Jump to content

bodlin

Members
 View Profile  See their activity

  • Posts

    9

  • Joined

  • Last visited

Reputation

0 Neutral
  1. bodlin
    Hi CatByte I've uninstalled the Java FX and also the Combofix and other DDS/MBR files. I've run the TFC and restarted the PC. Done the security settings like you said and also downloaded the WOT. I shall do the Keepass tomorrow as it's almost midnight and it's been a long week! We will use the PC over the weekend, change all our passwords and read the links you suggested. Thank you so much for all your help, you have really been a lifesaver. You have been really patient and I have done stuff on this PC that I never thought possible! Fingers crossed that all is well - will let you know if there are any problems. Will let you know on Monday if all has been well. Hope to get some replies for the corrupted db30 files on the Microsoft forum. It is a great job that you do; must be like learning another language! Very kind regards, Helena
  2. bodlin
    I have downloaded the latest Java and uninstalled the old versions. Do I need to uninstall JavaFX 2.1.1 also?
  3. bodlin
    Hi CatByte I have copied and pasted the command you gave me into the Run box, so hopefully the Babylon is now deleted. The mail files that I deleted and were in the Recycle Bin, I have restored. I will post a topic about the corrupted db30 file on the MSN forum as you suggested. The PC does seem to be working okay. It's not turning off as it did before. I haven't used it much, to be honest, as it's only been on these past few days to follow the instructions you've been giving me, and not much else. Do you think it is safe to use normally now and the infections are all gone? Kind regards, Helena
  4. bodlin
    Hi Catbyte Sorry it's taken me so long to reply to you. Been a bit of a frustrating day. I managed to get all the hidden files unhidden, and got inside the db30 folder, and couldn't actually find out what was in the .sdf files as it said it didn't know what program it would need to open them. They were very large and I decided to delete them anyway and then ran the ESET scan again. Again, froze at 45% on another bodlin\appdata\microsoft\MSN\bodlin-msn-com.f91. I can't open those types of files because everytime I try, it says it doesn't know what program it needs to open an .f91 file. All of the files in that db30 folder have a different alphanumeric ending and so of course I can't open any and so have just deleted some of them anyway - not all of them because I don't know what they are. I think it said you needed Microsoft Shell Commor to open them? So tried a different way, and went on to my hotmail folder and deleted a lot - like thirteen pages worth. Admittedly, I still have over one hundred pages of e-mails left. Deleting e-mails isn't a strong point! Tried yet another ESET scan and it yet again froze at 45% on another bodlin-msn-com.abc file. When I had the window open with the db30 contents in it, though, and I was trying on the top line (sorry I am not very articulate in explaining things) to find iangarland1-msn-com, I pressed Enter and it changed momentarily to a PC World Transfer file, which is where all our stuff from our previous PC was transferred over to this one when it was new, but I am sure that one of the previous viruses we found was hid there. Not sure if that is relevant. So anyway, have kept the log from the final ESET scan attempt, which of course froze at 45%. Please find below: C:\Users\bodlin\AppData\Local\Babylon\Setup\MyBabylonTB.exe a variant of Win32/Toolbar.Babylon application Thank you for your continued help. Kind regards, Helena
  5. bodlin
    Hi Catbyte I renamed the .sdf and JMF.sdf files as per your link, and added .old at the end of them. Also uninstalled the Babylon toolbar. Re ran the ESET scan. It again froze on 45% and the C:\Users\bodlin\AppData\Local\Microsoft\MSN\db30\iangarland1-msn-com_JMF.sdf.old Plus, before it froze, it found another Babylon file even though I'd uninstalled it. Log as follows: C:\Users\bodlin\AppData\Local\Babylon\Setup\MyBabylonTB.exe a variant of Win32/Toolbar.Babylon application Do you think I should just delete those .sdf files? I have no idea what they are or what .sdf means. Kind regards, Helena
  6. bodlin
    Hi Catbyte Did as you asked, the Malwarebytes quick scan didn't find anything. I'll post the log below: Malwarebytes Anti-Malware (Trial) 1.61.0.1400 www.malwarebytes.org Database version: v2012.07.04.05 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 bodlin :: BODLIN-PC [administrator] Protection: Disabled 04/07/2012 18:19:27 mbam-log-2012-07-04 (18-19-27).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 254973 Time elapsed: 7 minute(s), 19 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) The ESET scan froze at 45%, on the file: C:\Users\bodlin\AppData\Local\Microsoft\MSN\db30\iangarland1-msn-com_JMF.sdf That tends to be one of the files that the other scans have always got stuck at that I mentioned in my very first post, although I'm not sure I've ever seen the JMF.sdf before. Log as below: C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.30.0\BabylonToolbarApp.dll a variant of Win32/Toolbar.Babylon application C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.30.0\BabylonToolbarsrv.exe probably a variant of Win32/Toolbar.Babylon application C:\Users\bodlin\AppData\Local\Babylon\Setup\MyBabylonTB.exe a variant of Win32/Toolbar.Babylon application Hope to hear your thoughts on this soon, and thank you for all the help you've given so far; it is much appreciated. Kind regards, Helena
  7. bodlin
    Hi CatByte Did as you asked. The ComboFix took so long I left it running and went to bed as it was almost 1:00am. Here is it's log: ComboFix 12-07-02.01 - bodlin 04/07/2012 0:16.1.4 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.3069.1993 [GMT 1:00] Running from: c:\users\bodlin\Desktop\ComboFix.exe AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6} SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B} SP: Spy Sweeper *Disabled/Updated* {E840FC75-2A0B-9A7C-D915-4D1380A5C223} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\programdata\SPL1114.tmp c:\programdata\SPL3B51.tmp c:\programdata\SPLA0D2.tmp c:\programdata\SPLA39E.tmp c:\programdata\SPLBF29.tmp c:\users\bodlin\AppData\Local\assembly\tmp c:\users\bodlin\GoToAssistDownloadHelper.exe c:\users\bodlin\xobglu32.dll . . ((((((((((((((((((((((((( Files Created from 2012-06-04 to 2012-07-04 ))))))))))))))))))))))))))))))) . . 2012-07-04 00:52 . 2012-07-04 00:53 -------- d-----w- c:\users\bodlin\AppData\Local\temp 2012-07-04 00:52 . 2012-07-04 00:52 -------- d-----w- c:\users\Public\AppData\Local\temp 2012-07-04 00:52 . 2012-07-04 00:52 -------- d-----w- c:\users\Mcx1\AppData\Local\temp 2012-07-04 00:52 . 2012-07-04 00:52 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-07-03 23:22 . 2012-05-31 03:41 6762896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4FDA559A-B430-4C98-9F77-F788DC91A043}\mpengine.dll 2012-07-01 18:34 . 2012-05-31 03:41 6762896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2012-07-01 08:41 . 2012-07-01 08:41 -------- d-----w- C:\TDSSKiller_Quarantine 2012-07-01 07:43 . 2012-07-01 07:43 -------- d-----w- c:\users\bodlin\AppData\Roaming\DriverCure 2012-07-01 07:43 . 2012-07-01 07:43 -------- d-----w- c:\users\bodlin\AppData\Roaming\SpeedyPC Software 2012-07-01 07:42 . 2012-07-01 07:42 -------- d-----w- c:\program files\Common Files\SpeedyPC Software 2012-07-01 07:42 . 2012-07-01 07:42 -------- d-----w- c:\programdata\SpeedyPC Software 2012-07-01 07:42 . 2012-07-01 07:42 -------- d-----w- c:\program files\SpeedyPC Software 2012-06-28 21:00 . 2012-06-28 21:00 -------- d-----w- c:\users\bodlin\AppData\Roaming\SUPERAntiSpyware.com 2012-06-28 21:00 . 2012-06-28 21:00 -------- d-----w- c:\program files\SUPERAntiSpyware 2012-06-28 21:00 . 2012-06-28 21:00 -------- d-----w- c:\programdata\SUPERAntiSpyware.com 2012-06-26 20:13 . 2012-06-27 19:50 -------- d-----w- c:\program files\mal 2012-06-26 20:13 . 2012-04-04 14:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-06-26 08:09 . 2012-06-26 08:09 -------- d-----w- c:\program files\Oracle 2012-06-26 06:06 . 2012-06-26 06:06 -------- d-----w- c:\programdata\Kaspersky Lab 2012-06-24 08:03 . 2012-06-24 08:03 -------- d-----w- c:\users\bodlin\AppData\Roaming\Malwarebytes 2012-06-24 08:03 . 2012-06-24 08:03 -------- d-----w- c:\programdata\Malwarebytes 2012-06-21 12:37 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe 2012-06-21 12:37 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll 2012-06-21 12:37 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll 2012-06-21 12:37 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll 2012-06-21 12:37 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll 2012-06-21 12:37 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll 2012-06-21 12:37 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll 2012-06-21 12:37 . 2012-06-02 14:19 171904 ----a-w- c:\windows\system32\wuwebv.dll 2012-06-21 12:37 . 2012-06-02 14:12 33792 ----a-w- c:\windows\system32\wuapp.exe 2012-06-14 13:44 . 2012-04-23 16:00 984064 ----a-w- c:\windows\system32\crypt32.dll 2012-06-14 13:44 . 2012-04-23 16:00 98304 ----a-w- c:\windows\system32\cryptnet.dll 2012-06-14 13:44 . 2012-04-23 16:00 133120 ----a-w- c:\windows\system32\cryptsvc.dll 2012-06-14 13:43 . 2012-05-01 14:03 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-06-14 13:43 . 2012-05-15 19:51 2045440 ----a-w- c:\windows\system32\win32k.sys 2012-06-13 10:03 . 2012-02-10 19:37 713784 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B59662FC-4332-4ADB-AA00-F93C82E4812B}\gapaengine.dll 2012-06-12 08:21 . 2012-05-04 18:29 772504 ----a-w- c:\windows\system32\npdeployJava1.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-06-13 09:49 . 2012-04-08 19:18 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-06-13 09:49 . 2011-06-17 06:22 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-06-12 08:20 . 2010-06-01 16:59 472864 ----a-w- c:\windows\system32\deployJava1.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService] @="Service" . [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk backup=c:\windows\pss\Bluetooth.lnk.CommonStartup backupExtension=.CommonStartup . [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Kodak EasyShare software.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Kodak EasyShare software.lnk backup=c:\windows\pss\Kodak EasyShare software.lnk.CommonStartup backupExtension=.CommonStartup . [HKLM\~\startupfolder\C:^Users^bodlin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk] path=c:\users\bodlin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk backup=c:\windows\pss\OpenOffice.org 3.2.lnk.Startup backupExtension=.Startup . [HKLM\~\startupfolder\C:^Users^bodlin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Picture Motion Browser Media Check Tool.lnk] path=c:\users\bodlin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Picture Motion Browser Media Check Tool.lnk backup=c:\windows\pss\Picture Motion Browser Media Check Tool.lnk.Startup backupExtension=.Startup . [HKLM\~\startupfolder\C:^Users^bodlin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^_uninst_.lnk] path=c:\users\bodlin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_.lnk backup=c:\windows\pss\_uninst_.lnk.Startup backupExtension=.Startup . [HKLM\~\startupfolder\C:^Users^bodlin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^_uninst_01533329.lnk] path=c:\users\bodlin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_01533329.lnk backup=c:\windows\pss\_uninst_01533329.lnk.Startup backupExtension=.Startup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2012-01-03 13:10 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier] 2010-09-21 23:28 47904 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon] 2012-02-20 20:28 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Bluetooth HCI Monitor] 2006-12-07 23:50 9728 ----a-w- c:\windows\System32\HCIMNTR.DLL . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Broadcom Wireless Manager UI] 2007-12-06 10:15 1548288 ----a-w- c:\windows\System32\WLTRAY.EXE . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] 2006-11-02 09:45 8704 ----a-w- c:\windows\System32\ctfmon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ECenter] 2008-02-29 04:18 17920 ----a-w- c:\dell\E-Center\EULALauncher.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe] 2008-01-21 02:25 125952 ----a-w- c:\windows\ehome\ehtray.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EzPrint] 2010-01-18 09:51 139944 ----a-w- c:\program files\Lexmark S600 Series\ezprint.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FaxCenterServer] 2007-05-07 18:10 312240 ----a-w- c:\program files\Lexmark Fax Solutions\fm3032.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search] 2010-06-15 16:57 30192 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Updater] 2011-09-16 17:06 161336 ----a-w- c:\program files\Google\Google Updater\GoogleUpdater.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif] 2007-10-03 14:44 178712 ----a-w- c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2012-03-27 04:09 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxdiamon] 2007-03-05 12:40 20480 ----a-w- c:\program files\Lexmark 3500-4500 Series\lxdiamon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxdimon.exe] 2007-05-07 18:07 435120 ----a-w- c:\program files\Lexmark 3500-4500 Series\lxdimon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxedmon.exe] 2010-01-18 09:51 770728 ----a-w- c:\program files\Lexmark S600 Series\lxedmon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware] 2012-04-04 14:56 462408 ----a-w- c:\program files\mal\mbamgui.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyAgent] c:\program filesmicrosoft money\System\Money Express.exe [bU] . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSC] 2012-03-26 16:08 931200 ----a-w- c:\program files\Microsoft Security Client\msseces.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyFelix] 2011-08-21 09:08 8668520 ----a-w- c:\program files\MyFelix\MyFelix.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] 2008-05-23 07:37 13531680 ----a-w- c:\windows\System32\nvcpl.dll . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] 2008-05-23 07:38 92704 ----a-w- c:\windows\System32\nvmctray.dll . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PMX Daemon] 2006-11-08 14:01 49152 ----a-w- c:\windows\System32\ico.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2011-10-24 13:28 421888 ----a-w- c:\program files\QuickTime\QTTask.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray] 2008-05-14 09:31 244208 ----a-w- c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp] 2007-09-12 08:40 405504 ----a-w- c:\program files\Sigmatel\C-Major Audio\WDM\sttray.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] 2012-02-29 07:55 17148552 ----a-r- c:\program files\Skype\Phone\Skype.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpySweeper] 2011-04-05 14:55 6156336 ----a-w- c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware] 2012-06-26 17:33 3906432 ----a-w- c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] 2008-08-08 11:57 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] 2010-03-17 16:00 202256 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VX6000] 2010-01-29 00:04 764784 ----a-w- c:\windows\vVX6000.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender] 2008-01-21 02:23 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG] 2008-01-21 02:25 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe . R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x] S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [x] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x] . . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs REG_MULTI_SZ BthServ LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . Contents of the 'Scheduled Tasks' folder . 2012-07-04 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-08 09:49] . 2012-06-23 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-08-08 17:06] . 2012-07-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2008-12-28 19:50] . 2012-07-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2008-12-28 19:50] . 2012-06-17 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job - c:\program files\Dell Support Center\uaclauncher.exe [2010-11-18 15:13] . 2012-07-01 c:\windows\Tasks\SpeedyPC Pro.job - c:\program files\SpeedyPC Software\SpeedyPC\SpeedyPC.exe [2012-01-30 22:17] . 2012-07-01 c:\windows\Tasks\SpeedyPC Registration3.job - c:\program files\Common Files\SpeedyPC Software\UUS3\UUS3.dll [2012-01-30 22:17] . 2012-07-01 c:\windows\Tasks\SpeedyPC Update Version3.job - c:\program files\Common Files\SpeedyPC Software\UUS3\SpeedyPC_Update3.exe [2012-01-30 22:17] . 2012-07-04 c:\windows\Tasks\SystemToolsDailyTest.job - c:\program files\Dell Support Center\pcdrcui.exe [2010-11-18 15:13] . 2012-06-15 c:\windows\Tasks\wrSpySweeper_LAD90687C159D4A61870B02FA027F5F4F.job - c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe [2008-08-15 14:55] . 2012-06-15 c:\windows\Tasks\wrSpySweeper_LAD90687C159D4A61870B02FA027F5F4F.job - c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe [2008-08-15 14:55] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.co.uk/ig/dell?hl=en&client=dell-usuk&channel=uk&ibd=0080808 uInternet Settings,ProxyOverride = *.local uSearchURL,(Default) = hxxp://uk.search.yahoo.com/search?fr=mcafee&p=%s IE: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm Trusted Zone: internet Trusted Zone: maris.com\www.redshift Trusted Zone: mcafee.com TCP: DhcpNameServer = 192.168.0.1 DPF: {A9CF3378-D60E-40A8-927D-7EA0D5B0AA98} - hxxp://webalbum.bonusprint.com/ukipc01/downloads//ImageUploader6.cab . Supplementary scan did not complete! . - - - - ORPHANS REMOVED - - - - . MSConfigStartUp-DellSupportCenter - c:\program files\Dell Support Center\bin\sprtcmd.exe MSConfigStartUp-MsnMsgr - c:\program files\MSN Messenger\MsnMsgr.Exe MSConfigStartUp-SpybotSD TeaTimer - c:\program files\Spybot - Search & Destroy\TeaTimer.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-07-04 01:53 Windows 6.0.6002 Service Pack 2 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (LocalSystem) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,7b,50,88,08,28,f7,aa,4d,be,1a,2d,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,7b,50,88,08,28,f7,aa,4d,be,1a,2d,\ . [HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . Completion time: 2012-07-04 01:55:41 ComboFix-quarantined-files.txt 2011-06-06 11:15 ComboFix2.txt 2011-06-06 11:15 . Pre-Run: 478,537,891,840 bytes free Post-Run: 481,490,759,680 bytes free . - - End Of File - - 72572C198976AC49A7859AB2864ED364 Kind regards, Helena
  8. bodlin
    Hello Catbyte, Thank you for replying and helping us with our problem. I did all of this in Safe Mode with Networking - I don't know if that makes a difference? The computer wouldn't let me save the Avast virus scanner program to the Desktop, so I just ran it anyway. I tried it twice. The first time it froze after a few minutes on Scanning C:\Users\bodlin\AppData\Local\Installer9420\Setup.exe but I noticed that when I saved the log (because after a while I just pressed Save Log as the Scan wasn't moving) it didn't mention that one. I didn't notice the time on the first scan I did, but on the second scan I ran, it got stuck again on that same file, and the time was 19:50:23:736. I took a note of that as it might be useful? The first log of the first scan is as follows: aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software Run date: 2012-07-03 19:02:30 ----------------------------- 19:02:30.419 OS Version: Windows 6.0.6002 Service Pack 2 19:02:30.419 Number of processors: 4 586 0xF0B 19:02:30.419 ComputerName: BODLIN-PC UserName: bodlin 19:02:48.031 Initialize success 19:04:54.344 AVAST engine defs: 12070300 19:05:19.055 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 19:05:19.055 Disk 0 Vendor: Intel___ 1.0. Size: 953875MB BusType: 8 19:05:19.070 Disk 0 MBR read successfully 19:05:19.070 Disk 0 MBR scan 19:05:19.086 Disk 0 Windows VISTA default MBR code 19:05:19.086 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 70 MB offset 63 19:05:19.102 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 15360 MB offset 145408 19:05:19.117 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 938443 MB offset 31602688 19:05:19.117 Disk 0 scanning sectors +1953533952 19:05:19.195 Disk 0 scanning C:\Windows\system32\drivers 19:05:30.583 Service scanning 19:05:48.726 Modules scanning 19:05:51.409 Disk 0 trace - called modules: 19:05:51.425 ntkrnlpa.exe CLASSPNP.SYS disk.sys iastor.sys hal.dll 19:05:51.425 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86545ac8] 19:05:51.425 3 CLASSPNP.SYS[8379f8b3] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x86546028] 19:05:54.779 AVAST engine scan C:\Windows 19:06:00.863 AVAST engine scan C:\Windows\system32 19:09:32.726 AVAST engine scan C:\Windows\system32\drivers 19:10:12.912 AVAST engine scan C:\Users\bodlin 19:36:21.632 Disk 0 MBR has been saved successfully to "C:\Users\bodlin\Desktop\MBR.dat" 19:36:21.632 The log file has been saved successfully to "C:\Users\bodlin\Desktop\aswMBR.txt" I've added the MBR.zip for you (I am unsure if that is the MBR from the first or second scan as there was only one on the Desktop) The second scan log is as follows: aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software Run date: 2012-07-03 19:39:06 ----------------------------- 19:39:06.556 OS Version: Windows 6.0.6002 Service Pack 2 19:39:06.556 Number of processors: 4 586 0xF0B 19:39:06.556 ComputerName: BODLIN-PC UserName: bodlin 19:39:09.504 Initialize success 19:39:13.716 AVAST engine defs: 12070300 19:39:32.467 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 19:39:32.483 Disk 0 Vendor: Intel___ 1.0. Size: 953875MB BusType: 8 19:39:32.514 Disk 0 MBR read successfully 19:39:32.514 Disk 0 MBR scan 19:39:32.530 Disk 0 Windows VISTA default MBR code 19:39:32.545 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 70 MB offset 63 19:39:32.561 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 15360 MB offset 145408 19:39:32.576 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 938443 MB offset 31602688 19:39:32.608 Disk 0 scanning sectors +1953533952 19:39:32.717 Disk 0 scanning C:\Windows\system32\drivers 19:39:49.471 Service scanning 19:40:06.538 Modules scanning 19:40:13.464 Disk 0 trace - called modules: 19:40:13.480 ntkrnlpa.exe CLASSPNP.SYS disk.sys iastor.sys hal.dll 19:40:13.480 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86545ac8] 19:40:13.480 3 CLASSPNP.SYS[8379f8b3] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x86546028] 19:40:16.397 AVAST engine scan C:\Windows 19:41:39.342 AVAST engine scan C:\Windows\system32 19:47:42.557 AVAST engine scan C:\Windows\system32\drivers 19:49:26.656 AVAST engine scan C:\Users\bodlin 20:21:19.325 Disk 0 MBR has been saved successfully to "C:\Users\bodlin\Desktop\MBR.dat" 20:21:19.356 The log file has been saved successfully to "C:\Users\bodlin\Desktop\aswMBR2.txt" Can I ask please, have you noticed anything when you saw our logs in our initial post and this one? Did you see anything there that indicated malware? MBR.zip Many thanks, Helena
  9. bodlin
    Hello there, We had no problems at all until I think 24th June when the computer just shut down by itself - went to a black screen and shut off. When we started it again the beginning screen (the blue one where you put your Windows password in) had lots of colons and vertical lines on it, and then a few minutes later it shut down again. We ran a full scan which took hours, and which found Exploit:Java/CVE-2012-0507.CA so we deleted that but all did still not seem well. We kept it mainly in Safe Mode and sometimes Safe Mode with Networking after that, and on 26th June MBAM found a Trojan.Zbot. After that, though, the scans just seem to be so slow (we ran Kaspersky Anti Virus Removal Tool and it said it was going to take 18 days!) and they tend to freeze after a while, always on the same one or two files which are, I think, e-mail ones. The Kaspersky scan did find seven Trojans before it froze, though. So now we are thinking that whatever it is on our computer is interfering with our scans. We are desperate for some expert help. We are pretty much computer novices and use our PC for things that most people do - e-mails, surfing the web and buying things, but don't know anything about registry edits or anything else. If someone could please kindly help us sort this, we would be very grateful. I have (hopefully) managed to disable the script thing, and found Notepad, and have done the two logs, pasted below: . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.5.1 Run by bodlin at 20:53:16 on 2012-07-01 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.3069.1593 [GMT 1:00] . AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B} SP: Spy Sweeper *Disabled/Updated* {E840FC75-2A0B-9A7C-D915-4D1380A5C223} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exe C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k rpcss c:\Program Files\Microsoft Security Client\MsMpEng.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\SLsvc.exe C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\WLTRYSVC.EXE C:\Windows\System32\bcmwltry.exe C:\Windows\system32\WUDFHost.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\rundll32.exe C:\Program Files\SUPERAntiSpyware\SASCORE.EXE C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Windows\system32\svchost.exe -k bthsvcs C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe C:\Windows\system32\spool\DRIVERS\W32X86\3\lxdiserv.exe C:\Windows\system32\lxdicoms.exe C:\Windows\system32\lxedcoms.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\Windows\system32\STacSV.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Windows\system32\SearchIndexer.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\system32\WUDFHost.exe C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files\XPSMiniViewGadget\XPSMiniViewGadget.exe C:\Windows\system32\taskeng.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Windows Media Player\wmpnetwk.exe I:\erin.exe C:\Users\bodlin\AppData\Local\Temp\RarSFX2\2941237.exe C:\Windows\ehome\ehsched.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\ehome\ehRecvr.exe C:\Users\bodlin\AppData\Local\Temp\1310884\2941237.exe C:\Windows\system32\SearchProtocolHost.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Microsoft Security Client\msseces.exe c:\Program Files\Microsoft Security Client\MpCmdRun.exe C:\Windows\system32\wuauclt.exe C:\Windows\SoftwareDistribution\Download\Install\AM_Delta_Patch_1.129.793.0.exe C:\Windows\system32\MpSigStub.exe C:\Program Files\mal\mbamservice.exe C:\Program Files\mal\mbamgui.exe C:\Windows\System32\notepad.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.co.uk/ig/dell?hl=en&client=dell-usuk&channel=uk&ibd=0080808 uWindow Title = Internet Explorer provided by Dell uDefault_Page_URL = hxxp://www.google.co.uk/ig/dell?hl=en&client=dell-usuk&channel=uk&ibd=0080808 uInternet Settings,ProxyOverride = *.local uSearchURL,(Default) = hxxp://uk.search.yahoo.com/search?fr=mcafee&p=%s BHO: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark toolbar\toolband.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\oracle\javafx 2.1 runtime\bin\ssv.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\oracle\javafx 2.1 runtime\bin\jp2ssv.dll TB: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark toolbar\toolband.dll TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File mRun: [<NO NAME>] mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll Trusted Zone: internet Trusted Zone: maris.com\www.redshift Trusted Zone: mcafee.com DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} - hxxp://homebase.2020.net/Core/Player/2020PlayerAX_Win32.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab DPF: {A1F35586-A5A8-4D37-947A-81875350B11F} - hxxp://webalbum.bonusprint.com/ukipc01/downloads//ImageUploader4.cab DPF: {A9CF3378-D60E-40A8-927D-7EA0D5B0AA98} - hxxp://webalbum.bonusprint.com/ukipc01/downloads//ImageUploader6.cab DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} - hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-29-0.cab DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab TCP: DhcpNameServer = 192.168.0.1 TCP: Interfaces\{B3396F8B-7857-4C4D-BFBE-E22C68CD2923} : DhcpNameServer = 192.168.0.1 Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL AppInit_DLLs: c:\progra~1\google\google~2\goec62~1.dll SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL . ============= SERVICES / DRIVERS =============== . R0 01533329;01533329;c:\windows\system32\drivers\01533329.sys [2012-7-1 133208] R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 171064] R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [2011-3-22 29832] R1 MpKsl22f9dff1;MpKsl22f9dff1;c:\programdata\microsoft\microsoft antimalware\definition updates\{12fa95d8-a1ed-4d8c-a7ef-bd28373c0cdd}\MpKsl22f9dff1.sys [2012-7-1 29904] R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880] R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664] R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-12 116608] R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-1-3 63928] R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504] R2 lxdi_device;lxdi_device;c:\windows\system32\lxdicoms.exe -service --> c:\windows\system32\lxdicoms.exe -service [?] R2 lxdiCATSCustConnectService;lxdiCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdiserv.exe [2007-4-26 99248] R2 lxed_device;lxed_device;c:\windows\system32\lxedcoms.exe -service --> c:\windows\system32\lxedcoms.exe -service [?] R2 MBAMService;MBAMService;c:\program files\mal\mbamservice.exe [2012-6-26 654408] R2 WebrootSpySweeperService;Webroot Spy Sweeper Engine;c:\program files\webroot\spy sweeper\SpySweeper.exe [2011-3-22 4048256] R2 WRConsumerService;Webroot Client Service;c:\program files\webroot\spy sweeper\WRConsumerService.exe [2009-5-9 1201656] R3 HCW85BDA;Hauppauge WinTV 885 Video Capture;c:\windows\system32\drivers\HCW85BDA.sys [2009-7-14 1443584] R3 LazerUsb;Lumanate Lazer USB;c:\windows\system32\drivers\LazerUsb.sys [2007-10-16 5739520] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-6-26 22344] R3 pmxmouse;PMXMOUSE;c:\windows\system32\drivers\pmxmouse.sys [2008-8-8 18432] R3 pmxusblf;PMXUSBLF;c:\windows\system32\drivers\pmxusblf.sys [2008-8-8 19008] R3 VX6000;Microsoft LifeCam VX-6000;c:\windows\system32\drivers\VX6000Xp.sys [2010-1-29 2074480] RUnknown 2941237drv;2941237drv; [x] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 gupdate1c96930cb12cd1;Google Update Service (gupdate1c96930cb12cd1);c:\program files\google\update\GoogleUpdate.exe [2008-12-28 133104] S2 lxedCATSCustConnectService;lxedCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxedserv.exe [2010-5-5 193192] S2 RoxLiveShare10;LiveShare P2P Server 10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxLiveShare10.exe [2008-5-14 309744] S2 RoxWatch10;Roxio Hard Drive Watcher 10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxWatch10.exe [2008-5-14 166384] S2 SessionLauncher;SessionLauncher;c:\users\admini~1\appdata\local\temp\dx9\sessionlauncher.exe --> c:\users\admini~1\appdata\local\temp\dx9\SessionLauncher.exe [?] S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-2-29 158856] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-8 257224] S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2010-10-28 39272] S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2011-5-13 1492840] S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2008-8-8 30192] S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2008-12-28 133104] S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2010-10-24 74112] S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2012-3-26 214952] S3 RoxMediaDB10;RoxMediaDB10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxMediaDB10.exe [2008-5-14 1120752] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504] S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040] . =============== Created Last 30 ================ . 2012-07-01 18:34:53 6762896 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{dd687f68-07f0-442c-816e-d68ae5b27b49}\mpengine.dll 2012-07-01 17:25:55 29904 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{12fa95d8-a1ed-4d8c-a7ef-bd28373c0cdd}\MpKsl22f9dff1.sys 2012-07-01 17:25:50 133208 ----a-w- c:\windows\system32\drivers\01533329.sys 2012-07-01 09:48:48 6762896 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{12fa95d8-a1ed-4d8c-a7ef-bd28373c0cdd}\mpengine.dll 2012-07-01 08:41:04 -------- d-----w- C:\TDSSKiller_Quarantine 2012-07-01 07:43:15 -------- d-----w- c:\users\bodlin\appdata\roaming\DriverCure 2012-07-01 07:43:12 -------- d-----w- c:\users\bodlin\appdata\roaming\SpeedyPC Software 2012-07-01 07:42:58 -------- d-----w- c:\program files\common files\SpeedyPC Software 2012-07-01 07:42:56 -------- d-----w- c:\programdata\SpeedyPC Software 2012-07-01 07:42:56 -------- d-----w- c:\program files\SpeedyPC Software 2012-06-28 21:00:12 -------- d-----w- c:\users\bodlin\appdata\roaming\SUPERAntiSpyware.com 2012-06-28 21:00:08 -------- d-----w- c:\programdata\SUPERAntiSpyware.com 2012-06-28 21:00:08 -------- d-----w- c:\program files\SUPERAntiSpyware 2012-06-27 20:38:55 6762896 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll 2012-06-26 20:13:32 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-06-26 20:13:32 -------- d-----w- c:\program files\mal 2012-06-26 08:09:48 -------- d-----w- c:\program files\Oracle 2012-06-26 06:06:48 -------- d-----w- c:\programdata\Kaspersky Lab 2012-06-24 08:03:51 -------- d-----w- c:\users\bodlin\appdata\roaming\Malwarebytes 2012-06-24 08:03:39 -------- d-----w- c:\programdata\Malwarebytes 2012-06-21 12:37:31 2422272 ----a-w- c:\windows\system32\wucltux.dll 2012-06-21 12:37:09 88576 ----a-w- c:\windows\system32\wudriver.dll 2012-06-21 12:37:00 33792 ----a-w- c:\windows\system32\wuapp.exe 2012-06-21 12:37:00 171904 ----a-w- c:\windows\system32\wuwebv.dll 2012-06-15 06:26:07 -------- d-----w- c:\windows\pss 2012-06-14 13:44:11 984064 ----a-w- c:\windows\system32\crypt32.dll 2012-06-14 13:44:11 98304 ----a-w- c:\windows\system32\cryptnet.dll 2012-06-14 13:44:11 133120 ----a-w- c:\windows\system32\cryptsvc.dll 2012-06-14 13:43:41 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-06-14 13:43:40 2045440 ----a-w- c:\windows\system32\win32k.sys 2012-06-13 10:03:28 713784 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{b59662fc-4332-4adb-aa00-f93c82e4812b}\gapaengine.dll 2012-06-12 17:25:12 -------- d-----w- c:\users\bodlin\appdata\local\{039B4B0A-9A18-447E-97F7-59AD8FA6C95F} 2012-06-12 17:24:55 -------- d-----w- c:\users\bodlin\appdata\local\{B648D53D-18BA-46DC-A760-B92AD60B1C7B} 2012-06-12 08:21:14 772504 ----a-w- c:\windows\system32\npdeployJava1.dll . ==================== Find3M ==================== . 2012-06-13 09:49:47 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-06-13 09:49:47 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-06-12 08:20:42 472864 ----a-w- c:\windows\system32\deployJava1.dll 2012-05-17 22:45:37 1800192 ----a-w- c:\windows\system32\jscript9.dll 2012-05-17 22:35:47 1129472 ----a-w- c:\windows\system32\wininet.dll 2012-05-17 22:35:39 1427968 ----a-w- c:\windows\system32\inetcpl.cpl 2012-05-17 22:29:45 142848 ----a-w- c:\windows\system32\ieUnatt.exe 2012-05-17 22:24:45 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2012-04-03 08:16:12 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe 2012-04-03 08:16:11 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe . ============= FINISH: 20:56:07.68 =============== and the second log is as follows: . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft® Windows Vista™ Home Premium Boot Device: \Device\HarddiskVolume3 Install Date: 08/08/2008 13:36:23 System Uptime: 01/07/2012 18:23:04 (2 hours ago) . Motherboard: Dell Inc. | | 0TP406 Processor: Intel® Core™2 Quad CPU Q6600 @ 2.40GHz | CPU | 2394/1066mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 916 GiB total, 446.006 GiB free. D: is FIXED (NTFS) - 15 GiB total, 5 GiB free. E: is CDROM () F: is Removable G: is Removable H: is Removable I: is Removable . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . . ==== Installed Programs ====================== . ABBYY FineReader 6.0 Sprint Adobe AIR Adobe Anchor Service CS3 Adobe Asset Services CS3 Adobe Bridge CS3 Adobe Bridge Start Meeting Adobe Camera Raw 4.0 Adobe CMaps Adobe Default Language CS3 Adobe Device Central CS3 Adobe Elements Studio Launcher Adobe ExtendScript Toolkit 2 Adobe Flash Player 11 ActiveX Adobe Help Viewer CS3 Adobe PDF Library Files Adobe Photoshop Elements 6.0 Adobe Premiere Elements 4.0 Adobe Premiere Elements 4.0 Templates Adobe Reader X (10.1.3) Adobe Setup Adobe Shockwave Player 11.5 Adobe Soundbooth CS3 Adobe Soundbooth CS3 Codecs Adobe Soundbooth CS3 Scores Adobe Type Support Adobe Update Manager CS3 Adobe Version Cue CS3 Client Adobe XMP DVA Panels CS3 Adobe XMP Panels CS3 Apple Application Support Apple Mobile Device Support Apple Software Update Babylon toolbar on IE Bonjour Browser Address Error Redirector CCScore Compatibility Pack for the 2007 Office system D3DX10 Dell Getting Started Guide Dell Support Center Dell Wireless WLAN Card Dell Xcelerator™ for Portable Devices DIGReqEx DirectXInstallService Disney Princess Screen Saver EDocs ESSBrwr ESSCDBK ESScore ESSgui ESSini ESSPCD ESSPDock ESSSONIC ESSTOOLS essvatgt Family Tree Maker Family Tree Maker 2005 fflink Getting Ready for School Google Chrome Google Desktop Google Earth Google Toolbar for Internet Explorer Google Update Helper Google Updater Hauppauge MCE XP/Vista Software Encoder (2.0.25296) Hauppauge TV Tuner Driver Highlight Viewer (Windows Live Toolbar) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Intel® Matrix Storage Manager Intel® PRO Network Connections 12.1.12.4 InterActual Player iTunes Java Auto Updater Java™ 6 Update 20 Java™ 6 Update 32 Java™ 6 Update 5 Java™ 6 Update 7 Java™ 7 Update 5 JavaFX 2.1.1 Junk Mail filter update kgcbaby kgcbase kgchday kgchlwn kgcinvt kgckids kgcmove kgcvday Kidizoom® Pro & Plus Kodak EasyShare software Learning Ladder Preschool LEGO Digital Designer Lexmark 3500-4500 Series Lexmark Fax Solutions Lexmark S600 Series Lexmark Toolbar Lizardtech DjVu Control Malwarebytes Anti-Malware version 1.61.0.1400 Map Button (Windows Live Toolbar) Mesh Runtime Messenger Companion Microsoft .NET Framework 3.5 SP1 Microsoft .NET Framework 4 Client Profile Microsoft Application Error Reporting Microsoft Corporation Microsoft Office PowerPoint Viewer 2007 (English) Microsoft Office Word Viewer 2003 Microsoft Search Enhancement Pack Microsoft Security Client Microsoft Security Essentials Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Works MobileMe Control Panel Mouse Suite for Desktop Computers MSN MSVCRT MSXML 4.0 SP2 (KB936181) MSXML 4.0 SP2 (KB941833) MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) My First CD-ROM - Getting Ready for School XP Update MyFelix Nessy Fingers - Demo Version netbrdg NVIDIA Drivers OfotoXMI OGA Notifier 2.0.0048.0 OpenOffice.org 3.2 QuickTime RealPlayer RealUpgrade 1.0 RedShift 6 Premium Roxio Activation Module Roxio CinePlayer Decoder Pack Roxio Creator Audio Roxio Creator Copy Roxio Creator Data Roxio Creator Premier Roxio Creator Premier 10 Roxio Creator Tools Roxio Express Labeler Roxio Update Manager Safari Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424) Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Segoe UI SFR SHASTA skin0001 SKINXSDK Skype Click to Call Skype™ 5.8 Smart Menus (Windows Live Toolbar) Sony Picture Utility SpeedyPC Pro Spelling Dictionaries Support For Adobe Reader 8 Spy Sweeper Core Spy Sweeper for MSN staticcr SUPERAntiSpyware Tesco Download Manager tooltips TouchCopy 11 Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Virtual Puppy VPRINTOL WIDCOMM Bluetooth Software 6.0.1.4300 Windows Live Communications Platform Windows Live Essentials Windows Live Family Safety Windows Live Favorites for Windows Live Toolbar Windows Live ID Sign-in Assistant Windows Live Installer Windows Live Mail Windows Live Mesh Windows Live Mesh ActiveX Control for Remote Connections Windows Live Messenger Windows Live Messenger Companion Core Windows Live MIME IFilter Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live Remote Client Windows Live Remote Client Resources Windows Live Remote Service Windows Live Remote Service Resources Windows Live SOXE Windows Live SOXE Definitions Windows Live Sync Windows Live Toolbar Extension (Windows Live Toolbar) Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources WIRELESS XPS MiniView Gadget . ==== Event Viewer Messages From Past Week ======== . 30/06/2012 21:34:03, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046} 30/06/2012 21:22:02, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.129.566.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8502.0 Error code: 0x8007043c Error description: This service cannot be started in Safe Mode 30/06/2012 21:17:33, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.129.566.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8502.0 Error code: 0x8007043c Error description: This service cannot be started in Safe Mode 30/06/2012 21:16:05, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.129.566.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8502.0 Error code: 0x8007043c Error description: This service cannot be started in Safe Mode 30/06/2012 21:16:05, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334} 30/06/2012 21:09:42, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start. 30/06/2012 21:06:24, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.129.566.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8502.0 Error code: 0x8007043c Error description: This service cannot be started in Safe Mode 30/06/2012 21:04:07, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC MpFilter NetBIOS netbt nsiproxy PSched RasAcd rdbss SASDIFSV SASKUTIL Smb spldr Tcpip tdx Wanarpv6 30/06/2012 21:04:07, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 30/06/2012 21:04:07, Error: Service Control Manager [7001] - The WebDav Client Redirector Driver service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning. 30/06/2012 21:04:07, Error: Service Control Manager [7001] - The WebClient service depends on the WebDav Client Redirector Driver service which failed to start because of the following error: The dependency service or group failed to start. 30/06/2012 21:04:07, Error: Service Control Manager [7001] - The TCP/IP Registry Compatibility service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning. 30/06/2012 21:04:07, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning. 30/06/2012 21:04:07, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning. 30/06/2012 21:04:07, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start. 30/06/2012 21:04:07, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start. 30/06/2012 21:04:07, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service service which failed to start because of the following error: A device attached to the system is not functioning. 30/06/2012 21:04:07, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning. 30/06/2012 21:04:07, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 30/06/2012 21:04:07, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning. 30/06/2012 21:04:07, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning. 30/06/2012 21:04:07, Error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning. 30/06/2012 21:04:07, Error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning. 30/06/2012 21:03:32, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89} 30/06/2012 21:03:32, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E} 28/06/2012 21:54:47, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: MpFilter spldr Wanarpv6 28/06/2012 21:49:57, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC MpFilter NetBIOS netbt nsiproxy PSched RasAcd rdbss Smb spldr Tcpip tdx Wanarpv6 28/06/2012 21:46:25, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wcncsvc with arguments "" in order to run the server: {375FF000-DD27-11D9-8F9C-0002B3988E81} 28/06/2012 21:46:25, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F} 28/06/2012 19:26:16, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.129.566.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8502.0 Error code: 0x8007043c Error description: This service cannot be started in Safe Mode 27/06/2012 22:05:54, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.129.469.0 Update Source: Microsoft Update Server Update Stage: Install Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8502.0 Error code: 0x8024001e Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 27/06/2012 21:18:53, Error: EventLog [6008] - The previous system shutdown at 21:17:40 on 27/06/2012 was unexpected. 27/06/2012 19:40:47, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.129.469.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8502.0 Error code: 0x8007043c Error description: This service cannot be started in Safe Mode 26/06/2012 21:03:57, Error: EventLog [6008] - The previous system shutdown at 16:33:22 on 26/06/2012 was unexpected. 26/06/2012 01:42:59, Error: EventLog [6008] - The previous system shutdown at 21:38:00 on 25/06/2012 was unexpected. 24/06/2012 22:05:52, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.129.349.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8502.0 Error code: 0x8007043c Error description: This service cannot be started in Safe Mode 24/06/2012 19:30:31, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.129.349.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8502.0 Error code: 0x8007043c Error description: This service cannot be started in Safe Mode 24/06/2012 08:25:25, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.129.349.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8502.0 Error code: 0x8007043c Error description: This service cannot be started in Safe Mode 24/06/2012 08:23:53, Error: EventLog [6008] - The previous system shutdown at 08:21:28 on 24/06/2012 was unexpected. 01/07/2012 19:43:12, Error: Microsoft-Windows-WMPNSS-Service [14365] - Proximity detection failed due to unknown error '0x80004004'. The best proximity time detected was -1 milliseconds. 01/07/2012 18:23:57, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the lxedCATSCustConnectService service to connect. 01/07/2012 18:23:57, Error: Service Control Manager [7000] - The SupportSoft Sprocket Service (dellsupportcenter) service failed to start due to the following error: The system cannot find the file specified. 01/07/2012 18:23:57, Error: Service Control Manager [7000] - The SessionLauncher service failed to start due to the following error: The system cannot find the path specified. 01/07/2012 18:23:57, Error: Service Control Manager [7000] - The lxedCATSCustConnectService service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 01/07/2012 17:48:03, Error: Service Control Manager [7001] - The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start. 01/07/2012 17:46:37, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: MpFilter SASDIFSV SASKUTIL spldr Wanarpv6 01/07/2012 17:46:37, Error: Service Control Manager [7001] - The Windows Media Center Extender Service service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start. 01/07/2012 17:46:37, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start. 01/07/2012 17:46:35, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} 01/07/2012 17:46:26, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030} 01/07/2012 17:46:24, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF} 01/07/2012 17:46:23, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} 01/07/2012 17:46:17, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC} 01/07/2012 17:46:03, Error: Microsoft-Windows-TerminalServices-LocalSessionManager [1048] - Terminal Service start failed. The relevant status code was This service cannot be started in Safe Mode . 01/07/2012 17:46:03, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service TermService with arguments "" in order to run the server: {F9A874B6-F8A8-4D73-B5A8-AB610816828B} 01/07/2012 17:45:53, Error: EventLog [6008] - The previous system shutdown at 12:05:56 on 01/07/2012 was unexpected. 01/07/2012 12:06:27, Error: BTHUSB [17] - The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded. . ==== End Of File =========================== I have looked a lot on the internet for ways to try and sort this out, and have ticked checkboxes and disabled all the Startup things trying to get things right. I hope I haven't made a terrible mess. Thank you very much for taking the time to look at our post and for trying to help us. It would be great to know if you find anything. Kind regards, Helena
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.