TechSpot

Gateway laptop isn't working

By HVGrad
Feb 6, 2015
  1. I have a Gateway laptop NE56R41u with windows 8 and I have been having alot of trouble with it, it was fine until I loaned it to my cousin. Ever since I got it back it boots up pretty quickly as it always has, but once you try to do anythng it freezes and locks up, forcing you to restart it. I tried resetting it to factory default but it didn't fix the problem, please help
     
  2. HVGrad

    HVGrad TS Rookie Topic Starter Posts: 32

    It runs fine until I try to go to my desktop or access the internet
     
  3. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    Welcome aboard [​IMG]

    Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
    Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
    Attached logs won't be reviewed.


    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
     
  4. HVGrad

    HVGrad TS Rookie Topic Starter Posts: 32

    Thank you for the reply, but I cannot follow your steps because my computer freezes when I try to acsess the internet, so I cannot download the spftware you are telling me to download
     
  5. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    Do you have another computer and USB flash drive?
     
  6. HVGrad

    HVGrad TS Rookie Topic Starter Posts: 32

    Yes I do
     
  7. Broni

    Broni Malware Annihilator Posts: 52,890   +344

  8. HVGrad

    HVGrad TS Rookie Topic Starter Posts: 32

    Well I cannot run my bad computer long enough to transfer the files from the flash drive
     
  9. Broni

    Broni Malware Annihilator Posts: 52,890   +344

  10. HVGrad

    HVGrad TS Rookie Topic Starter Posts: 32

    These are the results from Malwarebytes (scan log.txt) and DDS ( DDS.txt and dds.attatch.txt)
     

    Attached Files:

  11. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    Please observe forum rules. All logs have to be pasted not attached.
     
  12. HVGrad

    HVGrad TS Rookie Topic Starter Posts: 32

    I am very sorry I will re post them
     
  13. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    Still waiting...
     
  14. HVGrad

    HVGrad TS Rookie Topic Starter Posts: 32

    I am sorry to keep you waiting my internet was down all day yesterday, I will post results today
     
  15. HVGrad

    HVGrad TS Rookie Topic Starter Posts: 32

    Malwarebytes Anti-Malware
    www.malwarebytes.org
    Scan Date: 2/9/2015
    Scan Time: 2:30:31 PM
    Logfile: scan log.txt
    Administrator: Yes
    Version: 2.00.4.1028
    Malware Database: v2014.11.20.06
    Rootkit Database: v2014.11.18.01
    License: Trial
    Malware Protection: Disabled
    Malicious Website Protection: Disabled
    Self-protection: Disabled
    OS: Windows 8
    CPU: x64
    File System: NTFS
    User: Haze
    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 303759
    Time Elapsed: 26 min, 37 sec
    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Enabled
    PUM: Enabled
    Processes: 0
    (No malicious items detected)
    Modules: 0
    (No malicious items detected)
    Registry Keys: 0
    (No malicious items detected)
    Registry Values: 0
    (No malicious items detected)
    Registry Data: 0
    (No malicious items detected)
    Folders: 0
    (No malicious items detected)

    DDS (Ver_2012-11-20.01) - NTFS_AMD64 MINIMAL
    Internet Explorer: 10.0.9200.16442
    Run by Haze at 15:11:27 on 2015-02-09
    Microsoft Windows 8 6.2.9200.0.1252.1.1033.18.3909.3254 [GMT -8:00]
    .
    AV: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
    FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
    .
    ============== Running Processes ===============
    .
    C:\WINDOWS\system32\svchost.exe -k DcomLaunch
    C:\WINDOWS\system32\svchost.exe -k RPCSS
    C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\WINDOWS\system32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\svchost.exe -k NetworkService
    C:\WINDOWS\system32\dwm.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\ImmersiveControlPanel\SystemSettings.exe
    C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\WINDOWS\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://acer13.msn.com
    uDefault_Page_URL = hxxp://acer13.msn.com
    mWinlogon: Userinit = userinit.exe
    BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.0.0.136\CoIEPlg.dll
    BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.0.0.136\IPS\IPSBHO.dll
    mRun: [LManager] <no file>
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\GATEWA~1.LNK - C:\Program Files (x86)\NTI\Gateway MyBackup\BackupManagerTray.exe
    TCP: NameServer = 192.168.1.1
    TCP: Interfaces\{24B6A17B-3E61-4176-920E-EFC692627F42} : DHCPNameServer = 192.168.1.1
    SSODL: WebCheck - <orphaned>
    x64-Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
    x64-Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    x64-Run: [Persistence] C:\WINDOWS\System32\igfxpers.exe
    x64-Run: [ETDCtrl] C:\Program Files (x86)\Elantech\ETDCtrl.exe
    x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
    x64-Notify: igfxcui - igfxdev.dll
    x64-SSODL: WebCheck - <orphaned>
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 iaStorA;iaStorA;C:\WINDOWS\System32\Drivers\iaStorA.sys [2013-3-23 645952]
    R3 b57xdbd;Broadcom xD Picture Bus Driver Service;C:\WINDOWS\System32\Drivers\b57xdbd.sys [2012-8-13 72280]
    R3 b57xdmp;Broadcom xD Picture vstorp client drv;C:\WINDOWS\System32\Drivers\b57xdmp.sys [2012-8-13 21080]
    R3 bScsiMSa;bScsiMSa;C:\WINDOWS\System32\Drivers\bScsiMSa.sys [2012-6-18 55384]
    R3 bScsiSDa;bScsiSDa;C:\WINDOWS\System32\Drivers\bScsiSDa.sys [2012-8-14 70744]
    R3 ETD;ELAN PS/2 Port Input Device;C:\WINDOWS\System32\Drivers\ETD.sys [2012-12-27 331152]
    R3 MBAMSwissArmy;MBAMSwissArmy;C:\WINDOWS\System32\Drivers\MBAMSwissArmy.sys [2015-2-9 129752]
    R3 Ps2Kb2Hid;PS/2 Keyboard to HID Driver;C:\WINDOWS\System32\Drivers\aPs2Kb2Hid.sys [2013-3-23 26736]
    S0 SymELAM;Symantec ELAM Driver;C:\WINDOWS\System32\Drivers\NISx64\1400000.088\SymELAM.sys [2012-12-27 23448]
    S1 ccSet_NARA;NARA Settings Manager;C:\WINDOWS\System32\Drivers\NARAx64\0401000.00E\ccSetx64.sys [2013-3-23 168608]
    S2 BrcmCardReader;Broadcom Card Reader Service;C:\Program Files\Broadcom\MemoryCard\BrcmCardReader.exe [2012-8-20 176640]
    S2 DsiWMIService;Dritek WMI Service;C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2012-12-27 350544]
    S2 ETDService;Elan Service;C:\Program Files\Elantech\ETDService.exe [2012-12-27 100752]
    S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-4-20 635104]
    S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe [2013-3-23 165760]
    S2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2015-2-9 1871160]
    S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2015-2-9 969016]
    S2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2011-11-25 687400]
    S2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\20.0.0.136\ccSvcHst.exe [2012-12-27 143928]
    S2 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2012-8-15 3943104]
    S2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NTI\Gateway MyBackup\IScheduleSvc.exe [2012-11-2 259136]
    S2 RfButtonDriverService;Dritek RF Button Command Service;C:\Windows\RfBtnSvc64.exe [2013-3-23 96880]
    S2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2013-3-23 364416]
    S3 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\BASHDefs\20120615.003\BHDrvx64.sys [2012-12-27 1377440]
    S3 ccSet_NIS;Norton Internet Security Settings Manager;C:\WINDOWS\System32\Drivers\NISx64\1400000.088\ccSetx64.sys [2012-12-27 168608]
    S3 DeviceFastLaneService;Device Fast-lane Service;C:\Program Files\Gateway\Gateway Device Fast-lane\DeviceFastLaneSvc.exe [2012-11-16 469648]
    S3 ePowerSvc;ePower Service;C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe [2012-12-13 664288]
    S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
    S3 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\IPSDefs\20120611.002\IDSVia64.sys [2012-12-27 509088]
    S3 IntcDAud;Intel(R) Display Audio;C:\WINDOWS\System32\Drivers\IntcDAud.sys [2012-12-27 342528]
    S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;C:\WINDOWS\System32\Drivers\k57nd60a.sys [2012-6-2 425472]
    S3 MBAMProtector;MBAMProtector;C:\WINDOWS\System32\Drivers\mbam.sys [2015-2-9 25816]
    S3 MBAMWebAccessControl;MBAMWebAccessControl;C:\WINDOWS\System32\Drivers\mwac.sys [2015-2-9 64216]
    S3 SymDS;Symantec Data Store;C:\WINDOWS\System32\Drivers\NISx64\1400000.088\SymDS64.sys [2012-12-27 485024]
    S3 SymEFA;Symantec Extended File Attributes;C:\WINDOWS\System32\Drivers\NISx64\1400000.088\SymEFA64.sys [2012-12-27 1129120]
    S3 SymIRON;Symantec Iron Driver;C:\WINDOWS\System32\Drivers\NISx64\1400000.088\Ironx64.sys [2012-12-27 222368]
    S3 SymNetS;Symantec Network Security WFP Driver;C:\WINDOWS\System32\Drivers\NISx64\1400000.088\symnets.sys [2012-12-27 431224]
    .
    =============== Created Last 30 ================
    .
    2015-02-09 22:30:15 129752 ----a-w- C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys
    2015-02-09 22:29:53 93400 ----a-w- C:\WINDOWS\System32\drivers\mbamchameleon.sys
    2015-02-09 22:29:53 64216 ----a-w- C:\WINDOWS\System32\drivers\mwac.sys
    2015-02-09 22:29:53 25816 ----a-w- C:\WINDOWS\System32\drivers\mbam.sys
    2015-02-09 22:29:53 -------- d-----w- C:\ProgramData\Malwarebytes
    2015-02-09 22:29:53 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
    2015-02-09 22:28:51 -------- d-----w- C:\Users\Haze\AppData\Local\Programs
    2015-02-09 21:59:38 -------- d-----w- C:\WINDOWS\pss
    2015-02-06 23:07:51 253440 ----a-w- C:\WINDOWS\System32\WUSettingsProvider.dll
    2015-02-06 23:07:51 176640 ----a-w- C:\WINDOWS\System32\storewuauth.dll
    2015-02-06 23:07:51 1623040 ----a-w- C:\WINDOWS\System32\wucltux.dll
    2015-02-06 23:07:25 99328 ----a-w- C:\WINDOWS\System32\wushareduxresources.dll
    2015-02-06 23:07:25 17408 ----a-w- C:\WINDOWS\System32\wuaext.dll
    2015-02-06 22:18:10 -------- d-----w- C:\Program Files (x86)\OEM
    2015-02-06 22:17:53 -------- d-----w- C:\Program Files\Accessory Store
    2015-02-06 22:17:47 -------- d-----w- C:\ProgramData\OEM_E471269A730D
    2015-02-06 22:17:39 -------- d-----r- C:\Users\Haze\Searches
    2015-02-06 22:17:38 -------- d-----r- C:\Users\Haze\Contacts
    2015-02-06 22:17:20 -------- d-----w- C:\Users\Haze\AppData\Roaming\lm
    2015-02-06 22:16:36 -------- d-----w- C:\Users\Haze\AppData\Local\VirtualStore
    2015-02-06 22:16:11 -------- d-----w- C:\Users\Haze\AppData\Local\Packages
    .
    ==================== Find3M ====================
    .
    .
    ============= FINISH: 15:11:44.21 ===============

    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows 8
    Boot Device: \Device\HarddiskVolume2
    Install Date: 2/6/2015 2:12:19 PM
    System Uptime: 2/9/2015 2:13:06 PM (1 hours ago)
    .
    Motherboard: Gateway | | EG50_HC_HR
    Processor: Intel(R) Pentium(R) CPU B960 @ 2.20GHz | U3E1 | 2195/100mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 449 GiB total, 420.704 GiB free.
    D: is CDROM ()
    E: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP2: 2/6/2015 2:52:44 PM - Windows Update
    .
    ==== Installed Programs ======================
    .
    Agatha Christie - Death on the Nile
    Aloha TriPeaks
    Backup Manager v4
    Bejeweled 3
    Broadcom 802.11 Network Adapter
    Broadcom Card Reader Driver Installer
    Cradle Of Egypt Collector's Edition
    CyberLink MediaEspresso 6.5
    CyberLink PowerDVD 10
    Delicious: Emily's True Love Premium Edition
    Dora's World Adventure
    Dritek Radio Controller
    eBay Worldwide
    ETDWare PS/2-X64 11.6.16.003_WHQL
    Gateway Device Fast-lane
    Gateway MyBackup
    Gateway Power Management
    Gateway Recovery Management
    Identity Card
    Intel(R) Management Engine Components
    Intel(R) Processor Graphics
    Intel(R) Rapid Storage Technology
    Intel(R) SDK for OpenCL - CPU Only Runtime Package
    IntelĀ® Trusted Connect Service Client
    Jewel Match 3
    Launch Manager
    Live Updater
    Malwarebytes Anti-Malware version 2.0.4.1028
    Microsoft Office
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    Mystery P.I. - Curious Case of Counterfeit Cove
    Nero 12 Essentials OEM.a01
    Nero ControlCenter
    Nero ControlCenter Help (CHM)
    Nero Core Components
    Nero Express
    Nero Express Help (CHM)
    Nero Launcher
    Nero Update
    Norton Internet Security
    Norton Online Backup
    Norton Online Backup ARA
    Peggle Nights
    Penguins!
    Plants vs. Zombies - Game of the Year
    Polar Bowler
    Polar Golfer
    Prerequisite installer
    Realtek High Definition Audio Driver
    Spotify
    Tales of Lagoona
    Update Installer for WildTangent Games App
    WildTangent Games
    WildTangent Games App
    Zuma's Revenge
    .
    ==== Event Viewer Messages From Past Week ========
    .
    2/9/2015 3:11:27 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    2/9/2015 3:11:27 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
    2/9/2015 3:11:04 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the DHCP Client service which failed to start because of the following error: The dependency service or group failed to start.
    2/9/2015 3:11:04 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
    2/9/2015 3:11:04 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "Unavailable" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
    2/9/2015 3:08:10 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service dps with arguments "Unavailable" in order to run the server: {DDCFD26B-FEED-44CD-B71D-79487D2E5E5A}
    2/9/2015 3:06:31 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server: {9E175B68-F52A-11D8-B9A5-505054503030}
    2/9/2015 2:28:23 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "Unavailable" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F}
    2/9/2015 2:28:23 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "Unavailable" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
    2/9/2015 2:25:14 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    2/9/2015 2:25:12 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "Unavailable" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    2/9/2015 2:13:25 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    2/9/2015 2:13:25 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    2/9/2015 2:13:25 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub System service which failed to start because of the following error: A device attached to the system is not functioning.
    2/9/2015 2:13:25 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    2/9/2015 2:13:25 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    2/9/2015 2:13:25 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI Proxy Service Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    2/9/2015 2:13:25 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    2/9/2015 2:13:25 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    2/9/2015 2:13:25 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    2/9/2015 2:06:46 PM, Error: Ntfs [55] - A corruption was discovered in the file system structure on volume C:. A corruption was found in a file system index structure. The file reference number is 0x200000001bb89. The name of the file is "\Windows\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77". The corrupted index attribute is ":$I30:$INDEX_ALLOCATION".
    2/9/2015 2:05:20 PM, Error: Service Control Manager [7038] - The WerSvc service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error: The RPC server is unavailable. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
    2/9/2015 2:05:17 PM, Error: Service Control Manager [7023] - The Intel(R) Management and Security Application User Notification Service service terminated with the following error: General access denied error
    2/9/2015 2:05:04 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1069" attempting to start the service WSearch with arguments "Unavailable" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    2/9/2015 2:05:03 PM, Error: Service Control Manager [7038] - The WSearch service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error: The RPC server is unavailable. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
    2/9/2015 2:05:03 PM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not start due to a logon failure.
    2/9/2015 2:04:52 PM, Error: Service Control Manager [7038] - The wscsvc service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The RPC server is unavailable. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
    2/9/2015 2:04:52 PM, Error: Service Control Manager [7038] - The sppsvc service was unable to log on as NT AUTHORITY\NetworkService with the currently configured password due to the following error: The RPC server is unavailable. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
    2/9/2015 2:04:52 PM, Error: Service Control Manager [7000] - The Software Protection service failed to start due to the following error: The service did not start due to a logon failure.
    2/9/2015 2:04:52 PM, Error: Service Control Manager [7000] - The Security Center service failed to start due to the following error: The service did not start due to a logon failure.
    2/9/2015 2:04:43 PM, Error: Service Control Manager [7038] - The Spooler service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error: The RPC server is unavailable. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
    2/9/2015 2:04:43 PM, Error: Service Control Manager [7000] - The Print Spooler service failed to start due to the following error: The service did not start due to a logon failure.
    2/9/2015 2:04:39 PM, Error: Service Control Manager [7038] - The NAUpdate service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error: The RPC server is unavailable. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
    2/9/2015 2:04:37 PM, Error: Service Control Manager [7031] - The Windows Firewall service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    2/9/2015 2:04:37 PM, Error: Service Control Manager [7031] - The Print Spooler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
    2/9/2015 2:04:37 PM, Error: Service Control Manager [7031] - The Network Connected Devices Auto-Setup service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    2/9/2015 2:04:37 PM, Error: Service Control Manager [7031] - The Diagnostic Policy Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    2/9/2015 2:04:37 PM, Error: Service Control Manager [7031] - The Base Filtering Engine service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    2/9/2015 2:04:36 PM, Error: Service Control Manager [7038] - The WerSvc service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error: The remote procedure call failed. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
    2/6/2015 3:07:39 PM, Error: Ntfs [55] - A corruption was discovered in the file system structure on volume C:. A corruption was found in a file system index structure. The file reference number is 0x1000000002510. The name of the file is "\Windows\System32\wbem". The corrupted index attribute is ":$I30:$INDEX_ALLOCATION".
    2/6/2015 2:40:33 PM, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\??\C:\Users\Haze\AppData\Local\Microsoft\Windows\UsrClass.dat' was corrupted and it has been recovered. Some data might have been lost.
    2/6/2015 2:35:30 PM, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\??\C:\Users\Haze\ntuser.dat' was corrupted and it has been recovered. Some data might have been lost.
    2/6/2015 2:22:30 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000ef (0xfffffa8004086940, 0x0000000000000000, 0x0000000000000000, 0x0000000000000000). A dump was saved in: C:\WINDOWS\MEMORY.DMP. Report Id: 020615-21687-01.
    2/6/2015 2:15:31 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0xc000021a (0xfffff8a001c3ef40, 0xffffffffc0000005, 0x000007f89581f028, 0x000000c5ca49ee80). A dump was saved in: C:\WINDOWS\MEMORY.DMP. Report Id: 020615-26125-01.
    .
    ==== End Of File ===========================
     
  16. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    [​IMG] Download RogueKiller from one of the following links and save it to your Desktop:

    Link 1
    Link 2

    • Close all the running programs
    • Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    [​IMG] Create new restore point before proceeding with the next step....
    How to: http://www.smartestcomputing.us.com/topic/63983-how-to-create-new-restore-point-all-windows/

    Download [​IMG] Malwarebytes Anti-Rootkit (MBAR) to your desktop.
    • Warning! Malwarebytes Anti-Rootkit needs to be run from an account with administrator rights.
    • Double click on downloaded file. OK self extracting prompt.
    • MBAR will start. Click "Next" to continue.
    • Click in the following screen "Update" to obtain the latest malware definitions.
    • Once the update is complete select "Next" and click "Scan".
    • When the scan is finished and no malware has been found select "Exit".
    • If malware was detected, make sure to check all the items and click "Cleanup". Reboot your computer.
    • Open the MBAR folder located on your Desktop and paste the content of the following files in your next reply:
      • "mbar-log-{date} (xx-xx-xx).txt"
      • "system-log.txt"
    NOTE. If you see This version requires you to completely exit the Anti Malware application message right click on the Malwarebytes Anti-Malware icon in the system tray and click on Exit.
     
  17. HVGrad

    HVGrad TS Rookie Topic Starter Posts: 32

    What should I do about updating the program when my laptop is in safe mode? Would I be able to run the program and update it on my good computer and then transfer it to my bad one?
     
  18. HVGrad

    HVGrad TS Rookie Topic Starter Posts: 32

    When I try to create a restore point, in my system properties menu there is no system protection tab
     
  19. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    Skip restore point.
    As for updating use safe mode with networking instead of plain safe mode.
     
  20. HVGrad

    HVGrad TS Rookie Topic Starter Posts: 32

    My pc froze while running the scan in safe mode with networking so I have to try to get it back into safe mode again, I will post the results as soon as I can actually run the scan
     
  21. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    Did RogueKiller run in any mode?
    If so give me its log.
     
  22. HVGrad

    HVGrad TS Rookie Topic Starter Posts: 32

    The anti rootkit scan get to a point where it says its scanning lexicons and then freezes and restarts my computer
     
  23. Broni

    Broni Malware Annihilator Posts: 52,890   +344

     
  24. HVGrad

    HVGrad TS Rookie Topic Starter Posts: 32

    I will asap, it is difficult to get my computer back into safe mode after it goes back I to regular mode
     
  25. HVGrad

    HVGrad TS Rookie Topic Starter Posts: 32

    Hey I cant get my computer back into safe mode so I cant give you any of the information
     

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...