1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Home income wealth system pop up/system shuts down

Discussion in 'Virus & Other Malware Removal' started by Pilot_Rick, Jan 28, 2011.

Thread Status:
Not open for further replies.
Advertisement
  1. Pilot_Rick

    Pilot_Rick Thread Starter

    Joined:
    Jun 21, 2008
    Messages:
    12
    Somehow I got many trojan virus's. I downloaded Malwarebytes' Anti-malware and ran it in safe mode which found 14 problems and repaired them. The system is freezing up now and then and I can't do a normal restart, just ave to shut the power off. I have Firefox and as I am playing my online game I will see te page flicker and i get a page that opens for "Home Income Wealth System". Usually after that page opens about 5 minutes later it just closes everything and goes to a black screen. I did try a system restore but no change.


    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 5:02:28 PM, on 1/28/2011
    Platform: Windows 7 (WinNT 6.00.3504)
    MSIE: Internet Explorer v8.00 (8.00.7600.16671)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
    C:\Program Files\Alwil Software\Avast5\AvastUI.exe
    C:\Program Files\Dell Support Center\bin\sprtcmd.exe
    C:\Program Files\Microsoft Location Finder\LocationFinder.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    C:\Program Files\Dell\QuickSet\quickset.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Windows\system32\taskhost.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\system32\wuauclt.exe
    C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
    O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
    O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
    O4 - HKLM\..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
    O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
    O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
    O4 - HKCU\..\Run: [Microsoft Location Finder] "C:\Program Files\Microsoft Location Finder\LocationFinder.exe"
    O4 - Startup: CCC.lnk = ?
    O4 - Global Startup: Bluetooth.lnk = ?
    O4 - Global Startup: QuickSet.lnk = ?
    O4 - Global Startup: SetPoint.lnk = ?
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O18 - Filter hijack: text/html - {d8e8c45a-1718-4133-9c34-6dee5434c826} - C:\Users\Rick\AppData\Local\Temp\msv1_0
    O23 - Service: ABBYY FineReader 9.0 Licensing Service (ABBYY.Licensing.FineReader.Professional.9.0) - ABBYY (BIT Software) - C:\Program Files\ABBYY FineReader 9.0\NetworkLicenseServer.exe
    O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
    O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: SupportSoft Sprocket Service (DellSupportCenter) (sprtsvc_DellSupportCenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
    O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe
    O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

    --
    End of file - 5842 bytes
     
  2. Pilot_Rick

    Pilot_Rick Thread Starter

    Joined:
    Jun 21, 2008
    Messages:
    12
    Sorry, Forgot the computer specs

    Dell 1505 laptop
    1.4 processor
    2 gigs ram
    1400 graphics
    Windows 7
     
  3. Pilot_Rick

    Pilot_Rick Thread Starter

    Joined:
    Jun 21, 2008
    Messages:
    12
    Now, Interactive service pops up and takes down the page I am viewing.
     
  4. CatByte

    CatByte Malware Specialist

    Joined:
    Feb 24, 2009
    Messages:
    3,930
    Hi,

    Please do the following:


    Please download DDS from either of these links

    LINK 1
    LINK 2

    and save it to your desktop.
    • Disable any script blocking protection
    • Double click dds to run the tool.
    • When done, two DDS.txt's will open.
    • Save both reports to your desktop.
    ---------------------------------------------------
    Please include the contents of the following in your next reply:

    DDS.txt
    Attach.txt.


    NEXT


    Download GMER Rootkit Scanner from here to your desktop. It will be a randomly named executable.
    • Double click the exe file.
    • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO, then use the following settings for a more complete scan.

      [​IMG]
      Click the image to enlarge it
    • In the right panel, you will see several boxes that have been checked. Ensure the following are unchecked
      • IAT/EAT
      • Drives/Partition other than Systemdrive (typically C:\)
      • Show All (don't miss this one)
    • Then click the Scan button & wait for it to finish.
    • Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.
    • Save it where you can easily find it, such as your desktop, and attach it in reply.

    **Caution**
    Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries
     
  5. Pilot_Rick

    Pilot_Rick Thread Starter

    Joined:
    Jun 21, 2008
    Messages:
    12
    I can't post anything, it goes to a blank page like I have no internet
     
  6. Pilot_Rick

    Pilot_Rick Thread Starter

    Joined:
    Jun 21, 2008
    Messages:
    12
    DDS (Ver_10-12-12.02) - NTFSx86
    Run by Rick at 23:08:44.31 on Sat 01/29/2011
    Internet Explorer: 9.0.7930.16406
    Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.2046.1073 [GMT -5:00]
    AV: avast! Antivirus *Enabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
    SP: avast! Antivirus *Enabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
    SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    ============== Running Processes ===============
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\system32\Ati2evxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    C:\Windows\system32\WLANExt.exe
    C:\Windows\system32\Ati2evxx.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
    C:\Program Files\Alwil Software\Avast5\AvastUI.exe
    C:\Program Files\Microsoft Location Finder\LocationFinder.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
    C:\Program Files\Dell\QuickSet\quickset.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\ABBYY FineReader 9.0\NetworkLicenseServer.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\system32\svchost.exe -k hpdevmgmt
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\Windows\system32\STacSV.exe
    C:\Windows\system32\DRIVERS\xaudio.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\svchost.exe -k bthsvcs
    C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
    C:\Program Files\Dell Support Center\bin\sprtsvc.exe
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\wuauclt.exe
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Windows\system32\wuauclt.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\system32\Macromed\Flash\FlashUtil10l_ActiveX.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Windows\system32\AUDIODG.EXE
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Users\Rick\Desktop\dds (2).com
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    ============== Pseudo HJT Report ===============
    uStart Page = hxxp://www.yahoo.com/
    uInternet Settings,ProxyOverride = <local>
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
    BHO: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    TB: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
    TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
    uRun: [StartCCC] c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe
    uRun: [Microsoft Location Finder] "c:\program files\microsoft location finder\LocationFinder.exe"
    mRun: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
    mRun: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
    mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
    mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter
    mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
    mRunOnce: [Uninstall Adobe Download Manager] "c:\windows\system32\rundll32.exe" "c:\program files\nos\bin\getPlus_Helper_3004.dll",Uninstall /IE2883E8F-472F-4fb0-9522-AC9BF37916A7 /Get1noarp
    mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
    StartupFolder: c:\users\rick\appdata\roaming\micros~1\windows\startm~1\programs\startup\ccc.lnk - c:\program files\ati technologies\ati.ace\core-static\CCC.exe
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickset.lnk - c:\windows\installer\{7f0c4457-8e64-491b-8d7b-991504365d1e}\NewShortcut2_53A01CC614B04512A2E710D39BF83DC4.exe
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\setpoint.lnk - c:\program files\setpoint\SetPoint.exe
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
    IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
    IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
    IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    Filter: text/html - {d8e8c45a-1718-4133-9c34-6dee5434c826} -
    ================= FIREFOX ===================
    FF - ProfilePath - c:\users\rick\appdata\roaming\mozilla\firefox\profiles\2nry437v.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
    FF - prefs.js: network.proxy.type - 1
    FF - component: c:\program files\real\realplayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
    FF - component: c:\users\rick\appdata\roaming\mozilla\firefox\profiles\2nry437v.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\FFExternalAlert.dll
    FF - component: c:\users\rick\appdata\roaming\mozilla\firefox\profiles\2nry437v.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCore.dll
    FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
    FF - plugin: c:\program files\nos\bin\np_gp.dll
    FF - plugin: c:\windows\system32\wat\npWatWeb.dll
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\program files\real\realplayer\browserrecord\firefox\ext
    FF - Ext: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - %profile%\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
    FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
    ============= SERVICES / DRIVERS ===============
    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2009-10-1 165584]
    R1 VWiFiFlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
    R2 ABBYY.Licensing.FineReader.Professional.9.0;ABBYY FineReader 9.0 Licensing Service;c:\program files\abbyy finereader 9.0\NetworkLicenseServer.exe [2007-11-2 566560]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-10-1 17744]
    R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2009-10-1 50768]
    R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2011-1-25 40384]
    R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2011-1-25 40384]
    R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2011-1-25 40384]
    S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
    S3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-10 4231168]
    S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2009-7-13 20992]
    S3 PCD5SRVC{3F6A8B78-EC003E00-05040104};PCD5SRVC{3F6A8B78-EC003E00-05040104} - PCDR Kernel Mode Service Helper Driver;c:\progra~1\dellsu~1\hwdiag\bin\PCD5SRVC.pkms [2008-11-4 22904]
    S3 rtl8192U;Realtek RTL8192u 802.11n Wireless LAN USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8192u.sys [2009-10-26 1473536]
    S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-13 207360]
    S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]
    S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-13 661504]
    S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 14336]
    S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-2-27 1343400]
    =============== Created Last 30 ================
    2011-01-29 14:12:59 586240 ----a-w- c:\program files\internet explorer\ieinstal.exe
    2011-01-29 14:11:14 218624 ----a-w- c:\windows\system32\d3d10_1core.dll
    2011-01-29 14:11:13 804864 ----a-w- c:\windows\system32\FntCache.dll
    2011-01-29 14:11:13 737280 ----a-w- c:\windows\system32\d2d1.dll
    2011-01-29 14:11:13 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
    2011-01-29 14:11:13 1076224 ----a-w- c:\windows\system32\DWrite.dll
    2011-01-29 14:10:15 279552 ----a-w- c:\windows\system32\XpsGdiConverter.dll
    2011-01-29 14:10:15 135168 ----a-w- c:\windows\system32\XpsRasterService.dll
    2011-01-29 14:01:17 1495040 ----a-w- c:\windows\system32\ExplorerFrame.dll
    2011-01-29 01:18:05 -------- d-----w- c:\program files\ZalmanFrisbee
    2011-01-28 21:36:19 388096 ----a-r- c:\users\rick\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
    2011-01-28 21:36:19 -------- d-----w- c:\program files\Trend Micro
    2011-01-27 01:31:20 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-01-27 01:31:15 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-01-26 01:14:50 -------- d-----w- c:\program files\Wise Registry Cleaner
    2011-01-25 23:52:06 -------- d--h--w- c:\windows\msdownld.tmp
    2011-01-25 22:34:34 -------- d-----w- c:\users\rick\appdata\roaming\Malwarebytes
    2011-01-25 22:34:20 -------- d-----w- c:\progra~2\Malwarebytes
    2011-01-25 22:34:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    ==================== Find3M ====================
    2011-01-13 08:47:35 38848 ----a-w- c:\windows\avastSS.scr
    =================== ROOTKIT ====================
    Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
    Windows 6.1.7600 Disk: TOSHIBA_MK1234GSX rev.AH001D -> Harddisk0\DR0 -> \Device\Ide\IdePort0 P0T0L0-0
    device: opened successfully
    user: MBR read successfully
    Disk trace:
    called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll >>UNKNOWN [0x85E4C735]<<
    _asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x85e52990]; MOV EAX, [0x85e52a0c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
    1 ntkrnlpa!IofCallDriver[0x82C3D458] -> \Device\Harddisk0\DR0[0x85E32030]
    3 CLASSPNP[0x88FAD59E] -> ntkrnlpa!IofCallDriver[0x82C3D458] -> [0x859BFC10]
    5 ACPI[0x834223B2] -> ntkrnlpa!IofCallDriver[0x82C3D458] -> \IdeDeviceP0T0L0-0[0x85993030]
    \Driver\atapi[0x85E342D8] -> IRP_MJ_CREATE -> 0x85E4C735
    kernel: MBR read successfully
    _asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; PUSHA ; MOV CX, 0x132; MOV BP, 0x62a; ROR BYTE [BP+0x0], CL; INC BP; }
    detected disk devices:
    \Device\Ide\IdeDeviceP0T0L0-0 -> \??\IDE#DiskTOSHIBA_MK1234GSX_______________________AH001D__#5&1958d659&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
    detected hooks:
    user != kernel MBR !!!
    sectors 234441646 (+255): user != kernel
    Warning: possible TDL4 rootkit infection !
    TDL4 rootkit infection detected ! Use: "mbr.exe -f" to fix.
    ============= FINISH: 23:10:05.35 ===============
     
  7. Pilot_Rick

    Pilot_Rick Thread Starter

    Joined:
    Jun 21, 2008
    Messages:
    12
    I can't post the ATTACH file. It goes to no internet. Any suggestions? Here is the GMER.

    GMER 1.0.15.15530 - http://www.gmer.net
    Rootkit scan 2011-01-30 00:22:26
    Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\IdePort0 TOSHIBA_MK1234GSX rev.AH001D
    Running: t9wh9pyo.exe; Driver: C:\Users\Rick\AppData\Local\Temp\kxldrpoc.sys

    ---- System - GMER 1.0.15 ----
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0x8E4C8BAE]
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateSection [0x8E4C89D2]
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwLoadDriver [0x8E4C8B0C]
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) NtCreateSection
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject
    ---- Kernel code sections - GMER 1.0.15 ----
    .text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 82C7B599 1 Byte [06]
    .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82C9FF52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
    PAGE ntkrnlpa.exe!ZwLoadDriver 82DD9291 7 Bytes JMP 8E4C8B10 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
    PAGE ntkrnlpa.exe!ObMakeTemporaryObject 82E40FBF 5 Bytes JMP 8E4C45D4 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
    PAGE ntkrnlpa.exe!ObInsertObject + 27 82E5ACF3 5 Bytes JMP 8E4C6012 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
    PAGE ntkrnlpa.exe!NtCreateSection 82E68D63 7 Bytes JMP 8E4C89D6 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
    PAGE ntkrnlpa.exe!ZwCreateProcessEx 82F12EAC 7 Bytes JMP 8E4C8BB2 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
    ---- User code sections - GMER 1.0.15 ----
    .text C:\Windows\system32\svchost.exe[984] ntdll.dll!NtProtectVirtualMemory 77F05360 5 Bytes JMP 004E000A
    .text C:\Windows\system32\svchost.exe[984] ntdll.dll!NtWriteVirtualMemory 77F05EE0 5 Bytes JMP 004F000A
    .text C:\Windows\system32\svchost.exe[984] ntdll.dll!KiUserExceptionDispatcher 77F06448 5 Bytes JMP 004D000A
    .text C:\Windows\system32\svchost.exe[984] ole32.dll!CoCreateInstance 776B590C 5 Bytes JMP 0096000A
    .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1492] kernel32.dll!SetUnhandledExceptionFilter 76813162 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
    .text C:\Windows\Explorer.EXE[1548] ntdll.dll!NtProtectVirtualMemory 77F05360 5 Bytes JMP 0079000A
    .text C:\Windows\Explorer.EXE[1548] ntdll.dll!NtWriteVirtualMemory 77F05EE0 5 Bytes JMP 007A000A
    .text C:\Windows\Explorer.EXE[1548] ntdll.dll!KiUserExceptionDispatcher 77F06448 5 Bytes JMP 0076000A
    ---- Devices - GMER 1.0.15 ----
    Device \Driver\ACPI_HAL \Device\00000054 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
    AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
    AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
    AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
    Device \Driver\BTHUSB \Device\00000077 bthport.sys (Bluetooth Bus Driver/Microsoft Corporation)
    Device \Driver\BTHUSB \Device\00000079 bthport.sys (Bluetooth Bus Driver/Microsoft Corporation)
    AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
    Device \Device\Ide\IdeDeviceP0T0L0-0 -> \??\IDE#DiskTOSHIBA_MK1234GSX_______________________AH001D__#5&1958d659&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
    ---- Registry - GMER 1.0.15 ----
    Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0016cffa5ee4
    Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\[email protected] 0x99 0x0C 0xAA 0x90 ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\[email protected] 0x55 0x17 0x74 0x82 ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\[email protected] 0x9A 0x15 0x47 0x4F ...
    Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0016cffa5ee4 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\[email protected] 0x99 0x0C 0xAA 0x90 ...
    Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\[email protected] 0x55 0x17 0x74 0x82 ...
    Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\[email protected] 0x9A 0x15 0x47 0x4F ...
    ---- Disk sectors - GMER 1.0.15 ----
    Disk \Device\Harddisk0\DR0 sector 00 (MBR): rootkit-like behavior;
    Disk \Device\Harddisk0\DR0 sectors 234441392 (+255): rootkit-like behavior;
    ---- Files - GMER 1.0.15 ----
    File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7U67U2KI\today-on-mevio-men-41[1].htm 0 bytes
    File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7U67U2KI\fw-nonplayer-banner[1].htm 0 bytes
    File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZ9SHZGS\ai_realmedia_com[1].htm 0 bytes
    File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZ9SHZGS\recommendations[1].htm 0 bytes
    File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZ9SHZGS\like[1].htm 0 bytes
    File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UX8PS99D\meviomen_mevio_com[3].htm 0 bytes
    File C:\Windows\Temp\fla4C67.tmp 266356 bytes
    File C:\Windows\Temp\fla63DE.tmp 1795717 bytes
    File C:\Windows\Temp\fla893A.tmp 0 bytes
    ---- EOF - GMER 1.0.15 ----
     
  8. Pilot_Rick

    Pilot_Rick Thread Starter

    Joined:
    Jun 21, 2008
    Messages:
    12
    first half of ATTACH
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    DDS (Ver_10-12-12.02)
    Microsoft Windows 7 Ultimate
    Boot Device: \Device\HarddiskVolume1
    Install Date: 10/1/2009 7:45:22 AM
    System Uptime: 1/29/2011 8:23:12 PM (3 hours ago)
    Motherboard: Dell Inc. | | 0XD720
    Processor: Intel(R) Core(TM)2 CPU T5200 @ 1.60GHz | Microprocessor | 1328/133mhz
    ==== Disk Partitions =========================
    C: is FIXED (NTFS) - 112 GiB total, 71.023 GiB free.
    D: is CDROM ()
    ==== Disabled Device Manager Items =============
    ==== System Restore Points ===================
    RP225: 12/2/2010 7:29:42 AM - Scheduled Checkpoint
    RP226: 12/3/2010 10:13:26 AM - Windows Update
    RP227: 12/12/2010 10:01:38 AM - Scheduled Checkpoint
    RP228: 12/19/2010 6:02:31 PM - Scheduled Checkpoint
    RP229: 12/28/2010 3:00:50 PM - Scheduled Checkpoint
    RP230: 1/4/2011 5:03:04 PM - Scheduled Checkpoint
    RP231: 1/11/2011 5:40:18 PM - Scheduled Checkpoint
    RP232: 1/19/2011 4:49:13 PM - Scheduled Checkpoint
    RP233: 1/24/2011 11:01:21 AM - Restore Operation
    RP234: 1/24/2011 9:36:39 PM - Removed Ask Toolbar.
    RP235: 1/26/2011 11:19:26 AM - Restore Operation
    RP236: 1/28/2011 4:34:43 PM - Installed HiJackThis
    RP237: 1/29/2011 9:00:24 AM - Windows Update
    RP238: 1/29/2011 9:09:24 AM - Windows Update
    RP239: 1/29/2011 9:10:53 AM - Windows Update
    RP240: 1/29/2011 9:11:39 AM - Windows Update
    RP241: 1/29/2011 9:12:30 AM - Windows Update
    RP242: 1/29/2011 11:05:38 AM - Removed Feedback Tool
    RP243: 1/29/2011 11:13:17 AM - Removed Ask Toolbar.
    ==== Installed Programs ======================
    2007 Microsoft Office system
    32 Bit HP CIO Components Installer
    5400
    5400_Help
    ABBYY FineReader 9.0 Professional Edition
    Adobe Download Manager
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Reader 9.3.4
    Apple Application Support
    Apple Software Update
    Avanquest update
    avast! Free Antivirus
    Belkin USB Print and Storage Center
    BitTorrent
    Broadcom 440x 10/100 Integrated Controller
    Broadcom Management Programs
    BufferChm
    BurnAware Free 2.4.2
    Catalyst Control Center Core Implementation
    Catalyst Control Center Graphics Full Existing
    Catalyst Control Center Graphics Full New
    Catalyst Control Center Graphics Light
    Catalyst Control Center Graphics Previews Vista
    ccc-Branding
    ccc-core-static
    ccc-utility
    CCC Help English
    Citrix Presentation Server Web Client for Win32
    Conexant HDA D110 MDC V.92 Modem
    CustomerResearchQFolder
    Dell Driver Download Manager
    Dell Support Center (Support Software)
    Destinations
    DeviceDiscovery
    DivX Setup
    HiJackThis
    HP Customer Participation Program 8.0
    HP Deskjet Printer Driver Software 8.0.C
    HP Imaging Device Functions 9.0
    HP Photo and Imaging 2.0 - All-in-One
    HP Photo and Imaging 2.0 - All-in-One Drivers
    InstantShareDevicesMFC
    Intel(R) PROSet/Wireless Software
    Java(TM) 6 Update 15
    LimeWire PRO 5.2.13
    Malwarebytes' Anti-Malware
    MarketResearch
    mCorev32.ism_new
    mCPlug
    mDriver
    mHelp
    Microsoft .NET Framework 1.1
    Microsoft Digital Image Library 10
    Microsoft Digital Image Library 9 - Blocker
    Microsoft Digital Image Pro 10
    Microsoft Digital Image Suite 10
    Microsoft Location Finder
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Professional Hybrid 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Plus! for Windows XP
    Microsoft Silverlight
    Microsoft Streets & Trips 2006
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2010 Beta 1 x86 Redistributable - 10.0.20506
    mMHouse
    Motorola Driver Installation 4.1.0
    Motorola Phone Tools
    Mozilla Firefox (3.6.13)
    mPfMgr
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Music Mover
    mWMI
    PanoStandAlone
    QuickSet
    QuickTime
    RealPlayer
    Security Update for 2007 Microsoft Office System (KB2288621)
    Security Update for 2007 Microsoft Office System (KB2289158)
    Security Update for 2007 Microsoft Office System (KB2344875)
    Security Update for 2007 Microsoft Office System (KB2345043)
    Security Update for 2007 Microsoft Office System (KB969559)
    Security Update for 2007 Microsoft Office System (KB976321)
    Security Update for Microsoft Office Access 2007 (KB979440)
    Security Update for Microsoft Office Excel 2007 (KB2345035)
    Security Update for Microsoft Office InfoPath 2007 (KB979441)
    Security Update for Microsoft Office Outlook 2007 (KB2288953)
    Security Update for Microsoft Office PowerPoint 2007 (KB982158)
    Security Update for Microsoft Office PowerPoint Viewer (KB2413381)
    Security Update for Microsoft Office Publisher 2007 (KB982124)
    Security Update for Microsoft Office system 2007 (972581)
    Security Update for Microsoft Office system 2007 (KB974234)
    Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
    Security Update for Microsoft Office Word 2007 (KB2344993)
    SetPoint
    SF_CDC_ProductContext
    SF_CDC_Software
    SigmaTel Audio
    Skins
    Status
    Toolbox
    TrayApp
    UnloadSupport
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office Access 2007 Help (KB963663)
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office Outlook 2007 Help (KB963677)
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Publisher 2007 Help (KB963667)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    Update for Outlook 2007 Junk Email Filter (KB2443839)
    VC80CRTRedist - 8.0.50727.4053
    WebReg
    Whitesmoke Translator
    WIDCOMM Bluetooth Software 6.0.1.3100
    WinRAR archiver
    WinZip 14.5
    Wise Registry Cleaner 5.9.1
    ZalmanFrisbee
    ==== Event Viewer Messages From Past Week ========
     
  9. Pilot_Rick

    Pilot_Rick Thread Starter

    Joined:
    Jun 21, 2008
    Messages:
    12
    1/29/2011 8:40:41 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.
    1/29/2011 8:40:41 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Computer Browser service, but this action failed with the following error: An instance of the service is already running.
    1/29/2011 8:39:41 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Server service, but this action failed with the following error: An instance of the service is already running.
    1/29/2011 8:38:41 PM, Error: Service Control Manager [7031] - The Windows Update service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    1/29/2011 8:38:41 PM, Error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    1/29/2011 8:38:41 PM, Error: Service Control Manager [7031] - The User Profile Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    1/29/2011 8:38:41 PM, Error: Service Control Manager [7031] - The Themes service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    1/29/2011 8:38:41 PM, Error: Service Control Manager [7031] - The Task Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    1/29/2011 8:38:41 PM, Error: Service Control Manager [7031] - The System Event Notification Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    1/29/2011 8:38:41 PM, Error: Service Control Manager [7031] - The Shell Hardware Detection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    1/29/2011 8:38:41 PM, Error: Service Control Manager [7031] - The Server service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    1/29/2011 8:38:41 PM, Error: Service Control Manager [7031] - The Remote Access Connection Manager service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    1/29/2011 8:38:41 PM, Error: Service Control Manager [7031] - The IP Helper service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    1/29/2011 8:38:41 PM, Error: Service Control Manager [7031] - The Group Policy Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    1/29/2011 8:38:41 PM, Error: Service Control Manager [7031] - The Extensible Authentication Protocol service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    1/29/2011 8:38:41 PM, Error: Service Control Manager [7031] - The Computer Browser service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    1/29/2011 8:38:41 PM, Error: Service Control Manager [7031] - The Background Intelligent Transfer Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    1/29/2011 8:27:20 PM, Error: Microsoft-Windows-DistributedCOM [10001] - Unable to start a DCOM Server: {F87B28F1-DA9A-4F35-8EC0-800EFCF26B83} as /. The error: "5" Happened while starting this command: C:\Windows\System32\slui.exe -Embedding
    1/29/2011 8:23:28 PM, Error: volmgr [46] - Crash dump initialization failed!
    1/29/2011 2:01:11 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D3DCB472-7261-43CE-924B-0704BD730D5F} and APPID {D3DCB472-7261-43CE-924B-0704BD730D5F} to the user Rick-PC\Rick SID (S-1-5-21-693517650-2731422384-3352138146-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
    1/29/2011 2:01:11 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {145B4335-FE2A-4927-A040-7C35AD3180EF} and APPID {145B4335-FE2A-4927-A040-7C35AD3180EF} to the user Rick-PC\Rick SID (S-1-5-21-693517650-2731422384-3352138146-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
    1/29/2011 11:31:21 AM, Error: Service Control Manager [7034] - The Application Information service terminated unexpectedly. It has done this 1 time(s).
    1/29/2011 11:31:21 AM, Error: Service Control Manager [7031] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    1/29/2011 11:31:21 AM, Error: Service Control Manager [7031] - The Application Experience service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    1/29/2011 10:57:53 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MMCSS service.
    1/29/2011 10:57:53 AM, Error: Service Control Manager [7000] - The Multimedia Class Scheduler service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    1/29/2011 10:43:23 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AeLookupSvc service.
    1/29/2011 10:43:23 AM, Error: Service Control Manager [7000] - The Application Experience service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    1/29/2011 10:24:06 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Winmgmt service.
     
  10. Pilot_Rick

    Pilot_Rick Thread Starter

    Joined:
    Jun 21, 2008
    Messages:
    12
    1/29/2011 10:08:04 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Application Experience service, but this action failed with the following error: An instance of the service is already running.
    1/28/2011 8:19:24 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Multimedia Class Scheduler service, but this action failed with the following error: An instance of the service is already running.
    1/28/2011 7:37:54 AM, Error: bowser [8003] - The master browser has received a server announcement from the computer N3CR0-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{053E2154-6A0F-40A5-9030-28864ADAD. The master browser is stopping or an election is being forced.
    1/28/2011 2:45:57 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer JAMES-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{053E2154-6A0F-40A5-9030-28864ADAD. The master browser is stopping or an election is being forced.
    1/28/2011 12:52:45 PM, Error: Service Control Manager [7000] - The Application Experience service failed to start due to the following error: The pipe has been ended.
    1/28/2011 11:57:09 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    1/28/2011 11:57:09 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MDM with arguments "" in order to run the server: {0C0A3666-30C9-11D0-8F20-00805F2CD064}
    1/28/2011 11:57:08 AM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
    1/28/2011 11:57:07 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    1/28/2011 11:57:01 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
    1/28/2011 11:57:01 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
    1/28/2011 11:56:58 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    1/28/2011 11:56:51 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
    1/28/2011 11:56:46 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD aswRdr aswSP aswTdi CSC DfsC discache NetBIOS NetBT nsiproxy Psched rdbss spldr tdx VWiFiFlt Wanarpv6 WfpLwf
    1/28/2011 11:56:46 AM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
    1/28/2011 11:56:46 AM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    1/28/2011 11:56:46 AM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    1/28/2011 11:56:46 AM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    1/28/2011 11:56:46 AM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    1/28/2011 11:56:46 AM, Error: Service Control Manager [7001] - The Fax service depends on the Print Spooler service which failed to start because of the following error: The dependency service or group failed to start.
    1/28/2011 11:56:45 AM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    1/28/2011 11:56:45 AM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    1/28/2011 11:56:45 AM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
    1/28/2011 11:56:45 AM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    1/28/2011 11:56:45 AM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    1/28/2011 10:00:39 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Appinfo service.
    1/28/2011 10:00:39 AM, Error: Service Control Manager [7000] - The Application Information service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
     
  11. Pilot_Rick

    Pilot_Rick Thread Starter

    Joined:
    Jun 21, 2008
    Messages:
    12
    1/27/2011 9:56:44 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the gpsvc service.
    1/27/2011 9:56:44 PM, Error: Service Control Manager [7000] - The Group Policy Client service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    1/27/2011 9:56:14 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the EapHost service.
    1/27/2011 9:56:14 PM, Error: Service Control Manager [7000] - The Extensible Authentication Protocol service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    1/27/2011 9:53:54 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the wuauserv service.
    1/27/2011 9:53:54 PM, Error: Service Control Manager [7000] - The Windows Update service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    1/27/2011 9:53:24 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
    1/27/2011 9:52:54 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Themes service.
    1/27/2011 9:52:54 PM, Error: Service Control Manager [7000] - The Themes service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    1/27/2011 9:52:24 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Schedule service.
    1/27/2011 9:52:24 PM, Error: Service Control Manager [7000] - The Task Scheduler service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    1/27/2011 9:51:54 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the BITS service.
    1/27/2011 9:51:54 PM, Error: Service Control Manager [7000] - The Background Intelligent Transfer Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    1/27/2011 11:36:27 PM, Error: Microsoft-Windows-HAL [12] - The platform firmware has corrupted memory across the previous system power transition. Please check for updated firmware for your system.
    1/27/2011 10:58:35 PM, Error: Service Control Manager [7022] - The Server service hung on starting.
    1/27/2011 10:58:35 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: After starting, the service hung in a start-pending state.
    1/27/2011 10:42:05 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service winmgmt with arguments "" in order to run the server: {8BC3F05E-D86B-11D0-A075-00C04FB68820}
    1/27/2011 10:27:55 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ProfSvc service.
    1/27/2011 10:27:55 PM, Error: Service Control Manager [7001] - The Application Information service depends on the User Profile Service service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion.
    1/27/2011 10:27:55 PM, Error: Service Control Manager [7000] - The User Profile Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    1/27/2011 10:01:35 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SENS service.
    1/27/2011 10:01:35 PM, Error: Service Control Manager [7000] - The System Event Notification Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    1/27/2011 10:00:35 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the RasMan service.
    1/27/2011 10:00:35 PM, Error: Service Control Manager [7000] - The Remote Access Connection Manager service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    1/27/2011 10:00:05 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Windows Management Instrumentation service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion.
    1/27/2011 1:30:43 PM, Error: NetBT [4321] - The name "WORKGROUP :1d" could not be registered on the interface with IP address 192.168.1.4. The computer with the IP address 192.168.1.81 did not allow the name to be claimed by this computer.
    1/26/2011 4:17:55 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the LanmanServer service.
    1/26/2011 4:17:24 PM, Error: cdrom [15] - The device, \Device\CdRom0, is not ready for access yet.
     
  12. Pilot_Rick

    Pilot_Rick Thread Starter

    Joined:
    Jun 21, 2008
    Messages:
    12
    1/26/2011 4:17:24 PM, Error: atapi [11] - The driver detected a controller error on \Device\Ide\IdePort1.
    1/26/2011 12:24:45 AM, Error: Service Control Manager [7001] - The Remote Access Connection Manager service depends on the Telephony service which failed to start because of the following error: The service has not been started.
    1/26/2011 12:01:01 PM, Error: Service Control Manager [7043] - The Group Policy Client service did not shut down properly after receiving a preshutdown control.
    1/26/2011 11:48:48 AM, Error: Service Control Manager [7022] - The avast! Antivirus service hung on starting.
     
  13. Pilot_Rick

    Pilot_Rick Thread Starter

    Joined:
    Jun 21, 2008
    Messages:
    12
    Sorry I had to break it all up to send. There are 5 lines that will not send.
     
  14. CatByte

    CatByte Malware Specialist

    Joined:
    Feb 24, 2009
    Messages:
    3,930
    Hi,

    Please do the following

    Refer to the ComboFix User's Guide

    1. Download ComboFix from one of these locations:

      Link 1
      Link 2

      * IMPORTANT !!! Place ComboFix.exe on your Desktop
    2. Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.


      You can get help on disabling your protection programs here
    3. Double click on ComboFix.exe & follow the prompts.
    4. Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
    5. When finished, it shall produce a log for you. Post that log in your next reply

      Note:
      Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


      ---------------------------------------------------------------------------------------------
    6. Ensure your AntiVirus and AntiSpyware applications are re-enabled.

      ---------------------------------------------------------------------------------------------
     
  15. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Similar Threads - Home income wealth
  1. ated19
    Replies:
    4
    Views:
    513
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/977566

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice