TechSpot

Laptop infected with virus or malware & programs inactive!

Inactive
By robert lee
Nov 24, 2012
Topic Status:
Not open for further replies.
  1. Hello, my programs and internet not responding even after Malwarebytes was updated and ran a scan. Performed forum recommended 4 step process. Any assistance and help would be greatly appreciated.
  2. Broni

    Broni Malware Annihilator Posts: 46,713   +254

    Welcome aboard [​IMG]

    Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
    Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
    Attached logs won't be reviewed.

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
  3. Broni

    Broni Malware Annihilator Posts: 46,713   +254

  4. robert lee

    robert lee TS Rookie Topic Starter

    Malwarebytes Anti-Malware (PRO) 1.65.1.1000
    www.malwarebytes.org

    Database version: v2012.11.24.11

    Windows XP Service Pack 3 x86 NTFS
    Internet Explorer 8.0.6001.18702
    Robert :: PREPRODUCTION [administrator]

    Protection: Enabled

    11/24/2012 4:27:23 PM
    mbam-log-2012-11-24 (16-27-23).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 211121
    Time elapsed: 7 minute(s), 22 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows XP Home Edition
    Boot Device: \Device\HarddiskVolume1
    Install Date: 4/3/2007 11:01:34 AM
    System Uptime: 11/24/2012 1:47:58 PM (3 hours ago)
    .
    Motherboard: Hewlett-Packard | | 09BC
    Processor: Intel(R) Pentium(R) M processor 1.73GHz | U1 | 1729/533mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 93 GiB total, 54.005 GiB free.
    D: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
    Description: PCI Modem
    Device ID: PCI\VEN_8086&DEV_266D&SUBSYS_3081103C&REV_04\3&B1BFB68&0&F3
    Manufacturer:
    Name: PCI Modem
    PNP Device ID: PCI\VEN_8086&DEV_266D&SUBSYS_3081103C&REV_04\3&B1BFB68&0&F3
    Service:
    .
    ==== System Restore Points ===================
    .
    RP1483: 8/24/2012 6:48:53 PM - System Checkpoint
    RP1484: 8/25/2012 10:34:20 PM - System Checkpoint
    RP1485: 8/27/2012 11:42:13 AM - System Checkpoint
    RP1486: 8/28/2012 8:17:38 PM - System Checkpoint
    RP1487: 8/30/2012 12:10:41 AM - System Checkpoint
    RP1488: 8/31/2012 7:25:06 AM - System Checkpoint
    RP1489: 9/2/2012 10:24:26 AM - System Checkpoint
    RP1490: 9/4/2012 10:52:13 AM - System Checkpoint
    RP1491: 9/6/2012 8:33:45 PM - System Checkpoint
    RP1492: 9/7/2012 10:15:54 PM - System Checkpoint
    RP1493: 9/8/2012 3:08:01 AM - Removed Java(TM) 7 Update 5
    RP1494: 9/8/2012 3:09:04 AM - Installed Java 7 Update 7
    RP1495: 9/9/2012 3:14:59 AM - System Checkpoint
    RP1496: 9/12/2012 3:00:23 AM - Software Distribution Service 3.0
    RP1497: 9/14/2012 2:01:12 AM - System Checkpoint
    RP1498: 9/16/2012 2:55:00 AM - System Checkpoint
    RP1499: 9/17/2012 4:16:07 AM - System Checkpoint
    RP1500: 9/18/2012 4:26:16 AM - System Checkpoint
    RP1501: 9/19/2012 10:56:34 PM - System Checkpoint
    RP1502: 9/21/2012 12:59:29 AM - System Checkpoint
    RP1503: 9/22/2012 8:11:09 AM - Software Distribution Service 3.0
    RP1504: 9/23/2012 8:35:39 AM - System Checkpoint
    RP1505: 9/24/2012 9:05:24 AM - System Checkpoint
    RP1506: 9/25/2012 11:37:06 AM - System Checkpoint
    RP1507: 9/27/2012 12:38:46 AM - System Checkpoint
    RP1508: 10/3/2012 2:41:35 AM - System Checkpoint
    RP1509: 10/5/2012 1:22:02 PM - System Checkpoint
    RP1510: 10/6/2012 11:08:55 PM - System Checkpoint
    RP1511: 10/8/2012 12:21:38 AM - System Checkpoint
    RP1512: 10/9/2012 7:37:17 AM - System Checkpoint
    RP1513: 10/10/2012 3:00:44 AM - Software Distribution Service 3.0
    RP1514: 10/12/2012 3:47:15 PM - System Checkpoint
    RP1515: 10/13/2012 3:51:44 PM - System Checkpoint
    RP1516: 10/15/2012 7:26:36 PM - System Checkpoint
    RP1517: 10/17/2012 7:02:04 PM - System Checkpoint
    RP1518: 10/18/2012 7:53:00 PM - System Checkpoint
    RP1519: 10/19/2012 8:53:01 PM - System Checkpoint
    RP1520: 10/20/2012 9:52:00 PM - System Checkpoint
    RP1521: 10/22/2012 8:38:28 AM - System Checkpoint
    RP1522: 10/23/2012 10:16:04 AM - Installed Java 7 Update 9
    RP1523: 10/23/2012 11:59:01 AM - Removed Java 7 Update 7
    RP1524: 10/23/2012 12:00:03 PM - Installed Java 7 Update 9
    RP1525: 10/24/2012 12:43:49 PM - Revo Uninstaller Pro's restore point - McAfee Security Scan Plus
    RP1526: 10/25/2012 1:15:29 PM - System Checkpoint
    RP1527: 10/26/2012 2:05:45 AM - Revo Uninstaller Pro's restore point - Dasher
    RP1528: 10/27/2012 2:11:11 AM - System Checkpoint
    RP1529: 10/28/2012 10:42:11 PM - System Checkpoint
    RP1530: 10/29/2012 11:34:55 PM - System Checkpoint
    RP1531: 10/31/2012 5:14:38 PM - System Checkpoint
    RP1532: 11/1/2012 5:31:51 PM - System Checkpoint
    RP1533: 11/2/2012 11:08:03 PM - System Checkpoint
    RP1534: 11/4/2012 1:20:42 AM - System Checkpoint
    RP1535: 11/5/2012 11:08:51 AM - System Checkpoint
    RP1536: 11/6/2012 12:06:29 PM - System Checkpoint
    RP1537: 11/7/2012 12:30:25 PM - System Checkpoint
    RP1538: 11/8/2012 12:34:58 PM - System Checkpoint
    RP1539: 11/9/2012 12:54:01 PM - System Checkpoint
    RP1540: 11/13/2012 1:50:00 AM - System Checkpoint
    RP1541: 11/15/2012 3:01:20 AM - Software Distribution Service 3.0
    RP1542: 11/16/2012 3:54:07 AM - System Checkpoint
    RP1543: 11/18/2012 10:54:37 AM - Revo Uninstaller Pro's restore point - SpeedItup Free 7.85
    RP1544: 11/18/2012 11:00:30 AM - Revo Uninstaller Pro's restore point - PC Optimizer Pro
    RP1545: 11/18/2012 11:04:06 AM - Revo Uninstaller Pro's restore point - 7-zip v9.20
    RP1546: 11/18/2012 11:22:32 AM - Software Distribution Service 3.0
    RP1547: 11/18/2012 10:59:17 PM - Revo Uninstaller Pro's restore point - PC Cleaner v3.1
    RP1548: 11/18/2012 11:07:31 PM - Revo Uninstaller Pro's restore point - Fast Search
    RP1549: 11/19/2012 3:43:31 AM - Revo Uninstaller Pro's restore point - DefaultTab
    RP1550: 11/19/2012 3:44:43 AM - Revo Uninstaller Pro's restore point - DefaultTab Chrome
    RP1551: 11/21/2012 12:35:45 PM - System Checkpoint
    RP1552: 11/23/2012 1:57:14 AM - ComboFix created restore point
    .
    ==== Installed Programs ======================
    .
    "Nero SoundTrax Help
    AC3Filter 1.63b
    Add or Remove Adobe Creative Suite 3 Master Collection
    Adobe Acrobat 8 Professional
    Adobe After Effects CS3
    Adobe After Effects CS3 Presets
    Adobe After Effects CS3 Third Party Content
    Adobe Anchor Service CS3
    Adobe Asset Services CS3
    Adobe Bridge CS3
    Adobe Bridge Start Meeting
    Adobe BridgeTalk Plugin CS3
    Adobe Camera Raw 4.0
    Adobe CMaps
    Adobe Color - Photoshop Specific
    Adobe Color Common Settings
    Adobe Color EU Extra Settings
    Adobe Color JA Extra Settings
    Adobe Color NA Recommended Settings
    Adobe Contribute CS3
    Adobe Creative Suite 3 Master Collection
    Adobe Default Language CS3
    Adobe Device Central CS3
    Adobe Dreamweaver CS3
    Adobe Encore CS3
    Adobe Encore CS3 Codecs
    Adobe ExtendScript Toolkit 2
    Adobe Extension Manager CS3
    Adobe Fireworks CS3
    Adobe Flash CS3
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Flash Video Encoder
    Adobe Fonts All
    Adobe Help Viewer CS3
    Adobe Illustrator CS3
    Adobe InDesign CS3
    Adobe InDesign CS3 Icon Handler
    Adobe Linguistics CS3
    Adobe MotionPicture Color Files
    Adobe PDF Library Files
    Adobe Photoshop CS3
    Adobe Premiere Pro CS3
    Adobe Premiere Pro CS3 Functional Content
    Adobe Premiere Pro CS3 Third Party Content
    Adobe Reader 8.1.4
    Adobe Setup
    Adobe SING CS3
    Adobe Soundbooth CS3
    Adobe Soundbooth CS3 Codecs
    Adobe Stock Photos CS3
    Adobe Type Support
    Adobe Update Manager CS3
    Adobe Version Cue CS3 Client
    Adobe Version Cue CS3 Server {ko_KR}
    Adobe Video Profiles
    Adobe WAS CS3
    Adobe WinSoft Linguistics Plugin
    Adobe XMP DVA Panels CS3
    Adobe XMP Panels CS3
    Advertising Center
    AHV content for Acrobat and Flash
    Allok 3GP PSP MP4 iPod Video Converter 4.8.0310
    AnyDVD
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    Auslogics BoostSpeed
    BeatPack (0.9)
    Bonjour
    Broadcom 802.11 Driver
    Business Plan Pro 2007
    Canon iP90
    Dasher
    DivX Version Checker
    DolbyFiles
    DVDFab Platinum 3.1.1.6 Ghosthunter release
    Easy GIF Animator 4.6 Pro
    Exterminate It!
    Free YouTube Downloader 3.5.124
    Google Chrome
    Handbrake 0.9.4
    Hewlett-Packard ACLM.NET v1.1.0.0
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Internet Explorer 7 (KB947864)
    HP Product Detection
    HP Wireless Assistant 1.01 C1
    ImagXpress
    Intel(R) Graphics Media Accelerator Driver for Mobile
    iolo Memory Mechanic
    iTunes
    Java 7 Update 9
    Java Auto Updater
    JavaFX 2.1.1
    Malwarebytes Anti-Malware version 1.65.1.1000
    Memory Washer 4.7.1
    Menu Templates - Starter Kit
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB2656370)
    Microsoft .NET Framework 1.1 Security Update (KB2698023)
    Microsoft .NET Framework 1.1 Security Update (KB979906)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
    Microsoft National Language Support Downlevel APIs
    Microsoft Office 2007 Service Pack 3 (SP3)
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Enterprise 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office File Validation Add-In
    Microsoft Office Groove MUI (English) 2007
    Microsoft Office Groove Setup Metadata MUI (English) 2007
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Sounds
    Microsoft Office Word MUI (English) 2007
    Microsoft Software Update for Web Folders (English) 12
    Microsoft User-Mode Driver Framework Feature Pack 1.5
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    Mixing & Mastering - Know It All! (V1.2) Version 1.2
    MobileMe Control Panel
    Movie Templates - Starter Kit
    Mozilla Firefox 10.0.1 (x86 en-US)
    MSVC80_x86
    MSXML 4.0 SP2 (KB925672)
    MSXML 4.0 SP2 (KB927978)
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 4.0 SP2 Parser and SDK
    Nero 9
    Nero BurningROM
    Nero BurnRights
    Nero ControlCenter
    Nero CoverDesigner
    Nero CoverDesigner Help
    Nero Disc Copy Gadget
    Nero Disc Copy Gadget Help
    Nero DiscSpeed
    Nero DriveSpeed
    Nero Express
    Nero InfoTool
    Nero Installer
    Nero PhotoSnap
    Nero PhotoSnap Help
    Nero Recode
    Nero Recode Help
    Nero Rescue Agent
    Nero RescueAgent Help
    Nero ShowTime
    Nero StartSmart
    Nero StartSmart Help
    Nero Vision
    Nero WaveEditor
    Nero WaveEditor Help
    NeroBurningROM
    NeroExpress
    neroxml
    Nokia Multimedia Factory
    PC Connectivity Solution
    PDF Settings
    Playchess
    PlayChess
    PowerISO
    QuickBooks Premier: Accountant Edition 2007
    QuickBooks Product Listing Service
    QuickTime
    QwiklinxForChrome
    REALTEK Gigabit and Fast Ethernet NIC Driver
    Revo Uninstaller 1.93
    Revo Uninstaller Pro 2.5.9
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
    Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687314) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
    Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition
    Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
    Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
    Security Update for Microsoft Office Word 2007 (KB2687315) 32-Bit Edition
    Security Update for Windows Internet Explorer 7 (KB928090)
    Security Update for Windows Internet Explorer 7 (KB931768)
    Security Update for Windows Internet Explorer 7 (KB933566)
    Security Update for Windows Internet Explorer 7 (KB937143)
    Security Update for Windows Internet Explorer 7 (KB938127)
    Security Update for Windows Internet Explorer 7 (KB939653)
    Security Update for Windows Internet Explorer 7 (KB942615)
    Security Update for Windows Internet Explorer 7 (KB944533)
    Security Update for Windows Internet Explorer 7 (KB950759)
    Security Update for Windows Internet Explorer 7 (KB953838)
    Security Update for Windows Internet Explorer 7 (KB956390)
    Security Update for Windows Internet Explorer 7 (KB958215)
    Security Update for Windows Internet Explorer 7 (KB960714)
    Security Update for Windows Internet Explorer 7 (KB961260)
    Security Update for Windows Internet Explorer 7 (KB963027)
    Security Update for Windows Internet Explorer 7 (KB969897)
    Security Update for Windows Internet Explorer 8 (KB2183461)
    Security Update for Windows Internet Explorer 8 (KB2360131)
    Security Update for Windows Internet Explorer 8 (KB2416400)
    Security Update for Windows Internet Explorer 8 (KB2482017)
    Security Update for Windows Internet Explorer 8 (KB2497640)
    Security Update for Windows Internet Explorer 8 (KB2510531)
    Security Update for Windows Internet Explorer 8 (KB2530548)
    Security Update for Windows Internet Explorer 8 (KB2544521)
    Security Update for Windows Internet Explorer 8 (KB2559049)
    Security Update for Windows Internet Explorer 8 (KB2586448)
    Security Update for Windows Internet Explorer 8 (KB2618444)
    Security Update for Windows Internet Explorer 8 (KB2647516)
    Security Update for Windows Internet Explorer 8 (KB2675157)
    Security Update for Windows Internet Explorer 8 (KB2699988)
    Security Update for Windows Internet Explorer 8 (KB2722913)
    Security Update for Windows Internet Explorer 8 (KB2744842)
    Security Update for Windows Internet Explorer 8 (KB969897)
    Security Update for Windows Internet Explorer 8 (KB971961)
    Security Update for Windows Internet Explorer 8 (KB972260)
    Security Update for Windows Internet Explorer 8 (KB974455)
    Security Update for Windows Internet Explorer 8 (KB976325)
    Security Update for Windows Internet Explorer 8 (KB978207)
    Security Update for Windows Internet Explorer 8 (KB981332)
    Security Update for Windows Internet Explorer 8 (KB982381)
    Sharpener Pro 3.0
    SoundTrax
    SupportSoft Assisted Service
    Texas Instruments PCIxx21/x515 drivers.
    TIxx21
    ToonIt!
    Ultra Video Joiner 5.2.0220
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
    Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
    Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2760413) 32-Bit Edition
    Update for Windows Internet Explorer 8 (KB976662)
    Update for Windows Internet Explorer 8 (KB976749)
    Update for Windows Internet Explorer 8 (KB980182)
    URGE
    VLC media player 2.0.1
    WebFldrs XP
    Webroot SecureAnywhere
    WinAVI Video Converter 9.0
    Windows Internet Explorer 7
    Windows Internet Explorer 8
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows XP Service Pack 3
    WinRAR archiver
    .
    ==== Event Viewer Messages From Past Week ========
    .
    11/24/2012 9:09:22 AM, error: Dhcp [1001] - Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 0012F047DBA5. The following error occurred: The operation was canceled by the user. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
    11/24/2012 4:25:34 PM, error: DCOM [10005] - DCOM got error "%1068" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    11/23/2012 12:29:41 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD ElbyCDIO Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SCDEmu Tcpip WS2IFSL
    11/23/2012 1:26:46 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
    11/23/2012 1:26:11 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: ElbyCDIO Fips intelppm SCDEmu
    11/22/2012 2:35:43 PM, error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the WRSVC service, but this action failed with the following error: An instance of the service is already running.
    11/22/2012 2:35:34 PM, error: Service Control Manager [7031] - The WRSVC service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
    11/22/2012 10:16:13 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
    11/22/2012 10:16:09 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD ElbyCDIO Fips intelppm IPSec MRxSmb NetBIOS NetBT ohci1394 PCIIde RasAcd Rdbss SCDEmu Tcpip
    11/22/2012 10:16:09 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
    11/22/2012 10:16:09 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
    11/22/2012 10:16:09 PM, error: Service Control Manager [7001] - The IP Traffic Filter Driver service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    11/22/2012 10:16:09 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    11/22/2012 10:16:09 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
    11/22/2012 10:16:09 PM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    11/22/2012 10:16:09 PM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    11/22/2012 10:15:36 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    11/19/2012 4:50:43 AM, error: Service Control Manager [7034] - The DefaultTabUpdate service terminated unexpectedly. It has done this 1 time(s).
    11/19/2012 2:28:18 AM, error: Service Control Manager [7001] - The Windows Search service depends on the Terminal Services service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
    11/18/2012 12:02:45 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: PCIIde
    .
    ==== End Of File ===========================
    DDS (Ver_2012-11-20.01) - NTFS_x86
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.9.2
    Run by Robert at 16:41:11 on 2012-11-24
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2038.1124 [GMT -8:00]
    .
    AV: Webroot SecureAnywhere *Enabled/Updated* {D486329C-1488-4CEB-9CC8-D662B732D904}
    .
    ============== Running Processes ================
    .
    C:\Program Files\Webroot\WRSA.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Java\jre7\bin\jqs.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
    C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Program Files\Auslogics\Auslogics BoostSpeed\BoostSpeed.exe
    C:\WINDOWS\System32\alg.exe
    C:\Program Files\Webroot\WRSA.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Documents and Settings\Robert\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
    C:\Documents and Settings\Robert\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Robert\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Robert\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Robert\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Robert\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Robert\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Robert\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Program Files\Windows Desktop Search\WindowsSearch.exe
    C:\WINDOWS\notepad.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\WINDOWS\system32\svchost.exe -k DcomLaunch
    C:\WINDOWS\system32\svchost.exe -k rpcss
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\svchost.exe -k NetworkService
    C:\WINDOWS\system32\svchost.exe -k LocalService
    C:\WINDOWS\system32\svchost.exe -k LocalService
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://att.my.yahoo.com/
    uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
    mSearch Bar = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html
    uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
    uURLSearchHooks: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - <orphaned>
    BHO: AutorunsDisabled - <orphaned>
    BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
    TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
    TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
    TB: Contribute Toolbar: {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - c:\program files\adobe\/Adobe Contribute CS3/contributeieplugin.dll
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    mRun: [WRSVC] "c:\program files\webroot\WRSA.exe" -ul
    uPolicies-Explorer: NoDrives = dword:0
    uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
    uPolicies-Explorer: NoDevMgrUpdate = dword:0
    uPolicies-Explorer: NoDFSTab = dword:0
    uPolicies-Explorer: NoEncryptOnMove = dword:0
    uPolicies-Explorer: NoRunasInstallPrompt = dword:0
    uPolicies-Explorer: NoResolveTrack = dword:0
    uPolicies-Explorer: NoStartMenuSubFolders = dword:0
    uPolicies-Explorer: NoDriveAutoRun = dword:67108863
    mPolicies-Explorer: NoDrives = dword:0
    mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
    mPolicies-Explorer: NoDevMgrUpdate = dword:0
    mPolicies-Explorer: NoDFSTab = dword:0
    mPolicies-Explorer: NoEncryptOnMove = dword:0
    mPolicies-Explorer: NoRunasInstallPrompt = dword:0
    mPolicies-Explorer: NoResolveTrack = dword:0
    mPolicies-Explorer: NoStartMenuSubFolders = dword:0
    mPolicies-Explorer: NoDriveAutoRun = dword:67108863
    mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
    mPolicies-Explorer: DisableLocalMachineRun = dword:0
    mPolicies-Explorer: DisableLocalMachineRunOnce = dword:0
    mPolicies-Explorer: DisableCurrentUserRun = dword:0
    mPolicies-Explorer: DisableCurrentUserRunOnce = dword:0
    mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
    mPolicies-Explorer: NoFile = dword:0
    mPolicies-Explorer: HideClock = dword:0
    mPolicies-Explorer: NoDevMgrUpdate = dword:0
    mPolicies-Explorer: NoDFSTab = dword:0
    mPolicies-Explorer: NoEncryptOnMove = dword:0
    mPolicies-Explorer: NoRunasInstallPrompt = dword:0
    mPolicies-Explorer: NoResolveTrack = dword:0
    mPolicies-Explorer: NoStartMenuSubFolders = dword:0
    mPolicies-Explorer: NoDriveAutoRun = dword:67108863
    IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
    TCP: NameServer = 75.75.75.75 75.75.76.76
    TCP: Interfaces\{AD4B3C5C-F304-4F2D-B8B9-77824F44C421} : DHCPNameServer = 75.75.75.75 75.75.76.76
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
    Notify: igfxcui - igfxsrvc.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    SEH: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 93208652;93208652;c:\windows\system32\drivers\93208652.sys [2012-11-22 133208]
    R0 WRkrn;WRkrn;c:\windows\system32\drivers\WRkrn.sys [2012-2-7 112656]
    R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2012-11-18 399432]
    R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-1-27 676936]
    R2 thdudf;TOSHIBA UDF2.5 Reader File System Driver;c:\windows\system32\drivers\thdudf.sys [2010-4-6 66944]
    R2 WRSVC;WRSVC;c:\program files\webroot\WRSA.exe [2012-2-7 729544]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-1-27 22856]
    S3 ExterminateIt;ExterminateIt;c:\windows\system32\drivers\extit.sys [2012-11-19 39936]
    S3 MusCAudio;MusCAudio;c:\windows\system32\drivers\MusCAudio.sys [2009-11-7 23096]
    S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [2009-6-19 18432]
    S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2012-2-6 27064]
    .
    =============== File Associations ===============
    .
    ShellExec: dreamweaver.exe: Open="c:\program files\adobe\adobe dreamweaver cs3\dreamweaver.exe", "%1"
    .
    =============== Created Last 30 ================
    .
    2012-11-23 07:33:57--------d-sha-r-C:\cmdcons
    2012-11-23 07:31:4298816----a-w-c:\windows\sed.exe
    2012-11-23 07:31:42256000----a-w-c:\windows\PEV.exe
    2012-11-23 07:31:42208896----a-w-c:\windows\MBR.exe
    2012-11-23 03:57:58--------d-----w-c:\documents and settings\robert\local settings\application data\NPE
    2012-11-23 03:50:26133208----a-w-c:\windows\system32\drivers\93208652.sys
    2012-11-19 10:54:1939936----a-w-c:\windows\system32\drivers\extit.sys
    2012-11-19 09:28:49--------d-----w-c:\documents and settings\robert\application data\Curiolab
    2012-11-19 09:27:10--------d-----w-c:\program files\Exterminate It!
    2012-11-18 18:53:38--------d-----w-c:\documents and settings\all users\application data\PC Optimizer Pro
    2012-11-18 18:44:40--------d-----w-c:\documents and settings\robert\application data\Shop to Win 28
    2012-11-18 18:44:13--------d-----w-c:\program files\QwiklinxForChrome
    2012-11-18 18:44:13--------d-----w-c:\documents and settings\robert\application data\QwiklinxForChrome
    2012-11-18 18:43:40--------d-----w-c:\program files\STW Installer
    2012-11-18 18:43:40--------d-----w-c:\documents and settings\robert\application data\DefaultTab
    .
    ==================== Find3M ====================
    .
    2012-11-11 20:48:06112656----a-w-c:\windows\system32\drivers\WRkrn.sys
    2012-11-11 20:48:05150712----a-w-c:\windows\system32\WRusr.dll
    2012-10-25 11:12:2694208----a-w-c:\windows\system32\QuickTimeVR.qtx
    2012-10-25 11:12:2669632----a-w-c:\windows\system32\QuickTime.qts
    2012-10-23 19:00:1693672----a-w-c:\windows\system32\WindowsAccessBridge.dll
    2012-10-23 19:00:13143872----a-w-c:\windows\system32\javacpl.cpl
    2012-10-23 19:00:12821736-c--a-w-c:\windows\system32\npDeployJava1.dll
    2012-10-23 19:00:12746984-c--a-w-c:\windows\system32\deployJava1.dll
    2012-10-22 08:37:311866368----a-w-c:\windows\system32\win32k.sys
    2012-10-02 18:04:2158368----a-w-c:\windows\system32\synceng.dll
    2012-09-30 03:54:2622856----a-w-c:\windows\system32\drivers\mbam.sys
    2012-08-28 15:14:53916992----a-w-c:\windows\system32\wininet.dll
    2012-08-28 15:14:5343520----a-w-c:\windows\system32\licmgr10.dll
    2012-08-28 15:14:521469440----a-w-c:\windows\system32\inetcpl.cpl
    2012-08-28 12:07:15385024----a-w-c:\windows\system32\html.iec
    .
    ============= FINISH: 16:42:25.03 ===============
  5. Broni

    Broni Malware Annihilator Posts: 46,713   +254

    • Download RogueKiller on the desktop
    • Close all the running programs
    • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    ==============================

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan.
    On completion of the scan click "Save log", save it to your desktop and post in your next reply.

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.