Jump to content
IObit Forum
Top Free Driver Updater Tools Best 25 PC Optimization Software Best 22 Antimalware Best 22 Uninstaller Software IObit Coupons & Discount Offers PC Optimizer Mac Boost Advice IObit Coupons A Good Utility Program From IObit IObit Promo Codes IObit Coupon Codes IObit Coupons and Deals FAQs Driver Booster Pro Review

I need Help!

rrmoutray

Recommended Posts

rrmoutray Newbie

rrmoutray

Posted
Posted

I have some sort of Malware and I cannot run anything which would help remove it. I have Advanced SystemCare Pro, it finds nothing, I downloaded IOBit Malware Fighter and it will not run. I get error message for this and others that say "A device attached to the system is not functioning". This happens on a few of my programs. Dreamweaver, AutoCad and others. I ran IOBit System explorer and post it here to see if it helps.

 

Advanced SystemCare Diagnose Report v1.0

Date: 2012/06/04 18:52:56

 

----------------------------------

01 - Operating System

----------------------------------

 

0101 - Operating System : Windows Vista™ Ultimate (6.0, Build 6002) Service Pack 2 (6002.vistasp2_gdr.120402-0336)

0102 - Language : English (Regional Setting: English)

0103 - BIOS : Phoenix ROM BIOS PLUS Version 1.10 A10

0104 - Processor : Intel® Core2 Duo CPU T9300 @ 2.50GHz (2 CPUs), ~2.5GHz

0105 - Memory : 3070MB RAM

0107 - Page File : 2508MB used, 3828MB available

0108 - Windows Dir : C:\Windows

0109 - DirectX Version : DirectX 11

0110 - DX Setup Parameters : Not found

0114 - DxDiag Version : 7.00.6002.18107

 

----------------------------------

02 - Processor

----------------------------------

 

0201 - Caption : Intel® Core2 Duo CPU T9300 @ 2.50GHz x2 ~2501MHz

0202 - Current Clock Speed : 1200MHz

 

----------------------------------

03 - Video Adapter

----------------------------------

 

0301 - Card Name : NVIDIA GeForce 8700M GT

0302 - Manufacturer : NVIDIA

0303 - Chip Type : NVxx

0304 - DAC Type : Integrated RAMDAC

0305 - Device Key : Enum\PCI\VEN_10DE&DEV_0409&SUBSYS_019C1028&REV_A1

0306 - Display Memory : 1520 MB

0307 - AdapterRAM : N/A

0308 - Current Mode : 1680 x 1050 (32 bit) (60Hz)

0309 - Monitor Name : Generic PnP Monitor

0310 - Driver Name : nvd3dum.dll,nvwgf2um.dll

0311 - Driver Version : 7.15.0011.7678

0312 - Driver Language : English

0313 - DDI Version : 10

0315 - Driver Beta : False

0316 - Driver Debug : False

0317 - Driver Date : 10/23/2008 02:09:00

0318 - Driver Size : 5898240

0319 - VDD : n/a

0320 - Mini VDD : n/a

0321 - Mini VDD Date : n/a

0322 - Mini VDD Size : 0

0323 - Device Identifier : {D7B71E3E-4749-11CF-666E-972101C2CA35}

0324 - Vendor ID : 0x10DE

0325 - Device ID : 0x0409

0326 - SubSys ID : 0x019C1028

0327 - Revision ID : 0x00A1

0330 - Video Accel : ModeMPEG2_A ModeMPEG2_C ModeVC1_C ModeWMV9_C ModeVC1_B ModeWMV9_B ModeVC1_A ModeWMV9_A

0331 - Deinterlace Caps : {6CB69578-7617-4637-91E5-1C02DB810285}: Format(In/Out)=(YUY2,YUY2) Frames(Prev/Fwd/Back)=(0,0,0) Caps=VideoProcess_YUV2RGB VideoProcess_StretchX VideoProcess_StretchY DeinterlaceTech_PixelAdaptive

{5A54A0C9-C7EC-4BD9-8EDE-F3C75DC4393B}: Format(In/Out)=(YUY2,YUY2) Frames(Prev/Fwd/Back)=(0,0,0) Caps=VideoProcess_YUV2RGB VideoProcess_StretchX VideoProcess_StretchY

{335AA36E-7884-43A4-9C91-7F87FAF3E37E}: Format(In/Out)=(YUY2,YUY2) Frames(Prev/Fwd/Back)=(0,0,0) Caps=VideoProcess_YUV2RGB VideoProcess_StretchX VideoProcess_StretchY DeinterlaceTech_BOBVerticalStretch

{B338D50D-A64A-4790-AC01-475B64252A78}: Format(In/Out)=(YUY2,YUY2) Frames(Prev/Fwd/Back)=(0,0,0) Caps=VideoProcess_YUV2RGB VideoProcess_StretchX VideoProcess_StretchY DeinterlaceTech_BOBVerticalStretch

{6CB69578-7617-4637-91E5-1C02DB810285}: Format(In/Out)=(UYVY,UYVY) Frames(Prev/Fwd/Back)=(0,0,0) Caps=VideoProcess_YUV2RGB VideoProcess_StretchX VideoProcess_StretchY DeinterlaceTech_PixelAdaptive

{5A54A0C9-C7EC-4BD9-8EDE-F3C75DC4393B}: Format(In/Out)=(UYVY,UYVY) Frames(Prev/Fwd/Back)=(0,0,0) Caps=VideoProcess_YUV2RGB VideoProcess_StretchX VideoProcess_StretchY

{335AA36E-7884-43A4-9C91-7F87FAF3E37E}: Format(In/Out)=(UYVY,UYVY) Frames(Prev/Fwd/Back)=(0,0,0) Caps=VideoProcess_YUV2RGB VideoProcess_StretchX VideoProcess_StretchY DeinterlaceTech_BOBVerticalStretch

{B338D50D-A64A-4790-AC01-475B64252A78}: Format(In/Out)=(UYVY,UYVY) Frames(Prev/Fwd/Back)=(0,0,0) Caps=VideoProcess_YUV2RGB VideoProcess_StretchX VideoProcess_StretchY DeinterlaceTech_BOBVerticalStretch

{6CB69578-7617-4637-91E5-1C02DB810285}: Format(In/Out)=(YV12,0x32315659) Frames(Prev/Fwd/Back)=(0,0,0) Caps=VideoProcess_YUV2RGB VideoProcess_StretchX VideoProcess_StretchY DeinterlaceTech_PixelAdaptive

{5A54A0C9-C7EC-4BD9-8EDE-F3C75DC4393B}: Format(In/Out)=(YV12,0x32315659) Frames(Prev/Fwd/Back)=(0,0,0) Caps=VideoProcess_YUV2RGB VideoProcess_StretchX VideoProcess_StretchY

{335AA36E-7884-43A4-9C91-7F87FAF3E37E}: Format(In/Out)=(YV12,0x32315659) Frames(Prev/Fwd/Back)=(0,0,0) Caps=VideoProcess_YUV2RGB VideoProcess_StretchX VideoProcess_StretchY DeinterlaceTech_BOBVerticalStretch

{B338D50D-A64A-4790-AC01-475B64252A78}: Format(In/Out)=(YV12,0x32315659) Frames(Prev/Fwd/Back)=(0,0,0) Caps=VideoProcess_YUV2RGB VideoProcess_StretchX VideoProcess_StretchY DeinterlaceTech_BOBVerticalStretch

{6CB69578-7617-4637-91E5-1C02DB810285}: Format(In/Out)=(NV12,0x3231564e) Frames(Prev/Fwd/Back)=(0,0,0) Caps=VideoProcess_YUV2RGB VideoProcess_StretchX VideoProcess_StretchY DeinterlaceTech_PixelAdaptive

{5A54A0C9-C7EC-4BD9-8EDE-F3C75DC4393B}: Format(In/Out)=(NV12,0x3231564e) Frames(Prev/Fwd/Back)=(0,0,0) Caps=VideoProcess_YUV2RGB VideoProcess_StretchX VideoProcess_StretchY

{335AA36E-7884-43A4-9C91-7F87FAF3E37E}: Format(In/Out)=(NV12,0x3231564e) Frames(Prev/Fwd/Back)=(0,0,0) Caps=VideoProcess_YUV2RGB VideoProcess_StretchX VideoProcess_StretchY DeinterlaceTech_BOBVerticalStretch

{B338D50D-A64A-4790-AC01-475B64252A78}: Format(In/Out)=(NV12,0x3231564e) Frames(Prev/Fwd/Back)=(0,0,0) Caps=VideoProcess_YUV2RGB VideoProcess_StretchX VideoProcess_StretchY DeinterlaceTech_BOBVerticalStretch

{6CB69578-7617-4637-91E5-1C02DB810285}: Format(In/Out)=(IMC1,UNKNOWN) Frames(Prev/Fwd/Back)=(0,0,0) Caps=

{5A54A0C9-C7EC-4BD9-8EDE-F3C75DC4393B}: Format(In/Out)=(IMC1,UNKNOWN) Frames(Prev/Fwd/Back)=(0,0,0) Caps=

{335AA36E-7884-43A4-9C91-7F87FAF3E37E}: Format(In/Out)=(IMC1,UNKNOWN) Frames(Prev/Fwd/Back)=(0,0,0) Caps=

{B338D50D-A64A-4790-AC01-475B64252A78}: Format(In/Out)=(IMC1,UNKNOWN) Frames(Prev/Fwd/Back)=(0,0,0) Caps=

{6CB69578-7617-4637-91E5-1C02DB810285}: Format(In/Out)=(IMC2,UNKNOWN) Frames(Prev/Fwd/Back)=(0,0,0) Caps=

{5A54A0C9-C7EC-4BD9-8EDE-F3C75DC4393B}: Format(In/Out)=(IMC2,UNKNOWN) Frames(Prev/Fwd/Back)=(0,0,0) Caps=

{335AA36E-7884-43A4-9C91-7F87FAF3E37E}: Format(In/Out)=(IMC2,UNKNOWN) Frames(Prev/Fwd/Back)=(0,0,0) Caps=

{B338D50D-A64A-4790-AC01-475B64252A78}: Format(In/Out)=(IMC2,UNKNOWN) Frames(Prev/Fwd/Back)=(0,0,0) Caps=

{6CB69578-7617-4637-91E5-1C02DB810285}: Format(In/Out)=(IMC3,UNKNOWN) Frames(Prev/Fwd/Back)=(0,0,0) Caps=

{5A54A0C9-C7EC-4BD9-8EDE-F3C75DC4393B}: Format(In/Out)=(IMC3,UNKNOWN) Frames(Prev/Fwd/Back)=(0,0,0) Caps=

{335AA36E-7884-43A4-9C91-7F87FAF3E37E}: Format(In/Out)=(IMC3,UNKNOWN) Frames(Prev/Fwd/Back)=(0,0,0) Caps=

{B338D50D-A64A-4790-AC01-475B64252A78}: Format(In/Out)=(IMC3,UNKNOWN) Frames(Prev/Fwd/Back)=(0,0,0) Caps=

{6CB69578-7617-4637-91E5-1C02DB810285}: Format(In/Out)=(IMC4,UNKNOWN) Frames(Prev/Fwd/Back)=(0,0,0) Caps=

{5A54A0C9-C7EC-4BD9-8EDE-F3C75DC4393B}: Format(In/Out)=(IMC4,UNKNOWN) Frames(Prev/Fwd/Back)=(0,0,0) Caps=

{335AA36E-7884-43A4-9C91-7F87FAF3E37E}: Format(In/Out)=(IMC4,UNKNOWN) Frames(Prev/Fwd/Back)=(0,0,0) Caps=

{B338D50D-A64A-4790-AC01-475B64252A78}: Format(In/Out)=(IMC4,UNKNOWN) Frames(Prev/Fwd/Back)=(0,0,0) Caps=

{6CB69578-7617-4637-91E5-1C02DB810285}: Format(In/Out)=(S340,UNKNOWN) Frames(Prev/Fwd/Back)=(0,0,0) Caps=

{5A54A0C9-C7EC-4BD9-8EDE-F3C75DC4393B}: Format(In/Out)=(S340,UNKNOWN) Frames(Prev/Fwd/Back)=(0,0,0) Caps=

{335AA36E-7884-43A4-9C91-7F87FAF3E37E}: Format(In/Out)=(S340,UNKNOWN) Frames(Prev/Fwd/Back)=(0,0,0) Caps=

{B338D50D-A64A-4790-AC01-475B64252A78}: Format(In/Out)=(S340,UNKNOWN) Frames(Prev/Fwd/Back)=(0,0,0) Caps=

{6CB69578-7617-4637-91E5-1C02DB810285}: Format(In/Out)=(S342,UNKNOWN) Frames(Prev/Fwd/Back)=(0,0,0) Caps=

{5A54A0C9-C7EC-4BD9-8EDE-F3C75DC4393B}: Format(In/Out)=(S342,UNKNOWN) Frames(Prev/Fwd/Back)=(0,0,0) Caps=

{335AA36E-7884-43A4-9C91-7F87FAF3E37E}: Format(In/Out)=(S342,UNKNOWN) Frames(Prev/Fwd/Back)=(0,0,0) Caps=

{B338D50D-A64A-4790-AC01-475B64252A78}: Format(In/Out)=(S342,UNKNOWN) Frames(Prev/Fwd/Back)=(0,0,0) Caps=

0334 - DDraw Status : Enabled

0335 - D3D Status : Enabled

0336 - AGP Status : Enabled

0337 - Notes : No problems found.

 

0338 - OpenGL : 6.0.6000.16386 (vista_rtm.061101-2205)

 

----------------------------------

04 - Memory

----------------------------------

 

0401 - Total Memory : 3.00 GB

0402 - Free Memory : 763.27 MB

0403 - Total Pagefile : 6.19 GB

0404 - Free Pagefile : 3.72 GB

 

0405 - Bank Label : N/A

0406 - Speed : 667 MHz

0407 - Total Width : 64 Bits

0408 - Capacity : 2.00 GB

 

0405 - Bank Label : N/A

0406 - Speed : 667 MHz

0407 - Total Width : 64 Bits

0408 - Capacity : 2.00 GB

 

----------------------------------

05 - Network

----------------------------------

 

0501 - Description : Intel® Wireless WiFi Link 4965AGN

0502 - Driver Date : 9-26-2007

0503 - Driver Version : 11.5.0.32

 

----------------------------------

06 - Motherboard

----------------------------------

 

0601 - Model : 0KX412

0602 - Manufacturer : Dell Inc.

 

----------------------------------

07 - Sound Device

----------------------------------

 

0702 - Default Sound Playback : False

0703 - Default Voice Playback : False

0714 - Min/Max Sample Rate : 4642746, 4642746

0715 - Static/Strm HW Mix Bufs : 4642746, 4642746

0716 - Static/Strm HW 3D Bufs : 4642746, 4642746

0717 - HW Memory : 4642754

0718 - Voice Management : False

0719 - EAX 2.0 Listen/Src : False, False

0720 - I3DL2 Listen/Src : False, False

0721 - Notes : No sound card was found. If one is expected, you should install a sound driver provided by the hardware manufacturer.

 

 

----------------------------------

08 - Hard Disk

----------------------------------

 

0801 - Model : NULL

0802 - Media Type : Fixed hard disk media

0803 - Size : 119.24 GB

0804 - Interface Type : Serial ATA

 

0801 - Model : ST9250421ASG(Seagate, 250G)

0802 - Media Type : Fixed hard disk media

0803 - Size : 232.88 GB

0804 - Interface Type : Serial ATA

0805 - Driver Date : 6-21-2006

0806 - Driver Version : 6.0.6002.18005

 

0807 - Caption : C:\

0808 - Capacity : 106.66 GB

0809 - Free Space : 54.62 GB

0810 - Drive Type : 3-Fixed

0811 - File System : NTFS

 

0807 - Caption : D:\

0808 - Capacity : 232.88 GB

0809 - Free Space : 133.03 GB

0810 - Drive Type : 3-Fixed

0811 - File System : NTFS

 

0807 - Caption : E:\

0808 - Capacity : 10.00 GB

0809 - Free Space : 3.56 GB

0810 - Drive Type : 3-Fixed

0811 - File System : NTFS

 

----------------------------------

09 - Process

----------------------------------

 

0901 - 0000 Idle 0 0 0

0901 - 0004 System 0 0 0

0901 - 01f0 smss.exe 0 0 0 normal C:\Windows\system32

0901 - 0278 csrss.exe 0 0 0 normal C:\Windows\system32

0901 - 02b0 wininit.exe 0 0 0 high C:\Windows\system32

0901 - 02dc services.exe 0 0 0 normal C:\Windows\system32

0901 - 02e8 lsass.exe 0 0 0 normal C:\Windows\system32

0901 - 02f0 lsm.exe 0 0 0 normal C:\Windows\system32

0901 - 037c svchost.exe 0 0 0 normal C:\Windows\system32

0901 - 03a4 ASCService.exe 0 0 0 high D:\Program Files\IObit\Advanced SystemCare 5

0901 - 03ec nvvsvc.exe 0 0 0 normal C:\Windows\system32

0901 - 0408 svchost.exe 0 0 0 normal C:\Windows\system32

0901 - 049c svchost.exe 0 0 0 normal C:\Windows\System32

0901 - 04bc svchost.exe 0 0 0 normal C:\Windows\System32

0901 - 04fc svchost.exe 0 0 0 below normal C:\Windows\system32

0901 - 0530 audiodg.exe 0 0 0

0901 - 0554 svchost.exe 0 0 0 normal C:\Windows\system32

0901 - 0568 SLsvc.exe 0 0 0 normal C:\Windows\system32

0901 - 0594 svchost.exe 0 0 0 normal C:\Windows\system32

0901 - 05e4 DockLogin.exe 0 0 0 realtime C:\Program Files\Dell\DellDock

0901 - 0630 svchost.exe 0 0 0 normal C:\Windows\system32

0901 - 0708 spoolsv.exe 0 0 0 normal C:\Windows\System32

0901 - 0720 svchost.exe 0 0 0 normal C:\Windows\system32

0901 - 07a4 aestsrv.exe 0 0 0 normal C:\Windows\system32

0901 - 07b0 AGCoreService.exe 0 0 0 normal C:\Program Files\AGI\core\4.2.0.10753

0901 - 07c8 mDNSResponder.exe 0 0 0 normal C:\Program Files\Bonjour

0901 - 07d8 svchost.exe 0 0 0 normal C:\Windows\system32

0901 - 07ec cvpnd.exe 0 0 0 normal d:\Program Files\Cisco Systems\VPN Client

0901 - 00e8 NServiceEntry.exe 0 0 0 normal D:\Program Files\Motorola Media Link

0901 - 0180 svchost.exe 0 0 0 normal C:\Windows\system32

0901 - 01ac Iaantmon.exe 0 0 0 normal C:\Program Files\Intel\Intel Matrix Storage Manager

0901 - 0264 ccSvcHst.exe 0 0 0 normal C:\Program Files\Norton 360\Engine\6.2.1.5

0901 - 03f4 svchost.exe 0 0 0 normal C:\Windows\System32

0901 - 04f4 svchost.exe 0 0 0 normal C:\Windows\System32

0901 - 05e0 svchost.exe 0 0 0 normal C:\Windows\system32

0901 - 0920 svchost.exe 0 0 0 normal C:\Windows\system32

0901 - 0950 TomTomHOMEService.exe 0 0 0 normal D:\Program Files\TomTom HOME 2

0901 - 09b0 WLIDSVC.EXE 0 0 0 normal C:\Program Files\Common Files\Microsoft Shared\Windows Live

0901 - 09e4 SearchIndexer.exe 0 0 0 normal C:\Windows\system32

0901 - 0a0c NicConfigSvc.exe 0 0 0 normal C:\Program Files\Dell\QuickSet

0901 - 0a1c WLIDSvcM.exe 0 0 0 normal C:\Program Files\Common Files\Microsoft Shared\Windows Live

0901 - 0b38 wmiprvse.exe 0 0 0 normal C:\Windows\system32\wbem

0901 - 0c2c csrss.exe 2 154 80 normal C:\Windows\system32

0901 - 0c50 winlogon.exe 2 25 0 high C:\Windows\system32

0901 - 0cb4 rundll32.exe 2 18 12 normal C:\Windows\system32

0901 - 0d20 ccSvcHst.exe 2 34 44 normal C:\Program Files\Norton 360\Engine\6.2.1.5

0901 - 0d50 taskeng.exe 0 0 0 below normal C:\Windows\system32

0901 - 0de4 taskeng.exe 2 22 26 normal C:\Windows\system32

0901 - 091c svchost.exe 0 0 0 below normal C:\Windows\system32

0901 - 0f48 DllHost.exe 0 0 0 normal C:\Windows\system32

0901 - 0e6c Dwm.exe 2 14 2 high C:\Windows\system32

0901 - 0cbc Explorer.EXE 2 331 209 normal C:\Windows

0901 - 055c SynTPEnh.exe 2 37 22 above normal C:\Program Files\Synaptics\SynTP

0901 - 08d0 IAAnotif.exe 2 44 21 normal C:\Program Files\Intel\Intel Matrix Storage Manager

0901 - 0f80 PCMService.exe 2 15 16 normal C:\Program Files\Dell\MediaDirect

0901 - 0cc0 GrooveMonitor.exe 2 9 4 normal C:\Program Files\Microsoft Office\Office12

0901 - 02d4 hpwuSchd2.exe 2 9 4 normal D:\Program Files\HP\HP Software Update

0901 - 0808 ipoint.exe 2 12 38 normal C:\Program Files\Microsoft IntelliPoint

0901 - 0488 rundll32.exe 2 17 7 normal C:\Windows\System32

0901 - 0468 rundll32.exe 2 15 6 normal C:\Windows\System32

0901 - 0394 sidebar.exe 2 61 36 normal C:\Program Files\Windows Sidebar

0901 - 0af0 ASCTray.exe 2 68 34 normal D:\Program Files\IObit\Advanced SystemCare 5

0901 - 0f04 hpqtra08.exe 2 15 20 normal D:\Program Files\HP\Digital Imaging\bin

0901 - 0918 quickset.exe 2 12 10 normal C:\Program Files\Dell\QuickSet

0901 - 0c70 TimeLeft.exe 2 209 129 normal D:\Program Files\TimeLeft3

0901 - 10f4 sidebar.exe 2 41 28 normal C:\Program Files\Windows Sidebar

0901 - 11e4 hpqSTE08.exe 2 9 6 normal D:\Program Files\HP\Digital Imaging\bin

0901 - 1204 hpqbam08.exe 2 39 10 normal D:\Program Files\HP\Digital Imaging\bin

0901 - 13a0 ASC.exe 2 1599 287 normal D:\Program Files\IObit\Advanced SystemCare 5

0901 - 1454 iexplore.exe 2 235 94 normal C:\Program Files\Internet Explorer

0901 - 1480 iexplore.exe 2 342 156 normal C:\Program Files\Internet Explorer

0901 - 1770 SynTPHelper.exe 2 9 3 above normal C:\Program Files\Synaptics\SynTP

0901 - 0f40 DelayLoad.exe 2 36 24 normal D:\Program Files\IObit\Advanced SystemCare 5

0901 - 1388 svchost.exe 0 0 0 normal C:\Windows\system32

0901 - 1394 wuauclt.exe 2 12 5 below normal C:\Windows\system32

0901 - 0e78 iexplore.exe 2 224 118 normal C:\Program Files\Internet Explorer

0901 - 0364 sus10_sysexplorer.exe 2 102 45 normal D:\Program Files\IObit\Advanced SystemCare 5

0901 - 05f8 wmiprvse.exe 0 0 0 normal C:\Windows\system32\wbem

0901 - 0e3c taskeng.exe 0 0 0 below normal

 

 

----------------------------------

10 - Service

----------------------------------

 

1001 - Advanced SystemCare Service 5 - [D:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe]

1001 - Andrea ST Filters Service - [C:\Windows\system32\aestsrv.exe]

1001 - AG Core Services - ["C:\Program Files\AGI\core\4.2.0.10753\AGCoreService.exe"]

1001 - Application Information - [C:\Windows\system32\svchost.exe -k netsvcs]

1001 - Windows Audio Endpoint Builder - [C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted]

1001 - Windows Audio - [C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted]

1001 - Base Filtering Engine - [C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork]

1001 - Background Intelligent Transfer Service - [C:\Windows\System32\svchost.exe -k netsvcs]

1001 - Bonjour Service - ["C:\Program Files\Bonjour\mDNSResponder.exe"]

1001 - Computer Browser - [C:\Windows\System32\svchost.exe -k netsvcs]

1001 - Bluetooth Support Service - [C:\Windows\system32\svchost.exe -k bthsvcs]

1001 - Cryptographic Services - [C:\Windows\system32\svchost.exe -k NetworkService]

1001 - Cisco Systems, Inc. VPN Service - ["d:\Program Files\Cisco Systems\VPN Client\cvpnd.exe"]

1001 - DeviceMonitorService - ["D:\Program Files\Motorola Media Link\NServiceEntry.exe"]

1001 - DHCP Client - [C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted]

1001 - DNS Client - [C:\Windows\system32\svchost.exe -k NetworkService]

1001 - Dock Login Service - [C:\Program Files\Dell\DellDock\DockLogin.exe]

1001 - Extensible Authentication Protocol - [C:\Windows\System32\svchost.exe -k netsvcs]

1001 - ReadyBoost - [C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted]

1001 - Windows Event Log - [C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted]

1001 - COM+ Event System - [C:\Windows\system32\svchost.exe -k LocalService]

1001 - Windows Font Cache Service - [C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation]

1001 - Human Interface Device Access - [C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted]

1001 - hpqcxs08 - [C:\Windows\system32\svchost.exe -k hpdevmgmt]

1001 - HP CUE DeviceDiscovery Service - [C:\Windows\system32\svchost.exe -k hpdevmgmt]

1001 - HP Network Devices Support - [C:\Windows\system32\svchost.exe -k HPService]

1001 - Intel® Matrix Storage Event Monitor - [C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe]

1001 - IKE and AuthIP IPsec Keying Modules - [C:\Windows\system32\svchost.exe -k netsvcs]

1001 - CNG Key Isolation - [C:\Windows\system32\lsass.exe]

1001 - KtmRm for Distributed Transaction Coordinator - [C:\Windows\System32\svchost.exe -k NetworkService]

1001 - Server - [C:\Windows\system32\svchost.exe -k netsvcs]

1001 - Workstation - [C:\Windows\System32\svchost.exe -k LocalService]

1001 - TCP/IP NetBIOS Helper - [C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted]

1001 - Multimedia Class Scheduler - [C:\Windows\system32\svchost.exe -k netsvcs]

1001 - Windows Firewall - [C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork]

1001 - Net Driver HPZ12 - [C:\Windows\System32\svchost.exe -k HPZ12]

1001 - Network Connections - [C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted]

1001 - Network List Service - [C:\Windows\System32\svchost.exe -k LocalService]

1001 - Dell Internal Network Card Power Management - ["C:\Program Files\Dell\QuickSet\NicConfigSvc.exe"]

1001 - Network Location Awareness - [C:\Windows\System32\svchost.exe -k NetworkService]

1001 - Network Store Interface Service - [C:\Windows\system32\svchost.exe -k LocalService]

1001 - NVIDIA Display Driver Service - [C:\Windows\system32\nvvsvc.exe]

1001 - Program Compatibility Assistant Service - [C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted]

1001 - Plug and Play - [C:\Windows\system32\svchost.exe -k DcomLaunch]

1001 - Pml Driver HPZ12 - [C:\Windows\System32\svchost.exe -k HPZ12]

1001 - IPsec Policy Agent - [C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted]

1001 - User Profile Service - [C:\Windows\system32\svchost.exe -k netsvcs]

1001 - Remote Access Connection Manager - [C:\Windows\system32\svchost.exe -k netsvcs]

1001 - Security Accounts Manager - [C:\Windows\system32\lsass.exe]

1001 - Secondary Logon - [C:\Windows\system32\svchost.exe -k netsvcs]

1001 - System Event Notification Service - [C:\Windows\system32\svchost.exe -k netsvcs]

1001 - Shell Hardware Detection - [C:\Windows\System32\svchost.exe -k netsvcs]

1001 - Software Licensing - [C:\Windows\system32\SLsvc.exe]

1001 - Print Spooler - [C:\Windows\System32\spoolsv.exe]

1001 - SSDP Discovery - [C:\Windows\system32\svchost.exe -k LocalService]

1001 - Secure Socket Tunneling Protocol Service - [C:\Windows\system32\svchost.exe -k LocalService]

1001 - Windows Image Acquisition (WIA) - [C:\Windows\system32\svchost.exe -k imgsvc]

1001 - Superfetch - [C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted]

1001 - Telephony - [C:\Windows\System32\svchost.exe -k NetworkService]

1001 - Terminal Services - [C:\Windows\System32\svchost.exe -k NetworkService]

1001 - Themes - [C:\Windows\System32\svchost.exe -k netsvcs]

1001 - TomTomHOMEService - [D:\Program Files\TomTom HOME 2\TomTomHOMEService.exe]

1001 - Distributed Link Tracking Client - [C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted]

1001 - Desktop Window Manager Session Manager - [C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted]

1001 - Windows Time - [C:\Windows\system32\svchost.exe -k LocalService]

1001 - Windows Management Instrumentation - [C:\Windows\system32\svchost.exe -k netsvcs]

1001 - WLAN AutoConfig - [C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted]

1001 - Windows Live ID Sign-in Assistant - ["C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"]

1001 - Security Center - [C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted]

1001 - Windows Search - [C:\Windows\system32\SearchIndexer.exe /Embedding]

1001 - Windows Update - [C:\Windows\system32\svchost.exe -k netsvcs]

1001 - Windows Driver Foundation - User-mode Driver Framework - [C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted]

 

----------------------------------

11 - Windows Express

----------------------------------

 

1101 - System Score : 5.1

1102 - Memory Score : 5.1

1103 - CPU Score : 5.4

1104 - Graphics Score : 5.9

1105 - Gaming Score : 5.6

1106 - Disk Score : 5.9

 

----------------------------------

12 - Event Log

----------------------------------

 

1201 - Time : 6/5/2012 6:38:22 AM

1202 - Source : WinMgmt

1203 - Description : Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

 

1201 - Time : 6/5/2012 6:38:18 AM

1202 - Source : profsvc

1203 - Description : Windows cannot log you on because your profile cannot be loaded. Check that you are connected to the network, and that your network is functioning correctly. DETAIL - Only part of a ReadProcessMemory or WriteProcessMemory request was completed.

 

1201 - Time : 6/5/2012 6:33:31 AM

1202 - Source : profsvc

1203 - Description : Windows cannot log you on because your profile cannot be loaded. Check that you are connected to the network, and that your network is functioning correctly. DETAIL - Only part of a ReadProcessMemory or WriteProcessMemory request was completed.

 

1201 - Time : 6/5/2012 6:33:16 AM

1202 - Source : WinMgmt

1203 - Description : Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

 

1201 - Time : 6/5/2012 6:33:14 AM

1202 - Source : profsvc

1203 - Description : Windows cannot log you on because your profile cannot be loaded. Check that you are connected to the network, and that your network is functioning correctly. DETAIL - Only part of a ReadProcessMemory or WriteProcessMemory request was completed.

 

1201 - Time : 6/5/2012 6:24:45 AM

1202 - Source : Windows Search Service

1203 - Description : The update cannot be started because the content sources cannot be accessed. Fix the errors and try the update again. Context: Windows Application, SystemIndex Catalog

 

1201 - Time : 6/5/2012 5:57:40 AM

1202 - Source : WinMgmt

1203 - Description : Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

 

1201 - Time : 6/4/2012 8:17:17 AM

1202 - Source : WinMgmt

1203 - Description : Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

 

1201 - Time : 6/4/2012 8:17:13 AM

1202 - Source : Windows Search Service

1203 - Description : The application cannot be initialized. Context: Windows Application Details: The registry value cannot be read because the configuration is invalid. Recreate the content index configuration by removing the content index. (0x80040d03)

 

1201 - Time : 6/4/2012 8:17:13 AM

1202 - Source : Windows Search Service

1203 - Description : The gatherer object cannot be initialized. Context: Windows Application, SystemIndex Catalog Details: The registry value cannot be read because the configuration is invalid. Recreate the content index configuration by removing the content index. (0x80040d03)

 

1201 - Time : 6/5/2012 6:39:48 AM

1202 - Source : Service Control Manager

1203 - Description : The HP CUE DeviceDiscovery Service service hung on starting.

 

1201 - Time : 6/5/2012 6:34:37 AM

1202 - Source : Service Control Manager

1203 - Description : The HP CUE DeviceDiscovery Service service hung on starting.

 

1201 - Time : 6/4/2012 8:18:38 AM

1202 - Source : Service Control Manager

1203 - Description : The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

 

1201 - Time : 6/4/2012 8:18:38 AM

1202 - Source : Service Control Manager

1203 - Description : A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.

 

1201 - Time : 6/4/2012 8:18:38 AM

1202 - Source : DCOM

1203 - Description : DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

 

1201 - Time : 6/4/2012 8:18:37 AM

1202 - Source : Service Control Manager

1203 - Description : The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

 

1201 - Time : 6/4/2012 8:18:37 AM

1202 - Source : Service Control Manager

1203 - Description : A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.

 

1201 - Time : 6/4/2012 8:18:37 AM

1202 - Source : DCOM

1203 - Description : DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

 

1201 - Time : 6/4/2012 8:18:36 AM

1202 - Source : Service Control Manager

1203 - Description : The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

 

1201 - Time : 6/4/2012 8:18:36 AM

1202 - Source : Service Control Manager

1203 - Description : The HP CUE DeviceDiscovery Service service hung on starting.

 

----------------------------------

End of file - 33230 Bytes

Link to comment
Share on other sites
Superdave Newbie

Superdave

Posted
Posted

Hello and welcome to IOBit Forums. My name is Dave. I will be helping you out with your particular problem on your computer.

 

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.

2. The fixes are specific to your problem and should only be used for this issue on this machine.

3. If you don't know or understand something, please don't hesitate to ask.

4. Please DO NOT run any other tools or scans while I am helping you.

5. It is important that you reply to this thread. Do not start a new topic.

6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.

7. Absence of symptoms does not mean that everything is clear.

 

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.

*************************************************************

Download Security Check by screen317 from one of the following links and save it to your desktop.

 

Link 1

Link 2

 

* Double-click Security Check.bat

* Follow the on-screen instructions inside of the black box.

* A Notepad document should open automatically called checkup.txt

* Post the contents of that document in your next reply.

 

Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.

***************************************************

SUPERAntiSpyware

 

If you already have SUPERAntiSpyware be sure to check for updates before scanning!

 

Download SuperAntispyware Free Edition (SAS)

* Double-click the icon on your desktop to run the installer.

* When asked to Update the program definitions, click Yes

* If you encounter any problems while downloading the updates, manually download and unzip them from here

* Next click the Preferences button.

 

•Under Start-Up Options uncheck Start SUPERAntiSpyware when Windows starts

* Click the Scanning Control tab.

* Under Scanner Options make sure only the following are checked:

 

•Close browsers before scanning

•Scan for tracking cookies

•Terminate memory threats before quarantining

Please leave the others unchecked

 

•Click the Close button to leave the control center screen.

 

* On the main screen click Scan your computer

* On the left check the box for the drive you are scanning.

* On the right choose Perform Complete Scan

* Click Next to start the scan. Please be patient while it scans your computer.

* After the scan is complete a summary box will appear. Click OK

* Make sure everything in the white box has a check next to it, then click Next

* It will quarantine what it found and if it asks if you want to reboot, click Yes

 

•To retrieve the removal information please do the following:

•After reboot, double-click the SUPERAntiSpyware icon on your desktop.

•Click Preferences. Click the Statistics/Logs tab.

 

•Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.

 

•It will open in your default text editor (preferably Notepad).

•Save the notepad file to your desktop by clicking (in notepad) File > Save As...

 

* Save the log somewhere you can easily find it. (normally the desktop)

* Click close and close again to exit the program.

*Copy and Paste the log in your post.

*********************************************

 

 

Please download Malwarebytes Anti-Malware from here.

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • Please save the log to a location you will remember.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the entire report in your next reply.

Extra Note:

 

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

Link to comment
Share on other sites
Superdave Newbie

Superdave

Posted
Posted
Sorry, I have downloaded all you suggest and all of them give the same error as mentioned above when trying to execute.

 

Start your computer in Safe Mode and try running MBAM. If it works, reboot in Normal Mode and try running it again.

Here's how to get into Safe Mode.

Link to comment
Share on other sites
rrmoutray Newbie

rrmoutray

Posted
  • Author
Posted

Very good, that worked. Ran it in safe mode then in normal mode. In safe mode it found 10 problems. The programs mentioned in original post still give error. Here is log.

 

2012/06/05 19:44:10 -0400 BOB-PC Bob MESSAGE Starting protection

2012/06/05 19:44:25 -0400 BOB-PC Bob MESSAGE Protection started successfully

2012/06/05 19:44:28 -0400 BOB-PC Bob MESSAGE Starting IP protection

2012/06/05 19:44:40 -0400 BOB-PC Bob MESSAGE IP Protection started successfully

2012/06/05 19:50:39 -0400 BOB-PC Bob IP-BLOCK 206.161.121.6 (Type: outgoing, Port: 50149, Process: svchost.exe)

2012/06/05 19:50:47 -0400 BOB-PC Bob IP-BLOCK 206.161.121.6 (Type: outgoing, Port: 50168, Process: svchost.exe)

2012/06/05 19:52:15 -0400 BOB-PC Bob IP-BLOCK 95.168.191.209 (Type: outgoing, Port: 50398, Process: svchost.exe)

2012/06/05 19:57:20 -0400 BOB-PC Bob MESSAGE Executing scheduled update: Daily

2012/06/05 19:57:55 -0400 BOB-PC Bob MESSAGE Starting database refresh

2012/06/05 19:57:55 -0400 BOB-PC Bob MESSAGE Stopping IP protection

2012/06/05 19:57:56 -0400 BOB-PC Bob MESSAGE Scheduled update executed successfully: database updated from version v2012.06.05.07 to version v2012.06.05.08

2012/06/05 19:58:01 -0400 BOB-PC Bob MESSAGE IP Protection stopped

2012/06/05 19:58:14 -0400 BOB-PC Bob MESSAGE Database refreshed successfully

2012/06/05 19:58:14 -0400 BOB-PC Bob MESSAGE Starting IP protection

2012/06/05 19:58:22 -0400 BOB-PC Bob MESSAGE IP Protection started successfully

Link to comment
Share on other sites
rrmoutray Newbie

rrmoutray

Posted
  • Author
Posted

Here are logs.

 

 

Results of screen317's Security Check version 0.99.24

Windows Vista Service Pack 2 x86 (UAC is enabled)

Internet Explorer 8 Out of date!

``````````````````````````````

Antivirus/Firewall Check:

Windows Security Center service is not running! This report may not be accurate!

Norton 360

WMI entry may not exist for antivirus; attempting automatic update.

```````````````````````````````

Anti-malware/Other Utilities Check:

CCleaner

Java 6 Update 5

Out of date Java installed!

Adobe Flash Player 11.2.202.235

Mozilla Firefox (x86 en-US..)

````````````````````````````````

Process Check:

objlist.exe by Laurent

``````````End of Log````````````

 

 

**************************************************************

 

SUPERAntiSpyware Scan Log

http://www.superantispyware.com

 

Generated 06/07/2012 at 08:16 PM

 

Application Version : 5.0.1150

 

Core Rules Database Version : 8681

Trace Rules Database Version: 6493

 

Scan type : Complete Scan

Total Scan Time : 01:04:33

 

Operating System Information

Windows Vista Ultimate 32-bit, Service Pack 2 (Build 6.00.6002)

UAC Off - Administrator

 

Memory items scanned : 342

Memory threats detected : 0

Registry items scanned : 36729

Registry threats detected : 4

File items scanned : 90214

File threats detected : 53

 

Adware.Tracking Cookie

C:\Users\Bob\AppData\Roaming\Microsoft\Windows\Cookies\GDFP240P.txt [ /collective-media.net ]

C:\Users\Bob\AppData\Roaming\Microsoft\Windows\Cookies\S39Z1ARK.txt [ /invitemedia.com ]

C:\Users\Bob\AppData\Roaming\Microsoft\Windows\Cookies\TZ24PWTB.txt [ /accounts.google.com ]

C:\Users\Bob\AppData\Roaming\Microsoft\Windows\Cookies\H7NT7231.txt [ /yamahamotorusa.112.2o7.net ]

C:\Users\Bob\AppData\Roaming\Microsoft\Windows\Cookies\3U0FO9U8.txt [ /ad.yieldmanager.com ]

C:\Users\Bob\AppData\Roaming\Microsoft\Windows\Cookies\RKHKSTYL.txt [ /media6degrees.com ]

C:\Users\Bob\AppData\Roaming\Microsoft\Windows\Cookies\QZZ40UFI.txt [ /statcounter.com ]

C:\Users\Bob\AppData\Roaming\Microsoft\Windows\Cookies\1GRNETGP.txt [ /amazon-adsystem.com ]

C:\Users\Bob\AppData\Roaming\Microsoft\Windows\Cookies\MEV9EXS2.txt [ /azjmp.com ]

C:\Users\Bob\AppData\Roaming\Microsoft\Windows\Cookies\K5IXTX9Z.txt [ /adserver.zonemedia.com ]

C:\USERS\BOB\AppData\Roaming\Microsoft\Windows\Cookies\Low\9YU7T231.txt [ Cookie:bob@intermundomedia.com/ ]

C:\USERS\BOB\AppData\Roaming\Microsoft\Windows\Cookies\Low\NKB7XFZ1.txt [ Cookie:bob@steelhousemedia.com/ ]

C:\USERS\BOB\AppData\Roaming\Microsoft\Windows\Cookies\Low\QWUXQ0L1.txt [ Cookie:bob@realmedia.com/ ]

C:\USERS\BOB\AppData\Roaming\Microsoft\Windows\Cookies\Low\1D0C5T44.txt [ Cookie:bob@lucidmedia.com/ ]

C:\USERS\BOB\AppData\Roaming\Microsoft\Windows\Cookies\Low\N6R20KZY.txt [ Cookie:bob@collective-media.net/ ]

C:\USERS\BOB\AppData\Roaming\Microsoft\Windows\Cookies\Low\DNFC395D.txt [ Cookie:bob@www.googleadservices.com/pagead/conversion/1055375712/ ]

C:\USERS\BOB\AppData\Roaming\Microsoft\Windows\Cookies\Low\2MFQ39JX.txt [ Cookie:bob@invitemedia.com/ ]

C:\USERS\BOB\AppData\Roaming\Microsoft\Windows\Cookies\Low\WQD5MF9T.txt [ Cookie:bob@tracking.olx.com/ ]

C:\USERS\BOB\AppData\Roaming\Microsoft\Windows\Cookies\Low\WT110GSR.txt [ Cookie:bob@adxpansion.com/ ]

C:\USERS\BOB\AppData\Roaming\Microsoft\Windows\Cookies\Low\889C0B3J.txt [ Cookie:bob@exoclick.com/ ]

C:\USERS\BOB\AppData\Roaming\Microsoft\Windows\Cookies\Low\EEKT2NS3.txt [ Cookie:bob@mm.chitika.net/ ]

C:\USERS\BOB\AppData\Roaming\Microsoft\Windows\Cookies\Low\DLVYQP9H.txt [ Cookie:bob@a1.interclick.com/ ]

C:\USERS\BOB\AppData\Roaming\Microsoft\Windows\Cookies\Low\6DEM01U7.txt [ Cookie:bob@adsonar.com/adserving ]

C:\USERS\BOB\AppData\Roaming\Microsoft\Windows\Cookies\Low\TVEZG0PE.txt [ Cookie:bob@adserver.adtechus.com/ ]

C:\USERS\BOB\AppData\Roaming\Microsoft\Windows\Cookies\Low\6DA3IL97.txt [ Cookie:bob@countrycreekrv.net/ ]

C:\USERS\BOB\AppData\Roaming\Microsoft\Windows\Cookies\Low\HLLF6J2S.txt [ Cookie:bob@yieldmanager.net/ ]

C:\USERS\BOB\AppData\Roaming\Microsoft\Windows\Cookies\Low\YT3Z48CO.txt [ Cookie:bob@o1.qnsr.com/ ]

C:\USERS\BOB\AppData\Roaming\Microsoft\Windows\Cookies\Low\2YQ2SGM7.txt [ Cookie:bob@gecadepaymentinternational.122.2o7.net/ ]

C:\USERS\BOB\AppData\Roaming\Microsoft\Windows\Cookies\Low\TU9QIOU4.txt [ Cookie:bob@track1.httptrack.com/ ]

C:\USERS\BOB\AppData\Roaming\Microsoft\Windows\Cookies\Low\EXFLO18A.txt [ Cookie:bob@media6degrees.com/ ]

C:\USERS\BOB\AppData\Roaming\Microsoft\Windows\Cookies\Low\U64ZOCUI.txt [ Cookie:bob@www.qsstats.com/ ]

C:\USERS\BOB\AppData\Roaming\Microsoft\Windows\Cookies\Low\EFZE41F3.txt [ Cookie:bob@qnsr.com/ ]

C:\USERS\BOB\AppData\Roaming\Microsoft\Windows\Cookies\Low\QQ2I26MR.txt [ Cookie:bob@interclick.com/ ]

C:\USERS\BOB\AppData\Roaming\Microsoft\Windows\Cookies\Low\1YRZYK6I.txt [ Cookie:bob@www.googleadservices.com/pagead/conversion/994590417/ ]

C:\USERS\BOB\AppData\Roaming\Microsoft\Windows\Cookies\Low\B4LURQV0.txt [ Cookie:bob@www.qsstats.com/dcsq641a610000slzjl40w5wa_8j4e ]

C:\USERS\BOB\AppData\Roaming\Microsoft\Windows\Cookies\Low\MER2U1LY.txt [ Cookie:bob@www.googleadservices.com/pagead/conversion/1036980325/ ]

C:\USERS\BOB\AppData\Roaming\Microsoft\Windows\Cookies\Low\GVRBIVAA.txt [ Cookie:bob@legolas-media.com/ ]

C:\USERS\BOB\Cookies\GDFP240P.txt [ Cookie:bob@collective-media.net/ ]

C:\USERS\BOB\Cookies\S39Z1ARK.txt [ Cookie:bob@invitemedia.com/ ]

C:\USERS\BOB\Cookies\TZ24PWTB.txt [ Cookie:bob@accounts.google.com/ ]

C:\USERS\BOB\Cookies\RKHKSTYL.txt [ Cookie:bob@media6degrees.com/ ]

C:\USERS\BOB\Cookies\MEV9EXS2.txt [ Cookie:bob@azjmp.com/ ]

C:\USERS\BOB\Cookies\K5IXTX9Z.txt [ Cookie:bob@adserver.zonemedia.com/ ]

cloud.bannergadgets.com [ C:\USERS\BOB\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\PQAV6PDF ]

ia.media-imdb.com [ C:\USERS\BOB\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\PQAV6PDF ]

msnbcmedia.msn.com [ C:\USERS\BOB\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\PQAV6PDF ]

cdn.tremormedia.com [ C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\Z7HQ46HP ]

click.searchnation.net [ C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\Z7HQ46HP ]

core.insightexpressai.com [ C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\Z7HQ46HP ]

crackle.com [ C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\Z7HQ46HP ]

media4.onsugar.com [ C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\Z7HQ46HP ]

objects.tremormedia.com [ C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\Z7HQ46HP ]

tag.2bluemedia.hiro.tv [ C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\Z7HQ46HP ]

 

Adware.Zugo

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D425283-D487-4337-BAB6-AB8354A81457}

HKU\S-1-5-21-4037796015-2969449807-3345818652-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9D425283-D487-4337-BAB6-AB8354A81457}

HKLM\Software\Microsoft\Internet Explorer\Toolbar#{9D425283-D487-4337-BAB6-AB8354A81457}

HKCR\CLSID\{9D425283-D487-4337-BAB6-AB8354A81457}

Link to comment
Share on other sites
Superdave Newbie

Superdave

Posted
Posted

Your Internet Explorer is out-of-date. You really should upgrade.

 

Update Your Java (JRE)

 

Old versions of Java have vulnerabilities that malware can use to infect your system.

 

First Verify your Java Version

 

If there are any other version(s) installed then update now.

 

Get the new version (if needed)

 

If your version is out of date install the newest version of the Sun Java Runtime Environment.

 

Note: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

 

Be sure to close ALL open web browsers before starting the installation.

 

Remove any old versions

 

1. Download JavaRa and unzip the file to your Desktop.

2. Open JavaRA.exe and choose Remove Older Versions

3. Once complete exit JavaRA.

 

Additional Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and reboot your computer.

*****************************************************

Please download

 

aswMBR.exe

 

( 511KB ) to your desktop.

 

Double click the aswMBR.exe to run it

 

http://i424.photobucket.com/albums/pp322/digistar/aswMBR_Scan.jpg

 

Click the "Scan" button to start scan

 

Note: Do not take action against any

 

**Rootkit** entries until I have reviewed the log.

 

Often there are false positives

 

http://i424.photobucket.com/albums/pp322/digistar/aswMBR_SaveLog.png

 

On completion of the scan click save log, save it to your desktop and

 

post in your next reply

Link to comment
Share on other sites
rrmoutray Newbie

rrmoutray

Posted
  • Author
Posted

OK, downloaded all. Java and JavaRE would not execute in normal. Went to Safe and Java will not run in Safe mode. Did get the others to run and enclose log files. Was able to get JavaRE to run in normal finally. Regular Java still gets device missing error.

 

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software

Run date: 2012-06-08 07:58:08

-----------------------------

07:58:08.521 OS Version: Windows 6.0.6002 Service Pack 2

07:58:08.521 Number of processors: 2 586 0x1706

07:58:08.521 ComputerName: BOB-PC UserName: Bob

07:58:31.453 Initialize success

07:58:57.489 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0

07:58:57.505 Disk 0 Vendor: SAMSUNG_ VAM0 Size: 122104MB BusType: 3

07:58:57.505 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-1

07:58:57.520 Disk 1 Vendor: ST925042 DE13 Size: 238475MB BusType: 3

07:58:57.536 Disk 0 MBR read successfully

07:58:57.614 Disk 0 MBR scan

07:58:57.614 Disk 0 Windows VISTA default MBR code

07:58:57.630 Disk 0 MBR hidden

07:58:57.645 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 86 MB offset 63

07:58:57.661 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 10240 MB offset 178176

07:58:57.754 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 109215 MB offset 21149696

07:58:57.770 Disk 0 scanning sectors +244824056

07:58:57.786 Disk 0 scanning C:\Windows\system32\drivers

07:59:07.380 Service scanning

07:59:24.321 Modules scanning

07:59:29.906 Disk 0 trace - called modules:

07:59:29.953 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8644c4b1]<<

07:59:30.046 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x861bf8d0]

07:59:30.062 3 CLASSPNP.SYS[8a9cb8b3] -> nt!IofCallDriver -> [0x863d28a0]

07:59:30.156 \Driver\iaStor[0x86474da8] -> IRP_MJ_CREATE -> 0x8644c4b1

07:59:30.187 Scan finished successfully

07:59:48.954 Disk 0 MBR has been saved successfully to "C:\Users\Bob\Desktop\MBR.dat"

07:59:49.063 The log file has been saved successfully to "C:\Users\Bob\Desktop\aswMBR.txt"

 

 

*******************************************************************

 

Not sure if you need JavaRa log. I will send if you need it.

 

Thanks for trying to help.

Link to comment
Share on other sites
Superdave Newbie

Superdave

Posted
Posted

Download Combofix from any of the links below, and save it to your DESKTOP.

 

Link 1

Link 2

Link 3

 

To prevent your anti-virus application interfering with ComboFix we need to disable it. See here for a tutorial regarding how to do so if you are unsure.

  • Close any open windows and double click ComboFix.exe to run it.
     
    You will see the following image:

http://i424.photobucket.com/albums/pp322/digistar/NSIS_disclaimer_ENG.png

 

Click I Agree to start the program.

 

ComboFix will then extract the necessary files and you will see this:

 

http://i424.photobucket.com/albums/pp322/digistar/NSIS_extraction.png

 

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. This will not occur in Windows Vista and 7

 

It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

 

If you did not have it installed, you will see the prompt below. Choose YES.

 

http://i424.photobucket.com/albums/pp322/digistar/RcAuto1.gif

 

Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

 

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

 

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

 

http://i424.photobucket.com/albums/pp322/digistar/whatnext.png

 

Click on Yes, to continue scanning for malware.

 

When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).

 

Leave your computer alone while ComboFix is running. ComboFix will restart your computer if malware is found; allow it to do so.

 

Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.

Link to comment
Share on other sites
rrmoutray Newbie

rrmoutray

Posted
  • Author
Posted

Here is output of combofix

 

ComboFix 12-06-08.02 - Bob 06/08/2012 20:01:13.1.2 - x86 MINIMAL

Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.1.1033.18.3069.2544 [GMT -4:00]

Running from: c:\users\Bob\Desktop\ComboFix.exe

AV: Norton 360 *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk

c:\users\Bob\AppData\Local\assembly\tmp

c:\users\Bob\GoToAssistDownloadHelper.exe

c:\windows\_detmp.2

c:\windows\_detmp.4

c:\windows\Installer\$PatchCache$\Managed\6B07CD9D31EBDD140935E916E7270D58\1.0.11\pst.ini

D:\install.exe

.

.

((((((((((((((((((((((((( Files Created from 2012-05-09 to 2012-06-09 )))))))))))))))))))))))))))))))

.

.

2012-06-09 00:10 . 2012-06-09 00:10 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-06-08 12:23 . 2012-06-08 12:21 772552 ----a-w- c:\windows\system32\npDeployJava1.dll

2012-06-08 12:23 . 2012-06-08 12:21 687560 ----a-w- c:\windows\system32\deployJava1.dll

2012-06-07 23:11 . 2012-06-07 23:11 -------- d-----w- c:\users\Bob\AppData\Roaming\SUPERAntiSpyware.com

2012-06-07 23:11 . 2012-06-07 23:11 -------- d-----w- c:\program files\SUPERAntiSpyware

2012-06-07 23:11 . 2012-06-07 23:11 -------- d-----w- c:\programdata\SUPERAntiSpyware.com

2012-06-05 22:33 . 2012-06-05 22:33 -------- d-----w- c:\users\Bob\AppData\Roaming\Malwarebytes

2012-06-05 22:33 . 2012-06-05 22:33 -------- d-----w- c:\programdata\Malwarebytes

2012-06-05 22:33 . 2012-06-05 22:33 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-06-05 22:33 . 2012-04-04 19:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-06-04 00:19 . 2012-06-04 00:19 -------- d-----w- c:\windows\Sun

2012-06-02 12:25 . 2012-06-02 12:25 -------- d-----w- c:\windows\OCCACHE

2012-06-02 11:38 . 2012-06-02 11:38 -------- d-----w- c:\users\Bob\AppData\Roaming\Artifex Mundi

2012-05-28 23:54 . 1999-03-06 17:25 49664 ----a-w- c:\windows\system32\MSSTKPRP.DLL

2012-05-28 23:54 . 1999-03-06 17:25 1347344 ----a-w- c:\windows\system32\Msvbvm50.dll

2012-05-25 21:28 . 2012-05-27 12:10 -------- d-----w- c:\program files\Common Files\Symantec Shared

2012-05-25 21:28 . 2012-05-25 21:28 141944 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS

2012-05-25 21:28 . 2012-05-25 21:28 -------- d-----w- c:\program files\Symantec

2012-05-25 21:27 . 2012-05-27 10:40 -------- d-----w- c:\windows\system32\drivers\N360\0602010.005

2012-05-25 21:27 . 2012-05-25 21:27 -------- d-----w- c:\program files\Norton 360

2012-05-25 21:26 . 2012-05-25 21:26 -------- d-----w- c:\program files\NortonInstaller

2012-05-25 20:31 . 2012-05-25 20:31 -------- d-----w- c:\users\Bob\AppData\Roaming\Eipix

2012-05-18 23:20 . 2012-04-03 08:16 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe

2012-05-18 23:20 . 2012-04-03 08:16 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-05-18 23:20 . 2012-04-02 13:36 2044928 ----a-w- c:\windows\system32\win32k.sys

2012-05-18 12:10 . 2012-05-18 12:10 -------- d-----w- c:\program files\Bucksbee Loyalty Plugin - 100815

2012-05-18 12:10 . 2012-06-05 23:38 -------- d-----w- c:\program files\PrivacySafeGuard

2012-05-18 12:10 . 2012-05-18 12:10 -------- d-----w- c:\program files\Yontoo

2012-05-18 12:10 . 2012-05-18 12:10 -------- d-----w- c:\programdata\Tarma Installer

2012-05-11 22:22 . 2012-05-11 22:22 -------- d-----w- c:\users\Bob\AppData\Local\FileMaker

2012-05-11 14:46 . 2012-05-11 14:46 -------- d-----w- c:\program files\Common Files\Skype

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-05-30 11:31 . 2012-04-04 22:03 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-05-30 11:31 . 2011-05-18 21:47 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-05-05 19:52 . 2012-05-05 19:52 4140192 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe

2012-04-22 14:09 . 2012-04-22 14:09 916992 ----a-w- c:\windows\system32\wininet.dll

2012-04-22 14:09 . 2012-04-22 14:09 43520 ----a-w- c:\windows\system32\licmgr10.dll

2012-04-22 14:09 . 2012-04-22 14:09 385024 ----a-w- c:\windows\system32\html.iec

2012-04-22 14:09 . 2012-04-22 14:09 1638912 ----a-w- c:\windows\system32\mshtml.tlb

2012-04-22 14:09 . 2012-04-22 14:09 1469440 ----a-w- c:\windows\system32\inetcpl.cpl

2012-04-22 14:09 . 2012-04-22 14:09 133632 ----a-w- c:\windows\system32\ieUnatt.exe

2012-04-22 14:09 . 2012-04-22 14:09 71680 ----a-w- c:\windows\system32\iesetup.dll

2012-04-22 14:09 . 2012-04-22 14:09 109056 ----a-w- c:\windows\system32\iesysprep.dll

2012-04-22 14:08 . 2012-04-22 14:08 5120 ----a-w- c:\windows\system32\wmi.dll

2012-04-22 14:08 . 2012-04-22 14:08 172032 ----a-w- c:\windows\system32\wintrust.dll

2012-04-22 14:08 . 2012-04-22 14:08 157696 ----a-w- c:\windows\system32\imagehlp.dll

2012-04-22 14:08 . 2012-04-22 14:08 12800 ----a-w- c:\windows\system32\drivers\fs_rec.sys

2012-04-22 14:02 . 2012-04-22 14:02 613376 ----a-w- c:\windows\system32\rdpencom.dll

2012-04-22 14:02 . 2012-04-22 14:02 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2011-12-08 21:22 . 2011-03-22 23:57 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{0BC6E3FA-78EF-4886-842C-5A1258C4455A}"= "mscoree.dll" [2009-11-08 297808]

"{4d95229d-bcd1-51b4-d184-411b9857a1f4}"= "c:\program files\Bucksbee Loyalty Plugin - 100815\Helper.dll" [2012-05-18 378880]

.

[HKEY_CLASSES_ROOT\clsid\{0bc6e3fa-78ef-4886-842c-5a1258c4455a}]

[HKEY_CLASSES_ROOT\agihelper.AGUtils]

.

[HKEY_CLASSES_ROOT\clsid\{4d95229d-bcd1-51b4-d184-411b9857a1f4}]

[HKEY_CLASSES_ROOT\FreeCauseURLSearchHook.FCToolbarURLSearchHook.1]

[HKEY_CLASSES_ROOT\TypeLib\{8DA6D85F-D1C0-10F4-618A-592FF65E4A02}]

[HKEY_CLASSES_ROOT\FreeCauseURLSearchHook.FCToolbarURLSearchHook]

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0bc6e3fa-78ef-4886-842c-5a1258c4455a}]

2009-11-08 14:55 297808 ----a-w- c:\windows\System32\mscoree.dll

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E5C2A1FE-86DB-87B4-11F0-1AA2579E81DD}]

2012-03-19 14:59 13632 ----a-w- c:\program files\Bucksbee Loyalty Plugin - 100815\BucksBee Loyalty Plugin.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]

"igndlm.exe"="d:\program files\Download Manager\DLM.exe" [2009-10-27 1103216]

"Advanced SystemCare 5"="d:\program files\IObit\Advanced SystemCare 5\ASCTray.exe" [2011-12-29 620376]

"LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2009-01-03 32768]

"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-05-21 3905920]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-27 1029416]

"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-02-12 174872]

"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2008-11-06 184320]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]

"HP Software Update"="d:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-12 49152]

"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2008-01-02 405504]

"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2009-05-26 1468296]

"hpqSRMon"="d:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 150016]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-23 13556256]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-23 92704]

"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2008-10-23 96800]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]

.

c:\users\Bob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

TimeLeft.lnk - d:\program files\TimeLeft3\TimeLeft.exe [2012-3-16 1940264]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

HP Digital Imaging Monitor.lnk - d:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]

Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2009-1-3 450560]

QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2008-2-22 1193240]

.

c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-7-15 1226024]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"mixer"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

@=""

.

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk]

backup=c:\windows\pss\Bluetooth.lnk.CommonStartup

backupExtension=.CommonStartup

.

[HKLM\~\startupfolder\C:^Users^Bob^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^PdaNet Desktop.lnk]

backup=c:\windows\pss\PdaNet Desktop.lnk.Startup

backupExtension=.Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Citi Virtual Account Numbers]

2009-07-10 20:53 372736 ----a-w- d:\progra~1\VIRTUA~1\CitiVAN.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell DataSafe Online]

2008-10-03 15:19 1742064 ----a-w- c:\program files\Dell DataSafe Online\DataSafeOnline.exe

.

R2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [2009-01-19 277544]

R2 AdvancedSystemCareService5;Advanced SystemCare Service 5;d:\program files\IObit\Advanced SystemCare 5\ASCService.exe [2011-12-30 497496]

R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\aestsrv.exe [2008-01-02 73728]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-30 257696]

S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2011-08-11 116608]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - ECACHE

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

bthsvcs REG_MULTI_SZ BthServ

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

HPService REG_MULTI_SZ HPSLPSVC

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7070D8E0-650A-46b3-B03C-9497582E6A74}]

2008-04-11 21:23 38400 ----a-w- c:\windows\System32\SoundSchemes.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B3688A53-AB2A-4b1d-8CEF-8F93D8C51C24}]

2008-08-28 15:50 30720 ----a-w- c:\windows\System32\soundschemes2.exe

.

Contents of the 'Scheduled Tasks' folder

.

2012-06-08 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 11:31]

.

2012-06-08 c:\windows\Tasks\Google Software Updater.job

- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-11-09 21:52]

.

2012-06-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-04 12:26]

.

2012-06-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-04 12:26]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/ig?hl=en&source=iglk

uInternet Settings,ProxyOverride = *.local;192.168.*.*

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

TCP: DhcpNameServer = 192.168.2.1 192.168.2.1

Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

FF - ProfilePath - c:\users\Bob\AppData\Roaming\Mozilla\Firefox\Profiles\zuywgsdc.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/|http://www.msn.com/

FF - user.js: extentions.y2layers.installId - b75437ea-3d8f-44d9-8351-8a3d508cbc2f

FF - user.js: extentions.y2layers.defaultEnableAppsList - ezLooker,pagerage,buzzdock,toprelatedtopics,twittube

FF - user.js: extensions.autoDisableScopes - 14

.

- - - - ORPHANS REMOVED - - - -

.

Notify-GoToAssist - c:\program files\Citrix\GoToAssist\514\G2AWinLogon.dll

AddRemove-IGES 2000 - d:\program files\acad\DeIsL2.isu

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-06-08 20:10

Windows 6.0.6002 Service Pack 2 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\N360]

"ImagePath"="\"c:\program files\Norton 360\Engine\6.2.1.5\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\6.2.1.5\diMaster.dll\" /prefetch:1"

.

Completion time: 2012-06-08 20:13:17

ComboFix-quarantined-files.txt 2012-06-09 00:13

.

Pre-Run: 55,965,569,024 bytes free

Post-Run: 55,863,578,624 bytes free

.

- - End Of File - - 1AB1B40D7F702119B6377D45C7A8AEA9

Link to comment
Share on other sites
Superdave Newbie

Superdave

Posted
Posted

Why did you run ComboFix in Safe Mode? Are you having problems booting to Normal Mode?

 

SysProt Antirootkit

 

Download

SysProt Antirootkit from the link below (you will find it at the bottom

of the page under attachments, or you can get it from one of the

mirrors).

 

http://sites.google.com/site/sysprotantirootkit/

 

Unzip it into a folder on your desktop.

  • Double click Sysprot.exe to start the program.
  • Click on the Log tab.
  • In the Write to log box select the following items.
    • Process << Selected
    • Kernel Modules << Selected
    • SSDT << Selected
    • Kernel Hooks << Selected
    • IRP Hooks << NOT Selected
    • Ports << NOT Selected
    • Hidden Files << Selected

    [*]At the bottom of the page

    • Hidden Objects Only << Selected

    [*]Click on the Create Log button on the bottom right.

    [*]After a few seconds a new window should appear.

    [*]Select Scan Root Drive. Click on the Start button.

    [*]When it is complete a new window will appear to indicate that the scan is finished.

    [*]The log will be saved automatically in the same folder Sysprot.exe was extracted to. Open the text file and copy/paste the log here.

Please tell me how your computer is working now.

Link to comment
Share on other sites
rrmoutray Newbie

rrmoutray

Posted
  • Author
Posted

Most of the programs we have tried will only run in Safe Mode. Otherwise I have been getting the "device not attached" error.

 

Here is latest log.

 

SysProt AntiRootkit v1.0.1.0

by swatkat

 

******************************************************************************************

******************************************************************************************

 

No Hidden Processes found

 

******************************************************************************************

******************************************************************************************

No Hidden Kernel Modules found

 

******************************************************************************************

******************************************************************************************

No SSDT Hooks found

 

******************************************************************************************

******************************************************************************************

No Kernel Hooks found

 

******************************************************************************************

******************************************************************************************

No hidden files/folders found

 

 

 

I am still getting the error "A device attached to the system is not functioning". The same one I get when trying to run these malware programs.

Link to comment
Share on other sites
Superdave Newbie

Superdave

Posted
Posted

Please download MiniToolBox to Desktop and run it.

 

http://i424.photobucket.com/albums/pp322/digistar/MiniToolBox.png

 

Checkmark the following boxes:


  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • List content of Hosts
  • List IP Configuration
  • Lst Last 10 Event Viewer Errors
  • List Users, Partitions and Memory Size

Click Go and copy/paste the log (Result.txt) into your next post.

***********************************************************

ESET Online Scan

 

Scan your computer with the ESET FREE Online Virus Scan

 

* Click the ESET Online Scanner button.

 

* For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

* Click on the esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop

* Double click on the esetsmartinstaller_enu.exe icon on your desktop.

* Place a check mark next to YES, I accept the Terms of Use.

 

* Click the Start button.

* Accept any security warnings from your browser.

* Leave the check mark next to Remove found threats and place a check next to Scan archives.

* Click the Start button.

* ESET will then download updates, install, and begin scanning your computer. Please be patient as this can take some time.

* When the scan completes, click List of found threats.

* Next click Export to text file and save the file to your desktop using a name such as ESETScan. Include the contents of this report in your next reply.

* Click the Back button then click Finish.

 

In your next reply please include the ESET Online Scan Log

Link to comment
Share on other sites
rrmoutray Newbie

rrmoutray

Posted
  • Author
Posted

Had to run Mini in Safe Mode. Here are logs.

 

MiniToolBox by Farbar Version: 09-06-2012

Ran by Bob (administrator) on 10-06-2012 at 19:07:53

Microsoft® Windows Vista™ Ultimate Service Pack 2 (X86)

Boot Mode: Minimal

***************************************************************************

 

========================= Flush DNS: ===================================

 

Windows IP Configuration

 

Could not flush the DNS Resolver Cache: Function failed during execution.

 

 

========================= IE Proxy Settings: ==============================

 

Proxy is not enabled.

No Proxy Server is set.

 

"Reset IE Proxy Settings": IE Proxy Settings were reset.

 

========================= FF Proxy Settings: ==============================

 

"network.proxy.no_proxies_on", "*.local,192.168.0.0/16"

 

"Reset FF Proxy Settings": Firefox Proxy settings were reset.

 

========================= Hosts content: =================================

 

127.0.0.1 localhost

 

========================= IP Configuration: ================================

 

 

 

# ----------------------------------

# IPv4 Configuration

# ----------------------------------

pushd interface ipv4

 

reset

 

 

popd

# End of IPv4 configuration

 

 

 

Windows IP Configuration

 

Host Name . . . . . . . . . . . . : Bob-PC

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Hybrid

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

Server: UnKnown

Address: 127.0.0.1

 

Ping request could not find host google.com. Please check the name and try again.

 

Server: UnKnown

Address: 127.0.0.1

 

Ping request could not find host yahoo.com. Please check the name and try again.

 

Server: UnKnown

Address: 127.0.0.1

 

Ping request could not find host bleepingcomputer.com. Please check the name and try again.

 

Unable to contact IP driver, error code 1753,

 

========================= Winsock entries =====================================

 

Catalog5 01 C:\Windows\system32\NLAapi.dll [48128] (Microsoft Corporation)

Catalog5 02 C:\Windows\system32\napinsp.dll [50176] (Microsoft Corporation)

Catalog5 03 C:\Windows\system32\pnrpnsp.dll [62464] (Microsoft Corporation)

Catalog5 04 C:\Windows\system32\pnrpnsp.dll [62464] (Microsoft Corporation)

Catalog5 05 C:\Windows\System32\mswsock.dll [223232] (Microsoft Corporation)

Catalog5 06 C:\Windows\System32\winrnr.dll [19968] (Microsoft Corporation)

Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [152864] (Apple Inc.)

Catalog5 08 C:\Windows\system32\wshbth.dll [34304] (Microsoft Corporation)

Catalog9 01 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)

Catalog9 02 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)

Catalog9 03 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)

Catalog9 04 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)

Catalog9 05 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)

Catalog9 06 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)

Catalog9 07 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)

Catalog9 08 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)

Catalog9 09 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)

Catalog9 10 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)

Catalog9 11 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)

Catalog9 12 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)

Catalog9 13 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)

Catalog9 14 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)

Catalog9 15 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)

Catalog9 16 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)

Catalog9 17 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)

Catalog9 18 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)

Catalog9 19 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)

Catalog9 20 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)

Catalog9 21 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)

Catalog9 22 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)

Catalog9 23 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)

Catalog9 24 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)

Catalog9 25 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)

Catalog9 26 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)

Catalog9 27 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)

Catalog9 28 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)

Catalog9 29 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)

Catalog9 30 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)

Catalog9 31 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)

Catalog9 32 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)

Catalog9 33 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)

Catalog9 34 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)

Catalog9 35 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)

Catalog9 36 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)

Catalog9 37 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)

Catalog9 38 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)

Catalog9 39 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)

 

========================= Event log errors: ===============================

 

Application errors:

==================

Error: (06/10/2012 07:07:26 PM) (Source: WinMgmt) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (06/10/2012 07:07:23 PM) (Source: EventSystem) (User: )

Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

 

Error: (06/10/2012 02:36:27 PM) (Source: System Restore) (User: )

Description: An unspecified error occurred during System Restore: (Scheduled Checkpoint). Additional information: .

 

Error: (06/10/2012 02:33:39 PM) (Source: WinMgmt) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (06/10/2012 09:34:12 AM) (Source: WinMgmt) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (06/10/2012 09:08:01 AM) (Source: WinMgmt) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (06/10/2012 08:42:41 AM) (Source: WinMgmt) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (06/10/2012 08:12:07 AM) (Source: WinMgmt) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (06/09/2012 06:55:23 PM) (Source: WinMgmt) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (06/09/2012 06:49:32 PM) (Source: EventSystem) (User: )

Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

 

 

System errors:

=============

Error: (06/10/2012 07:07:57 PM) (Source: Service Control Manager) (User: )

Description: Network List ServiceNetwork Location Awareness%%1068

 

Error: (06/10/2012 07:07:57 PM) (Source: Service Control Manager) (User: )

Description: Network List ServiceNetwork Location Awareness%%1068

 

Error: (06/10/2012 07:07:57 PM) (Source: DCOM) (User: )

Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}

 

Error: (06/10/2012 07:07:26 PM) (Source: Service Control Manager) (User: )

Description: Network List ServiceNetwork Location Awareness%%1068

 

Error: (06/10/2012 07:07:26 PM) (Source: Service Control Manager) (User: )

Description: Network List ServiceNetwork Location Awareness%%1068

 

Error: (06/10/2012 07:07:26 PM) (Source: Service Control Manager) (User: )

Description: AFD

BHDrvx86

ccSet_N360

CSC

DfsC

eeCtrl

IDSVix86

NetBIOS

netbt

nsiproxy

PSched

RasAcd

rdbss

SASDIFSV

SASKUTIL

Smb

spldr

SRTSP

SRTSPX

SymIRON

SYMTDIv

tdx

Wanarpv6

ws2ifsl

 

Error: (06/10/2012 07:07:26 PM) (Source: Service Control Manager) (User: )

Description: Network List ServiceNetwork Location Awareness%%1068

 

Error: (06/10/2012 07:07:26 PM) (Source: Service Control Manager) (User: )

Description: Network Location AwarenessNetwork Store Interface Service%%1068

 

Error: (06/10/2012 07:07:26 PM) (Source: Service Control Manager) (User: )

Description: Network ConnectionsNetwork Store Interface Service%%1068

 

Error: (06/10/2012 07:07:26 PM) (Source: Service Control Manager) (User: )

Description: IP HelperNetwork Store Interface Service%%1068

 

 

..

 

========================= Memory info: ===================================

 

Percentage of memory in use: 15%

Total physical RAM: 3069.14 MB

Available physical RAM: 2594.09 MB

Total Pagefile: 6339.3 MB

Available Pagefile: 6061.48 MB

Total Virtual: 2047.88 MB

Available Virtual: 1961.3 MB

 

========================= Partitions: =====================================

 

1 Drive c: (OS) (Fixed) (Total:106.66 GB) (Free:51.36 GB) NTFS

2 Drive d: (DATADRIVE) (Fixed) (Total:232.88 GB) (Free:133.01 GB) NTFS

3 Drive e: (RECOVERY) (Fixed) (Total:10 GB) (Free:3.56 GB) NTFS

 

========================= Users: ========================================

 

User accounts for \\

 

Administrator Bob Bob 2

Guest UpdatusUser

 

========================= Minidump Files ==================================

 

No minidump file found

 

========================= Restore Points ==================================

 

27-05-2012 18:08:10 Scheduled Checkpoint

02-06-2012 10:44:35 Restore Operation

02-06-2012 10:50:23 Restore Operation

02-06-2012 10:55:44 Restore Operation

02-06-2012 13:16:41 Restore Operation

10-06-2012 18:28:18 Restore Operation

 

**** End of log ****

 

 

From ESET

 

:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll Win32/Adware.Yontoo.B application cleaned by deleting - quarantined

C:\Users\Bob\Downloads\asc-setup.exe a variant of Win32/Toolbar.Widgi application deleted - quarantined

C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B4NCLAT5\mint[1].txt HTML/Iframe.B.Gen virus deleted - quarantined

C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GLI8ZK0E\jquery[2].php HTML/Iframe.B.Gen virus deleted - quarantined

C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GLI8ZK0E\promo_lacer_in[1].htm HTML/Iframe.B.Gen virus deleted - quarantined

D:\Downloads\mp3\New folder\soundfxhalloween.exe a variant of Win32/InstallIQ application cleaned by deleting - quarantined

D:\Downloads\New Folder (2)\marine2free.exe multiple threats deleted - quarantined

D:\Downloads\zip\registrybooster.exe a variant of Win32/RegistryBooster application deleted - quarantined

D:\iTunes\Music\New folder\soundfxhalloween.exe a variant of Win32/InstallIQ application cleaned by deleting - quarantined

Link to comment
Share on other sites
Superdave Newbie

Superdave

Posted
Posted

Please download RenewMyDNS by DragonMaster Jay.

 

•Save it to your Desktop.

•Right-click on the file and select Extract All...

•Choose a location to save extracted files and keep pressing Next until Finished.

•Double-click RenewMyDNS folder, then double-click RenewMyDNS.bat to start the program.

•Follow the prompts, and when finished it will launch a log.

•Post that log in your next reply.

•After posting the log, delete the folder RenewMyDNS.

Link to comment
Share on other sites
rrmoutray Newbie

rrmoutray

Posted
  • Author
Posted

RenewMyDNS by DragonMaster Jay

DNS Diagnostics and refresher

Version 0.1.4 - November 2009

 

Microsoft Windows [Version 6.0.6002]

 

 

(((((((((((((((((((( Network and DNS Information ))))))))))))))))))))

 

 

 

Windows IP Configuration

 

Host Name . . . . . . . . . . . . : Bob-PC

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Hybrid

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : House

 

Ethernet adapter Local Area Connection 3:

 

Media State . . . . . . . . . . . : Media disconnected

Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : PdaNet Broadband Adapter

Physical Address. . . . . . . . . : 00-26-37-BD-39-42

DHCP Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

 

Wireless LAN adapter Wireless Network Connection:

 

Connection-specific DNS Suffix . : House

Description . . . . . . . . . . . : Intel® Wireless WiFi Link 4965AGN

Physical Address. . . . . . . . . : 00-21-5C-83-B5-29

DHCP Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IPv6 Address. . . . . . . . . . . : 2002:44c8:77bb:1234:c64:ed4a:583:6b61(Preferred)

Temporary IPv6 Address. . . . . . : 2002:44c8:77bb:1234:c:e713:fc3e:f852(Preferred)

Link-local IPv6 Address . . . . . : fe80::c64:ed4a:583:6b61%12(Preferred)

IPv4 Address. . . . . . . . . . . : 192.168.2.5(Preferred)

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Lease Obtained. . . . . . . . . . : Sunday, June 10, 2012 7:11:37 PM

Lease Expires . . . . . . . . . . : Tuesday, June 08, 2021 7:11:36 PM

Default Gateway . . . . . . . . . : fe80::21c:dfff:fed4:ff58%12

192.168.2.1

DHCP Server . . . . . . . . . . . : 192.168.2.1

DHCPv6 IAID . . . . . . . . . . . : 201335132

DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-10-89-44-35-00-21-9B-E3-2F-DE

DNS Servers . . . . . . . . . . . : 192.168.2.1

192.168.2.1

NetBIOS over Tcpip. . . . . . . . : Enabled

 

Ethernet adapter Local Area Connection:

 

Media State . . . . . . . . . . . : Media disconnected

Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Broadcom NetXtreme 57xx Gigabit Controller

Physical Address. . . . . . . . . : 00-21-9B-E3-2F-DE

DHCP Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

 

Tunnel adapter Local Area Connection* 6:

 

Media State . . . . . . . . . . . : Media disconnected

Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : isatap.{CEC704C9-D97D-4842-9758-D4832EE75036}

Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0

DHCP Enabled. . . . . . . . . . . : No

Autoconfiguration Enabled . . . . : Yes

 

Tunnel adapter Local Area Connection* 7:

 

Media State . . . . . . . . . . . : Media disconnected

Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface

Physical Address. . . . . . . . . : 02-00-54-55-4E-01

DHCP Enabled. . . . . . . . . . . : No

Autoconfiguration Enabled . . . . : Yes

 

Tunnel adapter Local Area Connection* 13:

 

Media State . . . . . . . . . . . : Media disconnected

Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : isatap.{17B20583-C15B-4E91-A1B7-F14C086B21B7}

Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0

DHCP Enabled. . . . . . . . . . . : No

Autoconfiguration Enabled . . . . : Yes

 

Tunnel adapter Local Area Connection* 14:

 

Connection-specific DNS Suffix . : House

Description . . . . . . . . . . . : isatap.House

Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0

DHCP Enabled. . . . . . . . . . . : No

Autoconfiguration Enabled . . . . : Yes

Link-local IPv6 Address . . . . . : fe80::5efe:192.168.2.5%19(Preferred)

Default Gateway . . . . . . . . . :

DNS Servers . . . . . . . . . . . : 192.168.2.1

192.168.2.1

NetBIOS over Tcpip. . . . . . . . : Disabled

 

(((((((((((((((((((( DNS-Fake Request Testing and Flush ))))))))))))))))))))

 

... Requests made were successful

The requested operation requires elevation.

 

 

 

(((((((((((((((((((( Speed-test - Ping ))))))))))))))))))))

 

 

Pinging yahoo.com [209.191.122.70] with 32 bytes of data:

 

Reply from 209.191.122.70: bytes=32 time=37ms TTL=51

 

Reply from 209.191.122.70: bytes=32 time=44ms TTL=51

 

Reply from 209.191.122.70: bytes=32 time=45ms TTL=51

 

Reply from 209.191.122.70: bytes=32 time=37ms TTL=51

 

 

 

Ping statistics for 209.191.122.70:

 

Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),

 

Approximate round trip times in milli-seconds:

 

Minimum = 37ms, Maximum = 45ms, Average = 40ms

 

 

 

Pinging geekpolice.net [64.202.189.170] with 32 bytes of data:

 

Request timed out.

 

Request timed out.

 

Request timed out.

 

Request timed out.

 

 

 

Ping statistics for 64.202.189.170:

 

Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),

 

 

 

Pinging facebook.com [69.171.224.37] with 32 bytes of data:

 

Reply from 69.171.224.37: bytes=32 time=102ms TTL=236

 

Reply from 69.171.224.37: bytes=32 time=118ms TTL=236

 

Reply from 69.171.224.37: bytes=32 time=103ms TTL=236

 

Reply from 69.171.224.37: bytes=32 time=360ms TTL=236

 

 

 

Ping statistics for 69.171.224.37:

 

Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),

 

Approximate round trip times in milli-seconds:

 

Minimum = 102ms, Maximum = 360ms, Average = 170ms

 

 

 

Pinging microsoft.com [65.55.58.201] with 32 bytes of data:

 

Request timed out.

 

Request timed out.

 

Request timed out.

 

Request timed out.

 

 

 

Ping statistics for 65.55.58.201:

 

Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),

 

 

********************

EOF

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

Go to topic listing
×
×
  • Create New...