|
Malware Removal Discussion about Trojans, viruses, hoaxes, firewalls, spyware, and general Security issues. If you suspect your PC is infected with a virus, trojan or spyware app please include any supporting documentation or logs |
![]() |
|
Topic Tools |
#1
|
|||
|
|||
Computer restarts on it's own, redirects links and more! - Moved by MURF
Once again I am back for help but it's not my fault. I was super careful this time. I went to a site that I normally frequent and got a message that would not go away no matter how many times I closed it telling me "windows needs your permission to continue" or something like that. Instead of unplugging the computer (which I'm not sure would have worked anyway) I clicked continue.
Immediately after that I got a message telling me I had a Trojan-BNK.Win.32.Keylogger.gen and that I needed to use "Vista Security 2012". I did no such thing. Instead I used Malware Bytes and the problem was solved. Or so it seemed. Upon finishing the scan I noticed that links were being redirected, sometimes a new window will pop up by itself going to a random site and the computer would restart itself at random times. |
#2
|
||||
|
||||
I am moving this to our Malware Removal Forum they can help you. Please be patient as they are busy.
|
#3
|
||||
|
||||
Cyba,
In order to take a better look at what is going on with your system, please do the following: Download DDS from one of these locations: Link 1 Link 2 Save it to your Desktop Make sure you temporarily disable your AntiVirus, Firewall, and any other AntiSpyware applications. They may interfere with the programs we are about to run. If you wish to look at information on how to disable these programs, please refer to the information available through this link XP: Double-click the file downloaded to run the program Vista/Windows 7: Right-click DDS and select: Run as Administrator When done, DDS opens two logs: -DDS.txt (Opens on the Desktop) -Attach.txt (Is minimized - shows on the TaskBar) Save the reports to your Desktop, and post both reports in your reply. Also download aswMBR: http://public.avast.com/~gmerek/aswMBR.exe Save it to the Desktop. XP: Double-click the file downloaded to run the program Vista/Windows 7: Right-click the file and select: Run as Administrator Click Scan Upon completion of the scan, click ‘Save log’ and save it to the Desktop. Note - Please do NOT attempt to fix anything!! Also post the aswMBR log in your reply. You will notice another file is created on the Desktop by aswMBR. It is named MBR.dat Please keep the file on the Desktop, and do not open it or do anything with it. This is important, just in case we need to have access to the Master Boot Record (MBR) information. Thanks. |
#4
|
|||
|
|||
Post removed. Aaflac and I posted around the same time..
|
#5
|
|||
|
|||
DDS.txt
.
DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_29 Run by User at 22:42:51 on 2011-12-12 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1015.306 [GMT -5:00] . SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k rpcss C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\SLsvc.exe C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\Dwm.exe C:\Windows\System32\spoolsv.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Windows\System32\igfxpers.exe C:\Windows\System32\hkcmd.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE C:\Windows\system32\taskeng.exe C:\Windows\system32\igfxsrvc.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\SUPERAntiSpyware\SASCORE.EXE C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\lxdacoms.exe C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\WUDFHost.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.bing.com/ uInternet Settings,ProxyOverride = *.local uInternet Settings,ProxyServer = http=127.0.0.1:62263 uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstan ce.dll TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll uRun: [EasyLinkAdvisor] "c:\program files\linksys easylink advisor\LinksysAgent.exe" /startup uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe mRun: [IgfxTray] c:\windows\system32\igfxtray.exe mRun: [Persistence] c:\windows\system32\igfxpers.exe mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logon mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe" mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe" StartupFolder: c:\users\user\appdata\roaming\micros~1\windows\sta rtm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL LSP: mswsock.dll Trusted Zone: internet Trusted Zone: mcafee.com DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab TCP: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11 TCP: Interfaces\{C4E8A6E1-50B3-47A1-A070-D4B34A84A002} : DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11 Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL Notify: igfxcui - igfxdev.dll SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL . ================= FIREFOX =================== . FF - ProfilePath - c:\users\user\appdata\roaming\mozilla\firefox\prof iles\q8tz0ree.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ FF - prefs.js: network.proxy.http - 127.0.0.1 FF - prefs.js: network.proxy.http_port - 62263 FF - prefs.js: network.proxy.type - 0 FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll FF - plugin: c:\program files\wildtangent games\app\browserintegration\registered\2\NP_wtapp .dll . ---- FIREFOX POLICIES ---- FF - user.js: yahoo.homepage.dontask - true FF - user.js: yahoo.ytff.general.dontshowhpoffer - true ============= SERVICES / DRIVERS =============== . R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880] R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664] R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCORE.EXE [2011-7-18 116608] R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-12-7 21504] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\ v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 gupdate1ca8787fbdd5eb8;Google Update Service (gupdate1ca8787fbdd5eb8);c:\program files\google\update\GoogleUpdate.exe [2009-12-28 133104] S2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2010-1-16 1153368] S3 GamesAppService;GamesAppService;c:\program files\wildtangent games\app\GamesAppService.exe [2010-10-12 206072] S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-12-28 133104] S3 NETw2v32;Intel(R) PRO/Wireless 2200BG Network Connection Driver for Windows Vista;c:\windows\system32\drivers\NETw2v32.sys [2006-11-2 2589184] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30 319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504] . =============== Created Last 30 ================ . 2011-12-10 23:48:37 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll 2011-12-10 23:48:37 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll 2011-12-10 23:48:37 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll 2011-12-10 23:48:37 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll 2011-12-10 23:48:37 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll 2011-12-10 23:48:37 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll 2011-12-10 23:48:37 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll 2011-12-10 21:13:26 22216 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-12-10 21:13:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-12-09 07:13:12 6823496 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{58b0c528-d345-4825-a2e1-b0897a596c66}\mpengine.dll 2011-12-08 06:33:05 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll 2011-11-23 18:57:03 0 ---ha-w- c:\users\user\appdata\local\BITB2E9.tmp 2011-11-19 22:07:58 -------- d-----w- c:\users\user\appdata\roaming\SUPERAntiSpyware.com 2011-11-19 22:07:28 -------- d-----w- c:\programdata\!SASCORE 2011-11-19 22:07:24 -------- d-----w- c:\programdata\SUPERAntiSpyware.com 2011-11-19 22:07:24 -------- d-----w- c:\program files\SUPERAntiSpyware . ==================== Find3M ==================== . 2011-12-08 06:34:51 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-10-03 09:06:03 472808 ----a-w- c:\windows\system32\deployJava1.dll 2011-09-20 21:02:55 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys . ============= FINISH: 22:43:27.49 =============== |
#6
|
|||
|
|||
Attach.txt
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft® Windows Vista™ Home Premium Boot Device: \Device\HarddiskVolume2 Install Date: 5/21/2007 2:08:19 PM System Uptime: 12/12/2011 10:36:09 PM (0 hours ago) . Motherboard: ELITEGROUP | | 945GCT-M3 Processor: Intel(R) Pentium(R) D CPU 3.00GHz | Socket 775 | 3000/200mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 223 GiB total, 170.501 GiB free. D: is FIXED (NTFS) - 9 GiB total, 4.406 GiB free. E: is CDROM () F: is Removable G: is Removable H: is Removable I: is Removable . ==== Disabled Device Manager Items ============= . Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318} Description: Microsoft 6to4 Adapter Device ID: ROOT\*6TO4MP\0001 Manufacturer: Microsoft Name: Microsoft 6to4 Adapter PNP Device ID: ROOT\*6TO4MP\0001 Service: tunnel . Class GUID: {4d36e96d-e325-11ce-bfc1-08002be10318} Description: PCI Soft Data Fax Modem with SmartCP Device ID: PCI\VEN_14F1&DEV_2F40&SUBSYS_200014F1&REV_00\4&5C2 F873&0&18F0 Manufacturer: CXT Name: PCI Soft Data Fax Modem with SmartCP PNP Device ID: PCI\VEN_14F1&DEV_2F40&SUBSYS_200014F1&REV_00\4&5C2 F873&0&18F0 Service: Modem . ==== System Restore Points =================== . . ==== Installed Programs ====================== . Update for Microsoft Office 2007 (KB2508958) Activation Assistant for the 2007 Microsoft Office suites Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Reader 8.1.1 Apple Application Support Apple Mobile Device Support Apple Software Update Bejeweled 2 Deluxe Blackhawk Striker 2 Blasterball 3 Bonjour Canon MP Navigator EX 1.2 Canon MP190 series MP Drivers Canon MP190 series User Registration Canon Utilities Easy-PhotoPrint EX Canon Utilities Solution Menu Digital Media Reader Diner Dash - Flo on the Go Drivers Install For Linksys Easylink Advisor eMachines Connect eMachines Recovery Center Installer Family Feud 2 FATE FLV Player 2.0 (build 25) Google Chrome Google Update Helper Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Intel(R) Graphics Media Accelerator Driver iTunes Java Auto Updater Java(TM) 6 Update 29 Java(TM) SE Runtime Environment 6 Update 1 Lexmark 640 Series Linksys EasyLink Advisor 1.6 (0044) Malwarebytes' Anti-Malware version 1.51.2.1300 Microsoft .NET Framework 3.5 SP1 Microsoft Office 2007 Service Pack 2 (SP2) Microsoft Office Excel MUI (English) 2007 Microsoft Office File Validation Add-In Microsoft Office Home and Student 2007 Microsoft Office OneNote MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Word MUI (English) 2007 Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Works Mozilla Firefox 8.0.1 (x86 en-US) MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) OGA Notifier 2.0.0048.0 Penguins! Polar Bowler Polar Golfer Power2Go 5.0 QuickTime Security Update for 2007 Microsoft Office System (KB2288621) Security Update for 2007 Microsoft Office System (KB2288931) Security Update for 2007 Microsoft Office System (KB2345043) Security Update for 2007 Microsoft Office System (KB2553074) Security Update for 2007 Microsoft Office System (KB2553089) Security Update for 2007 Microsoft Office System (KB2553090) Security Update for 2007 Microsoft Office System (KB2584063) Security Update for 2007 Microsoft Office System (KB969559) Security Update for 2007 Microsoft Office System (KB976321) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473) Security Update for Microsoft Office Excel 2007 (KB2553073) Security Update for Microsoft Office InfoPath 2007 (KB979441) Security Update for Microsoft Office PowerPoint 2007 (KB2535818) Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623) Security Update for Microsoft Office system 2007 (972581) Security Update for Microsoft Office system 2007 (KB974234) Security Update for Microsoft Office Visio Viewer 2007 (KB973709) Security Update for Microsoft Office Word 2007 (KB2344993) Spybot - Search & Destroy SUPERAntiSpyware Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Microsoft Office 2007 Help for Common Features (KB963673) Update for Microsoft Office 2007 System (KB2539530) Update for Microsoft Office Excel 2007 Help (KB963678) Update for Microsoft Office OneNote 2007 (KB980729) Update for Microsoft Office OneNote 2007 Help (KB963670) Update for Microsoft Office Powerpoint 2007 Help (KB963669) Update for Microsoft Office Script Editor Help (KB963671) Update for Microsoft Office Word 2007 Help (KB963665) Update Installer for WildTangent Games App WildTangent Games App (eMachines Games) Windows Live installer Windows Live Messenger Windows Media Player Firefox Plugin Yahoo! Detect Yahoo! Messenger Yahoo! Toolbar . ==== Event Viewer Messages From Past Week ======== . 12/9/2011 11:52:24 PM, Error: netbt [4321] - The name "WORKGROUP :1d" could not be registered on the interface with IP address 192.168.1.103. The computer with the IP address 192.168.1.105 did not allow the name to be claimed by this computer. 12/6/2011 2:24:21 AM, Error: bowser [8003] - The master browser has received a server announcement from the computer NATASHABROWN-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{C4E8A6E1-50B3-47A1-A070-D4. The master browser is stopping or an election is being forced. 12/6/2011 10:02:50 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.102 for the Network Card with network address 001BB977EE01 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message). 12/12/2011 6:23:38 PM, Error: EventLog [6008] - The previous system shutdown at 6:20:20 PM on 12/12/2011 was unexpected. 12/12/2011 6:23:23 PM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume . 12/12/2011 5:58:25 PM, Error: EventLog [6008] - The previous system shutdown at 5:56:47 PM on 12/12/2011 was unexpected. 12/12/2011 10:43:15 PM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume \Device\HarddiskVolume2. 12/12/2011 10:40:11 PM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume C:. 12/12/2011 10:38:09 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service. 12/12/2011 10:38:09 PM, Error: Service Control Manager [7003] - The SBSD Security Center Service service depends the following service: wscsvc. This service might not be installed. 12/12/2011 10:38:09 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed. 12/12/2011 10:38:09 PM, Error: Service Control Manager [7003] - The Internet Connection Sharing (ICS) service depends the following service: BFE. This service might not be installed. 12/12/2011 10:38:09 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed. 12/12/2011 1:39:03 PM, Error: EventLog [6008] - The previous system shutdown at 9:00:19 AM on 12/12/2011 was unexpected. 12/11/2011 6:13:48 PM, Error: EventLog [6008] - The previous system shutdown at 6:11:41 PM on 12/11/2011 was unexpected. 12/11/2011 3:02:04 PM, Error: EventLog [6008] - The previous system shutdown at 3:00:08 PM on 12/11/2011 was unexpected. 12/11/2011 2:50:05 AM, Error: Service Control Manager [7022] - The Windows Update service hung on starting. 12/10/2011 4:09:46 PM, Error: EventLog [6008] - The previous system shutdown at 4:07:56 PM on 12/10/2011 was unexpected. 12/10/2011 3:58:26 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC NetBIOS netbt nsiproxy PSched RasAcd rdbss SASDIFSV SASKUTIL Smb spldr tdx Wanarpv6 12/10/2011 3:58:26 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 12/10/2011 3:58:26 PM, Error: Service Control Manager [7001] - The WebDav Client Redirector Driver service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning. 12/10/2011 3:58:26 PM, Error: Service Control Manager [7001] - The WebClient service depends on the WebDav Client Redirector Driver service which failed to start because of the following error: The dependency service or group failed to start. 12/10/2011 3:58:26 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning. 12/10/2011 3:58:26 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning. 12/10/2011 3:58:26 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start. 12/10/2011 3:58:26 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start. 12/10/2011 3:58:26 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service service which failed to start because of the following error: A device attached to the system is not functioning. 12/10/2011 3:58:26 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 12/10/2011 3:58:26 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start. 12/10/2011 3:58:26 PM, Error: Service Control Manager [7001] - The Network Connections service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 12/10/2011 3:58:26 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning. 12/10/2011 3:58:26 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning. 12/10/2011 3:58:26 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start. 12/10/2011 3:57:59 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030} 12/10/2011 3:57:59 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} 12/10/2011 3:57:25 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89} 12/10/2011 3:57:25 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E} 12/10/2011 3:57:25 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF} 12/10/2011 3:57:24 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} 12/10/2011 3:57:15 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC} 12/10/2011 3:57:09 PM, Error: EventLog [6008] - The previous system shutdown at 3:55:19 PM on 12/10/2011 was unexpected. . ==== End Of File =========================== |
#7
|
|||
|
|||
aswMBR log.txt
aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-12-12 22:56:27 ----------------------------- 22:56:27.979 OS Version: Windows 6.0.6002 Service Pack 2 22:56:27.980 Number of processors: 2 586 0x605 22:56:27.981 ComputerName: USER-PC UserName: User 22:56:28.862 Initialize success 22:56:31.426 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4 22:56:31.428 Disk 0 Vendor: WDC_WD2500JS-22NCB1 10.02E02 Size: 238475MB BusType: 3 22:56:33.481 Disk 0 MBR read successfully 22:56:33.484 Disk 0 MBR scan 22:56:33.499 Disk 0 Windows VISTA default MBR code 22:56:33.515 Disk 0 scanning sectors +488392065 22:56:33.645 Disk 0 scanning C:\Windows\system32\drivers 22:56:41.825 Service scanning 22:56:44.312 Modules scanning 22:56:46.423 Module: C:\Windows\system32\DRIVERS\serial.sys **SUSPICIOUS** 22:56:53.071 Disk 0 trace - called modules: 22:56:53.095 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8510ef10]<< 22:56:53.100 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x841f41c8] 22:56:53.104 3 CLASSPNP.SYS[865a38b3] -> nt!IofCallDriver -> [0x85004db0] 22:56:53.448 \Driver\00000688[0x85077b08] -> IRP_MJ_CREATE -> 0x8510ef10 22:56:53.454 Scan finished successfully 22:57:29.447 Disk 0 MBR has been saved successfully to "C:\Users\User\Desktop\MBR.dat" 22:57:29.457 The log file has been saved successfully to "C:\Users\User\Desktop\aswMBR.txt" |
#8
|
||||
|
||||
Cyba,
Thanks for the reports. This infection may not allow you to download files. If this becomes the case, download the files requested to another computer and then transfer them to the Desktop of the infected computer. You can transfer the files using a USB flash drive, CD/DVD, or, external drive. Please download RogueKiller: http://tigzy.geekstogo.com/Tools/RogueKiller.exe Save to the Desktop: •Close all windows •XP - Double-click RogueKiller icon to run the program •Vista/Win7 - Right-click the icon and select: Run as Administrator •When prompted, type 1 (SCAN) and then press: Enter •A report opens on the Desktop: RKreport.txt Please copy/paste the RKreport.txt , and provide it in your reply. Note: If RogueKiller is blocked, do not hesitate to try running it again. If it still fails to run, right-click on the downloaded icon and select 'Rename'. Then, rename it to winlogon and try again. Please do not restart the computer after running RogueKiller Option 1 (Scan), otherwise the infection may reactivate. This scan is a diagnostic. After posting its results we will start the removal process. |
#9
|
|||
|
|||
RKreport.txt
RogueKiller V6.2.0 [12/12/2011] by Tigzy
mail: tigzyRK<at>gmail<dot>com Feedback: http://www.geekstogo.com/forum/files...3-roguekiller/ Blog: http://tigzyrk.blogspot.com Operating System: Windows Vista (6.0.6002 Service Pack 2) 32 bits version Started in : Normal mode User: User [Admin rights] Mode: Scan -- Date : 12/13/2011 15:40:44 ¤¤¤ Bad processes: 0 ¤¤¤ ¤¤¤ Registry Entries: 3 ¤¤¤ [PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (http=127.0.0.1:62263) -> FOUND [HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver: [LOADED] ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ ¤¤¤ MBR Check: ¤¤¤ --- User --- [MBR] 702fddaf4d0c9204380273e0f10fda8f [BSP] 3cb3cdc37eda26a44576f3111b483e43 : MBR Code unknown Partition table: 0 - [XXXXXX] NTFS [VISIBLE] Offset (sectors): 63 | Size: 10141 Mo 1 - [ACTIVE] NTFS [VISIBLE] Offset (sectors): 19808145 | Size: 239914 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[1].txt >> RKreport[1].txt |
#10
|
||||
|
||||
Need to have you run RogueKiller two more times. In one select 2 (Remove), and in the other 4 (Proxy Fix), as follows:
Once again, close all windows •Vista/Win7 - Right-click the RogueKiller icon and select: Run as Administrator •When prompted, type 2 (Remove) and then press Enter •A report opens. Please copy/paste the Mode: Remove/RKreport.txt in your reply. Next, run RogueKiller again. •Vista/Win7 - Right-click the RogueKiller icon and select: Run as Administrator •When prompted, type 4 (Proxy Fix) and then press Enter Also provide the new Mode: Proxy Fix/RKreport.txt in your reply. |
#11
|
|||
|
|||
Remove/RKreport.txt
RogueKiller V6.2.0 [12/12/2011] by Tigzy
mail: tigzyRK<at>gmail<dot>com Feedback: http://www.geekstogo.com/forum/files...3-roguekiller/ Blog: http://tigzyrk.blogspot.com Operating System: Windows Vista (6.0.6002 Service Pack 2) 32 bits version Started in : Normal mode User: User [Admin rights] Mode: Remove -- Date : 12/14/2011 10:14:22 ¤¤¤ Bad processes: 0 ¤¤¤ ¤¤¤ Registry Entries: 3 ¤¤¤ [PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (http=127.0.0.1:62263) -> NOT REMOVED, USE PROXYFIX [HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0) [HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0) ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver: [LOADED] ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ ¤¤¤ MBR Check: ¤¤¤ --- User --- [MBR] 702fddaf4d0c9204380273e0f10fda8f [BSP] 3cb3cdc37eda26a44576f3111b483e43 : MBR Code unknown Partition table: 0 - [XXXXXX] NTFS [VISIBLE] Offset (sectors): 63 | Size: 10141 Mo 1 - [ACTIVE] NTFS [VISIBLE] Offset (sectors): 19808145 | Size: 239914 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[2].txt >> RKreport[1].txt ; RKreport[2].txt |
#12
|
|||
|
|||
Proxy Fix/RKreport.txt
RogueKiller V6.2.0 [12/12/2011] by Tigzy
mail: tigzyRK<at>gmail<dot>com Feedback: http://www.geekstogo.com/forum/files...3-roguekiller/ Blog: http://tigzyrk.blogspot.com Operating System: Windows Vista (6.0.6002 Service Pack 2) 32 bits version Started in : Normal mode User: User [Admin rights] Mode: ProxyFix -- Date : 12/14/2011 10:15:44 ¤¤¤ Bad processes: 0 ¤¤¤ ¤¤¤ Driver: [LOADED] ¤¤¤ ¤¤¤ Registry Entries: 1 ¤¤¤ [PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (http=127.0.0.1:62263) -> DELETED Finished : << RKreport[3].txt >> RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt |
#13
|
||||
|
||||
Are you still getting the message: "Windows needs your permission to continue"?
Any notifications about Trojan-BNK.Win.32.Keylogger.gen? How about prompts from "Vista Security 2012", redirections, or the computer restarting itself? ![]() Please do the following: Download DDS from one of these locations: Link 1 Link 2 Save it to your Desktop Make sure you temporarily disable your AntiVirus, Firewall, and any other AntiSpyware applications. They may interfere with the programs we are about to run. If you wish to look at information on how to disable these programs, please refer to the information available through this link XP: Double-click the file downloaded to run the program Vista/Windows 7: Right-click DDS and select: Run as Administrator When done, DDS opens two logs: -DDS.txt (Opens on the Desktop) -Attach.txt (Is minimized - shows on the TaskBar) Save the reports to your Desktop, and post both reports in your reply. ~~~~ Also download aswMBR: http://public.avast.com/~gmerek/aswMBR.exe Save it to the Desktop. XP: Double-click the file downloaded to run the program Vista/Windows 7: Right-click the file and select: Run as Administrator Click Scan Upon completion of the scan, click ‘Save log’ and save it to the Desktop. Note - Please do NOT attempt to fix anything!! Also post the aswMBR log in your reply. You will notice another file is created on the Desktop by aswMBR. It is named MBR.dat Please keep the file on the Desktop, and do not open it or do anything with it. This is important, just in case we need to have access to the Master Boot Record (MBR) information. Thanks. Last edited by Aaflac; December 15th, 2011 at 12:45 AM. |
#14
|
|||
|
|||
Quote:
. DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_29 Run by User at 21:53:25 on 2011-12-14 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1015.370 [GMT -5:00] . SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k rpcss C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\SLsvc.exe C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Windows\System32\igfxpers.exe C:\Windows\System32\hkcmd.exe C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe C:\Windows\ehome\ehtray.exe C:\Windows\system32\igfxsrvc.exe C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE C:\Windows\ehome\ehmsas.exe C:\Program Files\SUPERAntiSpyware\SASCORE.EXE C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\lxdacoms.exe C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\WUDFHost.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.bing.com/ uInternet Settings,ProxyOverride = *.local uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstan ce.dll TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll uRun: [EasyLinkAdvisor] "c:\program files\linksys easylink advisor\LinksysAgent.exe" /startup uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe mRun: [IgfxTray] c:\windows\system32\igfxtray.exe mRun: [Persistence] c:\windows\system32\igfxpers.exe mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logon mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe" mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe" StartupFolder: c:\users\user\appdata\roaming\micros~1\windows\sta rtm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL LSP: mswsock.dll Trusted Zone: internet Trusted Zone: mcafee.com DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab TCP: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11 TCP: Interfaces\{C4E8A6E1-50B3-47A1-A070-D4B34A84A002} : DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11 Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL Notify: igfxcui - igfxdev.dll SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL . ================= FIREFOX =================== . FF - ProfilePath - c:\users\user\appdata\roaming\mozilla\firefox\prof iles\q8tz0ree.default\ FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll FF - plugin: c:\program files\wildtangent games\app\browserintegration\registered\2\NP_wtapp .dll . ---- FIREFOX POLICIES ---- FF - user.js: yahoo.homepage.dontask - true FF - user.js: yahoo.ytff.general.dontshowhpoffer - true ============= SERVICES / DRIVERS =============== . R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880] R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664] R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCORE.EXE [2011-7-18 116608] R2 5689;5689;c:\windows\temp\5689.sys [2011-12-13 141312] R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-12-7 21504] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\ v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 gupdate1ca8787fbdd5eb8;Google Update Service (gupdate1ca8787fbdd5eb8);c:\program files\google\update\GoogleUpdate.exe [2009-12-28 133104] S2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2010-1-16 1153368] S3 GamesAppService;GamesAppService;c:\program files\wildtangent games\app\GamesAppService.exe [2010-10-12 206072] S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-12-28 133104] S3 NETw2v32;Intel(R) PRO/Wireless 2200BG Network Connection Driver for Windows Vista;c:\windows\system32\drivers\NETw2v32.sys [2006-11-2 2589184] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30 319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504] . =============== Created Last 30 ================ . 2011-12-13 20:40:03 111872 ----a-w- c:\windows\system32\drivers\TrueSight.sys 2011-12-10 23:48:37 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll 2011-12-10 23:48:37 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll 2011-12-10 23:48:37 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll 2011-12-10 23:48:37 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll 2011-12-10 23:48:37 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll 2011-12-10 23:48:37 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll 2011-12-10 23:48:37 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll 2011-12-10 21:13:26 22216 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-12-10 21:13:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-12-09 07:13:12 6823496 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{58b0c528-d345-4825-a2e1-b0897a596c66}\mpengine.dll 2011-12-08 06:33:05 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll 2011-11-23 18:57:03 0 ---ha-w- c:\users\user\appdata\local\BITB2E9.tmp 2011-11-19 22:07:58 -------- d-----w- c:\users\user\appdata\roaming\SUPERAntiSpyware.com 2011-11-19 22:07:28 -------- d-----w- c:\programdata\!SASCORE 2011-11-19 22:07:24 -------- d-----w- c:\programdata\SUPERAntiSpyware.com 2011-11-19 22:07:24 -------- d-----w- c:\program files\SUPERAntiSpyware . ==================== Find3M ==================== . 2011-12-08 06:34:51 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-10-03 09:06:03 472808 ----a-w- c:\windows\system32\deployJava1.dll 2011-09-20 21:02:55 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys . ============= FINISH: 21:54:12.52 =============== |
#15
|
|||
|
|||
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft® Windows Vista™ Home Premium Boot Device: \Device\HarddiskVolume2 Install Date: 5/21/2007 2:08:19 PM System Uptime: 12/14/2011 9:49:05 PM (0 hours ago) . Motherboard: ELITEGROUP | | 945GCT-M3 Processor: Intel(R) Pentium(R) D CPU 3.00GHz | Socket 775 | 3000/200mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 223 GiB total, 168.85 GiB free. D: is FIXED (NTFS) - 9 GiB total, 4.406 GiB free. E: is CDROM () F: is Removable G: is Removable H: is Removable I: is Removable . ==== Disabled Device Manager Items ============= . Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318} Description: Microsoft 6to4 Adapter Device ID: ROOT\*6TO4MP\0001 Manufacturer: Microsoft Name: Microsoft 6to4 Adapter PNP Device ID: ROOT\*6TO4MP\0001 Service: tunnel . Class GUID: {4d36e96d-e325-11ce-bfc1-08002be10318} Description: PCI Soft Data Fax Modem with SmartCP Device ID: PCI\VEN_14F1&DEV_2F40&SUBSYS_200014F1&REV_00\4&5C2 F873&0&18F0 Manufacturer: CXT Name: PCI Soft Data Fax Modem with SmartCP PNP Device ID: PCI\VEN_14F1&DEV_2F40&SUBSYS_200014F1&REV_00\4&5C2 F873&0&18F0 Service: Modem . ==== System Restore Points =================== . . ==== Installed Programs ====================== . Update for Microsoft Office 2007 (KB2508958) Activation Assistant for the 2007 Microsoft Office suites Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Reader 8.1.1 Apple Application Support Apple Mobile Device Support Apple Software Update Bejeweled 2 Deluxe Blackhawk Striker 2 Blasterball 3 Bonjour Canon MP Navigator EX 1.2 Canon MP190 series MP Drivers Canon MP190 series User Registration Canon Utilities Easy-PhotoPrint EX Canon Utilities Solution Menu Digital Media Reader Diner Dash - Flo on the Go Drivers Install For Linksys Easylink Advisor eMachines Connect eMachines Recovery Center Installer Family Feud 2 FATE FLV Player 2.0 (build 25) Google Chrome Google Update Helper Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Intel(R) Graphics Media Accelerator Driver iTunes Java Auto Updater Java(TM) 6 Update 29 Java(TM) SE Runtime Environment 6 Update 1 Lexmark 640 Series Linksys EasyLink Advisor 1.6 (0044) Malwarebytes' Anti-Malware version 1.51.2.1300 Microsoft .NET Framework 3.5 SP1 Microsoft Office 2007 Service Pack 2 (SP2) Microsoft Office Excel MUI (English) 2007 Microsoft Office File Validation Add-In Microsoft Office Home and Student 2007 Microsoft Office OneNote MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Word MUI (English) 2007 Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Works Mozilla Firefox 8.0.1 (x86 en-US) MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) OGA Notifier 2.0.0048.0 Penguins! Polar Bowler Polar Golfer Power2Go 5.0 QuickTime Security Update for 2007 Microsoft Office System (KB2288621) Security Update for 2007 Microsoft Office System (KB2288931) Security Update for 2007 Microsoft Office System (KB2345043) Security Update for 2007 Microsoft Office System (KB2553074) Security Update for 2007 Microsoft Office System (KB2553089) Security Update for 2007 Microsoft Office System (KB2553090) Security Update for 2007 Microsoft Office System (KB2584063) Security Update for 2007 Microsoft Office System (KB969559) Security Update for 2007 Microsoft Office System (KB976321) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473) Security Update for Microsoft Office Excel 2007 (KB2553073) Security Update for Microsoft Office InfoPath 2007 (KB979441) Security Update for Microsoft Office PowerPoint 2007 (KB2535818) Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623) Security Update for Microsoft Office system 2007 (972581) Security Update for Microsoft Office system 2007 (KB974234) Security Update for Microsoft Office Visio Viewer 2007 (KB973709) Security Update for Microsoft Office Word 2007 (KB2344993) Spybot - Search & Destroy SUPERAntiSpyware Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Microsoft Office 2007 Help for Common Features (KB963673) Update for Microsoft Office 2007 System (KB2539530) Update for Microsoft Office Excel 2007 Help (KB963678) Update for Microsoft Office OneNote 2007 (KB980729) Update for Microsoft Office OneNote 2007 Help (KB963670) Update for Microsoft Office Powerpoint 2007 Help (KB963669) Update for Microsoft Office Script Editor Help (KB963671) Update for Microsoft Office Word 2007 Help (KB963665) Update Installer for WildTangent Games App WildTangent Games App (eMachines Games) Windows Live installer Windows Live Messenger Windows Media Player Firefox Plugin Yahoo! Detect Yahoo! Messenger Yahoo! Toolbar . ==== Event Viewer Messages From Past Week ======== . 12/14/2011 9:53:57 PM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume \Device\HarddiskVolume2. 12/14/2011 9:51:05 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service. 12/14/2011 9:51:05 PM, Error: Service Control Manager [7003] - The SBSD Security Center Service service depends the following service: wscsvc. This service might not be installed. 12/14/2011 9:51:05 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed. 12/14/2011 9:51:05 PM, Error: Service Control Manager [7003] - The Internet Connection Sharing (ICS) service depends the following service: BFE. This service might not be installed. 12/14/2011 9:51:05 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed. 12/14/2011 5:53:51 PM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume C:. . ==== End Of File =========================== |
![]() |
Bookmarks |
«
Previous Topic
|
Next Topic
»
|
|
![]() |
||||
Topic | Topic Starter | Forum | Replies | Last Post |
Google redirects links | ballrd | Malware Removal | 1 | June 27th, 2010 02:58 AM |
Computer is running slow and Google redirects-Moved by Murf | okgojoe | Malware Removal | 39 | June 3rd, 2009 09:13 PM |
computer slow (Moved by Murf) | ocq | Malware Removal | 3 | May 7th, 2006 03:26 AM |
Computer too slow (Moved by Murf) | gamemaster | Malware Removal | 2 | September 20th, 2005 02:15 AM |
Computer UNDER ATTACK - {Moved by Murf} | tkdit | Malware Removal | 2 | March 31st, 2005 06:37 AM |
All times are GMT +1. The time now is 03:50 PM.