TechSpot

Search Engine Links are Redirected - 8-Step Process Complete!

Inactive
By kewlpoohgirl
Dec 28, 2010
Topic Status:
Not open for further replies.
  1. Let me start by thanking you in advance for helping with my problem! I know that there is another recent thread about this sort of problem but I know the administrator said not to follow another person's instructions.

    Below are the necessary logs from the 8-Step Preliminary Process:
    1. MBAM
    2. GMER
    3. DDS
    4. Attach

    I apologize in advance if some of the spacing on the logs make it difficult to read.



    ------------------------------------------------
    MBAM LOG
    -------------------------------------------------

    Malwarebytes' Anti-Malware 1.50.1.1100
    www.malwarebytes.org

    Database version: 5410

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    12/28/2010 8:36:42 PM
    mbam-log-2010-12-28 (20-36-42).txt

    Scan type: Quick scan
    Objects scanned: 148747
    Time elapsed: 7 minute(s), 56 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)


    ------------------------------------------
    GMER LOG
    ------------------------------------------

    GMER 1.0.15.15530 - http://www.gmer.net
    Rootkit quick scan 2010-12-28 20:45:14
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdePort1 FUJITSU_MHV2100BH_PL rev.00000029
    Running: tqee9104.exe; Driver: C:\DOCUME~1\Hamsa\LOCALS~1\Temp\kfqoyfob.sys


    ---- Disk sectors - GMER 1.0.15 ----

    Disk \Device\Harddisk0\DR0 sector 00 (MBR): rootkit-like behavior; TDL4 <-- ROOTKIT !!!
    Disk \Device\Harddisk0\DR0 sector 32: rootkit-like behavior;
    Disk \Device\Harddisk0\DR0 sector 62: rootkit-like behavior;
    Disk \Device\Harddisk0\DR0 sector 63: rootkit-like behavior;
    Disk \Device\Harddisk0\DR0 sectors 195371312 (+255): rootkit-like behavior;

    ---- System - GMER 1.0.15 ----

    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xAA2F1BAE]
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateSection [0xAA2F19D2]
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwLoadDriver [0xAA2F1B0C]
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) NtCreateSection
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

    ---- Devices - GMER 1.0.15 ----

    Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP0T0L0-3 86CB93B2
    Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort0 86CB93B2
    Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort1 86CB93B2
    Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort2 86CB93B2
    Device aswSP.SYS (avast! self protection module/AVAST Software)
    Device Ntfs.sys (NT File System Driver/Microsoft Corporation)
    Device Fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)

    AttachedDevice fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
    AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
    AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
    AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
    AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

    Device \Device\Ide\IdeDeviceP1T0L0-e -> \??\IDE#DiskFUJITSU_MHV2100BH_PL____________________00000029#5&aaba3cd&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found

    ---- EOF - GMER 1.0.15 ----
  2. kewlpoohgirl

    kewlpoohgirl TS Rookie Topic Starter

    -------------------------------------------------
    DDS LOG
    --------------------------------------------------


    DDS (Ver_10-12-12.02) - NTFSx86
    Run by Hamsa at 20:52:07.82 on Tue 12/28/2010
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_16
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.484 [GMT -5:00]

    AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
    AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

    ============== Running Processes ===============

    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    svchost.exe
    svchost.exe
    C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir Desktop\sched.exe
    svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe
    C:\Program Files\Nero\Update\NASvc.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\Program Files\Lexmark 2400 Series\lxcrmon.exe
    C:\Program Files\Lexmark 2400 Series\ezprint.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe
    C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
    svchost.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\system32\lxcrcoms.exe
    C:\WINDOWS\System32\svchost.exe -k HTTPFilter
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\Documents and Settings\Hamsa\Desktop\dds.scr

    ----------- Continued on next post -----------------
  3. kewlpoohgirl

    kewlpoohgirl TS Rookie Topic Starter

    Sorry I don't know why it's not letting me post the rest but I will do it as soon as I can. Maybe the logs are too long? Would it be ok if I attached them? =)
  4. crunchie

    crunchie Malware Helper Posts: 761

    Hi and welcome to TechSpot forums :).

    ====

    You should easily be able to post the DDS logs. If not, split them over several posts.
  5. kewlpoohgirl

    kewlpoohgirl TS Rookie Topic Starter

    --- DDS LOG CON'T ----

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://www.yahoo.com/
    uInternet Settings,ProxyOverride = <local>
    uInternet Settings,ProxyServer = http=127.0.0.1:6522
    mWinlogon: Userinit=c:\windows\system32\Userinit.exe
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~4\office12\GRA8E1~1.DLL
    BHO: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - No File
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    uRun: [Google Update] "c:\documents and settings\hamsa\local settings\application data\google\update\GoogleUpdate.exe" /c
    mRun: [lxcrmon.exe] "c:\program files\lexmark 2400 series\lxcrmon.exe"
    mRun: [EzPrint] "c:\program files\lexmark 2400 series\ezprint.exe"
    mRun: [LXCRCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\LXCRtime.dll,_RunDLLEntry@16
    mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
    mRun: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"

    ---- CONTINUED ON NEXT POST ----
  6. kewlpoohgirl

    kewlpoohgirl TS Rookie Topic Starter

    I truly apologize. I know how annoying this must be. I'm going to try and post the "Attach LOG" now and try the rest of the DDS log later.

    ------ ATTACH LOG ------
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_10-12-12.02)

    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume2
    Install Date: 1/17/2010 3:32:13 PM
    System Uptime: 12/28/2010 8:46:26 PM (0 hours ago)

    Motherboard: Sony Corporation | | VAIO
    Processor: Genuine Intel(R) CPU T2300 @ 1.66GHz | N/A | 1662/167mhz

    ==== Disk Partitions =========================

    C: is FIXED (NTFS) - 86 GiB total, 64.622 GiB free.
    D: is Removable
    E: is CDROM ()

    ==== Disabled Device Manager Items =============

    Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
    Description: Intel(R) PRO/Wireless 3945ABG Network Connection
    Device ID: PCI\VEN_8086&DEV_4222&SUBSYS_10508086&REV_02\4&2803E7C1&0&00E2
    Manufacturer: Intel Corporation
    Name: Intel(R) PRO/Wireless 3945ABG Network Connection
    PNP Device ID: PCI\VEN_8086&DEV_4222&SUBSYS_10508086&REV_02\4&2803E7C1&0&00E2
    Service: w39n51

    Class GUID: {4D36E978-E325-11CE-BFC1-08002BE10318}
    Description: Communications Port
    Device ID: ROOT\UNKNOWN\0000
    Manufacturer: (Standard port types)
    Name: Communications Port (COM4)
    PNP Device ID: ROOT\UNKNOWN\0000
    Service: Serial

    ==== System Restore Points ===================

    RP362: 12/27/2010 10:00:32 PM - Removed Nero RescueAgent 10.
    RP363: 12/27/2010 10:01:20 PM - Removed Nero SoundTrax 10.
    RP364: 12/27/2010 10:02:01 PM - Removed Nero StartSmart 10.
    RP365: 12/27/2010 10:03:02 PM - Removed Nero Vision 10.
    RP366: 12/27/2010 10:03:50 PM - Removed Nero WaveEditor 10.
    RP367: 12/27/2010 10:06:39 PM - Removed QuickTime
    RP368: 12/27/2010 10:07:45 PM - Removed Skype Toolbars
    RP369: 12/27/2010 10:08:07 PM - Removed Skype™ 4.2
    RP370: 12/27/2010 10:08:51 PM - Removed Skype Toolbars
    RP371: 12/27/2010 10:09:41 PM - Removed Symantec Endpoint Protection.
    RP372: 12/27/2010 10:15:11 PM - Removed Trixie
    RP373: 12/27/2010 10:15:31 PM - Removed Windows Media Player Firefox Plugin
    RP374: 12/27/2010 10:39:08 PM - Removed Microsoft Office Enterprise 2007
    RP375: 12/28/2010 2:37:10 PM - Avira AntiVir Personal - 12/28/2010 14:35

    ==== Installed Programs ======================


    Acrobat.com
    Adobe AIR
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Reader 9.4.1
    Adobe Shockwave Player 11.5
    Apple Mobile Device Support
    Apple Software Update
    avast! Free Antivirus
    Avira AntiVir Personal - Free Antivirus
    BitLord 1.1
    CCleaner
    Google Talk Plugin
    HDAUDIO SoftV92 Data Fax Modem with SmartCP
    High-Definition Video Playback 10
    High Definition Audio Driver Package - KB835221
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB960043)
    Hotfix for Windows Media Player 10 (KB903157)
    Hotfix for Windows Media Player 10 (KB910393)
    Hotfix for Windows XP (KB2158563)
    Hotfix for Windows XP (KB942288-v3)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB970653-v3)
    Hotfix for Windows XP (KB976098-v2)
    Hotfix for Windows XP (KB979306)
    Hotfix for Windows XP (KB981793)
    Image Converter 2 Plus
    ImageStation
    Intel(R) Graphics Media Accelerator Driver
    Intel(R) PRO Network Connections Drivers
    Intel(R) PROSet/Wireless Software
    ISScript
    J2SE Runtime Environment 5.0 Update 6
    Java(TM) 6 Update 16
    LAN Setting Utility
    Lexmark 2400 Series
    Macromedia Flash Player 8
    Malwarebytes' Anti-Malware
    mCore
    mDriver
    Memory Stick Formatter
    Microsoft .NET Framework 1.0 Hotfix (KB953295)
    Microsoft .NET Framework 1.0 Hotfix (KB979904)
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB2416447)
    Microsoft .NET Framework 1.1 Security Update (KB979906)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Data Access Components KB870669
    Microsoft Digital Image Library 9 - Blocker
    Microsoft Digital Image Starter Edition 2006
    Microsoft Digital Image Starter Edition 2006 Editor
    Microsoft Digital Image Starter Edition 2006 Library
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
    Microsoft National Language Support Downlevel APIs
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Enterprise 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Groove MUI (English) 2007
    Microsoft Office Groove Setup Metadata MUI (English) 2007
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Primary Interoperability Assemblies 2005
    Microsoft Silverlight
    Microsoft Software Update for Web Folders (English) 12
    Microsoft SQL Server Desktop Engine (VAIO_VEDB)
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Works
    mMHouse
    Mozilla Firefox (3.6.13)
    mPfMgr
    mProSafe
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    mWlsSafe
    mXML
    Nero 10 Menu TemplatePack Basic
    Nero 10 Movie ThemePack Basic
    Nero BackItUp 10 Help (CHM)
    Nero BurningROM 10 Help (CHM)
    Nero BurnRights 10 Help (CHM)
    Nero Control Center 10
    Nero ControlCenter 10 Help (CHM)
    Nero Core Components 10
    Nero CoverDesigner 10 Help (CHM)
    Nero DiscSpeed 10 Help (CHM)
    Nero Dolby Files 10
    Nero Express 10 Help (CHM)
    Nero InfoTool 10 Help (CHM)
    Nero MediaHub 10 Help (CHM)
    Nero Recode 10 Help (CHM)
    Nero RescueAgent 10 Help (CHM)
    Nero SoundTrax 10 Help (CHM)
    Nero StartSmart 10 Help (CHM)
    Nero Vision 10 Help (CHM)
    Nero WaveEditor 10 Help (CHM)
    NVIDIA Drivers
    Octoshape add-in for Adobe Flash Player
    Office 2003 Trial Assistant
    OpenMG Limited Patch 4.4-06-13-19-01
    OpenMG Metadata Extractor for Windows Media Player
    OpenMG Secure Module 4.4.00
    Picasa 3
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Security Update for Step By Step Interactive Training (KB923723)
    Security Update for Windows Internet Explorer 7 (KB938127-v2)
    Security Update for Windows Internet Explorer 7 (KB972260)
    Security Update for Windows Internet Explorer 7 (KB976325)
    Security Update for Windows Internet Explorer 8 (KB2183461)
    Security Update for Windows Internet Explorer 8 (KB2360131)
    Security Update for Windows Internet Explorer 8 (KB971961)
    Security Update for Windows Internet Explorer 8 (KB976325)
    Security Update for Windows Internet Explorer 8 (KB978207)
    Security Update for Windows Internet Explorer 8 (KB981332)
    Security Update for Windows Internet Explorer 8 (KB982381)
    Security Update for Windows Media Player (KB2378111)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB968816)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB975558)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows XP (KB2079403)
    Security Update for Windows XP (KB2115168)
    Security Update for Windows XP (KB2121546)
    Security Update for Windows XP (KB2160329)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB2259922)
    Security Update for Windows XP (KB2279986)
    Security Update for Windows XP (KB2286198)
    Security Update for Windows XP (KB2296011)
    Security Update for Windows XP (KB2347290)
    Security Update for Windows XP (KB2360937)
    Security Update for Windows XP (KB2387149)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB938464-v2)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB954459)
    Security Update for Windows XP (KB954600)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961371-v2)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB968537)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB969947)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971486)
    Security Update for Windows XP (KB971557)
    Security Update for Windows XP (KB971633)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB971961)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973346)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973525)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977165)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978251)
    Security Update for Windows XP (KB978262)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979559)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB979687)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB980436)
    Security Update for Windows XP (KB981322)
    Security Update for Windows XP (KB981852)
    Security Update for Windows XP (KB981957)
    Security Update for Windows XP (KB981997)
    Security Update for Windows XP (KB982132)
    Security Update for Windows XP (KB982214)
    Security Update for Windows XP (KB982665)
    Security Update for Windows XP (KB982802)
    Setting Utility Series
    SigmaTel Audio
    Skype Toolbars
    Smart Defrag
    Sonic Encoders
    Sony Certificate PCH
    Sony MP4 Shared Library
    Sony Utilities DLL
    Sony Video Shared Library
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Windows Internet Explorer 8 (KB975364)
    Update for Windows Internet Explorer 8 (KB976662)
    Update for Windows Internet Explorer 8 (KB980182)
    Update for Windows XP (KB2141007)
    Update for Windows XP (KB2345886)
    Update for Windows XP (KB898461)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    Update Rollup 2 for Windows XP Media Center Edition 2005
    VAIO Breeze Wallpaper
    VAIO Camera Utility
    VAIO Central
    VAIO Entertainment Platform
    VAIO Event Service
    VAIO Hardware Diagnostics
    VAIO Light Flo Wallpaper
    VAIO Media 5.0
    VAIO Media AC3 Decoder 1.0
    VAIO Media Integrated Server 5.0
    VAIO Media Redistribution 5.0
    VAIO Media Registration Tool 5.0
    VAIO Original Screen Saver
    VAIO Original Screen Saver VAIO Cozy Screen SD Wide Contents
    VAIO Power Management
    VAIO Registration
    VAIO Security Center
    VAIO Support Central
    VAIO Update 2
    VAIO Wireless LAN Setup Utility
    VAIOSurveySA
    VLC media player 1.0.5
    WebFldrs XP
    Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Internet Explorer 7
    Windows Internet Explorer 8
    Windows Media Connect
    Windows Media Format Runtime
    Windows Media Player 10 Hotfix [See KB886612 for more information]
    Windows XP Media Center Edition 2005 KB908250
    Windows XP Media Center Edition 2005 KB973768
    Windows XP Service Pack 3
    WinRAR archiver
    Wireless Switch Setting Utility

    ==== Event Viewer Messages From Past Week ========

    12/28/2010 8:11:49 PM, error: Service Control Manager [7034] - The lxcr_device service terminated unexpectedly. It has done this 1 time(s).
    12/28/2010 8:11:48 PM, error: Service Control Manager [7034] - The SonicStageMonitoring service terminated unexpectedly. It has done this 1 time(s).
    12/28/2010 8:11:48 PM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
    12/28/2010 8:11:48 PM, error: Service Control Manager [7034] - The Intel(R) PROSet/Wireless Registry Service service terminated unexpectedly. It has done this 1 time(s).
    12/28/2010 8:11:48 PM, error: Service Control Manager [7034] - The @C:\Program Files\Nero\Update\NASvc.exe,-200 service terminated unexpectedly. It has done this 1 time(s).
    12/28/2010 8:11:47 PM, error: Service Control Manager [7034] - The Intel(R) PROSet/Wireless Service service terminated unexpectedly. It has done this 1 time(s).
    12/28/2010 8:11:47 PM, error: Service Control Manager [7034] - The Intel(R) PROSet/Wireless Event Log service terminated unexpectedly. It has done this 1 time(s).
    12/28/2010 6:12:12 PM, error: Service Control Manager [7022] - The Automatic Updates service hung on starting.
    12/28/2010 6:05:38 PM, error: Service Control Manager [7006] - The ScRegSetValueExW call failed for FailureActions with the following error: Access is denied.
    12/28/2010 3:30:39 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service ntmssvc with arguments "-Service" in order to run the server: {D61A27C6-8F53-11D0-BFA0-00A024151983}
    12/28/2010 2:54:53 AM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    12/28/2010 12:35:16 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Apple Mobile Device service to connect.
    12/28/2010 12:35:16 PM, error: Service Control Manager [7000] - The Apple Mobile Device service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    12/27/2010 9:13:08 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the stisvc service.
    12/27/2010 6:25:11 PM, error: Service Control Manager [7031] - The Symantec Management Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.

    ==== End Of File ===========================
  7. kewlpoohgirl

    kewlpoohgirl TS Rookie Topic Starter

    Thank you in advance for your help!! This site looks like it's an AMAZING resource and I truly appreciate you taking the time. I'm still having trouble posting the DDS Log. It keeps taking me to "This page cannot be displayed" when I tried to submit it no matter how small I made it. Is there a special way to save it in notepad?

    :( sorry again for all the questions!
  8. crunchie

    crunchie Malware Helper Posts: 761

    I believe there is a large portion of the DDS log missing. I do not understand how your posts are such different lengths? You should be able to fit the exact same data in all posts.

    ==

    Please try this one:

    Download OTL to your Desktop.

    * Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    * Under the Custom Scan box paste this in:


    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    /md5stop
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\System32\config\*.sav
    CREATERESTOREPOINT


    * Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
  9. kewlpoohgirl

    kewlpoohgirl TS Rookie Topic Starter

    Thanks again! I got the OTL and Extras file but I'm having the same issue where it keeps saying "This page cannot be displayed" or the "connection is reset" when I hit "Submit Reply" :(

    I'm really sorry because I know how annoying this is. I will keep trying to paste the logs. Thank you for your continued patience.
  10. crunchie

    crunchie Malware Helper Posts: 761

    We do not generally allow for attached logs, but in your case this may be necessary.
    Please attach the logs and I will check them that way.
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.