Hello all. My laptop has been hijacked by some browser url-redirecting malware. I've performed the following, according to the procedures outlined in the sticky. I thank you in advance for your help!
-Alex
Step 1: Antivirus
I am running Avast 4.8 Home. It seems to be running ok, updating ok. I have not done a complete scan.
Step 2: MBAM
I have run this twice consecutively. The second scan reports no infection. This is the log from the first scan, which may be more of help:
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org
Database version: 8178
Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.19088
11/16/2011 12:12:03 PM
mbam-log-2011-11-16 (12-12-03).txt
Scan type: Quick scan
Objects scanned: 171568
Time elapsed: 4 minute(s), 54 second(s)
Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 39
Registry Values Infected: 4
Registry Data Items Infected: 0
Folders Infected: 4
Files Infected: 17
Memory Processes Infected:
c:\Users\Ediza\AppData\Roaming\microsoft\68EA\65E.exe (Malware.Packer) -> 3628 -> Unloaded process successfully.
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{2F9AD413-2E0B-4a85-BB2A-CF961238262A} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{7FE26BE2-B923-4B41-9834-E84DA1CC1F96} (Adware.ClosetMaid) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7FE26BE2-B923-4B41-9834-E84DA1CC1F96} (Adware.ClosetMaid) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{69725738-CD68-4f36-8D02-8C43722EE5DA} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CntntCntr.CntntDic (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CntntCntr.CntntDic.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CntntCntr.CntntDisp (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CntntCntr.CntntDisp.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CoreSrv.CoreServices (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CoreSrv.CoreServices.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CoreSrv.LfgAx (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CoreSrv.LfgAx.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\HBMain.CommBand (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\HBMain.CommBand.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hbr.HbMain (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hbr.HbMain.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\HostIE.Bho (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\HostIE.Bho.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\HostOL.MailAnim (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\HostOL.MailAnim.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\HostOL.WebmailSend (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\HostOL.WebmailSend.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\HotbarAx.Info (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\HotbarAx.Info.1 (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\HotbarAX.UserProfiles (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\HotbarAX.UserProfiles.1 (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\HotbarWeather.WeatherController (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\HotbarWeather.WeatherController.1 (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Srv.CoreServices (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Srv.CoreServices.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Toolbar.HtmlMenuUI (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Toolbar.HtmlMenuUI.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Toolbar.ToolbarCtl (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Toolbar.ToolbarCtl.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\GamevanceText.DLL (Adware.GameVance) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\hotbarsa (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\AppDataLow\gvtl (Adware.GameVance) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Outlook\Addins\HostOL.MailAnim (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Word\Addins\HostOL.MailAnim (Adware.Hotbar) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\65E.exe (Malware.Packer) -> Value: 65E.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\65E.exe (Malware.Packer) -> Value: 65E.exe -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\564.exe (Malware.Packer) -> Value: 564.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions\Hotbar@Hotbar.com (Adware.Hotbar) -> Value: Hotbar@Hotbar.com -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
c:\programdata\2aca5cc3-0f83-453d-a079-1076fe1a8b65 (Adware.Seekmo) -> Quarantined and deleted successfully.
c:\programdata\HotbarSA (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\Users\Ediza\AppData\Roaming\weatherdpa (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\programdata\microsoft\Windows\start menu\Programs\Hotbar (Adware.Hotbar) -> Quarantined and deleted successfully.
Files Infected:
c:\Users\Ediza\AppData\Roaming\microsoft\68EA\65E.exe (Malware.Packer) -> Quarantined and deleted successfully.
c:\program files\LP\68EA\65E.exe (Malware.Packer) -> Quarantined and deleted successfully.
c:\Users\Ediza\AppData\Roaming\microsoft\7FEA\564.exe (Malware.Packer) -> Quarantined and deleted successfully.
c:\Users\Ediza\AppData\Roaming\chrome.exe (Malware.Packer) -> Quarantined and deleted successfully.
c:\Users\Ediza\AppData\Roaming\java.exe (Malware.Packer) -> Quarantined and deleted successfully.
c:\Users\Ediza\Desktop\0.7436024614182845.exe (Malware.Packer) -> Quarantined and deleted successfully.
c:\programdata\HotbarSA\HotbarSA.dat (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\programdata\HotbarSA\hotbarsaabout.mht (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\programdata\HotbarSA\hotbarsaau.dat (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\programdata\HotbarSA\hotbarsaeula.mht (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\programdata\HotbarSA\hotbarsa_kyf_update.dat (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\programdata\microsoft\Windows\start menu\Programs\Hotbar\about hotbar.lnk (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\programdata\microsoft\Windows\start menu\Programs\Hotbar\hotbar customer support center.lnk (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\programdata\microsoft\Windows\start menu\Programs\Hotbar\hotbar games!.lnk (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\programdata\microsoft\Windows\start menu\Programs\Hotbar\hotbar videos!.lnk (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\programdata\microsoft\Windows\start menu\Programs\Hotbar\reset cursor.lnk (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\programdata\microsoft\Windows\start menu\Programs\Hotbar\Weather.lnk (Adware.Hotbar) -> Quarantined and deleted successfully.
Step 3: GMER
Gmer did not run the first 2 times launched on normal mode. In safe mode, GMER did run, and gave me the following report:
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-11-16 13:25:34
Windows 6.0.6001 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD16 rev.11.0
Running: u7m507fq.exe; Driver: C:\Users\Ediza\AppData\Local\Temp\ugdyapow.sys
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
Device \FileSystem\fastfat \Fat 8F934A7A
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00265edfd68e
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\00265edfd68e (not active ControlSet)
---- EOF - GMER 1.0.15 ----
Step 4: DDS
While still in Safe Mode, I ran the DDS script, and the following logs were generated:
dds.txt:
.
DDS (Ver_2011-08-26.01) - NTFSx86 MINIMAL
Internet Explorer: 8.0.6001.19088
Run by Ediza at 13:28:28 on 2011-11-16
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.1.1033.18.3543.2959 [GMT -8:00]
.
AV: avast! antivirus *Disabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
SP: avast! antivirus *Disabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\Explorer.EXE
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyServer = http=127.0.0.1:63232
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [Google Update] "c:\users\ediza\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [QuickSet] c:\program files\dell\quickset\QuickSet.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [Dell DataSafe Online] "c:\program files\dell datasafe online\DataSafeOnline.exe" /m
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [Dell Webcam Central] "c:\program files\dell webcam\dell webcam central\WebcamDell2.exe" /mode2
mRun: [<NO NAME>]
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
DPF: {D9CDEFE3-51BB-4737-A12C-53D9814A148C} - hxxps://2007webmail.chw.edu/owa/MWScripts/AttachView/1.9/DAX.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{0AC81F4A-3290-4CE1-8B90-56EB44FA0C01} : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{177BD6FB-8E03-4037-AF49-CC156936F024} : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{4AAE2128-09F7-4180-A7E1-80FE15131718} : DhcpNameServer = 192.168.0.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll
Notify: igfxcui - igfxdev.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\ediza\appdata\roaming\mozilla\firefox\profiles\07m5styk.default\
FF - prefs.js: browser.search.selectedEngine - Answers.com
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 63232
FF - prefs.js: network.proxy.type - 1
FF - component: c:\program files\mozilla firefox\extensions\{82af8dca-6de9-405d-bd5e-43525bdad38a}\components\SkypeFfComponent.dll
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\ediza\appdata\local\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\users\ediza\appdata\roaming\mozilla\plugins\npPxPlay.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Skype extension: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - c:\program files\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
FF - Ext: XULRunner: {38CAE956-DA5C-43FF-A972-FD338B0DDE2C} - c:\users\ediza\appdata\local\{38CAE956-DA5C-43FF-A972-FD338B0DDE2C}
.
============= SERVICES / DRIVERS ===============
.
S1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-12-9 114768]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_f6ef8056\AEstSrv.exe [2009-9-7 81920]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-12-9 20560]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2009-12-9 53328]
S2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2009-12-9 138680]
S2 DockLoginService;Dock Login Service;c:\program files\dell\delldock\DockLogin.exe [2008-12-18 155648]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-2-25 136176]
S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-11-16 366152]
S2 NasPmService;NAS PM Service;c:\program files\buffalo\nasnavi\nassvc.exe -service_execute -dcyc=60 -dto=3 -dluc=0 -dmin=1 -dmax=60 -dflc=0 -apc=0 -log=0 -pm=1 -pall=1 -phttp=0 -pbc=0 -ppro=0 -pcyc=0 -pmin=1 -pmax=60 -pflc=0 --> c:\program files\buffalo\nasnavi\nassvc.exe -Service_Execute -dcyc=60 -dto=3 -dluc=0 -dmin=1 -dmax=60 -dflc=0 -apc=0 -log=0 -pm=1 -pall=1 -phttp=0 -pbc=0 -ppro=0 -pcyc=0 -pmin=1 -pmax=60 -pflc=0 [?]
S2 SSPORT;SSPORT;c:\windows\system32\drivers\SSPORT.SYS [2010-4-29 5120]
S2 yksvc;Marvell Yukon Service;c:\windows\system32\svchost.exe -k yksvcs [2008-1-20 21504]
S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2009-12-9 254040]
S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2009-12-9 352920]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2009-9-7 29736]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\drivers\CtClsFlt.sys [2009-9-7 144128]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-2-25 136176]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-11-16 22216]
S3 NETwNv32;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETwNv32.sys [2011-1-27 6923264]
S3 PTDUBus;PANTECH UM175 Composite Device Driver ;c:\windows\system32\drivers\PTDUBus.sys [2009-11-18 33024]
S3 PTDUMdm;PANTECH UM175 Drivers;c:\windows\system32\drivers\PTDUMdm.sys [2009-11-18 41344]
S3 PTDUVsp;PANTECH UM175 Diagnostic Port;c:\windows\system32\drivers\PTDUVsp.sys [2009-11-18 39936]
S3 PTDUWWAN;PANTECH UM175 WWAN Driver;c:\windows\system32\drivers\PTDUWWAN.sys [2009-11-18 59904]
.
=============== Created Last 30 ================
.
2011-11-16 20:02:15 -------- d-----w- c:\users\ediza\appdata\roaming\Malwarebytes
2011-11-16 20:02:09 -------- d-----w- c:\programdata\Malwarebytes
2011-11-16 20:02:05 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-16 20:02:05 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-11-16 19:01:59 -------- d-----w- c:\program files\LP
2011-11-16 08:35:20 102400 ----a-w- c:\users\ediza\appdata\roaming\microsoft\68ea\EEC6.tmp
2011-11-16 08:35:18 -------- d-----w- c:\users\ediza\appdata\roaming\474DF
2011-11-16 08:35:08 -------- d-----w- c:\users\ediza\appdata\roaming\AE847
2011-11-15 07:08:01 6668624 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{4c813071-b03a-498a-89c4-15b622fa462a}\mpengine.dll
2011-11-15 05:08:28 -------- d-----w- c:\program files\common files\DivX Shared
2011-10-23 17:31:48 -------- d-----w- c:\users\ediza\appdata\local\{6D88603F-9C64-4C98-A7E1-581A1D75EF6E}
.
==================== Find3M ====================
.
2011-09-21 03:37:15 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
============= FINISH: 13:28:47.65 ===============
and attach.txt:
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista™ Home Basic
Boot Device: \Device\HarddiskVolume3
Install Date: 9/7/2009 1:56:59 PM
System Uptime: 11/16/2011 12:34:08 PM (1 hours ago)
.
Motherboard: Dell Inc. | | 0F642T
Processor: Intel(R) Core(TM)2 Duo CPU T6500 @ 2.10GHz | Microprocessor | 2094/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 134 GiB total, 60.462 GiB free.
E: is FIXED (NTFS) - 15 GiB total, 9.074 GiB free.
F: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP615: 11/5/2011 10:45:10 PM - Scheduled Checkpoint
RP616: 11/6/2011 2:28:38 PM - Scheduled Checkpoint
RP617: 11/7/2011 9:30:40 AM - Scheduled Checkpoint
RP618: 11/8/2011 - Scheduled Checkpoint
RP619: 11/8/2011 8:06:48 AM - Windows Update
RP620: 11/9/2011 12:00:01 AM - Scheduled Checkpoint
RP621: 11/10/2011 12:00:01 AM - Scheduled Checkpoint
RP622: 11/10/2011 3:00:09 AM - Windows Update
RP623: 11/10/2011 4:49:09 PM - Scheduled Checkpoint
RP624: 11/11/2011 2:28:51 PM - Windows Update
RP625: 11/13/2011 12:00:04 AM - Scheduled Checkpoint
RP626: 11/14/2011 12:00:05 AM - Scheduled Checkpoint
RP627: 11/14/2011 11:07:34 PM - Windows Update
.
==== Installed Programs ======================
.
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.4.5
Advanced Audio FX Engine
Apple Application Support
Apple Software Update
Ask Toolbar
avast! Antivirus
BUFFALO NAS Navigator2
Choice Guard
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Compatibility Pack for the 2007 Office system
Dell DataSafe Online
Dell Dock
Dell Edoc Viewer
Dell Getting Started Guide
Dell Support Center (Support Software)
Dell Touchpad
Dell Video Chat
Dell Webcam Central
Dell Wireless WLAN Card Utility
DivX Web Player
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
GoToAssist 8.0.0.514
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP LaserJet P1000 series
HPCarePackCore
HPCarePackProducts
hppMSRedist
hppusgP1000
HPSSupply
inSSIDer 2.0
Intel® Matrix Storage Manager
Java(TM) 6 Update 13
Junk Mail filter update
K-Lite Codec Pack 6.0.4 (Basic)
Live! Cam Avatar Creator
Malwarebytes' Anti-Malware version 1.51.2.1300
MarketResearch
Messageware AttachView Add-in for Saving Files x86
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Default Manager
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Works
Mozilla Firefox (3.6.18)
MrvlUsgTracking
MSVCRT
PANTECH UM175 Driver
Photodex Presenter
QuickSet
QuickTime
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Express Labeler 3
Roxio Update Manager
Samsung ML-1710 Series
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Skype Toolbars
Skype™ 5.3
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
VC80CRTRedist - 8.0.50727.762
VZAccess Manager
WIDCOMM Bluetooth Software 6.2.0.6600
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
Windows Media Player Firefox Plugin
.
==== Event Viewer Messages From Past Week ========
.
11/16/2011 12:36:57 PM, Error: Service Control Manager [7001] - The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
11/16/2011 12:36:09 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD aswRdr aswSP aswTdi DfsC NetBIOS netbt nsiproxy PSched RasAcd rdbss Smb spldr Tcpip tdx Wanarpv6
11/16/2011 12:36:09 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
11/16/2011 12:36:09 PM, Error: Service Control Manager [7001] - The WebDav Client Redirector Driver service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
11/16/2011 12:36:09 PM, Error: Service Control Manager [7001] - The WebClient service depends on the WebDav Client Redirector Driver service which failed to start because of the following error: The dependency service or group failed to start.
11/16/2011 12:36:09 PM, Error: Service Control Manager [7001] - The TCP/IP Registry Compatibility service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
11/16/2011 12:36:09 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
11/16/2011 12:36:09 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
11/16/2011 12:36:09 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
11/16/2011 12:36:09 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
11/16/2011 12:36:09 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service service which failed to start because of the following error: A device attached to the system is not functioning.
11/16/2011 12:36:09 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
11/16/2011 12:36:09 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
11/16/2011 12:36:09 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
11/16/2011 12:36:09 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
11/16/2011 12:36:09 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
11/16/2011 12:36:09 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
11/16/2011 12:35:58 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
11/16/2011 12:35:56 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
11/16/2011 12:35:22 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
11/16/2011 12:35:22 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
11/16/2011 12:35:20 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
11/16/2011 12:35:10 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
11/16/2011 12:34:53 PM, Error: EventLog [6008] - The previous system shutdown at 12:33:07 PM on 11/16/2011 was unexpected.
11/10/2011 10:02:21 AM, Error: Service Control Manager [7000] - The DgiVecp service failed to start due to the following error: The system cannot find the device specified.
.
==== End Of File ===========================
-Alex
Step 1: Antivirus
I am running Avast 4.8 Home. It seems to be running ok, updating ok. I have not done a complete scan.
Step 2: MBAM
I have run this twice consecutively. The second scan reports no infection. This is the log from the first scan, which may be more of help:
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org
Database version: 8178
Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.19088
11/16/2011 12:12:03 PM
mbam-log-2011-11-16 (12-12-03).txt
Scan type: Quick scan
Objects scanned: 171568
Time elapsed: 4 minute(s), 54 second(s)
Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 39
Registry Values Infected: 4
Registry Data Items Infected: 0
Folders Infected: 4
Files Infected: 17
Memory Processes Infected:
c:\Users\Ediza\AppData\Roaming\microsoft\68EA\65E.exe (Malware.Packer) -> 3628 -> Unloaded process successfully.
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{2F9AD413-2E0B-4a85-BB2A-CF961238262A} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{7FE26BE2-B923-4B41-9834-E84DA1CC1F96} (Adware.ClosetMaid) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7FE26BE2-B923-4B41-9834-E84DA1CC1F96} (Adware.ClosetMaid) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{69725738-CD68-4f36-8D02-8C43722EE5DA} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CntntCntr.CntntDic (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CntntCntr.CntntDic.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CntntCntr.CntntDisp (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CntntCntr.CntntDisp.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CoreSrv.CoreServices (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CoreSrv.CoreServices.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CoreSrv.LfgAx (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CoreSrv.LfgAx.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\HBMain.CommBand (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\HBMain.CommBand.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hbr.HbMain (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hbr.HbMain.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\HostIE.Bho (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\HostIE.Bho.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\HostOL.MailAnim (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\HostOL.MailAnim.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\HostOL.WebmailSend (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\HostOL.WebmailSend.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\HotbarAx.Info (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\HotbarAx.Info.1 (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\HotbarAX.UserProfiles (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\HotbarAX.UserProfiles.1 (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\HotbarWeather.WeatherController (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\HotbarWeather.WeatherController.1 (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Srv.CoreServices (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Srv.CoreServices.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Toolbar.HtmlMenuUI (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Toolbar.HtmlMenuUI.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Toolbar.ToolbarCtl (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Toolbar.ToolbarCtl.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\GamevanceText.DLL (Adware.GameVance) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\hotbarsa (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\AppDataLow\gvtl (Adware.GameVance) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Outlook\Addins\HostOL.MailAnim (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Word\Addins\HostOL.MailAnim (Adware.Hotbar) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\65E.exe (Malware.Packer) -> Value: 65E.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\65E.exe (Malware.Packer) -> Value: 65E.exe -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\564.exe (Malware.Packer) -> Value: 564.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions\Hotbar@Hotbar.com (Adware.Hotbar) -> Value: Hotbar@Hotbar.com -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
c:\programdata\2aca5cc3-0f83-453d-a079-1076fe1a8b65 (Adware.Seekmo) -> Quarantined and deleted successfully.
c:\programdata\HotbarSA (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\Users\Ediza\AppData\Roaming\weatherdpa (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\programdata\microsoft\Windows\start menu\Programs\Hotbar (Adware.Hotbar) -> Quarantined and deleted successfully.
Files Infected:
c:\Users\Ediza\AppData\Roaming\microsoft\68EA\65E.exe (Malware.Packer) -> Quarantined and deleted successfully.
c:\program files\LP\68EA\65E.exe (Malware.Packer) -> Quarantined and deleted successfully.
c:\Users\Ediza\AppData\Roaming\microsoft\7FEA\564.exe (Malware.Packer) -> Quarantined and deleted successfully.
c:\Users\Ediza\AppData\Roaming\chrome.exe (Malware.Packer) -> Quarantined and deleted successfully.
c:\Users\Ediza\AppData\Roaming\java.exe (Malware.Packer) -> Quarantined and deleted successfully.
c:\Users\Ediza\Desktop\0.7436024614182845.exe (Malware.Packer) -> Quarantined and deleted successfully.
c:\programdata\HotbarSA\HotbarSA.dat (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\programdata\HotbarSA\hotbarsaabout.mht (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\programdata\HotbarSA\hotbarsaau.dat (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\programdata\HotbarSA\hotbarsaeula.mht (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\programdata\HotbarSA\hotbarsa_kyf_update.dat (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\programdata\microsoft\Windows\start menu\Programs\Hotbar\about hotbar.lnk (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\programdata\microsoft\Windows\start menu\Programs\Hotbar\hotbar customer support center.lnk (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\programdata\microsoft\Windows\start menu\Programs\Hotbar\hotbar games!.lnk (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\programdata\microsoft\Windows\start menu\Programs\Hotbar\hotbar videos!.lnk (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\programdata\microsoft\Windows\start menu\Programs\Hotbar\reset cursor.lnk (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\programdata\microsoft\Windows\start menu\Programs\Hotbar\Weather.lnk (Adware.Hotbar) -> Quarantined and deleted successfully.
Step 3: GMER
Gmer did not run the first 2 times launched on normal mode. In safe mode, GMER did run, and gave me the following report:
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-11-16 13:25:34
Windows 6.0.6001 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD16 rev.11.0
Running: u7m507fq.exe; Driver: C:\Users\Ediza\AppData\Local\Temp\ugdyapow.sys
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
Device \FileSystem\fastfat \Fat 8F934A7A
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00265edfd68e
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\00265edfd68e (not active ControlSet)
---- EOF - GMER 1.0.15 ----
Step 4: DDS
While still in Safe Mode, I ran the DDS script, and the following logs were generated:
dds.txt:
.
DDS (Ver_2011-08-26.01) - NTFSx86 MINIMAL
Internet Explorer: 8.0.6001.19088
Run by Ediza at 13:28:28 on 2011-11-16
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.1.1033.18.3543.2959 [GMT -8:00]
.
AV: avast! antivirus *Disabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
SP: avast! antivirus *Disabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\Explorer.EXE
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyServer = http=127.0.0.1:63232
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [Google Update] "c:\users\ediza\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [QuickSet] c:\program files\dell\quickset\QuickSet.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [Dell DataSafe Online] "c:\program files\dell datasafe online\DataSafeOnline.exe" /m
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [Dell Webcam Central] "c:\program files\dell webcam\dell webcam central\WebcamDell2.exe" /mode2
mRun: [<NO NAME>]
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
DPF: {D9CDEFE3-51BB-4737-A12C-53D9814A148C} - hxxps://2007webmail.chw.edu/owa/MWScripts/AttachView/1.9/DAX.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{0AC81F4A-3290-4CE1-8B90-56EB44FA0C01} : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{177BD6FB-8E03-4037-AF49-CC156936F024} : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{4AAE2128-09F7-4180-A7E1-80FE15131718} : DhcpNameServer = 192.168.0.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll
Notify: igfxcui - igfxdev.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\ediza\appdata\roaming\mozilla\firefox\profiles\07m5styk.default\
FF - prefs.js: browser.search.selectedEngine - Answers.com
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 63232
FF - prefs.js: network.proxy.type - 1
FF - component: c:\program files\mozilla firefox\extensions\{82af8dca-6de9-405d-bd5e-43525bdad38a}\components\SkypeFfComponent.dll
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\ediza\appdata\local\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\users\ediza\appdata\roaming\mozilla\plugins\npPxPlay.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Skype extension: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - c:\program files\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
FF - Ext: XULRunner: {38CAE956-DA5C-43FF-A972-FD338B0DDE2C} - c:\users\ediza\appdata\local\{38CAE956-DA5C-43FF-A972-FD338B0DDE2C}
.
============= SERVICES / DRIVERS ===============
.
S1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-12-9 114768]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_f6ef8056\AEstSrv.exe [2009-9-7 81920]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-12-9 20560]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2009-12-9 53328]
S2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2009-12-9 138680]
S2 DockLoginService;Dock Login Service;c:\program files\dell\delldock\DockLogin.exe [2008-12-18 155648]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-2-25 136176]
S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-11-16 366152]
S2 NasPmService;NAS PM Service;c:\program files\buffalo\nasnavi\nassvc.exe -service_execute -dcyc=60 -dto=3 -dluc=0 -dmin=1 -dmax=60 -dflc=0 -apc=0 -log=0 -pm=1 -pall=1 -phttp=0 -pbc=0 -ppro=0 -pcyc=0 -pmin=1 -pmax=60 -pflc=0 --> c:\program files\buffalo\nasnavi\nassvc.exe -Service_Execute -dcyc=60 -dto=3 -dluc=0 -dmin=1 -dmax=60 -dflc=0 -apc=0 -log=0 -pm=1 -pall=1 -phttp=0 -pbc=0 -ppro=0 -pcyc=0 -pmin=1 -pmax=60 -pflc=0 [?]
S2 SSPORT;SSPORT;c:\windows\system32\drivers\SSPORT.SYS [2010-4-29 5120]
S2 yksvc;Marvell Yukon Service;c:\windows\system32\svchost.exe -k yksvcs [2008-1-20 21504]
S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2009-12-9 254040]
S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2009-12-9 352920]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2009-9-7 29736]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\drivers\CtClsFlt.sys [2009-9-7 144128]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-2-25 136176]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-11-16 22216]
S3 NETwNv32;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETwNv32.sys [2011-1-27 6923264]
S3 PTDUBus;PANTECH UM175 Composite Device Driver ;c:\windows\system32\drivers\PTDUBus.sys [2009-11-18 33024]
S3 PTDUMdm;PANTECH UM175 Drivers;c:\windows\system32\drivers\PTDUMdm.sys [2009-11-18 41344]
S3 PTDUVsp;PANTECH UM175 Diagnostic Port;c:\windows\system32\drivers\PTDUVsp.sys [2009-11-18 39936]
S3 PTDUWWAN;PANTECH UM175 WWAN Driver;c:\windows\system32\drivers\PTDUWWAN.sys [2009-11-18 59904]
.
=============== Created Last 30 ================
.
2011-11-16 20:02:15 -------- d-----w- c:\users\ediza\appdata\roaming\Malwarebytes
2011-11-16 20:02:09 -------- d-----w- c:\programdata\Malwarebytes
2011-11-16 20:02:05 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-16 20:02:05 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-11-16 19:01:59 -------- d-----w- c:\program files\LP
2011-11-16 08:35:20 102400 ----a-w- c:\users\ediza\appdata\roaming\microsoft\68ea\EEC6.tmp
2011-11-16 08:35:18 -------- d-----w- c:\users\ediza\appdata\roaming\474DF
2011-11-16 08:35:08 -------- d-----w- c:\users\ediza\appdata\roaming\AE847
2011-11-15 07:08:01 6668624 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{4c813071-b03a-498a-89c4-15b622fa462a}\mpengine.dll
2011-11-15 05:08:28 -------- d-----w- c:\program files\common files\DivX Shared
2011-10-23 17:31:48 -------- d-----w- c:\users\ediza\appdata\local\{6D88603F-9C64-4C98-A7E1-581A1D75EF6E}
.
==================== Find3M ====================
.
2011-09-21 03:37:15 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
============= FINISH: 13:28:47.65 ===============
and attach.txt:
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista™ Home Basic
Boot Device: \Device\HarddiskVolume3
Install Date: 9/7/2009 1:56:59 PM
System Uptime: 11/16/2011 12:34:08 PM (1 hours ago)
.
Motherboard: Dell Inc. | | 0F642T
Processor: Intel(R) Core(TM)2 Duo CPU T6500 @ 2.10GHz | Microprocessor | 2094/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 134 GiB total, 60.462 GiB free.
E: is FIXED (NTFS) - 15 GiB total, 9.074 GiB free.
F: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP615: 11/5/2011 10:45:10 PM - Scheduled Checkpoint
RP616: 11/6/2011 2:28:38 PM - Scheduled Checkpoint
RP617: 11/7/2011 9:30:40 AM - Scheduled Checkpoint
RP618: 11/8/2011 - Scheduled Checkpoint
RP619: 11/8/2011 8:06:48 AM - Windows Update
RP620: 11/9/2011 12:00:01 AM - Scheduled Checkpoint
RP621: 11/10/2011 12:00:01 AM - Scheduled Checkpoint
RP622: 11/10/2011 3:00:09 AM - Windows Update
RP623: 11/10/2011 4:49:09 PM - Scheduled Checkpoint
RP624: 11/11/2011 2:28:51 PM - Windows Update
RP625: 11/13/2011 12:00:04 AM - Scheduled Checkpoint
RP626: 11/14/2011 12:00:05 AM - Scheduled Checkpoint
RP627: 11/14/2011 11:07:34 PM - Windows Update
.
==== Installed Programs ======================
.
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.4.5
Advanced Audio FX Engine
Apple Application Support
Apple Software Update
Ask Toolbar
avast! Antivirus
BUFFALO NAS Navigator2
Choice Guard
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Compatibility Pack for the 2007 Office system
Dell DataSafe Online
Dell Dock
Dell Edoc Viewer
Dell Getting Started Guide
Dell Support Center (Support Software)
Dell Touchpad
Dell Video Chat
Dell Webcam Central
Dell Wireless WLAN Card Utility
DivX Web Player
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
GoToAssist 8.0.0.514
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP LaserJet P1000 series
HPCarePackCore
HPCarePackProducts
hppMSRedist
hppusgP1000
HPSSupply
inSSIDer 2.0
Intel® Matrix Storage Manager
Java(TM) 6 Update 13
Junk Mail filter update
K-Lite Codec Pack 6.0.4 (Basic)
Live! Cam Avatar Creator
Malwarebytes' Anti-Malware version 1.51.2.1300
MarketResearch
Messageware AttachView Add-in for Saving Files x86
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Default Manager
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Works
Mozilla Firefox (3.6.18)
MrvlUsgTracking
MSVCRT
PANTECH UM175 Driver
Photodex Presenter
QuickSet
QuickTime
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Express Labeler 3
Roxio Update Manager
Samsung ML-1710 Series
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Skype Toolbars
Skype™ 5.3
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
VC80CRTRedist - 8.0.50727.762
VZAccess Manager
WIDCOMM Bluetooth Software 6.2.0.6600
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
Windows Media Player Firefox Plugin
.
==== Event Viewer Messages From Past Week ========
.
11/16/2011 12:36:57 PM, Error: Service Control Manager [7001] - The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
11/16/2011 12:36:09 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD aswRdr aswSP aswTdi DfsC NetBIOS netbt nsiproxy PSched RasAcd rdbss Smb spldr Tcpip tdx Wanarpv6
11/16/2011 12:36:09 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
11/16/2011 12:36:09 PM, Error: Service Control Manager [7001] - The WebDav Client Redirector Driver service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
11/16/2011 12:36:09 PM, Error: Service Control Manager [7001] - The WebClient service depends on the WebDav Client Redirector Driver service which failed to start because of the following error: The dependency service or group failed to start.
11/16/2011 12:36:09 PM, Error: Service Control Manager [7001] - The TCP/IP Registry Compatibility service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
11/16/2011 12:36:09 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
11/16/2011 12:36:09 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
11/16/2011 12:36:09 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
11/16/2011 12:36:09 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
11/16/2011 12:36:09 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service service which failed to start because of the following error: A device attached to the system is not functioning.
11/16/2011 12:36:09 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
11/16/2011 12:36:09 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
11/16/2011 12:36:09 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
11/16/2011 12:36:09 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
11/16/2011 12:36:09 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
11/16/2011 12:36:09 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
11/16/2011 12:35:58 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
11/16/2011 12:35:56 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
11/16/2011 12:35:22 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
11/16/2011 12:35:22 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
11/16/2011 12:35:20 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
11/16/2011 12:35:10 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
11/16/2011 12:34:53 PM, Error: EventLog [6008] - The previous system shutdown at 12:33:07 PM on 11/16/2011 was unexpected.
11/10/2011 10:02:21 AM, Error: Service Control Manager [7000] - The DgiVecp service failed to start due to the following error: The system cannot find the device specified.
.
==== End Of File ===========================