007 (KB979441)
    Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
    Security Update for Microsoft Office system 2007 (972581)
    Security Update for Microsoft Office system 2007 (KB974234)
    Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
    Security Update for Microsoft Office Word 2007 (KB2344993)
    Segoe UI
    Soft Data Fax Modem with SmartCP
    SolutionCenter
    SpeedBit Video Accelerator
    SpeedBit Video Downloader
    Spelling Dictionaries Support For Adobe Reader 8
    Status
    Switch Sound File Converter
    TomTom HOME 2.5.2.60
    Toolbox
    TrayApp
    TurboTax Premier 2007
    Uniblue RegistryBooster 2
    UnloadSupport
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
    Update for Microsoft Office 2007 System (KB2539530)
    Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office OneNote 2007 (KB980729)
    Update for Microsoft Office OneNote 2007 Help (KB963670)
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    VC Runtimes MSI
    VC_MergeModuleToMSI
    VCRedistSetup
    VideoLAN VLC media player 0.8.6c
    ViewNX
    Viewpoint Media Player
    Vista Codec Package
    WebReg
    Win AVI HelixSDK
    WinAVI Video Converter
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Family Safety
    Windows Live ID Sign-in Assistant
    Windows Live Installer
    Windows Live Mail
    Windows Live Mesh
    Windows Live Mesh ActiveX Control for Remote Connections
    Windows Live Messenger
    Windows Live Messenger Companion Core
    Windows Live MIME IFilter
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live Remote Client
    Windows Live Remote Client Resources
    Windows Live Remote Service
    Windows Live Remote Service Resources
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    WinRAR archiver
    Yontoo Layers Runtime (Drop Down Deals) 1.10.01
    YouTube Downloader 3.3
    YouTube Downloader Toolbar v4.6
    .
    ==== Event Viewer Messages From Past Week ========
    .
    1/20/2012 1:35:25 PM, Error: Microsoft-Windows-WMPNSS-Service [14325] - Service 'WMPNetworkSvc' did not start correctly because QueryService encountered error '0x80070424'. In Windows Media Player, turn off media sharing, and then turn it back on.
    1/20/2012 1:33:21 PM, Error: Service Control Manager [7022] - The HP CUE DeviceDiscovery Service service hung on starting.
    1/20/2012 1:32:27 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
    1/20/2012 1:32:27 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
    1/20/2012 1:32:27 PM, Error: Service Control Manager [7003] - The Internet Connection Sharing (ICS) service depends the following service: BFE. This service might not be installed.
    1/20/2012 1:32:27 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
    1/20/2012 1:32:27 PM, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
    1/19/2012 6:27:33 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.
    1/19/2012 6:27:33 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Remote Access Connection Manager service, but this action failed with the following error: An instance of the service is already running.
    1/19/2012 5:25:46 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
    1/19/2012 5:23:11 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Media Player Network Sharing Service service to connect.
    1/19/2012 5:23:11 PM, Error: Service Control Manager [7000] - The Windows Media Player Network Sharing Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    1/19/2012 5:03:53 PM, Error: Service Control Manager [7034] - The Seagate Service service terminated unexpectedly. It has done this 1 time(s).
    1/19/2012 5:03:53 PM, Error: Service Control Manager [7034] - The Adobe Active File Monitor V5 service terminated unexpectedly. It has done this 1 time(s).
    1/19/2012 5:03:47 PM, Error: Service Control Manager [7034] - The Automatic LiveUpdate Scheduler service terminated unexpectedly. It has done this 1 time(s).
    1/19/2012 4:20:17 PM, Error: EventLog [6008] - The previous system shutdown at 4:15:12 PM on 1/19/2012 was unexpected.
    1/19/2012 4:04:22 PM, Error: EventLog [6008] - The previous system shutdown at 4:02:42 PM on 1/19/2012 was unexpected.
    1/19/2012 3:57:55 PM, Error: EventLog [6008] - The previous system shutdown at 3:56:28 PM on 1/19/2012 was unexpected.
    1/19/2012 3:47:41 PM, Error: EventLog [6008] - The previous system shutdown at 3:45:27 PM on 1/19/2012 was unexpected.
    1/19/2012 3:35:17 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD ATMhelpr MpFilter NetBIOS netbt nsiproxy PSched RasAcd rdbss Smb spldr Tcpip tdx Wanarpv6
    1/19/2012 3:35:17 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    1/19/2012 3:35:17 PM, Error: Service Control Manager [7001] - The WebDav Client Redirector Driver service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
    1/19/2012 3:35:17 PM, Error: Service Control Manager [7001] - The WebClient service depends on the WebDav Client Redirector Driver service which failed to start because of the following error: The dependency service or group failed to start.
    1/19/2012 3:35:17 PM, Error: Service Control Manager [7001] - The TCP/IP Registry Compatibility service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    1/19/2012 3:35:17 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    1/19/2012 3:35:17 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
    1/19/2012 3:35:17 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    1/19/2012 3:35:17 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    1/19/2012 3:35:17 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service service which failed to start because of the following error: A device attached to the system is not functioning.
    1/19/2012 3:35:17 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    1/19/2012 3:35:17 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
    1/19/2012 3:35:17 PM, Error: Service Control Manager [7001] - The Network Connections service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    1/19/2012 3:35:17 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    1/19/2012 3:35:17 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    1/19/2012 3:35:17 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
    1/19/2012 3:35:17 PM, Error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    1/19/2012 3:35:17 PM, Error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    1/19/2012 3:34:27 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
    1/19/2012 3:34:27 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
    1/19/2012 3:34:27 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
    1/19/2012 3:34:25 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    1/19/2012 3:34:17 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
    1/19/2012 3:34:10 PM, Error: EventLog [6008] - The previous system shutdown at 3:31:45 PM on 1/19/2012 was unexpected.
    1/19/2012 3:11:48 PM, Error: Service Control Manager [7003] - The SBSD Security Center Service service depends the following service: wscsvc. This service might not be installed.
    1/19/2012 3:10:19 PM, Error: EventLog [6008] - The previous system shutdown at 3:08:39 PM on 1/19/2012 was unexpected.
    1/19/2012 1:15:14 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "230" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
    1/18/2012 8:16:23 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service winmgmt with arguments "" in order to run the server: {8BC3F05E-D86B-11D0-A075-00C04FB68820}
    1/18/2012 4:42:15 PM, Error: Service Control Manager [7023] - The SPService service terminated with the following error: The specified module could not be found.
    1/18/2012 4:39:21 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the User Profile Service service, but this action failed with the following error: An instance of the service is already running.
    1/18/2012 11:25:59 AM, Error: EventLog [6008] - The previous system shutdown at 11:23:40 AM on 1/18/2012 was unexpected.
    1/18/2012 11:12:34 PM, Error: EventLog [6008] - The previous system shutdown at 11:10:22 PM on 1/18/2012 was unexpected.
    1/18/2012 11:06:50 AM, Error: EventLog [6008] - The previous system shutdown at 11:04:43 AM on 1/18/2012 was unexpected.
    1/18/2012 10:50:54 AM, Error: EventLog [6008] - The previous system shutdown at 9:05:37 PM on 1/17/2012 was unexpected.
    1/18/2012 1:32:57 PM, Error: Service Control Manager [7034] - The Server service terminated unexpectedly. It has done this 3 time(s).
    1/18/2012 1:32:57 PM, Error: Service Control Manager [7034] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 3 time(s).
    1/18/2012 1:32:57 PM, Error: Service Control Manager [7034] - The Background Intelligent Transfer Service service terminated unexpectedly. It has done this 3 time(s).
    1/18/2012 1:32:57 PM, Error: Service Control Manager [7034] - The Application Experience service terminated unexpectedly. It has done this 3 time(s).
    1/16/2012 5:08:21 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service wuauserv with arguments "" in order to run the server: {9B1F122C-2982-4E91-AA8B-E071D54F2A4D}
    1/16/2012 4:06:09 PM, Error: Service Control Manager [7031] - The Microsoft Network Inspection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 15000 milliseconds: Restart the service.
    1/16/2012 4:06:09 PM, Error: Service Control Manager [7031] - The Microsoft Antimalware Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 15000 milliseconds: Restart the service.
    1/16/2012 3:42:14 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.
    1/16/2012 3:32:27 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    1/15/2012 5:54:42 PM, Error: Service Control Manager [7043] - The Group Policy Client service did not shut down properly after receiving a preshutdown control.
    1/15/2012 2:57:12 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    1/15/2012 2:54:02 PM, Error: EventLog [6008] - The previous system shutdown at 2:52:00 PM on 1/15/2012 was unexpected.
    1/15/2012 2:39:05 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    1/15/2012 2:36:51 AM, Error: EventLog [6008] - The previous system shutdown at 2:34:18 AM on 1/15/2012 was unexpected.
    1/15/2012 2:07:57 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.
    1/14/2012 8:55:30 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.
    1/14/2012 8:41:16 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    1/14/2012 11:43:50 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    1/14/2012 11:39:44 AM, Error: EventLog [6008] - The previous system shutdown at 11:37:43 AM on 1/14/2012 was unexpected.
    1/14/2012 11:10:14 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    1/13/2012 5:13:01 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.
    1/13/2012 5:00:16 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    .
    ==== End Of File ===========================
     
  20. Broni

    Broni Malware Annihilator Posts: 48,044   +271

    Very good :)

    ...and GMER...
     
  21. bichons9

    bichons9 TS Rookie Topic Starter Posts: 39

    Will try again-jsut shut me down!! So did malwarebyte

    Malwarebytes Anti-Malware (PRO) 1.60.0.1800
    www.malwarebytes.org

    Database version: v2012.01.18.06

    Windows Vista Service Pack 2 x86 NTFS
    Internet Explorer 8.0.6001.19170
    fran :: FRAN-PC [administrator]

    Protection: Enabled

    1/20/2012 2:38:12 PM
    mbam-log-2012-01-20 (14-38-12).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 219484
    Time elapsed: 17 minute(s), 43 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 2
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 3
    C:\WINDOWS\Temp\cwenxamrso.exe (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\WINDOWS\Temp\sorxwcmena.exe (Trojan.Dropper.PE4) -> Quarantined and deleted successfully.
    C:\WINDOWS\Temp\cneoswrmxa.exe (Trojan.Agent) -> Quarantined and deleted successfully.

    (end)
     
  22. Broni

    Broni Malware Annihilator Posts: 48,044   +271

    ...and GMER...
     
  23. bichons9

    bichons9 TS Rookie Topic Starter Posts: 39

    Gmer

    GMER shuts my pc down immediately-goes to black screen full of warnings -claiming??? if this is the first time????? and then I start it back up-have to type control panel and go to internet options-settings--browse internet now-to get on internet because nothing shows up on my pc if i don't type it in. I'm on another pc next to the desktop now.
     
  24. Broni

    Broni Malware Annihilator Posts: 48,044   +271

    That's fine...

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan.
    On completion of the scan click "Save log", save it to your desktop and post in your next reply.

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

    =========================================================

    Download Bootkit Remover to your Desktop.

    • Unzip downloaded file to your Desktop.
    • Double-click on boot_cleaner.exe to run the program (Vista/7 users,right click on boot_cleaner.exe and click Run As Administrator).
    • It will show a Black screen with some data on it.
    • Right click on the screen and click Select All.
    • Press CTRL+C
    • Open a Notepad and press CTRL+V
    • Post the output back here.
     
  25. bichons9

    bichons9 TS Rookie Topic Starter Posts: 39

    Mbr save log file

    aswMBR version 0.9.9.1297 Copyright(c) 2011 AVAST Software
    Run date: 2012-01-20 15:38:00
    -----------------------------
    15:38:00.982 OS Version: Windows 6.0.6002 Service Pack 2
    15:38:00.982 Number of processors: 2 586 0xF02
    15:38:00.982 ComputerName: FRAN-PC UserName: fran
    15:38:02.963 Initialize success
    15:59:23.677 AVAST engine defs: 12012001
    16:01:47.351 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
    16:01:47.351 Disk 0 Vendor: Hitachi_ V5CO Size: 381554MB BusType: 3
    16:01:47.351 Disk 0 MBR read successfully
    16:01:47.351 Disk 0 MBR scan
    16:01:47.351 Disk 0 MBR:pihar-C [Rtk]
    16:01:47.351 Disk 0 TDL4@MBR code has been found
    16:01:47.351 Disk 0 MBR hidden
    16:01:47.366 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 373683 MB offset 63
    16:01:47.397 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 7867 MB offset 765304470
    16:01:47.397 Disk 0 MBR [TDL4] **ROOTKIT**
    16:01:47.397 Disk 0 trace - called modules:
    16:01:47.397 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x87b8bea0]<<
    16:01:47.413 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8642cac8]
    16:01:47.413 3 CLASSPNP.SYS[8a7ac8b3] -> nt!IofCallDriver -> [0x87b07388]
    16:01:47.413 \Driver\00001992[0x87b074c0] -> IRP_MJ_CREATE -> 0x87b8bea0
    16:01:50.891 AVAST engine scan C:\Windows
    16:01:55.321 AVAST engine scan C:\Windows\system32
    16:04:17.185 AVAST engine scan C:\Windows\system32\drivers
    16:04:27.210 File: C:\Windows\system32\drivers\smb.sys **INFECTED** Win32:Aluroot-B [Rtk]
    16:04:30.532 AVAST engine scan C:\Users\fran
    16:10:17.727 Disk 0 MBR has been saved successfully to "C:\Users\fran\Desktop\MBR.dat"
    16:10:17.727 The log file has been saved successfully to "C:\Users\fran\Desktop\aswMBR.txt"
     
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.