I have a Gateway laptop NE56R41u with windows 8 and I have been having alot of trouble with it, it was fine until I loaned it to my cousin. Ever since I got it back it boots up pretty quickly as it always has, but once you try to do anythng it freezes and locks up, forcing you to restart it. I tried resetting it to factory default but it didn't fix the problem, please help
Inactive Gateway laptop isn't working
- Thread starter HVGrad
- Start date
Broni
Posts: 56,041 +516
Welcome aboard
Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.
Please, observe following rules:
Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.
Please, observe following rules:
- Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
- If you're stuck, or you're not sure about certain step, always ask before doing anything else.
- Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
- Never run more than one scan at a time.
- Keep updating me regarding your computer behavior, good, or bad.
- The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
- If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
- I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
Broni
Posts: 56,041 +516
Download needed tools on good computer and transfer them to bad computer.
Install Panda USB Vaccine, or BitDefender’s USB Immunizer on GOOD computer to protect it from any infected USB device.
Install Panda USB Vaccine, or BitDefender’s USB Immunizer on GOOD computer to protect it from any infected USB device.
Broni
Posts: 56,041 +516
See if same thing happens in safe mode.
How to start Windows in Safe Mode
How to start Windows in Safe Mode
Malwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 2/9/2015
Scan Time: 2:30:31 PM
Logfile: scan log.txt
Administrator: Yes
Version: 2.00.4.1028
Malware Database: v2014.11.20.06
Rootkit Database: v2014.11.18.01
License: Trial
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
OS: Windows 8
CPU: x64
File System: NTFS
User: Haze
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 303759
Time Elapsed: 26 min, 37 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 0
(No malicious items detected)
Registry Values: 0
(No malicious items detected)
Registry Data: 0
(No malicious items detected)
Folders: 0
(No malicious items detected)
DDS (Ver_2012-11-20.01) - NTFS_AMD64 MINIMAL
Internet Explorer: 10.0.9200.16442
Run by Haze at 15:11:27 on 2015-02-09
Microsoft Windows 8 6.2.9200.0.1252.1.1033.18.3909.3254 [GMT -8:00]
.
AV: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k RPCSS
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\dwm.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\ImmersiveControlPanel\SystemSettings.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://acer13.msn.com
uDefault_Page_URL = hxxp://acer13.msn.com
mWinlogon: Userinit = userinit.exe
BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.0.0.136\CoIEPlg.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.0.0.136\IPS\IPSBHO.dll
mRun: [LManager] <no file>
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\GATEWA~1.LNK - C:\Program Files (x86)\NTI\Gateway MyBackup\BackupManagerTray.exe
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{24B6A17B-3E61-4176-920E-EFC692627F42} : DHCPNameServer = 192.168.1.1
SSODL: WebCheck - <orphaned>
x64-Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
x64-Run: [Persistence] C:\WINDOWS\System32\igfxpers.exe
x64-Run: [ETDCtrl] C:\Program Files (x86)\Elantech\ETDCtrl.exe
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 iaStorA;iaStorA;C:\WINDOWS\System32\Drivers\iaStorA.sys [2013-3-23 645952]
R3 b57xdbd;Broadcom xD Picture Bus Driver Service;C:\WINDOWS\System32\Drivers\b57xdbd.sys [2012-8-13 72280]
R3 b57xdmp;Broadcom xD Picture vstorp client drv;C:\WINDOWS\System32\Drivers\b57xdmp.sys [2012-8-13 21080]
R3 bScsiMSa;bScsiMSa;C:\WINDOWS\System32\Drivers\bScsiMSa.sys [2012-6-18 55384]
R3 bScsiSDa;bScsiSDa;C:\WINDOWS\System32\Drivers\bScsiSDa.sys [2012-8-14 70744]
R3 ETD;ELAN PS/2 Port Input Device;C:\WINDOWS\System32\Drivers\ETD.sys [2012-12-27 331152]
R3 MBAMSwissArmy;MBAMSwissArmy;C:\WINDOWS\System32\Drivers\MBAMSwissArmy.sys [2015-2-9 129752]
R3 Ps2Kb2Hid;PS/2 Keyboard to HID Driver;C:\WINDOWS\System32\Drivers\aPs2Kb2Hid.sys [2013-3-23 26736]
S0 SymELAM;Symantec ELAM Driver;C:\WINDOWS\System32\Drivers\NISx64\1400000.088\SymELAM.sys [2012-12-27 23448]
S1 ccSet_NARA;NARA Settings Manager;C:\WINDOWS\System32\Drivers\NARAx64\0401000.00E\ccSetx64.sys [2013-3-23 168608]
S2 BrcmCardReader;Broadcom Card Reader Service;C:\Program Files\Broadcom\MemoryCard\BrcmCardReader.exe [2012-8-20 176640]
S2 DsiWMIService;Dritek WMI Service;C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2012-12-27 350544]
S2 ETDService;Elan Service;C:\Program Files\Elantech\ETDService.exe [2012-12-27 100752]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-4-20 635104]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe [2013-3-23 165760]
S2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2015-2-9 1871160]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2015-2-9 969016]
S2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2011-11-25 687400]
S2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\20.0.0.136\ccSvcHst.exe [2012-12-27 143928]
S2 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2012-8-15 3943104]
S2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NTI\Gateway MyBackup\IScheduleSvc.exe [2012-11-2 259136]
S2 RfButtonDriverService;Dritek RF Button Command Service;C:\Windows\RfBtnSvc64.exe [2013-3-23 96880]
S2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2013-3-23 364416]
S3 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\BASHDefs\20120615.003\BHDrvx64.sys [2012-12-27 1377440]
S3 ccSet_NIS;Norton Internet Security Settings Manager;C:\WINDOWS\System32\Drivers\NISx64\1400000.088\ccSetx64.sys [2012-12-27 168608]
S3 DeviceFastLaneService;Device Fast-lane Service;C:\Program Files\Gateway\Gateway Device Fast-lane\DeviceFastLaneSvc.exe [2012-11-16 469648]
S3 ePowerSvc;ePower Service;C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe [2012-12-13 664288]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\IPSDefs\20120611.002\IDSVia64.sys [2012-12-27 509088]
S3 IntcDAud;Intel(R) Display Audio;C:\WINDOWS\System32\Drivers\IntcDAud.sys [2012-12-27 342528]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;C:\WINDOWS\System32\Drivers\k57nd60a.sys [2012-6-2 425472]
S3 MBAMProtector;MBAMProtector;C:\WINDOWS\System32\Drivers\mbam.sys [2015-2-9 25816]
S3 MBAMWebAccessControl;MBAMWebAccessControl;C:\WINDOWS\System32\Drivers\mwac.sys [2015-2-9 64216]
S3 SymDS;Symantec Data Store;C:\WINDOWS\System32\Drivers\NISx64\1400000.088\SymDS64.sys [2012-12-27 485024]
S3 SymEFA;Symantec Extended File Attributes;C:\WINDOWS\System32\Drivers\NISx64\1400000.088\SymEFA64.sys [2012-12-27 1129120]
S3 SymIRON;Symantec Iron Driver;C:\WINDOWS\System32\Drivers\NISx64\1400000.088\Ironx64.sys [2012-12-27 222368]
S3 SymNetS;Symantec Network Security WFP Driver;C:\WINDOWS\System32\Drivers\NISx64\1400000.088\symnets.sys [2012-12-27 431224]
.
=============== Created Last 30 ================
.
2015-02-09 22:30:15 129752 ----a-w- C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys
2015-02-09 22:29:53 93400 ----a-w- C:\WINDOWS\System32\drivers\mbamchameleon.sys
2015-02-09 22:29:53 64216 ----a-w- C:\WINDOWS\System32\drivers\mwac.sys
2015-02-09 22:29:53 25816 ----a-w- C:\WINDOWS\System32\drivers\mbam.sys
2015-02-09 22:29:53 -------- d-----w- C:\ProgramData\Malwarebytes
2015-02-09 22:29:53 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-02-09 22:28:51 -------- d-----w- C:\Users\Haze\AppData\Local\Programs
2015-02-09 21:59:38 -------- d-----w- C:\WINDOWS\pss
2015-02-06 23:07:51 253440 ----a-w- C:\WINDOWS\System32\WUSettingsProvider.dll
2015-02-06 23:07:51 176640 ----a-w- C:\WINDOWS\System32\storewuauth.dll
2015-02-06 23:07:51 1623040 ----a-w- C:\WINDOWS\System32\wucltux.dll
2015-02-06 23:07:25 99328 ----a-w- C:\WINDOWS\System32\wushareduxresources.dll
2015-02-06 23:07:25 17408 ----a-w- C:\WINDOWS\System32\wuaext.dll
2015-02-06 22:18:10 -------- d-----w- C:\Program Files (x86)\OEM
2015-02-06 22:17:53 -------- d-----w- C:\Program Files\Accessory Store
2015-02-06 22:17:47 -------- d-----w- C:\ProgramData\OEM_E471269A730D
2015-02-06 22:17:39 -------- d-----r- C:\Users\Haze\Searches
2015-02-06 22:17:38 -------- d-----r- C:\Users\Haze\Contacts
2015-02-06 22:17:20 -------- d-----w- C:\Users\Haze\AppData\Roaming\lm
2015-02-06 22:16:36 -------- d-----w- C:\Users\Haze\AppData\Local\VirtualStore
2015-02-06 22:16:11 -------- d-----w- C:\Users\Haze\AppData\Local\Packages
.
==================== Find3M ====================
.
.
============= FINISH: 15:11:44.21 ===============
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 8
Boot Device: \Device\HarddiskVolume2
Install Date: 2/6/2015 2:12:19 PM
System Uptime: 2/9/2015 2:13:06 PM (1 hours ago)
.
Motherboard: Gateway | | EG50_HC_HR
Processor: Intel(R) Pentium(R) CPU B960 @ 2.20GHz | U3E1 | 2195/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 449 GiB total, 420.704 GiB free.
D: is CDROM ()
E: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP2: 2/6/2015 2:52:44 PM - Windows Update
.
==== Installed Programs ======================
.
Agatha Christie - Death on the Nile
Aloha TriPeaks
Backup Manager v4
Bejeweled 3
Broadcom 802.11 Network Adapter
Broadcom Card Reader Driver Installer
Cradle Of Egypt Collector's Edition
CyberLink MediaEspresso 6.5
CyberLink PowerDVD 10
Delicious: Emily's True Love Premium Edition
Dora's World Adventure
Dritek Radio Controller
eBay Worldwide
ETDWare PS/2-X64 11.6.16.003_WHQL
Gateway Device Fast-lane
Gateway MyBackup
Gateway Power Management
Gateway Recovery Management
Identity Card
Intel(R) Management Engine Components
Intel(R) Processor Graphics
Intel(R) Rapid Storage Technology
Intel(R) SDK for OpenCL - CPU Only Runtime Package
Intel® Trusted Connect Service Client
Jewel Match 3
Launch Manager
Live Updater
Malwarebytes Anti-Malware version 2.0.4.1028
Microsoft Office
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Mystery P.I. - Curious Case of Counterfeit Cove
Nero 12 Essentials OEM.a01
Nero ControlCenter
Nero ControlCenter Help (CHM)
Nero Core Components
Nero Express
Nero Express Help (CHM)
Nero Launcher
Nero Update
Norton Internet Security
Norton Online Backup
Norton Online Backup ARA
Peggle Nights
Penguins!
Plants vs. Zombies - Game of the Year
Polar Bowler
Polar Golfer
Prerequisite installer
Realtek High Definition Audio Driver
Spotify
Tales of Lagoona
Update Installer for WildTangent Games App
WildTangent Games
WildTangent Games App
Zuma's Revenge
.
==== Event Viewer Messages From Past Week ========
.
2/9/2015 3:11:27 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
2/9/2015 3:11:27 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
2/9/2015 3:11:04 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the DHCP Client service which failed to start because of the following error: The dependency service or group failed to start.
2/9/2015 3:11:04 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
2/9/2015 3:11:04 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "Unavailable" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
2/9/2015 3:08:10 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service dps with arguments "Unavailable" in order to run the server: {DDCFD26B-FEED-44CD-B71D-79487D2E5E5A}
2/9/2015 3:06:31 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server: {9E175B68-F52A-11D8-B9A5-505054503030}
2/9/2015 2:28:23 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "Unavailable" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F}
2/9/2015 2:28:23 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "Unavailable" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
2/9/2015 2:25:14 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
2/9/2015 2:25:12 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "Unavailable" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
2/9/2015 2:13:25 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
2/9/2015 2:13:25 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
2/9/2015 2:13:25 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub System service which failed to start because of the following error: A device attached to the system is not functioning.
2/9/2015 2:13:25 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
2/9/2015 2:13:25 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
2/9/2015 2:13:25 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI Proxy Service Driver service which failed to start because of the following error: A device attached to the system is not functioning.
2/9/2015 2:13:25 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
2/9/2015 2:13:25 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
2/9/2015 2:13:25 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
2/9/2015 2:06:46 PM, Error: Ntfs [55] - A corruption was discovered in the file system structure on volume C:. A corruption was found in a file system index structure. The file reference number is 0x200000001bb89. The name of the file is "\Windows\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77". The corrupted index attribute is ":$I30:$INDEX_ALLOCATION".
2/9/2015 2:05:20 PM, Error: Service Control Manager [7038] - The WerSvc service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error: The RPC server is unavailable. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
2/9/2015 2:05:17 PM, Error: Service Control Manager [7023] - The Intel(R) Management and Security Application User Notification Service service terminated with the following error: General access denied error
2/9/2015 2:05:04 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1069" attempting to start the service WSearch with arguments "Unavailable" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
2/9/2015 2:05:03 PM, Error: Service Control Manager [7038] - The WSearch service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error: The RPC server is unavailable. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
2/9/2015 2:05:03 PM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not start due to a logon failure.
2/9/2015 2:04:52 PM, Error: Service Control Manager [7038] - The wscsvc service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The RPC server is unavailable. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
2/9/2015 2:04:52 PM, Error: Service Control Manager [7038] - The sppsvc service was unable to log on as NT AUTHORITY\NetworkService with the currently configured password due to the following error: The RPC server is unavailable. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
2/9/2015 2:04:52 PM, Error: Service Control Manager [7000] - The Software Protection service failed to start due to the following error: The service did not start due to a logon failure.
2/9/2015 2:04:52 PM, Error: Service Control Manager [7000] - The Security Center service failed to start due to the following error: The service did not start due to a logon failure.
2/9/2015 2:04:43 PM, Error: Service Control Manager [7038] - The Spooler service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error: The RPC server is unavailable. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
2/9/2015 2:04:43 PM, Error: Service Control Manager [7000] - The Print Spooler service failed to start due to the following error: The service did not start due to a logon failure.
2/9/2015 2:04:39 PM, Error: Service Control Manager [7038] - The NAUpdate service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error: The RPC server is unavailable. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
2/9/2015 2:04:37 PM, Error: Service Control Manager [7031] - The Windows Firewall service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
2/9/2015 2:04:37 PM, Error: Service Control Manager [7031] - The Print Spooler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
2/9/2015 2:04:37 PM, Error: Service Control Manager [7031] - The Network Connected Devices Auto-Setup service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
2/9/2015 2:04:37 PM, Error: Service Control Manager [7031] - The Diagnostic Policy Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
2/9/2015 2:04:37 PM, Error: Service Control Manager [7031] - The Base Filtering Engine service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
2/9/2015 2:04:36 PM, Error: Service Control Manager [7038] - The WerSvc service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error: The remote procedure call failed. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
2/6/2015 3:07:39 PM, Error: Ntfs [55] - A corruption was discovered in the file system structure on volume C:. A corruption was found in a file system index structure. The file reference number is 0x1000000002510. The name of the file is "\Windows\System32\wbem". The corrupted index attribute is ":$I30:$INDEX_ALLOCATION".
2/6/2015 2:40:33 PM, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\??\C:\Users\Haze\AppData\Local\Microsoft\Windows\UsrClass.dat' was corrupted and it has been recovered. Some data might have been lost.
2/6/2015 2:35:30 PM, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\??\C:\Users\Haze\ntuser.dat' was corrupted and it has been recovered. Some data might have been lost.
2/6/2015 2:22:30 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000ef (0xfffffa8004086940, 0x0000000000000000, 0x0000000000000000, 0x0000000000000000). A dump was saved in: C:\WINDOWS\MEMORY.DMP. Report Id: 020615-21687-01.
2/6/2015 2:15:31 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0xc000021a (0xfffff8a001c3ef40, 0xffffffffc0000005, 0x000007f89581f028, 0x000000c5ca49ee80). A dump was saved in: C:\WINDOWS\MEMORY.DMP. Report Id: 020615-26125-01.
.
==== End Of File ===========================
www.malwarebytes.org
Scan Date: 2/9/2015
Scan Time: 2:30:31 PM
Logfile: scan log.txt
Administrator: Yes
Version: 2.00.4.1028
Malware Database: v2014.11.20.06
Rootkit Database: v2014.11.18.01
License: Trial
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
OS: Windows 8
CPU: x64
File System: NTFS
User: Haze
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 303759
Time Elapsed: 26 min, 37 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 0
(No malicious items detected)
Registry Values: 0
(No malicious items detected)
Registry Data: 0
(No malicious items detected)
Folders: 0
(No malicious items detected)
DDS (Ver_2012-11-20.01) - NTFS_AMD64 MINIMAL
Internet Explorer: 10.0.9200.16442
Run by Haze at 15:11:27 on 2015-02-09
Microsoft Windows 8 6.2.9200.0.1252.1.1033.18.3909.3254 [GMT -8:00]
.
AV: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k RPCSS
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\dwm.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\ImmersiveControlPanel\SystemSettings.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://acer13.msn.com
uDefault_Page_URL = hxxp://acer13.msn.com
mWinlogon: Userinit = userinit.exe
BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.0.0.136\CoIEPlg.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.0.0.136\IPS\IPSBHO.dll
mRun: [LManager] <no file>
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\GATEWA~1.LNK - C:\Program Files (x86)\NTI\Gateway MyBackup\BackupManagerTray.exe
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{24B6A17B-3E61-4176-920E-EFC692627F42} : DHCPNameServer = 192.168.1.1
SSODL: WebCheck - <orphaned>
x64-Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
x64-Run: [Persistence] C:\WINDOWS\System32\igfxpers.exe
x64-Run: [ETDCtrl] C:\Program Files (x86)\Elantech\ETDCtrl.exe
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 iaStorA;iaStorA;C:\WINDOWS\System32\Drivers\iaStorA.sys [2013-3-23 645952]
R3 b57xdbd;Broadcom xD Picture Bus Driver Service;C:\WINDOWS\System32\Drivers\b57xdbd.sys [2012-8-13 72280]
R3 b57xdmp;Broadcom xD Picture vstorp client drv;C:\WINDOWS\System32\Drivers\b57xdmp.sys [2012-8-13 21080]
R3 bScsiMSa;bScsiMSa;C:\WINDOWS\System32\Drivers\bScsiMSa.sys [2012-6-18 55384]
R3 bScsiSDa;bScsiSDa;C:\WINDOWS\System32\Drivers\bScsiSDa.sys [2012-8-14 70744]
R3 ETD;ELAN PS/2 Port Input Device;C:\WINDOWS\System32\Drivers\ETD.sys [2012-12-27 331152]
R3 MBAMSwissArmy;MBAMSwissArmy;C:\WINDOWS\System32\Drivers\MBAMSwissArmy.sys [2015-2-9 129752]
R3 Ps2Kb2Hid;PS/2 Keyboard to HID Driver;C:\WINDOWS\System32\Drivers\aPs2Kb2Hid.sys [2013-3-23 26736]
S0 SymELAM;Symantec ELAM Driver;C:\WINDOWS\System32\Drivers\NISx64\1400000.088\SymELAM.sys [2012-12-27 23448]
S1 ccSet_NARA;NARA Settings Manager;C:\WINDOWS\System32\Drivers\NARAx64\0401000.00E\ccSetx64.sys [2013-3-23 168608]
S2 BrcmCardReader;Broadcom Card Reader Service;C:\Program Files\Broadcom\MemoryCard\BrcmCardReader.exe [2012-8-20 176640]
S2 DsiWMIService;Dritek WMI Service;C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2012-12-27 350544]
S2 ETDService;Elan Service;C:\Program Files\Elantech\ETDService.exe [2012-12-27 100752]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-4-20 635104]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe [2013-3-23 165760]
S2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2015-2-9 1871160]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2015-2-9 969016]
S2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2011-11-25 687400]
S2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\20.0.0.136\ccSvcHst.exe [2012-12-27 143928]
S2 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2012-8-15 3943104]
S2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NTI\Gateway MyBackup\IScheduleSvc.exe [2012-11-2 259136]
S2 RfButtonDriverService;Dritek RF Button Command Service;C:\Windows\RfBtnSvc64.exe [2013-3-23 96880]
S2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2013-3-23 364416]
S3 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\BASHDefs\20120615.003\BHDrvx64.sys [2012-12-27 1377440]
S3 ccSet_NIS;Norton Internet Security Settings Manager;C:\WINDOWS\System32\Drivers\NISx64\1400000.088\ccSetx64.sys [2012-12-27 168608]
S3 DeviceFastLaneService;Device Fast-lane Service;C:\Program Files\Gateway\Gateway Device Fast-lane\DeviceFastLaneSvc.exe [2012-11-16 469648]
S3 ePowerSvc;ePower Service;C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe [2012-12-13 664288]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\IPSDefs\20120611.002\IDSVia64.sys [2012-12-27 509088]
S3 IntcDAud;Intel(R) Display Audio;C:\WINDOWS\System32\Drivers\IntcDAud.sys [2012-12-27 342528]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;C:\WINDOWS\System32\Drivers\k57nd60a.sys [2012-6-2 425472]
S3 MBAMProtector;MBAMProtector;C:\WINDOWS\System32\Drivers\mbam.sys [2015-2-9 25816]
S3 MBAMWebAccessControl;MBAMWebAccessControl;C:\WINDOWS\System32\Drivers\mwac.sys [2015-2-9 64216]
S3 SymDS;Symantec Data Store;C:\WINDOWS\System32\Drivers\NISx64\1400000.088\SymDS64.sys [2012-12-27 485024]
S3 SymEFA;Symantec Extended File Attributes;C:\WINDOWS\System32\Drivers\NISx64\1400000.088\SymEFA64.sys [2012-12-27 1129120]
S3 SymIRON;Symantec Iron Driver;C:\WINDOWS\System32\Drivers\NISx64\1400000.088\Ironx64.sys [2012-12-27 222368]
S3 SymNetS;Symantec Network Security WFP Driver;C:\WINDOWS\System32\Drivers\NISx64\1400000.088\symnets.sys [2012-12-27 431224]
.
=============== Created Last 30 ================
.
2015-02-09 22:30:15 129752 ----a-w- C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys
2015-02-09 22:29:53 93400 ----a-w- C:\WINDOWS\System32\drivers\mbamchameleon.sys
2015-02-09 22:29:53 64216 ----a-w- C:\WINDOWS\System32\drivers\mwac.sys
2015-02-09 22:29:53 25816 ----a-w- C:\WINDOWS\System32\drivers\mbam.sys
2015-02-09 22:29:53 -------- d-----w- C:\ProgramData\Malwarebytes
2015-02-09 22:29:53 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-02-09 22:28:51 -------- d-----w- C:\Users\Haze\AppData\Local\Programs
2015-02-09 21:59:38 -------- d-----w- C:\WINDOWS\pss
2015-02-06 23:07:51 253440 ----a-w- C:\WINDOWS\System32\WUSettingsProvider.dll
2015-02-06 23:07:51 176640 ----a-w- C:\WINDOWS\System32\storewuauth.dll
2015-02-06 23:07:51 1623040 ----a-w- C:\WINDOWS\System32\wucltux.dll
2015-02-06 23:07:25 99328 ----a-w- C:\WINDOWS\System32\wushareduxresources.dll
2015-02-06 23:07:25 17408 ----a-w- C:\WINDOWS\System32\wuaext.dll
2015-02-06 22:18:10 -------- d-----w- C:\Program Files (x86)\OEM
2015-02-06 22:17:53 -------- d-----w- C:\Program Files\Accessory Store
2015-02-06 22:17:47 -------- d-----w- C:\ProgramData\OEM_E471269A730D
2015-02-06 22:17:39 -------- d-----r- C:\Users\Haze\Searches
2015-02-06 22:17:38 -------- d-----r- C:\Users\Haze\Contacts
2015-02-06 22:17:20 -------- d-----w- C:\Users\Haze\AppData\Roaming\lm
2015-02-06 22:16:36 -------- d-----w- C:\Users\Haze\AppData\Local\VirtualStore
2015-02-06 22:16:11 -------- d-----w- C:\Users\Haze\AppData\Local\Packages
.
==================== Find3M ====================
.
.
============= FINISH: 15:11:44.21 ===============
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 8
Boot Device: \Device\HarddiskVolume2
Install Date: 2/6/2015 2:12:19 PM
System Uptime: 2/9/2015 2:13:06 PM (1 hours ago)
.
Motherboard: Gateway | | EG50_HC_HR
Processor: Intel(R) Pentium(R) CPU B960 @ 2.20GHz | U3E1 | 2195/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 449 GiB total, 420.704 GiB free.
D: is CDROM ()
E: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP2: 2/6/2015 2:52:44 PM - Windows Update
.
==== Installed Programs ======================
.
Agatha Christie - Death on the Nile
Aloha TriPeaks
Backup Manager v4
Bejeweled 3
Broadcom 802.11 Network Adapter
Broadcom Card Reader Driver Installer
Cradle Of Egypt Collector's Edition
CyberLink MediaEspresso 6.5
CyberLink PowerDVD 10
Delicious: Emily's True Love Premium Edition
Dora's World Adventure
Dritek Radio Controller
eBay Worldwide
ETDWare PS/2-X64 11.6.16.003_WHQL
Gateway Device Fast-lane
Gateway MyBackup
Gateway Power Management
Gateway Recovery Management
Identity Card
Intel(R) Management Engine Components
Intel(R) Processor Graphics
Intel(R) Rapid Storage Technology
Intel(R) SDK for OpenCL - CPU Only Runtime Package
Intel® Trusted Connect Service Client
Jewel Match 3
Launch Manager
Live Updater
Malwarebytes Anti-Malware version 2.0.4.1028
Microsoft Office
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Mystery P.I. - Curious Case of Counterfeit Cove
Nero 12 Essentials OEM.a01
Nero ControlCenter
Nero ControlCenter Help (CHM)
Nero Core Components
Nero Express
Nero Express Help (CHM)
Nero Launcher
Nero Update
Norton Internet Security
Norton Online Backup
Norton Online Backup ARA
Peggle Nights
Penguins!
Plants vs. Zombies - Game of the Year
Polar Bowler
Polar Golfer
Prerequisite installer
Realtek High Definition Audio Driver
Spotify
Tales of Lagoona
Update Installer for WildTangent Games App
WildTangent Games
WildTangent Games App
Zuma's Revenge
.
==== Event Viewer Messages From Past Week ========
.
2/9/2015 3:11:27 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
2/9/2015 3:11:27 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
2/9/2015 3:11:04 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the DHCP Client service which failed to start because of the following error: The dependency service or group failed to start.
2/9/2015 3:11:04 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
2/9/2015 3:11:04 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "Unavailable" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
2/9/2015 3:08:10 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service dps with arguments "Unavailable" in order to run the server: {DDCFD26B-FEED-44CD-B71D-79487D2E5E5A}
2/9/2015 3:06:31 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server: {9E175B68-F52A-11D8-B9A5-505054503030}
2/9/2015 2:28:23 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "Unavailable" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F}
2/9/2015 2:28:23 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "Unavailable" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
2/9/2015 2:25:14 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
2/9/2015 2:25:12 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "Unavailable" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
2/9/2015 2:13:25 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
2/9/2015 2:13:25 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
2/9/2015 2:13:25 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub System service which failed to start because of the following error: A device attached to the system is not functioning.
2/9/2015 2:13:25 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
2/9/2015 2:13:25 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
2/9/2015 2:13:25 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI Proxy Service Driver service which failed to start because of the following error: A device attached to the system is not functioning.
2/9/2015 2:13:25 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
2/9/2015 2:13:25 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
2/9/2015 2:13:25 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
2/9/2015 2:06:46 PM, Error: Ntfs [55] - A corruption was discovered in the file system structure on volume C:. A corruption was found in a file system index structure. The file reference number is 0x200000001bb89. The name of the file is "\Windows\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77". The corrupted index attribute is ":$I30:$INDEX_ALLOCATION".
2/9/2015 2:05:20 PM, Error: Service Control Manager [7038] - The WerSvc service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error: The RPC server is unavailable. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
2/9/2015 2:05:17 PM, Error: Service Control Manager [7023] - The Intel(R) Management and Security Application User Notification Service service terminated with the following error: General access denied error
2/9/2015 2:05:04 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1069" attempting to start the service WSearch with arguments "Unavailable" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
2/9/2015 2:05:03 PM, Error: Service Control Manager [7038] - The WSearch service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error: The RPC server is unavailable. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
2/9/2015 2:05:03 PM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not start due to a logon failure.
2/9/2015 2:04:52 PM, Error: Service Control Manager [7038] - The wscsvc service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The RPC server is unavailable. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
2/9/2015 2:04:52 PM, Error: Service Control Manager [7038] - The sppsvc service was unable to log on as NT AUTHORITY\NetworkService with the currently configured password due to the following error: The RPC server is unavailable. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
2/9/2015 2:04:52 PM, Error: Service Control Manager [7000] - The Software Protection service failed to start due to the following error: The service did not start due to a logon failure.
2/9/2015 2:04:52 PM, Error: Service Control Manager [7000] - The Security Center service failed to start due to the following error: The service did not start due to a logon failure.
2/9/2015 2:04:43 PM, Error: Service Control Manager [7038] - The Spooler service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error: The RPC server is unavailable. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
2/9/2015 2:04:43 PM, Error: Service Control Manager [7000] - The Print Spooler service failed to start due to the following error: The service did not start due to a logon failure.
2/9/2015 2:04:39 PM, Error: Service Control Manager [7038] - The NAUpdate service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error: The RPC server is unavailable. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
2/9/2015 2:04:37 PM, Error: Service Control Manager [7031] - The Windows Firewall service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
2/9/2015 2:04:37 PM, Error: Service Control Manager [7031] - The Print Spooler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
2/9/2015 2:04:37 PM, Error: Service Control Manager [7031] - The Network Connected Devices Auto-Setup service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
2/9/2015 2:04:37 PM, Error: Service Control Manager [7031] - The Diagnostic Policy Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
2/9/2015 2:04:37 PM, Error: Service Control Manager [7031] - The Base Filtering Engine service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
2/9/2015 2:04:36 PM, Error: Service Control Manager [7038] - The WerSvc service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error: The remote procedure call failed. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
2/6/2015 3:07:39 PM, Error: Ntfs [55] - A corruption was discovered in the file system structure on volume C:. A corruption was found in a file system index structure. The file reference number is 0x1000000002510. The name of the file is "\Windows\System32\wbem". The corrupted index attribute is ":$I30:$INDEX_ALLOCATION".
2/6/2015 2:40:33 PM, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\??\C:\Users\Haze\AppData\Local\Microsoft\Windows\UsrClass.dat' was corrupted and it has been recovered. Some data might have been lost.
2/6/2015 2:35:30 PM, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\??\C:\Users\Haze\ntuser.dat' was corrupted and it has been recovered. Some data might have been lost.
2/6/2015 2:22:30 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000ef (0xfffffa8004086940, 0x0000000000000000, 0x0000000000000000, 0x0000000000000000). A dump was saved in: C:\WINDOWS\MEMORY.DMP. Report Id: 020615-21687-01.
2/6/2015 2:15:31 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0xc000021a (0xfffff8a001c3ef40, 0xffffffffc0000005, 0x000007f89581f028, 0x000000c5ca49ee80). A dump was saved in: C:\WINDOWS\MEMORY.DMP. Report Id: 020615-26125-01.
.
==== End Of File ===========================
Broni
Posts: 56,041 +516
Link 1
Link 2
- Close all the running programs
- Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator
- Otherwise just double-click on RogueKiller.exe
- Pre-scan will start. Let it finish.
- Click on SCAN button.
- Wait until the Status box shows Scan Finished
- Click on Delete.
- Wait until the Status box shows Deleting Finished.
- Click on Report and copy/paste the content of the Notepad into your next reply.
- RKreport.txt could also be found on your desktop.
- If more than one log is produced post all logs.
- If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again
How to: http://www.smartestcomputing.us.com/topic/63983-how-to-create-new-restore-point-all-windows/
Download
- Warning! Malwarebytes Anti-Rootkit needs to be run from an account with administrator rights.
- Double click on downloaded file. OK self extracting prompt.
- MBAR will start. Click "Next" to continue.
- Click in the following screen "Update" to obtain the latest malware definitions.
- Once the update is complete select "Next" and click "Scan".
- When the scan is finished and no malware has been found select "Exit".
- If malware was detected, make sure to check all the items and click "Cleanup". Reboot your computer.
- Open the MBAR folder located on your Desktop and paste the content of the following files in your next reply:
- "mbar-log-{date} (xx-xx-xx).txt"
- "system-log.txt"
Latest posts
-
Logitech thinks the computer mouse needs an AI upgrade- techstrike replied
-
Hackers attempted to trick LastPass employee with cloned voice of CEO- antiproduct replied
