Jump to content


Photo
- - - - -

Trojan.Zeroaccess - I think

Trojan.Zeroaccess

  • This topic is locked This topic is locked
21 replies to this topic

#1 PiPPiP

PiPPiP

    New Member

  • Members
  • Pip
  • 11 posts

Posted 12 August 2012 - 06:33 AM

Hello,

Hoping for some help. As of a reboot this morning my win 7 (32bit ultimate) computer no longer connects to internet, and on attempting to run basic commands informs that:

The specified service does not exist as an installed service

I have been able to run in safe mode, and have done the following:
  • run rkill.com
  • run dds
  • run malwarebytes
  • quarantined and deleted found instance(s) of trojan.zeroaccess

rebooted in normal mode.

This did not 'fix' the obvious symptoms (ie still cannot connect to the internet etc.)

Sinse then I have re-run a number of these programs including getting latest malwarebytes signature file onto the infected pc, these later scans report no issues.

Some issues of note:
  • Did not run any processes in safe mode as administrator, as it was not available as an option via the usual right click (although I was logged in as a user with admin priveledges). They *seemed* to run without issue.
  • I attempted to turn mcaffee scanner off while mwb was running, i think i did so successfully, but I am not 100% sure this was the case.
  • Windows now does not think it is a genuine copy (a note in the lower rhs of the desktop informs "this copy of windows is not genuine". It is definately a genuine copy.

Any help would be greatly appreciated.

Rkill Log files below:

Rkill 2.0.3 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingc...opic308364.html

Program started at: 08/12/2012 08:00:49 PM in x86 mode.
Windows Version: Windows 7

Checking for Windows services to stop.

* No malware services found to stop.

Checking for processes to terminate.

* No malware processes found to kill.

Checking Registry for malware related settings.

* Advanced Explorer Setting Removed: HideIcons [HKCU]

Backup Registry file created at:
C:\Users\puppet\Desktop\rkill-backup\rkill-08-12-2012-08-00-50.reg

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks.

* No issues found.

Restarting Explorer.exe in order to apply changes.

Program finished at: 08/12/2012 08:01:00 PM
Execution time: 0 hours(s), 0 minute(s), and 11 seconds(s)
---------------------------------------------------------------------------------------

DDS Log files below:

.
DDS (Ver_2011-08-26.01) - NTFSx86 NETWORK
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
Run by puppet at 20:52:11 on 2012-08-12
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.61.1033.18.3037.2403 [GMT 10:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\mfevtps.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\ctfmon.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Windows\explorer.exe
C:\Program Files\zabkat\xplorer2\xplorer2_UC.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
mWinlogon: Userinit=userinit.exe,
BHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - c:\program files\techsmith\snagit 10\SnagitBHO.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20120620204617.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll
BHO: FAIESSOHelper Class: {a2f122da-055f-4df7-8f24-7354dbdba85b} - c:\program files\sensible vision\fast access\FAIESSO.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~3\office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: Snagit: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - c:\program files\techsmith\snagit 10\SnagitIEAddin.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File
TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
mRun: [Kernel and Hardware Abstraction Layer] PR.EXE
mRun: [Dell Webcam Central] TRAL\WEBCAMDELL2.EXE" /MODE2
mRun: [GrooveMonitor] ITOR.EXE"
mRun: [Microsoft Default Manager] AGER\DEFMGR.EXE" -RESUME
mRun: [RunDLLEntry] TRY
mRun: [UpdReg] DOWS\UPDREG.EXE
mRun: [WatcherHelper] AGER\WAHELPER.EXE"
mRun: [PDVDDXSrv] K\POWERDVD DX\PDVDDXSRV.EXE"
mRun: [dellsupportcenter] TER
mRun: [SynTPEnh] H.EXE
mRun: [BrStsWnd] D.EXE AUTORUN
mRun: [Brdefprn] .EXE -D
mRun: [mcui_exe] KEY
mRun: [Adobe ARM] FILES\ADOBE\ARM\1.0\ADOBEARM.EXE"
mRun: [SysTrayApp] c:\program files\idt\wdm\sttray.exe
mRun: [StartCCC] OLOGIES\ATI.ACE\CORE-STATIC\CLISTART.EXE" MSRUN
mRun: [SunJavaUpdateSched] FILES\JAVA\JAVA UPDATE\JUSCHED.EXE"
mRunOnce: [Malwarebytes Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
mRunOnce: [1] c:\program files\malwarebytes' anti-malware\chameleon\mbam-chameleon.exe /r /p
StartupFolder: c:\users\puppet\appdata\roaming\micros~1\windows\startm~1\programs\startup\micros~1.lnk - c:\windows\installer\{91120000-0030-0000-0000-0000000ff1ce}\outicon.exe
StartupFolder: c:\users\puppet\appdata\roaming\micros~1\windows\startm~1\programs\startup\mozill~1.lnk - c:\program files\mozilla firefox\firefox.exe
StartupFolder: c:\users\puppet\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\users\puppet\appdata\roaming\micros~1\windows\startm~1\programs\startup\xplorer2.lnk - c:\program files\zabkat\xplorer2\xplorer2_UC.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\ultramon.lnk - c:\windows\installer\{20a36691-b09b-4ef2-a371-64a5bd265e20}\IcoUltraMon.ico
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
LSP: %SystemRoot%\system32\vsocklib.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{35707E56-625B-4DE4-A099-684595E9F94D} : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{35707E56-625B-4DE4-A099-684595E9F94D}\140707C65602E4564777F627B602564613033673 : DhcpNameServer = 10.0.1.1
TCP: Interfaces\{35707E56-625B-4DE4-A099-684595E9F94D}\84F4553554 : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{5BA574E1-3C07-46C8-9818-87B3828D1272} : DhcpNameServer = 139.130.4.4 203.50.2.71
TCP: Interfaces\{A9E5A3EE-1364-4982-BF0D-E7A5B3ABFF96} : DhcpNameServer = 192.168.1.254
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~1\mcafee\msc\McSnIePl.dll
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: GoToAssist - c:\program files\citrix\gotoassist\615\G2AWinLogon.dll
STS: FencesShlExt Class: {1984dd45-52cf-49cd-ab77-18f378fea264} - c:\program files\stardock\fences pro\FencesMenu.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\puppet\appdata\roaming\mozilla\firefox\profiles\taljdoh6.default\
FF - prefs.js: network.proxy.ftp - 172.16.240.12
FF - prefs.js: network.proxy.ftp_port - 80
FF - prefs.js: network.proxy.gopher - 172.16.240.12
FF - prefs.js: network.proxy.gopher_port - 80
FF - prefs.js: network.proxy.http - 172.16.240.12
FF - prefs.js: network.proxy.http_port - 80
FF - prefs.js: network.proxy.socks - 172.16.240.12
FF - prefs.js: network.proxy.socks_port - 80
FF - prefs.js: network.proxy.ssl - 172.16.240.12
FF - prefs.js: network.proxy.ssl_port - 80
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\progra~1\mcafee\msc\npMcSnFFPl.dll
FF - plugin: c:\progra~1\micros~3\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~3\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\mcafee\siteadvisor\NPMcFFPlg32.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_270.dll
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-10-13 464304]
R0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2010-12-7 169608]
R1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\drivers\mfenlfk.sys [2010-12-7 64912]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]
R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-8-8 214904]
R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2010-12-7 161632]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2010-12-7 151880]
R3 itecir;ITECIR Infrared Receiver;c:\windows\system32\drivers\itecir.sys [2010-2-24 64032]
R3 k57nd60x;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\k57nd60x.sys [2009-7-14 229888]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-12-7 340920]
R3 NETwNs32;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\drivers\NETwNs32.sys [2011-1-27 7087616]
S2 {1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7};Power Control [2009/12/26 15:35:10];c:\program files\cyberlink\powerdvd dx\000.fcl [2009-12-26 87536]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-1-3 63928]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_x86_neutral_9334b3396d450a95\AEstSrv.exe [2009-12-26 81920]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-8-13 176128]
S2 Ast Service;Ast Service;c:\windows\system32\AstSrv.exe [2010-4-23 57344]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-8-12 655944]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-8-8 214904]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-8-8 214904]
S2 McProxy;McAfee Proxy Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-8-8 214904]
S2 McShield;McAfee McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2010-12-7 166288]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-2-29 158856]
S2 UltraMonUtility;UltraMon Utility Driver;c:\program files\common files\realtime soft\ultramonmirrordrv\x32\UltraMonUtility.sys [2008-11-14 17184]
S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files\common files\vmware\usb\vmware-usbarbitrator.exe [2011-8-21 665200]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-10 250056]
S3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atikmdag.sys [2011-8-13 4993536]
S3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2011-7-8 244736]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2009-8-28 29736]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-12-7 57600]
S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files\common files\creative labs shared\service\AL6Licensing.exe [2009-8-28 79360]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\common files\creative labs shared\service\CTAELicensing.exe [2009-8-28 79360]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\drivers\CtClsFlt.sys [2009-8-28 143968]
S3 FACAP;facap, FastAccess Video Capture;c:\windows\system32\drivers\facap.sys [2008-9-25 232832]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2010-11-1 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-23 1493352]
S3 hcw17bda;Hauppauge SMS1000-based;c:\windows\system32\drivers\hcw17bda.sys [2009-8-28 44288]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-8-12 22344]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-12-7 180848]
S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2010-12-7 59456]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-12-7 87656]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-4-25 113120]
S3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-11 4231168]
S3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;c:\windows\system32\drivers\OA001Ufd.sys [2009-3-6 133632]
S3 OA001Vid;Creative Camera OA001 Function Driver;c:\windows\system32\drivers\OA001Vid.sys [2009-3-8 280096]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 PCDSRVC{E9D79540-57D5953E-06020101}_0;PCDSRVC{E9D79540-57D5953E-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\dell support center\pcdsrvc.pkms [2012-4-11 21744]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2011-4-20 15872]
S3 Sound Blaster X-Fi MB Licensing Service;Sound Blaster X-Fi MB Licensing Service;c:\program files\common files\creative labs shared\service\XMBLicensing.exe [2009-8-28 79360]
S3 SWNC8U52;Sierra Wireless MUX NDIS Driver (UMTS52);c:\windows\system32\drivers\swnc8u52.sys [2007-9-21 164480]
S3 SWUMX52;Sierra Wireless USB MUX Driver (UMTS52);c:\windows\system32\drivers\swumx52.sys [2007-9-21 140672]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-4-20 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-3-31 1343400]
S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\drivers\WSDPrint.sys [2009-7-14 17920]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
.
=============== Created Last 30 ================
.
2012-08-12 07:42:59 -------- d-----w- c:\users\puppet\appdata\local\ElevatedDiagnostics
2012-08-12 05:17:01 -------- d-----w- c:\users\puppet\appdata\roaming\Malwarebytes
2012-08-12 05:16:53 -------- d-----w- c:\programdata\Malwarebytes
2012-08-12 05:16:52 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-12 05:16:52 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
.
==================== Find3M ====================
.
2012-08-03 11:01:11 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-03 11:01:11 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-12 02:40:48 2345984 ----a-w- c:\windows\system32\win32k.sys
2012-06-06 05:05:52 1390080 ----a-w- c:\windows\system32\msxml6.dll
2012-06-06 05:05:52 1236992 ----a-w- c:\windows\system32\msxml3.dll
2012-06-06 05:03:06 805376 ----a-w- c:\windows\system32\cdosys.dll
2012-06-02 22:12:32 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:12:13 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 08:33:25 1800192 ----a-w- c:\windows\system32\jscript9.dll
2012-06-02 08:25:08 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-06-02 08:25:03 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-06-02 08:20:33 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-06-02 08:16:52 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-06-02 05:19:42 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 05:12:20 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 04:45:04 67440 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-06-02 04:45:03 134000 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-06-02 04:40:59 369336 ----a-w- c:\windows\system32\drivers\cng.sys
2012-06-02 04:40:39 225280 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 04:39:10 219136 ----a-w- c:\windows\system32\ncrypt.dll
.
============= FINISH: 20:52:55.66 ===============

Attach file:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume3
Install Date: 26/12/2009 16:21:14
System Uptime: 12/08/2012 19:56:02 (1 hours ago)
.
Motherboard: Dell Inc. | | 0Y537R
Processor: Intel® Core™2 Duo CPU T9550 @ 2.66GHz | U2E1 | 2660/1066mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 451 GiB total, 219.156 GiB free.
D: is FIXED (NTFS) - 15 GiB total, 8.966 GiB free.
E: is CDROM ()
F: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
7-Zip 9.20
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.3)
Advanced Audio FX Engine
ATI Catalyst Install Manager
µTorrent
Beyond Compare Version 3.3.1
Brother HL-2170W
Bulk Rename Utility 2.7.1.1
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
ccc-utility
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CDDRV_Installer
Compatibility Pack for the 2007 Office system
D3DX10
DealBook 360
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Dell Driver Download Manager
Dell Edoc Viewer
Dell Support Center
Dell Touchpad
Dell Video Chat
Dell Webcam Central
DH Mobility Modder.NET
DVD Decrypter (Remove Only)
eMule
erLT
Fences Pro
Google SketchUp 7
GoToAssist Corporate
HandBrake 0.9.6
IDT Audio
IncredibleCharts Pro
Integrated Webcam Driver (1.06.03.0309)
Intel A/V Codecs V2.0
ISO Recorder
ITECIR Driver
Java Auto Updater
Java™ 6 Update 31
JB Stock Market Price Data
Junk Mail filter update
K-Lite Mega Codec Pack 7.7.0
KhalInstallWrapper
Live! Cam Avatar Creator
Logitech SetPoint
Malwarebytes Anti-Malware version 1.62.0.1300
McAfee Security Scan Plus
McAfee SecurityCenter
Media Player Classic - Home Cinema v1.5.2.3456
Mesh Runtime
Messenger Companion
MetaStock 11.0
MetaStock Developer's Kit 9.1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Default Manager
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office 2010 Language Pack Service Pack 1 (SP1)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Live Add-in 1.5
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2007
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing (English) 2010
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Visio 2010
Microsoft Office Visio MUI (English) 2010
Microsoft Office Word MUI (English) 2007
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visio 2010 Service Pack 1 (SP1)
Microsoft Visio Premium 2010
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Mozilla Firefox 14.0.1 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
OGA Notifier 2.0.0048.0
Passware Kit - 5.0.0
PowerDVD DX
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Express Labeler 3
Roxio Update Manager
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Office 2007 suites (KB2596666) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598039) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2596786) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition
Security Update for Microsoft Visio 2010 (KB2553374) 32-Bit Edition
Skype™ 5.8
Snagit 10.0.1
Sound Blaster X-Fi MB
System Requirements Lab for Intel
Telstra Turbo Connection Manager
Time Zone Data Update Tool for Microsoft Office Outlook
tools-freebsd
TrueCrypt
UltraMon
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687310) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VmciSockets
VMware Player
WIDCOMM Bluetooth Software 6.2.0.6600
Windows 7 USB/DVD Download Tool
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinPcap 4.1.1
WinRAR 4.11 (32-bit)
Wireshark 1.2.9
xplorer² professional 32 bit
.
==== Event Viewer Messages From Past Week ========
.
9/08/2012 20:47:08, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
12/08/2012 20:50:25, Error: Service Control Manager [7003] - The Workstation service depends the following service: NSI. This service might not be installed.
12/08/2012 20:50:25, Error: Service Control Manager [7003] - The DNS Client service depends the following service: NSI. This service might not be installed.
12/08/2012 20:50:25, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
12/08/2012 20:02:15, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F}
12/08/2012 20:02:15, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
12/08/2012 20:01:03, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
12/08/2012 20:00:33, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service McNaiAnn with arguments "" in order to run the server: {DC7EF8E1-824F-4110-AB43-1604DA9B4F40}
12/08/2012 19:56:49, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
12/08/2012 19:56:46, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
12/08/2012 19:56:39, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
12/08/2012 19:56:32, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache spldr truecrypt Wanarpv6
12/08/2012 19:56:27, Error: Service Control Manager [7023] - The Power service terminated with the following error: The service has not been started.
12/08/2012 19:56:25, Error: Service Control Manager [7003] - The Network Location Awareness service depends the following service: NSI. This service might not be installed.
12/08/2012 19:56:24, Error: Service Control Manager [7024] - The Windows Firewall service terminated with service-specific error The parameter is incorrect..
12/08/2012 19:56:24, Error: Service Control Manager [7003] - The IP Helper service depends the following service: NSI. This service might not be installed.
12/08/2012 19:56:21, Error: Service Control Manager [7003] - The Windows Driver Foundation - User-mode Driver Framework service depends the following service: PlugPlay. This service might not be installed.
12/08/2012 19:56:21, Error: Service Control Manager [7003] - The DHCP Client service depends the following service: NSI. This service might not be installed.
12/08/2012 19:56:20, Error: Service Control Manager [7003] - The Windows Audio Endpoint Builder service depends the following service: PlugPlay. This service might not be installed.
12/08/2012 19:56:20, Error: Service Control Manager [7001] - The Windows Audio service depends on the Windows Audio Endpoint Builder service which failed to start because of the following error: The dependency service does not exist or has been marked for deletion.
12/08/2012 19:56:20, Error: Service Control Manager [7001] - The Creative Audio Service service depends on the Windows Audio service which failed to start because of the following error: The dependency service or group failed to start.
12/08/2012 19:55:03, Error: Service Control Manager [7023] - The Server service terminated with the following error: The service has not been started.
12/08/2012 19:55:02, Error: Service Control Manager [7001] - The Computer Browser service depends on the Workstation service which failed to start because of the following error: The dependency service does not exist or has been marked for deletion.
12/08/2012 19:54:44, Error: Service Control Manager [7023] - The Windows Media Center Scheduler Service service terminated with the following error: %%-2147023834
12/08/2012 19:51:07, Error: Microsoft-Windows-WMPNSS-Service [14338] - A new media server was not initialized because CoCreateInstance(CLSID_UPnPRegistrar) encountered error '0x80070424'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
12/08/2012 19:51:07, Error: Microsoft-Windows-WMPNSS-Service [14333] - Service 'WMPNetworkSvc' did not start correctly due to error '0x80070424'. Restart your computer, and then try to restart the service.
12/08/2012 19:50:16, Error: Service Control Manager [7003] - The Telephony service depends the following service: PlugPlay. This service might not be installed.
12/08/2012 19:49:23, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The service has not been started.
12/08/2012 19:49:01, Error: Service Control Manager [7023] - The Windows Defender service terminated with the following error: The system cannot find the file specified.
12/08/2012 19:49:01, Error: Service Control Manager [7023] - The Portable Device Enumerator Service service terminated with the following error: The system cannot find the file specified.
12/08/2012 19:48:42, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147024882
12/08/2012 14:40:16, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service McNaiAnn with arguments "" in order to run the server: {395633B1-EED9-4DFC-B67F-9788B51C9F06}
12/08/2012 14:13:54, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD CSC DfsC discache mfehidk mfenlfk NetBIOS NetBT nsiproxy Psched rdbss spldr tdx truecrypt vwififlt Wanarpv6 WfpLwf ws2ifsl
12/08/2012 14:13:54, Error: Service Control Manager [7001] - The McAfee Proxy Service service depends on the McAfee Firewall Core Service service which failed to start because of the following error: The dependency service or group failed to start.
12/08/2012 14:13:54, Error: Service Control Manager [7001] - The McAfee McShield service depends on the McAfee Validation Trust Protection Service service which failed to start because of the following error: The dependency service or group failed to start.
12/08/2012 14:13:54, Error: Service Control Manager [7001] - The McAfee Firewall Core Service service depends on the McAfee Validation Trust Protection Service service which failed to start because of the following error: The dependency service or group failed to start.
12/08/2012 14:13:54, Error: Service Control Manager [7001] - The McAfee Anti-Spam Service service depends on the McAfee Firewall Core Service service which failed to start because of the following error: The dependency service or group failed to start.
12/08/2012 14:13:53, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
12/08/2012 14:13:53, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
12/08/2012 14:13:53, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
12/08/2012 14:13:53, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
12/08/2012 14:13:53, Error: Service Control Manager [7001] - The McAfee Validation Trust Protection Service service depends on the McAfee Inc. mfehidk service which failed to start because of the following error: A device attached to the system is not functioning.
12/08/2012 14:13:53, Error: Service Control Manager [7001] - The McAfee Personal Firewall Service service depends on the Windows Firewall service which failed to start because of the following error: The dependency service or group failed to start.
12/08/2012 14:13:53, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
12/08/2012 13:16:49, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x00000035, 0x00000002, 0x00000001, 0x834caa8f). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 081212-17331-01.
12/08/2012 10:34:27, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the McNaiAnn service.
12/08/2012 10:33:57, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the mcmscsvc service.
12/08/2012 10:33:27, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the McMPFSvc service.
12/08/2012 10:32:57, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the McAfee SiteAdvisor Service service.
12/08/2012 09:46:56, Error: Microsoft-Windows-WMPNSS-Service [14353] - A media delivery engine with ID '0' was not initialized due to error '0x800700b7' when adding the URL 'http://+:10243/WMPNSSv4/2363119722/'. Restart your computer, and then restart the WMPNetworkSvc service. If the problem persists, reinstall Windows Media Player if possible.
12/08/2012 09:46:56, Error: Microsoft-Windows-WMPNSS-Service [14349] - A new media server was not initialized because the Windows Media Delivery Engine did not initialize due to error '0x800700b7'. Restart your computer, and then restart the WMPNetworkSvc service. If the problem persists, reinstall Windows Media Player if possible.
12/08/2012 05:19:48, Error: Service Control Manager [7000] - The WinHTTP Web Proxy Auto-Discovery Service service failed to start due to the following error: The system cannot find the path specified.
12/08/2012 04:08:08, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the McShield service.
.
==== End Of File ===========================

#2 MrCharlie

MrCharlie

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 28,137 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA

Posted 12 August 2012 - 06:41 AM

Welcome to the forum.

Please remove any usb or external drives from the computer before you run this scan!

Please download and run RogueKiller to your desktop.

For Windows XP, double-click to start.
For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.


Click Scan to scan the system.
When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

MrC

Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#3 PiPPiP

PiPPiP

    New Member

  • Members
  • Pip
  • 11 posts

Posted 12 August 2012 - 07:30 PM

Hello MrCharlie

Thanks for the response, will pick up again once I get home from work this p.m..

Regards

Jack

#4 PiPPiP

PiPPiP

    New Member

  • Members
  • Pip
  • 11 posts

Posted 13 August 2012 - 05:38 AM

hello mrcharlie, copy of rogue killer report as follows;

RogueKiller V7.6.6 [08/10/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Safe mode
User: puppet [Admin rights]
Mode: Scan -- Date: 08/13/2012 20:31:52

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 6 ¤¤¤
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND
[HJ] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost
::1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: +++++
--- User ---
[MBR] 50d9d9ddffdddc50ecc40a168dbff3d9
[BSP] 5f9f0c58b3376c2a04fdef57f5e4c646 : Windows 7 MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 80325 | Size: 15000 Mo
2 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 30800325 | Size: 461899 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: +++++
--- User ---
[MBR] e6077b7c3ef45d23f68af0a5f352b1c3
[BSP] b7e219eec111765c6c28afe87b639568 : MBR Code unknown
Partition table:
0 - [ACTIVE] FAT32 (0x0b) [VISIBLE] Offset (sectors): 63 | Size: 999 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[1].txt >>
RKreport[1].txt

#5 MrCharlie

MrCharlie

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 28,137 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA

Posted 13 August 2012 - 06:00 AM

I don't se any ZA but lets check a little deeper.........

For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to a flash drive.<------
For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

How to tell > 32 or 64 bit

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
On the System Recovery Options menu you will get the following options:

    • Startup Repair
      System Restore
      Windows Complete PC Restore
      Windows Memory Diagnostic Tool
      Command Prompt
  • Select Command Prompt
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • FRST will let you know when the scan is complete and has written the FRST.txt to file, close out this message, then type the following into the search box:
    services.exe
  • Now press the Search button
  • When the search is complete, search.txt will also be written to your USB
  • Type exit and reboot the computer normally
  • Please copy and paste both logs in your reply.(FRST.txt and Search.txt)
MrC

Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#6 PiPPiP

PiPPiP

    New Member

  • Members
  • Pip
  • 11 posts

Posted 13 August 2012 - 07:00 AM

sorry for the delay MrC - reports requested below. Note you could be right about the problem, the symptoms are being locked out of 'services' and no internet connection - I only drew the conclusion of ZA because that was what MWB initially reported.

Scan result of Farbar Recovery Scan Tool (FRST written by Farbar) Version: 10-08-2012
Ran by SYSTEM at 13-08-2012 21:22:53
Running from F:\
Windows 7 Ultimate (X86) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [Kernel and Hardware Abstraction Layer] PR.EXE [x]
HKLM\...\Run: [Dell Webcam Central] TRAL\WEBCAMDELL2.EXE" /MODE2 [x]
HKLM\...\Run: [GrooveMonitor] ITOR.EXE" [x]
HKLM\...\Run: [Microsoft Default Manager] AGER\DEFMGR.EXE" -RESUME [x]
HKLM\...\Run: [RunDLLEntry] TRY [x]
HKLM\...\Run: [UpdReg] DOWS\UPDREG.EXE [x]
HKLM\...\Run: [WatcherHelper] AGER\WAHELPER.EXE" [x]
HKLM\...\Run: [PDVDDXSrv] K\POWERDVD DX\PDVDDXSRV.EXE" [x]
HKLM\...\Run: [dellsupportcenter] TER [x]
HKLM\...\Run: [SynTPEnh] H.EXE [x]
HKLM\...\Run: [BrStsWnd] D.EXE AUTORUN [x]
HKLM\...\Run: [Brdefprn] .EXE -D [x]
HKLM\...\Run: [mcui_exe] KEY [x]
HKLM\...\Run: [Adobe ARM] FILES\ADOBE\ARM\1.0\ADOBEARM.EXE" [x]
HKLM\...\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe [495708 2010-01-20] (IDT, Inc.)
HKLM\...\Run: [StartCCC] OLOGIES\ATI.ACE\CORE-STATIC\CLISTART.EXE" MSRUN [x]
HKLM\...\Run: [SunJavaUpdateSched] FILES\JAVA\JAVA UPDATE\JUSCHED.EXE" [x]
HKU\puppet\...\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun [17148552 2012-02-28] (Skype Technologies S.A.)
HKLM\...\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [462920 2012-07-02] (Malwarebytes Corporation)
HKLM\...\RunOnce: [1] C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\mbam-chameleon.exe /r /p [217672 2012-07-02] ()
HKLM\...\Winlogon: [Userinit] userinit.exe, [x]
Winlogon\Notify\GoToAssist: C:\Program Files\Citrix\GoToAssist\615\G2AWinLogon.dll [X]
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk
ShortcutTarget: Logitech SetPoint.lnk -> C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
Startup: C:\Users\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\All Users\Start Menu\Programs\Startup\UltraMon.lnk
ShortcutTarget: UltraMon.lnk -> C:\Windows\Installer\{20A36691-B09B-4EF2-A371-64A5BD265E20}\IcoUltraMon.ico ()
Startup: C:\Users\Elisha\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\puppet\Start Menu\Programs\Startup\Microsoft Office Outlook 2007.lnk
ShortcutTarget: Microsoft Office Outlook 2007.lnk -> C:\Windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\outicon.exe ()
Startup: C:\Users\puppet\Start Menu\Programs\Startup\Mozilla Firefox.lnk
ShortcutTarget: Mozilla Firefox.lnk -> C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
Startup: C:\Users\puppet\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\puppet\Start Menu\Programs\Startup\xplorer2.lnk
ShortcutTarget: xplorer2.lnk -> C:\Program Files\zabkat\xplorer2\xplorer2_UC.exe (ZabKat)

================================ Services (Whitelisted) ==================

2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9334b3396d450a95\aestsrv.exe [81920 2009-03-02] (Andrea Electronics Corporation)
2 Ast Service; C:\Windows\system32\\AstSrv.exe [57344 2008-01-06] (Nalpeiron Ltd.)
2 btwdins; C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe [555560 2008-11-17] (Broadcom Corporation.)
3 Creative ALchemy AL6 Licensing Service; "C:\Program Files\Common Files\Creative Labs Shared\Service\AL6Licensing.exe" [79360 2009-08-27] (Creative Labs)
2 eventlog; C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [20992 2009-07-13] (Microsoft Corporation)
2 MBAMService; "C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe" [655944 2012-07-02] (Malwarebytes Corporation)
2 McAfee SiteAdvisor Service; "C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [214904 2011-01-27] (McAfee, Inc.)
3 McComponentHostService; "C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe" [227232 2010-01-15] (McAfee, Inc.)
2 McMPFSvc; "C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [214904 2011-01-27] (McAfee, Inc.)
2 mcmscsvc; "C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [214904 2011-01-27] (McAfee, Inc.)
2 McNaiAnn; "C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [214904 2011-01-27] (McAfee, Inc.)
2 McNASvc; "C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [214904 2011-01-27] (McAfee, Inc.)
3 McODS; "C:\Program Files\McAfee\VirusScan\mcods.exe" [361976 2012-04-18] (McAfee, Inc.)
2 McProxy; "C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [214904 2011-01-27] (McAfee, Inc.)
2 McShield; "C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe" [166288 2012-03-19] (McAfee, Inc.)
2 mfefire; "C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe" [161632 2012-03-19] (McAfee, Inc.)
2 mfevtp; "C:\Windows\system32\mfevtps.exe" [151880 2012-03-19] (McAfee, Inc.)
2 MSK80Service; "C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [214904 2011-01-27] (McAfee, Inc.)
3 RasMan; C:\Windows\System32\svchost.exe -k netsvcs [20992 2009-07-13] (Microsoft Corporation)
3 SensrSvc; C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [20992 2009-07-13] (Microsoft Corporation)
2 SkypeUpdate; "C:\Program Files\Skype\Updater\Updater.exe" [158856 2012-02-28] (Skype Technologies)
3 Sound Blaster X-Fi MB Licensing Service; "C:\Program Files\Common Files\Creative Labs Shared\Service\XMBLicensing.exe" [79360 2009-08-27] (Creative Labs)
2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9334b3396d450a95\STacSV.exe [229458 2010-01-20] (IDT, Inc.)
2 VMAuthdService; "C:\Program Files\VMware\VMware Player\vmware-authd.exe" [79872 2011-08-21] (VMware, Inc.)
2 VMnetDHCP; C:\Windows\system32\vmnetdhcp.exe [354416 2011-08-21] (VMware, Inc.)
2 VMUSBArbService; "C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe" [665200 2011-08-21] (VMware, Inc.)
2 VMware NAT Service; C:\Windows\system32\vmnat.exe [432752 2011-08-21] (VMware, Inc.)
3 WebClient; C:\Windows\System32\svchost.exe -k LocalService [20992 2009-07-13] (Microsoft Corporation)
3 WinDefend; C:\Windows\System32\svchost.exe -k secsvcs [20992 2009-07-13] (Microsoft Corporation)
3 WPDBusEnum; C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [20992 2009-07-13] (Microsoft Corporation)
3 rpcapd; "C:\Program Files\WinPcap\rpcapd.exe" -d -f "C:\Program Files\WinPcap\rpcapd.ini" [x]

========================== Drivers (Whitelisted) =============

3 cfwids; C:\Windows\System32\drivers\cfwids.sys [57600 2012-02-21] (McAfee, Inc.)
3 FACAP; C:\Windows\System32\DRIVERS\facap.sys [232832 2008-09-24] (Sensible Vision )
2 hcmon; \??\C:\Windows\system32\drivers\hcmon.sys [32496 2011-08-21] (VMware, Inc.)
3 hcw17bda; C:\Windows\System32\drivers\hcw17bda.sys [44288 2009-02-24] (Hauppauge Computer Works, Inc.)
3 itecir; C:\Windows\System32\DRIVERS\itecir.sys [64032 2010-02-23] (ITE Tech. Inc. )
3 k57nd60x; C:\Windows\System32\DRIVERS\k57nd60x.sys [229888 2009-07-13] (Broadcom Corporation)
3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [22344 2012-07-02] (Malwarebytes Corporation)
3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [121544 2012-02-21] (McAfee, Inc.)
3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [180848 2012-02-21] (McAfee, Inc.)
3 mfebopk; C:\Windows\System32\drivers\mfebopk.sys [59456 2012-02-21] (McAfee, Inc.)
3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [340920 2012-02-21] (McAfee, Inc.)
0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [464304 2012-02-21] (McAfee, Inc.)
1 mfenlfk; C:\Windows\System32\DRIVERS\mfenlfk.sys [64912 2012-02-21] (McAfee, Inc.)
3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [87656 2012-02-21] (McAfee, Inc.)
0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [169608 2012-02-21] (McAfee, Inc.)
3 NETwNs32; C:\Windows\System32\DRIVERS\NETwNs32.sys [7087616 2011-01-19] (Intel Corporation)
2 NPF; C:\Windows\System32\drivers\npf.sys [50704 2009-10-20] (CACE Technologies, Inc.)
3 OA001Ufd; C:\Windows\System32\DRIVERS\OA001Ufd.sys [133632 2009-03-05] (Creative Technology Ltd.)
3 OA001Vid; C:\Windows\System32\DRIVERS\OA001Vid.sys [280096 2009-03-07] (Creative Technology Ltd.)
3 swmsflt; C:\Windows\System32\drivers\swmsflt.sys [25736 2007-11-05] ()
3 SWNC8U52; C:\Windows\System32\DRIVERS\swnc8u52.sys [164480 2007-09-20] (Sierra Wireless Inc.)
3 SWUMX52; C:\Windows\System32\DRIVERS\swumx52.sys [140672 2007-09-20] (Sierra Wireless Inc.)
2 UltraMonUtility; \??\C:\Program Files\Common Files\Realtime Soft\UltraMonMirrorDrv\x32\UltraMonUtility.sys [17184 2008-11-13] (Realtime Soft Ltd)
3 vmkbd; \??\C:\Windows\system32\drivers\VMkbd.sys [25584 2011-08-21] (VMware, Inc.)
3 VMnetAdapter; C:\Windows\System32\DRIVERS\vmnetadapter.sys [16624 2011-08-21] (VMware, Inc.)
2 VMnetBridge; C:\Windows\System32\DRIVERS\vmnetbridge.sys [36464 2011-08-21] (VMware, Inc.)
2 VMnetuserif; \??\C:\Windows\system32\drivers\vmnetuserif.sys [25712 2011-08-21] (VMware, Inc.)
3 vmusb; C:\Windows\System32\Drivers\vmusb.sys [31280 2011-08-21] (VMware, Inc.)
2 vmx86; \??\C:\Windows\system32\Drivers\vmx86.sys [55280 2011-08-21] (VMware, Inc.)
2 {1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7}; \??\C:\Program Files\CyberLink\PowerDVD DX\000.fcl [87536 2009-06-24] (CyberLink Corp.)
3 PCDSRVC{E9D79540-57D5953E-06020101}_0; \??\c:\program files\dell support center\pcdsrvc.pkms [x]
3 Synth3dVsc; C:\Windows\System32\drivers\synth3dvsc.sys [x]
3 tsusbhub; C:\Windows\System32\drivers\tsusbhub.sys [x]
3 VGPU; C:\Windows\System32\drivers\rdvgkmd.sys [x]

========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============

2012-08-13 21:22 - 2012-08-13 21:22 - 00000000 ____D C:\FRST
2012-08-13 03:12 - 2012-08-13 03:12 - 00001771 ____A C:\Users\puppet\Desktop\RKreport[3].txt
2012-08-13 03:10 - 2012-08-13 03:10 - 00001679 ____A C:\Users\puppet\Desktop\RKreport[2].txt
2012-08-13 02:31 - 2012-08-13 03:12 - 00000000 ____D C:\Users\puppet\Desktop\RK_Quarantine
2012-08-13 02:31 - 2012-08-13 02:31 - 00001941 ____A C:\Users\puppet\Desktop\RKreport[1].txt
2012-08-13 02:30 - 2012-08-13 02:25 - 01558528 ____A C:\Users\puppet\Desktop\RogueKiller.exe
2012-08-12 01:51 - 2012-08-12 03:27 - 00001184 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-08-12 01:51 - 2012-08-12 03:27 - 00001184 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-08-12 01:51 - 2012-08-12 01:51 - 00000552 ____A C:\Windows\System32\spsys.log
2012-08-12 00:42 - 2012-08-13 03:11 - 00001732 ____A C:\Users\puppet\Desktop\Rkill.txt
2012-08-11 21:17 - 2012-08-11 21:17 - 00000000 ____D C:\Users\puppet\AppData\Roaming\Malwarebytes
2012-08-11 21:16 - 2012-08-11 21:16 - 00001073 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-08-11 21:16 - 2012-08-11 21:16 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-08-11 21:16 - 2012-08-11 21:16 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2012-08-11 21:16 - 2012-07-02 19:46 - 00022344 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-08-11 20:18 - 2012-08-12 02:25 - 00000000 ____D C:\Users\puppet\Desktop\rkill-backup
2012-08-11 20:02 - 2009-10-28 22:51 - 01051552 ____A (Bleeping Computer, LLC) C:\Users\puppet\Desktop\rkill.com
2012-08-11 19:16 - 2012-08-11 19:16 - 228909392 ____A C:\Windows\MEMORY.DMP
2012-08-11 19:16 - 2012-08-11 19:16 - 00144680 ____A C:\Windows\Minidump\081212-17331-01.dmp
2012-08-11 19:16 - 2012-08-11 19:16 - 00000000 ____D C:\Windows\Minidump
2012-08-11 13:39 - 2012-08-11 13:39 - 00000000 ____D C:\Users\Elisha\AppData\Local\Macromedia
2012-08-11 02:52 - 2012-04-23 21:48 - 1323074659 ____A C:\Users\puppet\Desktop\Game.of.Thrones.S02E04.mkv
2012-07-23 02:28 - 2012-07-23 03:58 - 00000564 ____A C:\Windows\Tasks\PCDoctorBackgroundMonitorTask-Delay.job
2012-07-16 01:26 - 2012-07-16 01:26 - 02105040 ____A (PeerBlock, LLC ) C:\Users\puppet\Desktop\PeerBlock-Setup_v1.1_r518.exe
2012-07-16 01:23 - 2012-07-16 01:28 - 00000000 ____D C:\Users\puppet\Downloads\Iron Sky 2012 720p H264 [Eng] johno70
2012-07-14 18:28 - 2012-07-14 18:28 - 02383427 ____A C:\Users\puppet\Desktop\371ab4184041133.mp4

============ 3 Months Modified Files ========================

2012-08-13 03:12 - 2012-08-13 03:12 - 00001771 ____A C:\Users\puppet\Desktop\RKreport[3].txt
2012-08-13 03:11 - 2012-08-12 00:42 - 00001732 ____A C:\Users\puppet\Desktop\Rkill.txt
2012-08-13 03:10 - 2012-08-13 03:10 - 00001679 ____A C:\Users\puppet\Desktop\RKreport[2].txt
2012-08-13 02:31 - 2012-08-13 02:31 - 00001941 ____A C:\Users\puppet\Desktop\RKreport[1].txt
2012-08-13 02:25 - 2012-08-13 02:30 - 01558528 ____A C:\Users\puppet\Desktop\RogueKiller.exe
2012-08-12 04:08 - 2009-12-25 22:05 - 00787070 ____A C:\Windows\System32\PerfStringBackup.INI
2012-08-12 03:27 - 2012-08-12 01:51 - 00001184 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-08-12 03:27 - 2012-08-12 01:51 - 00001184 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-08-12 03:21 - 2009-07-13 20:53 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-08-12 01:51 - 2012-08-12 01:51 - 00000552 ____A C:\Windows\System32\spsys.log
2012-08-11 21:16 - 2012-08-11 21:16 - 00001073 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-08-11 19:16 - 2012-08-11 19:16 - 228909392 ____A C:\Windows\MEMORY.DMP
2012-08-11 19:16 - 2012-08-11 19:16 - 00144680 ____A C:\Windows\Minidump\081212-17331-01.dmp
2012-08-11 19:07 - 2012-04-19 01:45 - 00000506 ____A C:\Windows\Tasks\SystemToolsDailyTest.job
2012-08-11 19:07 - 2009-12-25 22:21 - 00000394 _RASH C:\Users\All Users\ntuser.pol
2012-08-11 19:06 - 2009-12-25 21:50 - 00230066 ____A C:\Windows\PFRO.log
2012-08-11 17:01 - 2012-04-10 04:27 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-08-11 16:54 - 2009-12-25 22:00 - 01768452 ____A C:\Windows\WindowsUpdate.log
2012-08-11 16:53 - 2009-07-13 20:39 - 20913342 ____A C:\Windows\setupact.log
2012-08-03 03:01 - 2012-04-10 04:27 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2012-08-03 03:01 - 2011-05-18 02:41 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2012-07-26 02:03 - 2012-04-19 01:45 - 00000564 ____A C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
2012-07-23 03:58 - 2012-07-23 02:28 - 00000564 ____A C:\Windows\Tasks\PCDoctorBackgroundMonitorTask-Delay.job
2012-07-16 01:26 - 2012-07-16 01:26 - 02105040 ____A (PeerBlock, LLC ) C:\Users\puppet\Desktop\PeerBlock-Setup_v1.1_r518.exe
2012-07-14 18:28 - 2012-07-14 18:28 - 02383427 ____A C:\Users\puppet\Desktop\371ab4184041133.mp4
2012-07-14 17:59 - 2009-07-13 20:33 - 00418560 ____A C:\Windows\System32\FNTCACHE.DAT
2012-07-11 04:44 - 2006-11-02 02:23 - 00000251 ____A C:\Windows\win.ini
2012-07-11 04:38 - 2010-01-15 06:01 - 57442464 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-07-09 04:15 - 2011-12-18 05:09 - 00000000 ____A C:\Users\puppet\Desktop\New Text Document.txt
2012-07-04 03:52 - 2012-07-04 03:50 - 47543312 ____A C:\Users\puppet\Desktop\calibre-0.8.58.msi
2012-07-02 19:46 - 2012-08-11 21:16 - 00022344 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-06-24 01:31 - 2012-06-24 01:31 - 00016937 ____A C:\Users\puppet\Documents\expenses.xlsx
2012-06-18 03:34 - 2012-06-18 03:34 - 00014924 ____A C:\Users\puppet\Desktop\o-Demonoid.me-o_Visual_Basic_2010_Unleashed_by_Alessandro_Del_Sole.torrent
2012-06-18 03:32 - 2012-06-18 03:32 - 00010740 ____A C:\Users\puppet\Desktop\+-Demonoid.me-+_Visual_Basic_tutorials.torrent
2012-06-18 03:31 - 2012-06-18 03:31 - 00018197 ____A C:\Users\puppet\Desktop\[[Demonoid.me]]-Trading_Stock_Books_Collection(Total_490_Books).torrent
2012-06-12 04:24 - 2012-06-12 04:24 - 00023504 ____A C:\Users\puppet\Desktop\DBXCopyBlocks.zip
2012-06-12 04:24 - 2012-06-12 04:24 - 00003030 ____A C:\Users\puppet\Desktop\ObjDbx.zip
2012-06-12 03:43 - 2012-06-12 03:43 - 00013830 ____A C:\Users\puppet\Desktop\acad.xlsm
2012-06-12 03:42 - 2012-06-12 03:42 - 00100352 ____A C:\Users\puppet\Desktop\Drawing_Info.xls
2012-06-11 18:40 - 2012-07-11 04:38 - 02345984 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-06-08 20:56 - 2012-06-08 20:56 - 15120320 ____A C:\Users\puppet\Downloads\Visual Basic .NET Bible.zip
2012-06-08 20:41 - 2012-07-11 03:08 - 12873728 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-06-05 21:05 - 2012-07-11 03:09 - 01390080 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-06-05 21:05 - 2012-07-11 03:09 - 01236992 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-06-05 21:03 - 2012-07-11 03:09 - 00805376 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll
2012-06-03 00:29 - 2012-06-02 22:59 - 01203200 ____A C:\Users\puppet\Desktop\Current Stock Deal Settings.xls
2012-06-02 14:19 - 2012-06-23 02:06 - 01933848 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 14:19 - 2012-06-23 02:06 - 00577048 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 14:19 - 2012-06-23 02:06 - 00053784 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 14:19 - 2012-06-23 02:06 - 00045080 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 14:19 - 2012-06-23 02:06 - 00035864 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 14:12 - 2012-06-23 02:06 - 02422272 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 14:12 - 2012-06-23 02:06 - 00088576 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 01:07 - 2012-07-11 04:44 - 12314624 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-06-02 00:43 - 2012-07-11 04:44 - 09737728 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-06-02 00:33 - 2012-07-11 04:44 - 01800192 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-06-02 00:26 - 2012-07-11 04:44 - 01103872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-06-02 00:25 - 2012-07-11 04:44 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-06-02 00:25 - 2012-07-11 04:44 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-06-02 00:23 - 2012-07-11 04:44 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-06-02 00:21 - 2012-07-11 04:44 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-06-02 00:20 - 2012-07-11 04:44 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-06-02 00:19 - 2012-07-11 04:44 - 01793024 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-06-02 00:19 - 2012-07-11 04:44 - 00716800 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-06-02 00:17 - 2012-07-11 04:44 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-06-02 00:16 - 2012-07-11 04:44 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-06-02 00:14 - 2012-07-11 04:44 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-06-01 21:19 - 2012-06-23 02:06 - 00171904 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-01 21:12 - 2012-06-23 02:06 - 00033792 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-01 20:45 - 2012-07-11 03:09 - 00134000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-06-01 20:45 - 2012-07-11 03:09 - 00067440 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-06-01 20:40 - 2012-07-11 03:09 - 00369336 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-06-01 20:40 - 2012-07-11 03:09 - 00225280 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-06-01 20:39 - 2012-07-11 03:09 - 00219136 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-05-27 04:23 - 2012-05-27 04:23 - 00220275 ____A C:\Users\puppet\Desktop\120525 AV.xps
2012-05-26 21:13 - 2012-05-26 20:39 - 02265088 ____A C:\Users\puppet\Desktop\Tiered Margin.xls
2012-05-24 03:27 - 2010-11-10 19:10 - 00000426 ____A C:\Windows\BRWMARK.INI
2012-05-21 03:31 - 2012-05-21 03:19 - 01030656 ____A C:\Users\puppet\Desktop\Breakout v08c.xls
2012-05-20 03:58 - 2012-05-20 03:58 - 00367806 ____A C:\Users\puppet\Desktop\120518 AV.xps
2012-05-19 00:56 - 2012-05-19 00:55 - 01892192 ____A (ZabKat) C:\Users\puppet\Desktop\xplorer2_setup.exe


========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 12%
Total physical RAM: 4060.86 MB
Available physical RAM: 3566.79 MB
Total Pagefile: 4059.13 MB
Available Pagefile: 3579.36 MB
Total Virtual: 2047.88 MB
Available Virtual: 1952.7 MB

======================= Partitions =========================

1 Drive c: (OS) (Fixed) (Total:451.07 GB) (Free:219.13 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
2 Drive d: (RECOVERY) (Fixed) (Total:14.65 GB) (Free:8.97 GB) NTFS
4 Drive f: (NEW VOLUME) (Removable) (Total:0.97 GB) (Free:0.75 GB) FAT32
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 465 GB 0 B
Disk 1 Online 1000 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 39 MB 31 KB
Partition 2 Primary 14 GB 39 MB
Partition 3 Primary 451 GB 14 GB

==================================================================================

Disk: 0
Partition 1
Type : DE
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 FAT Partition 39 MB Healthy Hidden

==================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 D RECOVERY NTFS Partition 14 GB Healthy

==================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C OS NTFS Partition 451 GB Healthy

==================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 999 MB 31 KB

==================================================================================

Disk: 1
Partition 1
Type : 0B
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 F NEW VOLUME FAT32 Removable 999 MB Healthy

==================================================================================

Last Boot: 2012-08-11 10:00

======================= End Of Log ==========================

Farbar Recovery Scan Tool Version: 10-08-2012
Ran by SYSTEM at 2012-08-13 21:52:36
Running from F:\

================== Search: "services.exe" ===================

C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe
[2009-07-13 15:11] - [2009-07-13 17:14] - 0259072 ____A (Microsoft Corporation) 5F1B6A9C35D3D5CA72D6D6FDEF9747D6

C:\Windows\System32\services.exe
[2009-07-13 15:11] - [2009-07-13 17:14] - 0259072 ____A (Microsoft Corporation) 5F1B6A9C35D3D5CA72D6D6FDEF9747D6

C:\Users\puppet\resource\applications\ubcd\BartPE\I386\SYSTEM32\SERVICES.EXE
[2010-05-30 06:58] - [2004-08-04 02:00] - 0108032 ____A (Microsoft Corporation) C6CE6EEC82F187615D1002BB3BB50ED4

=== End Of Search ===

#7 MrCharlie

MrCharlie

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 28,137 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA

Posted 13 August 2012 - 07:07 AM

No ZA showing in any of the logs.

Check to see if you can use system restore.

MrC

Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#8 PiPPiP

PiPPiP

    New Member

  • Members
  • Pip
  • 11 posts

Posted 13 August 2012 - 07:23 AM

I can get into system restor, there are no system restore points.

any other ideas?

#9 MrCharlie

MrCharlie

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 28,137 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA

Posted 13 August 2012 - 07:32 AM

These infections are hard to get rid of, sometimes you end up doing a repair install.

Lets run some scans and see what we find.....

Please download and run TDSSKiller to your desktop as outlined below:

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

For Windows XP, double-click to start.
For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.


Posted Image

-------------------------

Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

Posted Image

------------------------

Click the Start Scan button.

Posted Image

-----------------------

If a suspicious object is detected, the default action will be Skip, click on Continue
If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
Skip and click on Continue


Posted Image

----------------------

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.


Posted Image


--------------------

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.
Sometimes these logs can be very large, in that case please attach it or zip it up and attach it.

-------------------

Here's a summary of what to do if you would like to print it out:

If a suspicious object is detected, the default action will be Skip, click on Continue
If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
Skip and click on Continue

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

MrC

Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#10 PiPPiP

PiPPiP

    New Member

  • Members
  • Pip
  • 11 posts

Posted 13 August 2012 - 08:18 AM

thanks for the help tonight MrC - the only issues were the unsigned names, nothing else appears out of place. I should note that all the programs suggested have been run from safe mode if that makes any difference? I also note with a bit web searching a very similar issue is reported here;

http://forums.malwar...ic=113624&st=20

which was also assisted by you. I failed to mention that McAfee originally detected the issue, and attempted to correct - my memory is a bit sketchy now as to what occurred first, but I am pretty sure that McAfee quarantined / deleted files (some of) and at that point, after a reboot, the system continued to report issues with services (the specified service does not exist as an installed service). I ran mwb in safe mode after that and it located 2 further instances (I have the log file for that if it helps).

All this to say that maybe these programs have done their jobs, but the issue remains to re-establish the services?

In any case I am turning in for the night, thanks again for your attention thus far. If you have any more thoughts on the matter let me know for action tomorrow p.m. my time.

Jack

#11 MrCharlie

MrCharlie

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 28,137 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA

Posted 13 August 2012 - 09:21 AM

That was me and I ended up suggesting a repair install.

If you haven't run ComboFix yet....please do:


Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingc...to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Give it at least 30-45 minutes to finish if needed.

Please include the C:\ComboFix.txt in your next reply for further review.

---------->NOTE<----------

If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#12 PiPPiP

PiPPiP

    New Member

  • Members
  • Pip
  • 11 posts

Posted 15 August 2012 - 12:55 AM

Hello again MrC,

I could not get combofix working in safe mode - the reported error "Installer integrity check has failed..."

Re-downloaded and attempted a second time but to no avail, don't think there is an issue with the file (size reported as 4.50 MB (4,718,592 bytes)).

I am moving towards a reformat - will wait your response before going down that path.

Regards

Jack

#13 MrCharlie

MrCharlie

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 28,137 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA

Posted 15 August 2012 - 06:13 AM

Try it like this......
Delete your copy of ComboFix. Grab a fresh copy and save it to your Desktop, but do not run it yet.

Please reboot to Safe Mode (tap the F8 key just before Windows starts to load and select the Safe Mode option from the menu).

Click Start --> Run, and enter this command exactly as shown: (copy and paste)

"%userprofile%\desktop\combofix.exe" /nombr

See if it will run successfully now. MrC

Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#14 PiPPiP

PiPPiP

    New Member

  • Members
  • Pip
  • 11 posts

Posted 15 August 2012 - 05:22 PM

Still same issue MrC, fails integrity check - I have run the same combofix file on another computer (xp) to verify it work, which it does...

#15 MrCharlie

MrCharlie

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 28,137 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA

Posted 15 August 2012 - 06:38 PM

Run RogueKiller again and post the log, MrC

Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#16 PiPPiP

PiPPiP

    New Member

  • Members
  • Pip
  • 11 posts

Posted 15 August 2012 - 09:55 PM

Here it is:

RogueKiller V7.6.6 [08/10/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Safe mode
User: puppet [Admin rights]
Mode: Scan -- Date: 08/16/2012 12:50:38

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 6 ¤¤¤
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND
[HJ] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost
::1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: +++++
--- User ---
[MBR] 50d9d9ddffdddc50ecc40a168dbff3d9
[BSP] 5f9f0c58b3376c2a04fdef57f5e4c646 : Windows 7 MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 80325 | Size: 15000 Mo
2 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 30800325 | Size: 461899 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: +++++
--- User ---
[MBR] e6077b7c3ef45d23f68af0a5f352b1c3
[BSP] b7e219eec111765c6c28afe87b639568 : MBR Code unknown
Partition table:
0 - [ACTIVE] FAT32 (0x0b) [VISIBLE] Offset (sectors): 63 | Size: 999 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[4].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt

#17 MrCharlie

MrCharlie

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 28,137 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA

Posted 16 August 2012 - 07:17 AM

Please do this:

Download TFC to your desktop
Close any open windows.
Double click the TFC icon to run the program
TFC will close all open programs itself in order to run,
Click the Start button to begin the process.
Allow TFC to run uninterrupted.
The program should not take long to finish it's job
Once its finished it should automatically reboot your machine,
if it doesn't, manually reboot to ensure a complete clean

Then take a look at this link for the integrity check error:

http://nsis.sourceforge.net/NSIS_Error

Let me know, MrC

Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#18 PiPPiP

PiPPiP

    New Member

  • Members
  • Pip
  • 11 posts

Posted 16 August 2012 - 05:07 PM

Thanks for persisting with this MrC - I realize the timezone difference makes the interaction somewhat disjointed. I'll attend the above instructions when I get home from work tonight.

Failing any explosive revelations that this latest test might reveal, I'll reformat over the weekend as I've got other work that needs action.

Regards

Jack

#19 MrCharlie

MrCharlie

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 28,137 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA

Posted 18 August 2012 - 04:17 PM

How are we doing??

Do you still need help or can I close this post??

MrC

Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#20 PiPPiP

PiPPiP

    New Member

  • Members
  • Pip
  • 11 posts

Posted 19 August 2012 - 01:26 AM

Hello MrC,

My attempts to follow the last instrunctions came to naught, and the disk became unresponsive - I've taken that a prompt to reformat.

Thanks for all the assistance.

regards

Jack





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users