Inactive I think I am infected with an awful virus

Any more issues?

We need to know any other issues that are plaguing your computer. Kindly give a summary so we know how to continue from here.

Many of the things to note for us would be:

  • Slow computer
  • Error messages
  • Fake antivirus alerts or the icon in the system tray
  • svchost.exe running at 100%
  • System crashes or blue screen of death
 
Upload Dump Files:
Please go to C:\Windows\Minidump and zip up the contents of the folder. Then upload/attach the .zip file with your next post.
Left click on the first minidump file.
Hold down the "Shift" key and left click on the last minidump file.
Right click on the blue highlighted area and select "Send to"
Select "Compressed (zipped) folder" and note where the folder is saved.
Upload that .zip file with your next post.

If you have issues with "Access Denied" errors, try copying the files to your desktop and zipping them up from there. If it still won't let you zip them up, post back for further advice.

If you don't have anything in that folder, please check in C:\Windows for a file named MEMORY.DMP. If you find it, zip it up and upload it to a free file hosting service . I recommend Windows Live SkyDrive - http://skydrive.live.com or another free, file-hosting service. Then post the link to it in your topic so that we can download it.

Then, follow the directions here to set your system for Minidumps (much smaller than the MEMORY.DMP file): http://www.carrona.org/setmini.html


  • Please download VEW by Vino Rosso from here and save it to your desktop
  • Double click it to start it Note: If running Windows Vista or Windows 7 you will need to right click the file and select Run as administrator and click Continue or Allow at the User Account Control Prompt.
  • Click the check boxes next to Application and System located under Select log to query on the upper left
  • Under Select type to list on the right click the boxes next to Error and Warning Note: If running Windows Vista or Windows 7 also click the box next to Critical (not XP).
  • Under Number or date of events select Number of events and type 20 in the box next to 1 to 20 and click Run
  • Once it finishes it will display a log file in notepad
  • Please copy and paste its entire contents into your next reply
 
Here's my VEW.txt log:

Vino's Event Viewer v01c run on Windows XP in English
Report run at 19/10/2012 2:36:46 PM
Note: All dates below are in the format dd/mm/yyyy
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 19/10/2012 1:52:21 PM
Type: error Category: 0
Event: 0 Source: Broadcom ASF IP and SMBIOS Mailbox Monitor
The event description cannot be found.
Log: 'Application' Date/Time: 17/10/2012 11:57:27 PM
Type: error Category: 0
Event: 8 Source: crypt32
Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The specified server cannot perform the requested operation.
Log: 'Application' Date/Time: 17/10/2012 11:57:25 PM
Type: error Category: 0
Event: 8 Source: crypt32
Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This operation returned because the timeout period expired.
Log: 'Application' Date/Time: 17/10/2012 7:21:25 PM
Type: error Category: 0
Event: 0 Source: Broadcom ASF IP and SMBIOS Mailbox Monitor
The event description cannot be found.
Log: 'Application' Date/Time: 17/10/2012 4:25:29 PM
Type: error Category: 0
Event: 0 Source: Broadcom ASF IP and SMBIOS Mailbox Monitor
The event description cannot be found.
Log: 'Application' Date/Time: 17/10/2012 3:47:12 AM
Type: error Category: 0
Event: 0 Source: Broadcom ASF IP and SMBIOS Mailbox Monitor
The event description cannot be found.
Log: 'Application' Date/Time: 17/10/2012 1:57:42 AM
Type: error Category: 1
Event: 4112 Source: MSDTC
Could not start the MS DTC Transaction Manager.
Log: 'Application' Date/Time: 17/10/2012 1:57:42 AM
Type: error Category: 2
Event: 4185 Source: MSDTC
MS DTC Transaction Manager start failed. LogInit returned error 0x5.
Log: 'Application' Date/Time: 17/10/2012 1:57:42 AM
Type: error Category: 4
Event: 4163 Source: MSDTC
MS DTC log file not found. After ensuring that all Resource Managers coordinated by MS DTC have no indoubt transactions, please run msdtc -resetlog to create the log file.
Log: 'Application' Date/Time: 17/10/2012 1:57:31 AM
Type: error Category: 1
Event: 4112 Source: MSDTC
Could not start the MS DTC Transaction Manager.
Log: 'Application' Date/Time: 17/10/2012 1:57:31 AM
Type: error Category: 2
Event: 4185 Source: MSDTC
MS DTC Transaction Manager start failed. LogInit returned error 0x5.
Log: 'Application' Date/Time: 17/10/2012 1:57:31 AM
Type: error Category: 4
Event: 4163 Source: MSDTC
MS DTC log file not found. After ensuring that all Resource Managers coordinated by MS DTC have no indoubt transactions, please run msdtc -resetlog to create the log file.
Log: 'Application' Date/Time: 17/10/2012 1:50:44 AM
Type: error Category: 0
Event: 1103 Source: .NET Runtime Optimization Service
.NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown

Log: 'Application' Date/Time: 17/10/2012 1:11:01 AM
Type: error Category: 1
Event: 4112 Source: MSDTC
Could not start the MS DTC Transaction Manager.
Log: 'Application' Date/Time: 17/10/2012 1:11:01 AM
Type: error Category: 2
Event: 4185 Source: MSDTC
MS DTC Transaction Manager start failed. LogInit returned error 0x5.
Log: 'Application' Date/Time: 17/10/2012 1:11:01 AM
Type: error Category: 4
Event: 4163 Source: MSDTC
MS DTC log file not found. After ensuring that all Resource Managers coordinated by MS DTC have no indoubt transactions, please run msdtc -resetlog to create the log file.
Log: 'Application' Date/Time: 15/10/2012 10:55:03 PM
Type: error Category: 0
Event: 0 Source: Broadcom ASF IP and SMBIOS Mailbox Monitor
The event description cannot be found.
Log: 'Application' Date/Time: 15/10/2012 2:27:21 AM
Type: error Category: 0
Event: 1103 Source: .NET Runtime Optimization Service
.NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown

Log: 'Application' Date/Time: 14/10/2012 11:27:18 PM
Type: error Category: 0
Event: 0 Source: Broadcom ASF IP and SMBIOS Mailbox Monitor
The event description cannot be found.
Log: 'Application' Date/Time: 14/10/2012 8:10:25 AM
Type: error Category: 0
Event: 0 Source: Broadcom ASF IP and SMBIOS Mailbox Monitor
The event description cannot be found.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 18/10/2012 10:03:27 AM
Type: warning Category: 0
Event: 1517 Source: Userenv
Windows saved user XANDER-DELLD630\leahjewel registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use. This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.
Log: 'Application' Date/Time: 16/10/2012 8:32:36 PM
Type: warning Category: 54
Event: 4353 Source: EventSystem
The COM+ Event System attempted to fire the EventObjectChange::ChangedSubscription event but received a bad return code. HRESULT was 80040201.
Log: 'Application' Date/Time: 16/10/2012 8:32:36 PM
Type: warning Category: 52
Event: 4356 Source: EventSystem
The COM+ Event System failed to create an instance of the subscriber partition:{41E90F3E-56C1-4633-81C3-6E8BAC8BDD70}!new:{D3938AB0-5B9D-11D1-8DD2-00AA004ABD5E}. CoGetObject returned HRESULT 80070422.
Log: 'Application' Date/Time: 16/10/2012 8:32:36 PM
Type: warning Category: 54
Event: 4353 Source: EventSystem
The COM+ Event System attempted to fire the EventObjectChange::ChangedSubscription event but received a bad return code. HRESULT was 80040201.
Log: 'Application' Date/Time: 16/10/2012 8:32:36 PM
Type: warning Category: 52
Event: 4356 Source: EventSystem
The COM+ Event System failed to create an instance of the subscriber partition:{41E90F3E-56C1-4633-81C3-6E8BAC8BDD70}!new:{D3938AB0-5B9D-11D1-8DD2-00AA004ABD5E}. CoGetObject returned HRESULT 80070422.
Log: 'Application' Date/Time: 16/10/2012 8:32:36 PM
Type: warning Category: 54
Event: 4353 Source: EventSystem
The COM+ Event System attempted to fire the EventObjectChange::ChangedSubscription event but received a bad return code. HRESULT was 80040201.
Log: 'Application' Date/Time: 16/10/2012 8:32:36 PM
Type: warning Category: 52
Event: 4356 Source: EventSystem
The COM+ Event System failed to create an instance of the subscriber partition:{41E90F3E-56C1-4633-81C3-6E8BAC8BDD70}!new:{D3938AB0-5B9D-11D1-8DD2-00AA004ABD5E}. CoGetObject returned HRESULT 80070422.
Log: 'Application' Date/Time: 16/10/2012 8:32:36 PM
Type: warning Category: 54
Event: 4353 Source: EventSystem
The COM+ Event System attempted to fire the EventObjectChange::ChangedSubscription event but received a bad return code. HRESULT was 80040201.
Log: 'Application' Date/Time: 16/10/2012 8:32:36 PM
Type: warning Category: 52
Event: 4356 Source: EventSystem
The COM+ Event System failed to create an instance of the subscriber partition:{41E90F3E-56C1-4633-81C3-6E8BAC8BDD70}!new:{D3938AB0-5B9D-11D1-8DD2-00AA004ABD5E}. CoGetObject returned HRESULT 80070422.
Log: 'Application' Date/Time: 16/10/2012 8:32:36 PM
Type: warning Category: 54
Event: 4353 Source: EventSystem
The COM+ Event System attempted to fire the EventObjectChange::ChangedSubscription event but received a bad return code. HRESULT was 80040201.
Log: 'Application' Date/Time: 16/10/2012 8:32:36 PM
Type: warning Category: 52
Event: 4356 Source: EventSystem
The COM+ Event System failed to create an instance of the subscriber partition:{41E90F3E-56C1-4633-81C3-6E8BAC8BDD70}!new:{D3938AB0-5B9D-11D1-8DD2-00AA004ABD5E}. CoGetObject returned HRESULT 80070422.
Log: 'Application' Date/Time: 16/10/2012 8:32:36 PM
Type: warning Category: 54
Event: 4353 Source: EventSystem
The COM+ Event System attempted to fire the EventObjectChange::ChangedSubscription event but received a bad return code. HRESULT was 80040201.
Log: 'Application' Date/Time: 16/10/2012 8:32:36 PM
Type: warning Category: 52
Event: 4356 Source: EventSystem
The COM+ Event System failed to create an instance of the subscriber partition:{41E90F3E-56C1-4633-81C3-6E8BAC8BDD70}!new:{D3938AB0-5B9D-11D1-8DD2-00AA004ABD5E}. CoGetObject returned HRESULT 80070422.
Log: 'Application' Date/Time: 16/10/2012 8:32:36 PM
Type: warning Category: 54
Event: 4353 Source: EventSystem
The COM+ Event System attempted to fire the EventObjectChange::ChangedSubscription event but received a bad return code. HRESULT was 80040201.
Log: 'Application' Date/Time: 16/10/2012 8:32:36 PM
Type: warning Category: 52
Event: 4356 Source: EventSystem
The COM+ Event System failed to create an instance of the subscriber partition:{41E90F3E-56C1-4633-81C3-6E8BAC8BDD70}!new:{D3938AB0-5B9D-11D1-8DD2-00AA004ABD5E}. CoGetObject returned HRESULT 80070422.
Log: 'Application' Date/Time: 16/10/2012 8:32:36 PM
Type: warning Category: 54
Event: 4353 Source: EventSystem
The COM+ Event System attempted to fire the EventObjectChange::ChangedSubscription event but received a bad return code. HRESULT was 80040201.
Log: 'Application' Date/Time: 16/10/2012 8:32:36 PM
Type: warning Category: 52
Event: 4356 Source: EventSystem
The COM+ Event System failed to create an instance of the subscriber partition:{41E90F3E-56C1-4633-81C3-6E8BAC8BDD70}!new:{D3938AB0-5B9D-11D1-8DD2-00AA004ABD5E}. CoGetObject returned HRESULT 80070422.
Log: 'Application' Date/Time: 15/10/2012 1:41:33 AM
Type: warning Category: 54
Event: 4353 Source: EventSystem
The COM+ Event System attempted to fire the EventObjectChange::ChangedSubscription event but received a bad return code. HRESULT was 80040201.
Log: 'Application' Date/Time: 15/10/2012 1:41:33 AM
Type: warning Category: 52
Event: 4356 Source: EventSystem
The COM+ Event System failed to create an instance of the subscriber partition:{41E90F3E-56C1-4633-81C3-6E8BAC8BDD70}!new:{D3938AB0-5B9D-11D1-8DD2-00AA004ABD5E}. CoGetObject returned HRESULT 80070422.
Log: 'Application' Date/Time: 15/10/2012 1:41:33 AM
Type: warning Category: 54
Event: 4353 Source: EventSystem
The COM+ Event System attempted to fire the EventObjectChange::ChangedSubscription event but received a bad return code. HRESULT was 80040201.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 19/10/2012 1:52:24 PM
Type: error Category: 0
Event: 7000 Source: Service Control Manager
The Windows Presentation Foundation Font Cache 3.0.0.0 service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
Log: 'System' Date/Time: 19/10/2012 1:52:24 PM
Type: error Category: 0
Event: 7009 Source: Service Control Manager
Timeout (30000 milliseconds) waiting for the Windows Presentation Foundation Font Cache 3.0.0.0 service to connect.
Log: 'System' Date/Time: 19/10/2012 12:18:18 AM
Type: error Category: 0
Event: 7000 Source: Service Control Manager
The Windows Presentation Foundation Font Cache 3.0.0.0 service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
Log: 'System' Date/Time: 19/10/2012 12:18:18 AM
Type: error Category: 0
Event: 7009 Source: Service Control Manager
Timeout (30000 milliseconds) waiting for the Windows Presentation Foundation Font Cache 3.0.0.0 service to connect.
Log: 'System' Date/Time: 19/10/2012 12:18:17 AM
Type: error Category: 0
Event: 7000 Source: Service Control Manager
The Advanced SystemCare Service 5 service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
Log: 'System' Date/Time: 19/10/2012 12:18:17 AM
Type: error Category: 0
Event: 7009 Source: Service Control Manager
Timeout (30000 milliseconds) waiting for the Advanced SystemCare Service 5 service to connect.
Log: 'System' Date/Time: 18/10/2012 1:33:39 AM
Type: error Category: 0
Event: 111 Source: Removable Storage Service
RSM could not load media in drive Drive 0 of library USB 2.0 USB Flash Drive USB Device.
Log: 'System' Date/Time: 17/10/2012 10:26:25 PM
Type: error Category: 0
Event: 7009 Source: Service Control Manager
Timeout (30000 milliseconds) waiting for the Windows Presentation Foundation Font Cache 3.0.0.0 service to connect.
Log: 'System' Date/Time: 17/10/2012 7:20:23 PM
Type: error Category: 0
Event: 7000 Source: Service Control Manager
The Windows Presentation Foundation Font Cache 3.0.0.0 service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
Log: 'System' Date/Time: 17/10/2012 7:20:23 PM
Type: error Category: 0
Event: 7009 Source: Service Control Manager
Timeout (30000 milliseconds) waiting for the Windows Presentation Foundation Font Cache 3.0.0.0 service to connect.
Log: 'System' Date/Time: 17/10/2012 4:44:43 PM
Type: error Category: 0
Event: 7031 Source: Service Control Manager
The MBAMService service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
Log: 'System' Date/Time: 17/10/2012 4:44:41 PM
Type: error Category: 0
Event: 7031 Source: Service Control Manager
The Broadcom ASF IP and SMBIOS Mailbox Monitor service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
Log: 'System' Date/Time: 17/10/2012 4:44:39 PM
Type: error Category: 0
Event: 7031 Source: Service Control Manager
The Advanced SystemCare Service 5 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
Log: 'System' Date/Time: 17/10/2012 4:25:59 PM
Type: error Category: 0
Event: 7000 Source: Service Control Manager
The Application Layer Gateway Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
Log: 'System' Date/Time: 17/10/2012 4:25:59 PM
Type: error Category: 0
Event: 7009 Source: Service Control Manager
Timeout (30000 milliseconds) waiting for the Application Layer Gateway Service service to connect.
Log: 'System' Date/Time: 17/10/2012 4:23:53 PM
Type: error Category: 0
Event: 7000 Source: Service Control Manager
The MBAMScheduler service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
Log: 'System' Date/Time: 17/10/2012 4:23:53 PM
Type: error Category: 0
Event: 7009 Source: Service Control Manager
Timeout (30000 milliseconds) waiting for the MBAMScheduler service to connect.
Log: 'System' Date/Time: 17/10/2012 4:23:53 PM
Type: error Category: 0
Event: 7000 Source: Service Control Manager
The Windows Presentation Foundation Font Cache 3.0.0.0 service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
Log: 'System' Date/Time: 17/10/2012 4:23:53 PM
Type: error Category: 0
Event: 7009 Source: Service Control Manager
Timeout (30000 milliseconds) waiting for the Windows Presentation Foundation Font Cache 3.0.0.0 service to connect.
Log: 'System' Date/Time: 17/10/2012 8:35:48 AM
Type: error Category: 0
Event: 10005 Source: DCOM
DCOM got error "%1053" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 19/10/2012 1:50:09 PM
Type: warning Category: 0
Event: 4 Source: b57w2k
Broadcom NetXtreme 57xx Gigabit Controller: The network link is down. Check to make sure the network cable is properly connected.
Log: 'System' Date/Time: 19/10/2012 12:33:05 AM
Type: warning Category: 0
Event: 4226 Source: Tcpip
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.
Log: 'System' Date/Time: 19/10/2012 12:12:43 AM
Type: warning Category: 0
Event: 4 Source: b57w2k
Broadcom NetXtreme 57xx Gigabit Controller: The network link is down. Check to make sure the network cable is properly connected.
Log: 'System' Date/Time: 18/10/2012 9:24:46 PM
Type: warning Category: 0
Event: 4226 Source: Tcpip
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.
Log: 'System' Date/Time: 17/10/2012 11:47:42 PM
Type: warning Category: 0
Event: 4226 Source: Tcpip
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.
Log: 'System' Date/Time: 17/10/2012 9:59:04 PM
Type: warning Category: 0
Event: 256 Source: PlugPlayManager
Timed out sending notification of device interface change to window of "SAS window"
Log: 'System' Date/Time: 17/10/2012 7:16:47 PM
Type: warning Category: 0
Event: 4 Source: b57w2k
Broadcom NetXtreme 57xx Gigabit Controller: The network link is down. Check to make sure the network cable is properly connected.
Log: 'System' Date/Time: 17/10/2012 4:19:45 PM
Type: warning Category: 0
Event: 4 Source: b57w2k
Broadcom NetXtreme 57xx Gigabit Controller: The network link is down. Check to make sure the network cable is properly connected.
Log: 'System' Date/Time: 17/10/2012 9:23:20 AM
Type: warning Category: 0
Event: 4226 Source: Tcpip
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.
Log: 'System' Date/Time: 17/10/2012 8:51:26 AM
Type: warning Category: 0
Event: 4226 Source: Tcpip
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.
Log: 'System' Date/Time: 17/10/2012 8:29:15 AM
Type: warning Category: 0
Event: 4 Source: b57w2k
Broadcom NetXtreme 57xx Gigabit Controller: The network link is down. Check to make sure the network cable is properly connected.
Log: 'System' Date/Time: 17/10/2012 3:39:31 AM
Type: warning Category: 0
Event: 4 Source: b57w2k
Broadcom NetXtreme 57xx Gigabit Controller: The network link is down. Check to make sure the network cable is properly connected.
Log: 'System' Date/Time: 17/10/2012 2:29:20 AM
Type: warning Category: 0
Event: 1003 Source: Dhcp
Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 0022692A6012. The following error occurred: The operation was canceled by the user. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
Log: 'System' Date/Time: 17/10/2012 2:29:20 AM
Type: warning Category: 0
Event: 1003 Source: Dhcp
Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 0022692A6012. The following error occurred: The operation was canceled by the user. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
Log: 'System' Date/Time: 17/10/2012 2:28:46 AM
Type: warning Category: 0
Event: 1003 Source: Dhcp
Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 0022692A6012. The following error occurred: The operation was canceled by the user. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
Log: 'System' Date/Time: 17/10/2012 2:28:42 AM
Type: warning Category: 0
Event: 1003 Source: Dhcp
Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 0022692A6012. The following error occurred: The operation was canceled by the user. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
Log: 'System' Date/Time: 17/10/2012 2:28:37 AM
Type: warning Category: 0
Event: 1003 Source: Dhcp
Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 0022692A6012. The following error occurred: The operation was canceled by the user. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
Log: 'System' Date/Time: 17/10/2012 2:23:47 AM
Type: warning Category: 0
Event: 1006 Source: Dhcp
Your computer was unable to automatically configure the IP parameters for the Network Card with the network address 0022692A6012. The following error occurred during configuration: The specified network resource or device is no longer available. .
Log: 'System' Date/Time: 17/10/2012 2:23:44 AM
Type: warning Category: 0
Event: 1003 Source: Dhcp
Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 0022692A6012. The following error occurred: An operation was attempted on something that is not a socket. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
Log: 'System' Date/Time: 17/10/2012 2:23:44 AM
Type: warning Category: 0
Event: 1003 Source: Dhcp
Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 0022692A6012. The following error occurred: The operation was canceled by the user. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
 
I notice that my audio sound stutters and my system is still running slower than usual. Also, each time I restart my laptop, I check the services and notice that the configurations have been changed. Some items that were set to disable, have been enabled and vice-or-versa... every time I restart. I find this very strange.
 
I suspect memory issues are the problem here...

· Run Hardware Diagnostics -
- RAM - http://www.carrona.org/memdiag.html (read the details at the link)
- HDD - http://www.carrona.org/hddiag.html (read the details at the link)


Go to VirusTotal.com, click Choose File, browse for "c:\windows\system32\drivers\atapi.sys".

If it gives message about already having the file scanned, click Re-Scan. Once done, please copy the link from the address bar, and paste it to your next reply.
 
I'm a novice. The instructions are quite confusing for me. Can you please simplify them for me.

Thanks so much.
 
Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.
 
Farbar Service Scanner Version: 19-10-2012
Ran by leahjewel (administrator) on 22-10-2012 at 18:46:39
Running from "C:\Documents and Settings\leahjewel\Desktop"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============
Srservice Service is not running. Checking service configuration:
The start type of Srservice service is OK.
The ImagePath of Srservice service is OK.
The ServiceDll of Srservice service is OK.

sr Service is not running. Checking service configuration:
The start type of sr service is set to Disabled. The default start type is Boot.
The ImagePath of sr: "\SystemRoot\system32\DRIVERS\sr.sys".


System Restore Disabled Policy:
========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR"=DWORD:1


Security Center:
============
wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is set to Disabled. The default start type is Auto.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.


Windows Update:
============
cryptsvc Service is not running. Checking service configuration:
The start type of cryptsvc service is set to Demand. The default start type is Auto.
The ImagePath of cryptsvc service is OK.
The ServiceDll of cryptsvc service is OK.


Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
aswTdi(8) Gpc(3) IPSec(5) NetBT(6) PSched(7) Tcpip(4) Tcpip6(9)
0x09000000050000000100000002000000030000000400000008000000060000000700000009000000
IpSec Tag value is correct.

**** End of log ****
 
Please run OTL
  • Under the Custom Scans/Fixes box at the bottom, copy and paste in the following:

    :REG
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR"=0

    :commands
    [emptytemp]
    [reboot]
    Click to expand...
  • Then click the Run Fix button at the top.
  • Note: The fix for OTL automatically hides your Desktop and Start menu so the fix can be completed. Do not be alerted, as this is normal.
  • Please do not exit the program. It might take a while to fix, but allow it to run. If it asks to reboot the computer, allow it to reboot. If the program freezes, and the computer fails to reboot - let me know.
    Lastly, post the contents of the log. (Located at C:\_OTL\Moved Files)
OTL scan

Open OTL, click the None button, place the following in the Custom Scans/Fixes box, and hit Run Scan:

/md5start
sr.sys
wuauclt.exe
wscsvc.dll
cryptsvc.dll
/md5stop
Click to expand...

Post log once done.
 
I'm attempting to do this fix but its frozen up and not responding. the desktop never dissappeared and it just says "killing processes. do not interrupt." at the very bottom.
 
OTL logfile created on: 10/24/2012 8:53:43 AM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\leahjewel\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.49 Gb Available Physical Memory | 74.46% Memory free
3.85 Gb Paging File | 3.46 Gb Available in Paging File | 89.87% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.79 Gb Total Space | 66.57 Gb Free Space | 59.55% Space Free | Partition Type: NTFS
Drive E: | 3.76 Gb Total Space | 1.92 Gb Free Space | 51.18% Space Free | Partition Type: FAT32

Computer Name: XANDER-DELLD630 | User Name: leahjewel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days

========== Custom Scans ==========

< MD5 for: CRYPTSVC.DLL >
[2008/04/14 07:00:00 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=3D4E199942E29207970E04315D02AD3B -- C:\WINDOWS\ERDNT\cache\cryptsvc.dll
[2008/04/14 07:00:00 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=3D4E199942E29207970E04315D02AD3B -- C:\WINDOWS\system32\cryptsvc.dll
[2008/04/14 07:00:00 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=3D4E199942E29207970E04315D02AD3B -- C:\WINDOWS\system32\dllcache\cryptsvc.dll

< MD5 for: SR.SYS >
[2008/04/14 07:00:00 | 000,073,472 | ---- | M] (Microsoft Corporation) MD5=76BB022C2FB6902FD5BDD4F78FC13A5D -- C:\WINDOWS\system32\dllcache\sr.sys
[2008/04/14 07:00:00 | 000,073,472 | ---- | M] (Microsoft Corporation) MD5=76BB022C2FB6902FD5BDD4F78FC13A5D -- C:\WINDOWS\system32\drivers\sr.sys

< MD5 for: WSCSVC.DLL >
[2008/04/14 07:00:00 | 000,080,896 | ---- | M] (Microsoft Corporation) MD5=7C278E6408D1DCE642230C0585A854D5 -- C:\WINDOWS\system32\dllcache\wscsvc.dll
[2008/04/14 07:00:00 | 000,080,896 | ---- | M] (Microsoft Corporation) MD5=7C278E6408D1DCE642230C0585A854D5 -- C:\WINDOWS\system32\wscsvc.dll

< MD5 for: WUAUCLT.EXE >
[2012/06/02 15:19:34 | 000,053,784 | ---- | M] (Microsoft Corporation) MD5=2E0B0A051FFAA86E358465BB0880D453 -- C:\WINDOWS\ERDNT\cache\wuauclt.exe
[2012/06/02 15:19:34 | 000,053,784 | ---- | M] (Microsoft Corporation) MD5=2E0B0A051FFAA86E358465BB0880D453 -- C:\WINDOWS\system32\dllcache\wuauclt.exe
[2012/06/02 15:19:34 | 000,053,784 | ---- | M] (Microsoft Corporation) MD5=2E0B0A051FFAA86E358465BB0880D453 -- C:\WINDOWS\system32\wuauclt.exe
< End of report >
 
Download Windows Repair (all in one) from this site

Install the program then run it.

Go to Step 2 and allow it to run CheckDisk by clicking on Do It button:

p22001645.gif




Once that is done then go to Step 3 and allow it to run System File Check by clicking on Do It button:

p22001646.gif



Go to Step 4 and under "System Restore" click on Create button:

p22001644.gif



Go to Start Repairs tab and click Start button.

p22001166.gif



Please ensure that ONLY items seen in the image below are ticked as indicated (they're all checked by default):

p22001647.gif


Click on box next to the Restart System when Finished. Then click on Start.

Once done, let me know if the speed has boosted.
 
It's faster, but still very, very slow to start up, load my settings, and browse. I do see improvements though. My audio still sounds somewhat jarbled and choppy and should be a lot faster.

I appreciate your help and sticking with me all this time.
 
I found this file: Z@R4B.tmp, which appears to a backdoor trojan dropper in the following location:

C:\Documents and Settings\(user name)\Local Settings\temp

The file is hidden and goes undetected by Avast and MalwareBytes Pro.
 
CCleaner Temporary Files Cleaning

NOTE: If you already have this installed, you don't have to reinstall it.

Please download CCleaner Slim and save it to your Desktop - Alternate download link

When the file has been saved, go to your Desktop and double-click on ccsetupxxx_slim.exe
Follow the prompts to install the program.

  • Double-click the CCleaner shortcut on the desktop to start the program.
  • A prompt will ask you if you want CCleaner to do a check to see what cookies it needs to keep. Allow that operation.
  • On the Cleaner tab, click on Run Cleaner on the bottom-right to run the program.
  • Important: Make sure that ALL browser windows are closed before selecting Run Cleaner, or it will ask if you want the program to close them for you (when you do this, all unsaved data may be lost in the browser).

    Caution: Only use the Registry feature if you are very familiar with the registry.
    Always back up your registry before making any changes. Exit CCleaner after it has completed it's process.


    Hitman Pro

    Please download Hitman Pro
    • After the download completes please double click the program to run it.
    • Accept the terms of the license agreement and click Next
    • Let the scan run. It will not take long
    • When the scan finishes, and all the files have been uploaded to the Scan Cloud, click Next
    • Click Next again. At the bottom left you will see Export Scan Results To XML File. Click that and save it in a convenient location
    • Upload log.xml here for review please
 
Here's my Hitman Pro log. I left off the self- identifying part at the beginning because I forgot to save the file as xml and could not upload it as txt:

Scan date . . . . . . : 2012-10-27 18:27:45
Scan mode . . . . . . : Normal
Scan duration . . . . : 34m 23s
Disk access mode . . : Direct disk access (SRB)
Cloud . . . . . . . . : Internet
Reboot . . . . . . . : No
Threats . . . . . . . : 0
Traces . . . . . . . : 6
Objects scanned . . . : 714,923
Files scanned . . . . : 22,664
Remnants scanned . . : 158,913 files / 533,346 keys
Cookies _____________________________________________________________________
C:\Documents and Settings\leahjewel\Cookies\03DN0UZ6.txt
C:\Documents and Settings\leahjewel\Cookies\8T5NIUTW.txt
C:\Documents and Settings\leahjewel\Cookies\DFGGLKO0.txt
C:\Documents and Settings\leahjewel\Cookies\EWXELNS3.txt
C:\Documents and Settings\leahjewel\Cookies\T6IME2GD.txt
C:\Documents and Settings\leahjewel\Cookies\VP9JBAAD.txt

[/code]
 
Uh oh. I'm in trouble again. I found the following on my system via Malwarebytes Pro: Hijack.Comsysapp . What to do? What to do?
 

Attachments

  • mbam-log-2012-10-30 (15-04-03).txt
    2.1 KB · Views: 2
You must log in or register to reply here.

Similar threads

N
Several popular Minecraft mods are infected with Fracturiser malware
Replies
0
Views
611
nanoguy
N
N
  • Locked
Inactive Possible remote control virus
Replies
2
Views
3K
Broni
Broni
Y
Solved Explorer.exe buffer overflow?
Replies
3
Views
2K
Broni
Broni

Latest posts

Back