Jump to content

bodlin

Members
 View Profile  See their activity

  • Posts

    9

  • Joined

  • Last visited

 Content Type 

Posts posted by bodlin

    My computer is infected and we can't seem to get it clean. Please help!

    in Resolved Malware Removal Logs

    Posted

    Hi CatByte

    I've uninstalled the Java FX and also the Combofix and other DDS/MBR files. I've run the TFC and restarted the PC. Done the security settings like you said and also downloaded the WOT. I shall do the Keepass tomorrow as it's almost midnight and it's been a long week! We will use the PC over the weekend, change all our passwords and read the links you suggested.

    Thank you so much for all your help, you have really been a lifesaver. You have been really patient and I have done stuff on this PC that I never thought possible! Fingers crossed that all is well - will let you know if there are any problems. Will let you know on Monday if all has been well. Hope to get some replies for the corrupted db30 files on the Microsoft forum.

    It is a great job that you do; must be like learning another language!

    Very kind regards,

    Helena

    My computer is infected and we can't seem to get it clean. Please help!

    in Resolved Malware Removal Logs

    Posted

    Hi CatByte

    I have copied and pasted the command you gave me into the Run box, so hopefully the Babylon is now deleted. The mail files that I deleted and were in the Recycle Bin, I have restored. I will post a topic about the corrupted db30 file on the MSN forum as you suggested. The PC does seem to be working okay. It's not turning off as it did before. I haven't used it much, to be honest, as it's only been on these past few days to follow the instructions you've been giving me, and not much else. Do you think it is safe to use normally now and the infections are all gone?

    Kind regards,

    Helena

    My computer is infected and we can't seem to get it clean. Please help!

    in Resolved Malware Removal Logs

    Posted

    Hi Catbyte

    Sorry it's taken me so long to reply to you. Been a bit of a frustrating day. I managed to get all the hidden files unhidden, and got inside the db30 folder, and couldn't actually find out what was in the .sdf files as it said it didn't know what program it would need to open them. They were very large and I decided to delete them anyway and then ran the ESET scan again. Again, froze at 45% on another bodlin\appdata\microsoft\MSN\bodlin-msn-com.f91. I can't open those types of files because everytime I try, it says it doesn't know what program it needs to open an .f91 file. All of the files in that db30 folder have a different alphanumeric ending and so of course I can't open any and so have just deleted some of them anyway - not all of them because I don't know what they are. I think it said you needed Microsoft Shell Commor to open them?

    So tried a different way, and went on to my hotmail folder and deleted a lot - like thirteen pages worth. Admittedly, I still have over one hundred pages of e-mails left. Deleting e-mails isn't a strong point!

    Tried yet another ESET scan and it yet again froze at 45% on another bodlin-msn-com.abc file. When I had the window open with the db30 contents in it, though, and I was trying on the top line (sorry I am not very articulate in explaining things) to find iangarland1-msn-com, I pressed Enter and it changed momentarily to a PC World Transfer file, which is where all our stuff from our previous PC was transferred over to this one when it was new, but I am sure that one of the previous viruses we found was hid there. Not sure if that is relevant.

    So anyway, have kept the log from the final ESET scan attempt, which of course froze at 45%. Please find below:

    C:\Users\bodlin\AppData\Local\Babylon\Setup\MyBabylonTB.exe a variant of Win32/Toolbar.Babylon application

    Thank you for your continued help.

    Kind regards,

    Helena

    My computer is infected and we can't seem to get it clean. Please help!

    in Resolved Malware Removal Logs

    Posted

    Hi Catbyte

    I renamed the .sdf and JMF.sdf files as per your link, and added .old at the end of them. Also uninstalled the Babylon toolbar. Re ran the ESET scan. It again froze on 45% and the C:\Users\bodlin\AppData\Local\Microsoft\MSN\db30\iangarland1-msn-com_JMF.sdf.old

    Plus, before it froze, it found another Babylon file even though I'd uninstalled it. Log as follows:

    C:\Users\bodlin\AppData\Local\Babylon\Setup\MyBabylonTB.exe a variant of Win32/Toolbar.Babylon application

    Do you think I should just delete those .sdf files? I have no idea what they are or what .sdf means.

    Kind regards,

    Helena

    My computer is infected and we can't seem to get it clean. Please help!

    in Resolved Malware Removal Logs

    Posted

    Hi Catbyte

    Did as you asked, the Malwarebytes quick scan didn't find anything. I'll post the log below:

    Malwarebytes Anti-Malware (Trial) 1.61.0.1400

    www.malwarebytes.org

    Database version: v2012.07.04.05

    Windows Vista Service Pack 2 x86 NTFS

    Internet Explorer 9.0.8112.16421

    bodlin :: BODLIN-PC [administrator]

    Protection: Disabled

    04/07/2012 18:19:27

    mbam-log-2012-07-04 (18-19-27).txt

    Scan type: Quick scan

    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

    Scan options disabled: P2P

    Objects scanned: 254973

    Time elapsed: 7 minute(s), 19 second(s)

    Memory Processes Detected: 0

    (No malicious items detected)

    Memory Modules Detected: 0

    (No malicious items detected)

    Registry Keys Detected: 0

    (No malicious items detected)

    Registry Values Detected: 0

    (No malicious items detected)

    Registry Data Items Detected: 0

    (No malicious items detected)

    Folders Detected: 0

    (No malicious items detected)

    Files Detected: 0

    (No malicious items detected)

    (end)

    The ESET scan froze at 45%, on the file:

    C:\Users\bodlin\AppData\Local\Microsoft\MSN\db30\iangarland1-msn-com_JMF.sdf

    That tends to be one of the files that the other scans have always got stuck at that I mentioned in my very first post, although I'm not sure I've ever seen the JMF.sdf before. Log as below:

    C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.30.0\BabylonToolbarApp.dll a variant of Win32/Toolbar.Babylon application

    C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.30.0\BabylonToolbarsrv.exe probably a variant of Win32/Toolbar.Babylon application

    C:\Users\bodlin\AppData\Local\Babylon\Setup\MyBabylonTB.exe a variant of Win32/Toolbar.Babylon application

    Hope to hear your thoughts on this soon, and thank you for all the help you've given so far; it is much appreciated.

    Kind regards,

    Helena

    My computer is infected and we can't seem to get it clean. Please help!

    in Resolved Malware Removal Logs

    Posted

    Hi CatByte

    Did as you asked. The ComboFix took so long I left it running and went to bed as it was almost 1:00am. Here is it's log:

    ComboFix 12-07-02.01 - bodlin 04/07/2012 0:16.1.4 - x86

    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.3069.1993 [GMT 1:00]

    Running from: c:\users\bodlin\Desktop\ComboFix.exe

    AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}

    SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}

    SP: Spy Sweeper *Disabled/Updated* {E840FC75-2A0B-9A7C-D915-4D1380A5C223}

    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    .

    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

    .

    .

    c:\programdata\SPL1114.tmp

    c:\programdata\SPL3B51.tmp

    c:\programdata\SPLA0D2.tmp

    c:\programdata\SPLA39E.tmp

    c:\programdata\SPLBF29.tmp

    c:\users\bodlin\AppData\Local\assembly\tmp

    c:\users\bodlin\GoToAssistDownloadHelper.exe

    c:\users\bodlin\xobglu32.dll

    .

    .

    ((((((((((((((((((((((((( Files Created from 2012-06-04 to 2012-07-04 )))))))))))))))))))))))))))))))

    .

    .

    2012-07-04 00:52 . 2012-07-04 00:53 -------- d-----w- c:\users\bodlin\AppData\Local\temp

    2012-07-04 00:52 . 2012-07-04 00:52 -------- d-----w- c:\users\Public\AppData\Local\temp

    2012-07-04 00:52 . 2012-07-04 00:52 -------- d-----w- c:\users\Mcx1\AppData\Local\temp

    2012-07-04 00:52 . 2012-07-04 00:52 -------- d-----w- c:\users\Default\AppData\Local\temp

    2012-07-03 23:22 . 2012-05-31 03:41 6762896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4FDA559A-B430-4C98-9F77-F788DC91A043}\mpengine.dll

    2012-07-01 18:34 . 2012-05-31 03:41 6762896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

    2012-07-01 08:41 . 2012-07-01 08:41 -------- d-----w- C:\TDSSKiller_Quarantine

    2012-07-01 07:43 . 2012-07-01 07:43 -------- d-----w- c:\users\bodlin\AppData\Roaming\DriverCure

    2012-07-01 07:43 . 2012-07-01 07:43 -------- d-----w- c:\users\bodlin\AppData\Roaming\SpeedyPC Software

    2012-07-01 07:42 . 2012-07-01 07:42 -------- d-----w- c:\program files\Common Files\SpeedyPC Software

    2012-07-01 07:42 . 2012-07-01 07:42 -------- d-----w- c:\programdata\SpeedyPC Software

    2012-07-01 07:42 . 2012-07-01 07:42 -------- d-----w- c:\program files\SpeedyPC Software

    2012-06-28 21:00 . 2012-06-28 21:00 -------- d-----w- c:\users\bodlin\AppData\Roaming\SUPERAntiSpyware.com

    2012-06-28 21:00 . 2012-06-28 21:00 -------- d-----w- c:\program files\SUPERAntiSpyware

    2012-06-28 21:00 . 2012-06-28 21:00 -------- d-----w- c:\programdata\SUPERAntiSpyware.com

    2012-06-26 20:13 . 2012-06-27 19:50 -------- d-----w- c:\program files\mal

    2012-06-26 20:13 . 2012-04-04 14:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

    2012-06-26 08:09 . 2012-06-26 08:09 -------- d-----w- c:\program files\Oracle

    2012-06-26 06:06 . 2012-06-26 06:06 -------- d-----w- c:\programdata\Kaspersky Lab

    2012-06-24 08:03 . 2012-06-24 08:03 -------- d-----w- c:\users\bodlin\AppData\Roaming\Malwarebytes

    2012-06-24 08:03 . 2012-06-24 08:03 -------- d-----w- c:\programdata\Malwarebytes

    2012-06-21 12:37 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe

    2012-06-21 12:37 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll

    2012-06-21 12:37 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll

    2012-06-21 12:37 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll

    2012-06-21 12:37 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll

    2012-06-21 12:37 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll

    2012-06-21 12:37 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll

    2012-06-21 12:37 . 2012-06-02 14:19 171904 ----a-w- c:\windows\system32\wuwebv.dll

    2012-06-21 12:37 . 2012-06-02 14:12 33792 ----a-w- c:\windows\system32\wuapp.exe

    2012-06-14 13:44 . 2012-04-23 16:00 984064 ----a-w- c:\windows\system32\crypt32.dll

    2012-06-14 13:44 . 2012-04-23 16:00 98304 ----a-w- c:\windows\system32\cryptnet.dll

    2012-06-14 13:44 . 2012-04-23 16:00 133120 ----a-w- c:\windows\system32\cryptsvc.dll

    2012-06-14 13:43 . 2012-05-01 14:03 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys

    2012-06-14 13:43 . 2012-05-15 19:51 2045440 ----a-w- c:\windows\system32\win32k.sys

    2012-06-13 10:03 . 2012-02-10 19:37 713784 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B59662FC-4332-4ADB-AA00-F93C82E4812B}\gapaengine.dll

    2012-06-12 08:21 . 2012-05-04 18:29 772504 ----a-w- c:\windows\system32\npdeployJava1.dll

    .

    .

    .

    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    2012-06-13 09:49 . 2012-04-08 19:18 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe

    2012-06-13 09:49 . 2011-06-17 06:22 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

    2012-06-12 08:20 . 2010-06-01 16:59 472864 ----a-w- c:\windows\system32\deployJava1.dll

    .

    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    .

    *Note* empty entries & legit default entries are not shown

    REGEDIT4

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

    "EnableUIADesktopToggle"= 0 (0x0)

    .

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

    2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

    "AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll

    .

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

    @=""

    .

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

    @=""

    .

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

    @="Service"

    .

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]

    @="Service"

    .

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService]

    @="Service"

    .

    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk]

    path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk

    backup=c:\windows\pss\Bluetooth.lnk.CommonStartup

    backupExtension=.CommonStartup

    .

    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]

    path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Kodak EasyShare software.lnk

    backup=c:\windows\pss\Kodak EasyShare software.lnk.CommonStartup

    backupExtension=.CommonStartup

    .

    [HKLM\~\startupfolder\C:^Users^bodlin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk]

    path=c:\users\bodlin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk

    backup=c:\windows\pss\OpenOffice.org 3.2.lnk.Startup

    backupExtension=.Startup

    .

    [HKLM\~\startupfolder\C:^Users^bodlin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Picture Motion Browser Media Check Tool.lnk]

    path=c:\users\bodlin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Picture Motion Browser Media Check Tool.lnk

    backup=c:\windows\pss\Picture Motion Browser Media Check Tool.lnk.Startup

    backupExtension=.Startup

    .

    [HKLM\~\startupfolder\C:^Users^bodlin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^_uninst_.lnk]

    path=c:\users\bodlin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_.lnk

    backup=c:\windows\pss\_uninst_.lnk.Startup

    backupExtension=.Startup

    .

    [HKLM\~\startupfolder\C:^Users^bodlin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^_uninst_01533329.lnk]

    path=c:\users\bodlin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_01533329.lnk

    backup=c:\windows\pss\_uninst_01533329.lnk.Startup

    backupExtension=.Startup

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

    2012-01-03 13:10 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]

    2010-09-21 23:28 47904 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]

    2012-02-20 20:28 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Bluetooth HCI Monitor]

    2006-12-07 23:50 9728 ----a-w- c:\windows\System32\HCIMNTR.DLL

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Broadcom Wireless Manager UI]

    2007-12-06 10:15 1548288 ----a-w- c:\windows\System32\WLTRAY.EXE

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

    2006-11-02 09:45 8704 ----a-w- c:\windows\System32\ctfmon.exe

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ECenter]

    2008-02-29 04:18 17920 ----a-w- c:\dell\E-Center\EULALauncher.exe

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]

    2008-01-21 02:25 125952 ----a-w- c:\windows\ehome\ehtray.exe

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EzPrint]

    2010-01-18 09:51 139944 ----a-w- c:\program files\Lexmark S600 Series\ezprint.exe

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FaxCenterServer]

    2007-05-07 18:10 312240 ----a-w- c:\program files\Lexmark Fax Solutions\fm3032.exe

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]

    2010-06-15 16:57 30192 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Updater]

    2011-09-16 17:06 161336 ----a-w- c:\program files\Google\Google Updater\GoogleUpdater.exe

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]

    2007-10-03 14:44 178712 ----a-w- c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

    2012-03-27 04:09 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxdiamon]

    2007-03-05 12:40 20480 ----a-w- c:\program files\Lexmark 3500-4500 Series\lxdiamon.exe

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxdimon.exe]

    2007-05-07 18:07 435120 ----a-w- c:\program files\Lexmark 3500-4500 Series\lxdimon.exe

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxedmon.exe]

    2010-01-18 09:51 770728 ----a-w- c:\program files\Lexmark S600 Series\lxedmon.exe

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]

    2012-04-04 14:56 462408 ----a-w- c:\program files\mal\mbamgui.exe

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyAgent]

    c:\program filesmicrosoft money\System\Money Express.exe [bU]

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSC]

    2012-03-26 16:08 931200 ----a-w- c:\program files\Microsoft Security Client\msseces.exe

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyFelix]

    2011-08-21 09:08 8668520 ----a-w- c:\program files\MyFelix\MyFelix.exe

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]

    2008-05-23 07:37 13531680 ----a-w- c:\windows\System32\nvcpl.dll

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]

    2008-05-23 07:38 92704 ----a-w- c:\windows\System32\nvmctray.dll

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PMX Daemon]

    2006-11-08 14:01 49152 ----a-w- c:\windows\System32\ico.exe

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

    2011-10-24 13:28 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]

    2008-05-14 09:31 244208 ----a-w- c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]

    2007-09-12 08:40 405504 ----a-w- c:\program files\Sigmatel\C-Major Audio\WDM\sttray.exe

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]

    2012-02-29 07:55 17148552 ----a-r- c:\program files\Skype\Phone\Skype.exe

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpySweeper]

    2011-04-05 14:55 6156336 ----a-w- c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]

    2012-06-26 17:33 3906432 ----a-w- c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

    2008-08-08 11:57 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

    2010-03-17 16:00 202256 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VX6000]

    2010-01-29 00:04 764784 ----a-w- c:\windows\vVX6000.exe

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]

    2008-01-21 02:23 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]

    2008-01-21 02:25 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe

    .

    R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]

    S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [x]

    S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]

    .

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

    bthsvcs REG_MULTI_SZ BthServ

    LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

    .

    Contents of the 'Scheduled Tasks' folder

    .

    2012-07-04 c:\windows\Tasks\Adobe Flash Player Updater.job

    - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-08 09:49]

    .

    2012-06-23 c:\windows\Tasks\Google Software Updater.job

    - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-08-08 17:06]

    .

    2012-07-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

    - c:\program files\Google\Update\GoogleUpdate.exe [2008-12-28 19:50]

    .

    2012-07-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

    - c:\program files\Google\Update\GoogleUpdate.exe [2008-12-28 19:50]

    .

    2012-06-17 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job

    - c:\program files\Dell Support Center\uaclauncher.exe [2010-11-18 15:13]

    .

    2012-07-01 c:\windows\Tasks\SpeedyPC Pro.job

    - c:\program files\SpeedyPC Software\SpeedyPC\SpeedyPC.exe [2012-01-30 22:17]

    .

    2012-07-01 c:\windows\Tasks\SpeedyPC Registration3.job

    - c:\program files\Common Files\SpeedyPC Software\UUS3\UUS3.dll [2012-01-30 22:17]

    .

    2012-07-01 c:\windows\Tasks\SpeedyPC Update Version3.job

    - c:\program files\Common Files\SpeedyPC Software\UUS3\SpeedyPC_Update3.exe [2012-01-30 22:17]

    .

    2012-07-04 c:\windows\Tasks\SystemToolsDailyTest.job

    - c:\program files\Dell Support Center\pcdrcui.exe [2010-11-18 15:13]

    .

    2012-06-15 c:\windows\Tasks\wrSpySweeper_LAD90687C159D4A61870B02FA027F5F4F.job

    - c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe [2008-08-15 14:55]

    .

    2012-06-15 c:\windows\Tasks\wrSpySweeper_LAD90687C159D4A61870B02FA027F5F4F.job

    - c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe [2008-08-15 14:55]

    .

    .

    ------- Supplementary Scan -------

    .

    uStart Page = hxxp://www.google.co.uk/ig/dell?hl=en&client=dell-usuk&channel=uk&ibd=0080808

    uInternet Settings,ProxyOverride = *.local

    uSearchURL,(Default) = hxxp://uk.search.yahoo.com/search?fr=mcafee&p=%s

    IE: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx

    IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html

    IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

    IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

    Trusted Zone: internet

    Trusted Zone: maris.com\www.redshift

    Trusted Zone: mcafee.com

    TCP: DhcpNameServer = 192.168.0.1

    DPF: {A9CF3378-D60E-40A8-927D-7EA0D5B0AA98} - hxxp://webalbum.bonusprint.com/ukipc01/downloads//ImageUploader6.cab

    .

    Supplementary scan did not complete!

    .

    - - - - ORPHANS REMOVED - - - -

    .

    MSConfigStartUp-DellSupportCenter - c:\program files\Dell Support Center\bin\sprtcmd.exe

    MSConfigStartUp-MsnMsgr - c:\program files\MSN Messenger\MsnMsgr.Exe

    MSConfigStartUp-SpybotSD TeaTimer - c:\program files\Spybot - Search & Destroy\TeaTimer.exe

    .

    .

    .

    **************************************************************************

    .

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

    Rootkit scan 2012-07-04 01:53

    Windows 6.0.6002 Service Pack 2 NTFS

    .

    scanning hidden processes ...

    .

    scanning hidden autostart entries ...

    .

    scanning hidden files ...

    .

    scan completed successfully

    hidden files: 0

    .

    **************************************************************************

    .

    --------------------- LOCKED REGISTRY KEYS ---------------------

    .

    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]

    @Denied: (2) (LocalSystem)

    "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,7b,50,88,08,28,f7,aa,4d,be,1a,2d,\

    "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,7b,50,88,08,28,f7,aa,4d,be,1a,2d,\

    .

    [HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

    @Denied: (A) (Users)

    @Denied: (A) (Everyone)

    @Allowed: (B 1 2 3 4 5) (S-1-5-20)

    "BlindDial"=dword:00000000

    "MSCurrentCountry"=dword:00000000

    .

    [HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

    @Denied: (A) (Users)

    @Denied: (A) (Everyone)

    @Allowed: (B 1 2 3 4 5) (S-1-5-20)

    "BlindDial"=dword:00000000

    .

    [HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

    @Denied: (A) (Users)

    @Denied: (A) (Everyone)

    @Allowed: (B 1 2 3 4 5) (S-1-5-20)

    "BlindDial"=dword:00000000

    .

    [HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]

    @Denied: (A) (Users)

    @Denied: (A) (Everyone)

    @Allowed: (B 1 2 3 4 5) (S-1-5-20)

    "BlindDial"=dword:00000000

    .

    Completion time: 2012-07-04 01:55:41

    ComboFix-quarantined-files.txt 2011-06-06 11:15

    ComboFix2.txt 2011-06-06 11:15

    .

    Pre-Run: 478,537,891,840 bytes free

    Post-Run: 481,490,759,680 bytes free

    .

    - - End Of File - - 72572C198976AC49A7859AB2864ED364

    Kind regards,

    Helena

    My computer is infected and we can't seem to get it clean. Please help!

    in Resolved Malware Removal Logs

    Posted

    Hello Catbyte,

    Thank you for replying and helping us with our problem. I did all of this in Safe Mode with Networking - I don't know if that makes a difference?

    The computer wouldn't let me save the Avast virus scanner program to the Desktop, so I just ran it anyway. I tried it twice. The first time it froze after a few minutes on Scanning C:\Users\bodlin\AppData\Local\Installer9420\Setup.exe but I noticed that when I saved the log (because after a while I just pressed Save Log as the Scan wasn't moving) it didn't mention that one. I didn't notice the time on the first scan I did, but on the second scan I ran, it got stuck again on that same file, and the time was 19:50:23:736. I took a note of that as it might be useful?

    The first log of the first scan is as follows:

    aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software

    Run date: 2012-07-03 19:02:30

    -----------------------------

    19:02:30.419 OS Version: Windows 6.0.6002 Service Pack 2

    19:02:30.419 Number of processors: 4 586 0xF0B

    19:02:30.419 ComputerName: BODLIN-PC UserName: bodlin

    19:02:48.031 Initialize success

    19:04:54.344 AVAST engine defs: 12070300

    19:05:19.055 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1

    19:05:19.055 Disk 0 Vendor: Intel___ 1.0. Size: 953875MB BusType: 8

    19:05:19.070 Disk 0 MBR read successfully

    19:05:19.070 Disk 0 MBR scan

    19:05:19.086 Disk 0 Windows VISTA default MBR code

    19:05:19.086 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 70 MB offset 63

    19:05:19.102 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 15360 MB offset 145408

    19:05:19.117 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 938443 MB offset 31602688

    19:05:19.117 Disk 0 scanning sectors +1953533952

    19:05:19.195 Disk 0 scanning C:\Windows\system32\drivers

    19:05:30.583 Service scanning

    19:05:48.726 Modules scanning

    19:05:51.409 Disk 0 trace - called modules:

    19:05:51.425 ntkrnlpa.exe CLASSPNP.SYS disk.sys iastor.sys hal.dll

    19:05:51.425 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86545ac8]

    19:05:51.425 3 CLASSPNP.SYS[8379f8b3] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x86546028]

    19:05:54.779 AVAST engine scan C:\Windows

    19:06:00.863 AVAST engine scan C:\Windows\system32

    19:09:32.726 AVAST engine scan C:\Windows\system32\drivers

    19:10:12.912 AVAST engine scan C:\Users\bodlin

    19:36:21.632 Disk 0 MBR has been saved successfully to "C:\Users\bodlin\Desktop\MBR.dat"

    19:36:21.632 The log file has been saved successfully to "C:\Users\bodlin\Desktop\aswMBR.txt"

    I've added the MBR.zip for you (I am unsure if that is the MBR from the first or second scan as there was only one on the Desktop)

    The second scan log is as follows:

    aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software

    Run date: 2012-07-03 19:39:06

    -----------------------------

    19:39:06.556 OS Version: Windows 6.0.6002 Service Pack 2

    19:39:06.556 Number of processors: 4 586 0xF0B

    19:39:06.556 ComputerName: BODLIN-PC UserName: bodlin

    19:39:09.504 Initialize success

    19:39:13.716 AVAST engine defs: 12070300

    19:39:32.467 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1

    19:39:32.483 Disk 0 Vendor: Intel___ 1.0. Size: 953875MB BusType: 8

    19:39:32.514 Disk 0 MBR read successfully

    19:39:32.514 Disk 0 MBR scan

    19:39:32.530 Disk 0 Windows VISTA default MBR code

    19:39:32.545 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 70 MB offset 63

    19:39:32.561 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 15360 MB offset 145408

    19:39:32.576 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 938443 MB offset 31602688

    19:39:32.608 Disk 0 scanning sectors +1953533952

    19:39:32.717 Disk 0 scanning C:\Windows\system32\drivers

    19:39:49.471 Service scanning

    19:40:06.538 Modules scanning

    19:40:13.464 Disk 0 trace - called modules:

    19:40:13.480 ntkrnlpa.exe CLASSPNP.SYS disk.sys iastor.sys hal.dll

    19:40:13.480 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86545ac8]

    19:40:13.480 3 CLASSPNP.SYS[8379f8b3] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x86546028]

    19:40:16.397 AVAST engine scan C:\Windows

    19:41:39.342 AVAST engine scan C:\Windows\system32

    19:47:42.557 AVAST engine scan C:\Windows\system32\drivers

    19:49:26.656 AVAST engine scan C:\Users\bodlin

    20:21:19.325 Disk 0 MBR has been saved successfully to "C:\Users\bodlin\Desktop\MBR.dat"

    20:21:19.356 The log file has been saved successfully to "C:\Users\bodlin\Desktop\aswMBR2.txt"

    Can I ask please, have you noticed anything when you saw our logs in our initial post and this one? Did you see anything there that indicated malware?

    MBR.zip

    Many thanks,

    Helena

    My computer is infected and we can't seem to get it clean. Please help!

    in Resolved Malware Removal Logs

    Posted

    Hello there,

    We had no problems at all until I think 24th June when the computer just shut down by itself - went to a black screen and shut off. When we started it again the beginning screen (the blue one where you put your Windows password in) had lots of colons and vertical lines on it, and then a few minutes later it shut down again. We ran a full scan which took hours, and which found Exploit:Java/CVE-2012-0507.CA so we deleted that but all did still not seem well. We kept it mainly in Safe Mode and sometimes Safe Mode with Networking after that, and on 26th June MBAM found a Trojan.Zbot. After that, though, the scans just seem to be so slow (we ran Kaspersky Anti Virus Removal Tool and it said it was going to take 18 days!) and they tend to freeze after a while, always on the same one or two files which are, I think, e-mail ones. The Kaspersky scan did find seven Trojans before it froze, though. So now we are thinking that whatever it is on our computer is interfering with our scans. We are desperate for some expert help. We are pretty much computer novices and use our PC for things that most people do - e-mails, surfing the web and buying things, but don't know anything about registry edits or anything else.

    If someone could please kindly help us sort this, we would be very grateful. I have (hopefully) managed to disable the script thing, and found Notepad, and have done the two logs, pasted below:

    .

    DDS (Ver_2011-08-26.01) - NTFSx86

    Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.5.1

    Run by bodlin at 20:53:16 on 2012-07-01

    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.3069.1593 [GMT 1:00]

    .

    AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}

    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}

    SP: Spy Sweeper *Disabled/Updated* {E840FC75-2A0B-9A7C-D915-4D1380A5C223}

    .

    ============== Running Processes ===============

    .

    C:\Windows\system32\wininit.exe

    C:\Windows\system32\lsm.exe

    C:\Windows\system32\svchost.exe -k DcomLaunch

    C:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exe

    C:\Windows\system32\nvvsvc.exe

    C:\Windows\system32\svchost.exe -k rpcss

    c:\Program Files\Microsoft Security Client\MsMpEng.exe

    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

    C:\Windows\system32\svchost.exe -k netsvcs

    C:\Windows\system32\svchost.exe -k GPSvcGroup

    C:\Windows\system32\SLsvc.exe

    C:\Windows\system32\svchost.exe -k LocalService

    C:\Windows\system32\svchost.exe -k NetworkService

    C:\Windows\System32\WLTRYSVC.EXE

    C:\Windows\System32\bcmwltry.exe

    C:\Windows\system32\WUDFHost.exe

    C:\Windows\System32\spoolsv.exe

    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

    C:\Windows\system32\rundll32.exe

    C:\Program Files\SUPERAntiSpyware\SASCORE.EXE

    C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe

    C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

    C:\Program Files\Bonjour\mDNSResponder.exe

    C:\Windows\system32\svchost.exe -k bthsvcs

    C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

    C:\Windows\system32\spool\DRIVERS\W32X86\3\lxdiserv.exe

    C:\Windows\system32\lxdicoms.exe

    C:\Windows\system32\lxedcoms.exe

    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

    C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

    C:\Windows\system32\STacSV.exe

    C:\Windows\system32\svchost.exe -k imgsvc

    C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

    C:\Windows\System32\svchost.exe -k WerSvcGroup

    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

    C:\Windows\system32\SearchIndexer.exe

    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

    C:\Windows\system32\WUDFHost.exe

    C:\Windows\system32\Dwm.exe

    C:\Windows\system32\taskeng.exe

    C:\Windows\Explorer.EXE

    C:\Windows\system32\taskeng.exe

    C:\Windows\system32\wbem\unsecapp.exe

    C:\Windows\system32\wbem\wmiprvse.exe

    C:\Program Files\XPSMiniViewGadget\XPSMiniViewGadget.exe

    C:\Windows\system32\taskeng.exe

    C:\Program Files\Windows Media Player\wmpnscfg.exe

    C:\Program Files\Windows Media Player\wmpnetwk.exe

    I:\erin.exe

    C:\Users\bodlin\AppData\Local\Temp\RarSFX2\2941237.exe

    C:\Windows\ehome\ehsched.exe

    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

    C:\Windows\ehome\ehRecvr.exe

    C:\Users\bodlin\AppData\Local\Temp\1310884\2941237.exe

    C:\Windows\system32\SearchProtocolHost.exe

    C:\Program Files\Internet Explorer\iexplore.exe

    C:\Program Files\Microsoft Security Client\msseces.exe

    c:\Program Files\Microsoft Security Client\MpCmdRun.exe

    C:\Windows\system32\wuauclt.exe

    C:\Windows\SoftwareDistribution\Download\Install\AM_Delta_Patch_1.129.793.0.exe

    C:\Windows\system32\MpSigStub.exe

    C:\Program Files\mal\mbamservice.exe

    C:\Program Files\mal\mbamgui.exe

    C:\Windows\System32\notepad.exe

    C:\Windows\system32\SearchFilterHost.exe

    C:\Windows\system32\wbem\wmiprvse.exe

    .

    ============== Pseudo HJT Report ===============

    .

    uStart Page = hxxp://www.google.co.uk/ig/dell?hl=en&client=dell-usuk&channel=uk&ibd=0080808

    uWindow Title = Internet Explorer provided by Dell

    uDefault_Page_URL = hxxp://www.google.co.uk/ig/dell?hl=en&client=dell-usuk&channel=uk&ibd=0080808

    uInternet Settings,ProxyOverride = *.local

    uSearchURL,(Default) = hxxp://uk.search.yahoo.com/search?fr=mcafee&p=%s

    BHO: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark toolbar\toolband.dll

    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

    BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll

    BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\oracle\javafx 2.1 runtime\bin\ssv.dll

    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

    BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll

    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

    BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

    BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll

    BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\oracle\javafx 2.1 runtime\bin\jp2ssv.dll

    TB: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark toolbar\toolband.dll

    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

    TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File

    TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File

    mRun: [<NO NAME>]

    mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)

    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

    IE: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx

    IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html

    IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm

    IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm

    IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm

    IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll

    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

    Trusted Zone: internet

    Trusted Zone: maris.com\www.redshift

    Trusted Zone: mcafee.com

    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

    DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} - hxxp://homebase.2020.net/Core/Player/2020PlayerAX_Win32.cab

    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab

    DPF: {A1F35586-A5A8-4D37-947A-81875350B11F} - hxxp://webalbum.bonusprint.com/ukipc01/downloads//ImageUploader4.cab

    DPF: {A9CF3378-D60E-40A8-927D-7EA0D5B0AA98} - hxxp://webalbum.bonusprint.com/ukipc01/downloads//ImageUploader6.cab

    DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} - hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-29-0.cab

    DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab

    DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

    DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

    DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab

    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab

    TCP: DhcpNameServer = 192.168.0.1

    TCP: Interfaces\{B3396F8B-7857-4C4D-BFBE-E22C68CD2923} : DhcpNameServer = 192.168.0.1

    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll

    Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL

    AppInit_DLLs: c:\progra~1\google\google~2\goec62~1.dll

    SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

    .

    ============= SERVICES / DRIVERS ===============

    .

    R0 01533329;01533329;c:\windows\system32\drivers\01533329.sys [2012-7-1 133208]

    R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 171064]

    R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [2011-3-22 29832]

    R1 MpKsl22f9dff1;MpKsl22f9dff1;c:\programdata\microsoft\microsoft antimalware\definition updates\{12fa95d8-a1ed-4d8c-a7ef-bd28373c0cdd}\MpKsl22f9dff1.sys [2012-7-1 29904]

    R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]

    R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]

    R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-12 116608]

    R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-1-3 63928]

    R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]

    R2 lxdi_device;lxdi_device;c:\windows\system32\lxdicoms.exe -service --> c:\windows\system32\lxdicoms.exe -service [?]

    R2 lxdiCATSCustConnectService;lxdiCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdiserv.exe [2007-4-26 99248]

    R2 lxed_device;lxed_device;c:\windows\system32\lxedcoms.exe -service --> c:\windows\system32\lxedcoms.exe -service [?]

    R2 MBAMService;MBAMService;c:\program files\mal\mbamservice.exe [2012-6-26 654408]

    R2 WebrootSpySweeperService;Webroot Spy Sweeper Engine;c:\program files\webroot\spy sweeper\SpySweeper.exe [2011-3-22 4048256]

    R2 WRConsumerService;Webroot Client Service;c:\program files\webroot\spy sweeper\WRConsumerService.exe [2009-5-9 1201656]

    R3 HCW85BDA;Hauppauge WinTV 885 Video Capture;c:\windows\system32\drivers\HCW85BDA.sys [2009-7-14 1443584]

    R3 LazerUsb;Lumanate Lazer USB;c:\windows\system32\drivers\LazerUsb.sys [2007-10-16 5739520]

    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-6-26 22344]

    R3 pmxmouse;PMXMOUSE;c:\windows\system32\drivers\pmxmouse.sys [2008-8-8 18432]

    R3 pmxusblf;PMXUSBLF;c:\windows\system32\drivers\pmxusblf.sys [2008-8-8 19008]

    R3 VX6000;Microsoft LifeCam VX-6000;c:\windows\system32\drivers\VX6000Xp.sys [2010-1-29 2074480]

    RUnknown 2941237drv;2941237drv; [x]

    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

    S2 gupdate1c96930cb12cd1;Google Update Service (gupdate1c96930cb12cd1);c:\program files\google\update\GoogleUpdate.exe [2008-12-28 133104]

    S2 lxedCATSCustConnectService;lxedCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxedserv.exe [2010-5-5 193192]

    S2 RoxLiveShare10;LiveShare P2P Server 10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxLiveShare10.exe [2008-5-14 309744]

    S2 RoxWatch10;Roxio Hard Drive Watcher 10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxWatch10.exe [2008-5-14 166384]

    S2 SessionLauncher;SessionLauncher;c:\users\admini~1\appdata\local\temp\dx9\sessionlauncher.exe --> c:\users\admini~1\appdata\local\temp\dx9\SessionLauncher.exe [?]

    S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-2-29 158856]

    S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-8 257224]

    S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2010-10-28 39272]

    S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2011-5-13 1492840]

    S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2008-8-8 30192]

    S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2008-12-28 133104]

    S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2010-10-24 74112]

    S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2012-3-26 214952]

    S3 RoxMediaDB10;RoxMediaDB10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxMediaDB10.exe [2008-5-14 1120752]

    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

    S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]

    .

    =============== Created Last 30 ================

    .

    2012-07-01 18:34:53 6762896 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{dd687f68-07f0-442c-816e-d68ae5b27b49}\mpengine.dll

    2012-07-01 17:25:55 29904 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{12fa95d8-a1ed-4d8c-a7ef-bd28373c0cdd}\MpKsl22f9dff1.sys

    2012-07-01 17:25:50 133208 ----a-w- c:\windows\system32\drivers\01533329.sys

    2012-07-01 09:48:48 6762896 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{12fa95d8-a1ed-4d8c-a7ef-bd28373c0cdd}\mpengine.dll

    2012-07-01 08:41:04 -------- d-----w- C:\TDSSKiller_Quarantine

    2012-07-01 07:43:15 -------- d-----w- c:\users\bodlin\appdata\roaming\DriverCure

    2012-07-01 07:43:12 -------- d-----w- c:\users\bodlin\appdata\roaming\SpeedyPC Software

    2012-07-01 07:42:58 -------- d-----w- c:\program files\common files\SpeedyPC Software

    2012-07-01 07:42:56 -------- d-----w- c:\programdata\SpeedyPC Software

    2012-07-01 07:42:56 -------- d-----w- c:\program files\SpeedyPC Software

    2012-06-28 21:00:12 -------- d-----w- c:\users\bodlin\appdata\roaming\SUPERAntiSpyware.com

    2012-06-28 21:00:08 -------- d-----w- c:\programdata\SUPERAntiSpyware.com

    2012-06-28 21:00:08 -------- d-----w- c:\program files\SUPERAntiSpyware

    2012-06-27 20:38:55 6762896 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll

    2012-06-26 20:13:32 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

    2012-06-26 20:13:32 -------- d-----w- c:\program files\mal

    2012-06-26 08:09:48 -------- d-----w- c:\program files\Oracle

    2012-06-26 06:06:48 -------- d-----w- c:\programdata\Kaspersky Lab

    2012-06-24 08:03:51 -------- d-----w- c:\users\bodlin\appdata\roaming\Malwarebytes

    2012-06-24 08:03:39 -------- d-----w- c:\programdata\Malwarebytes

    2012-06-21 12:37:31 2422272 ----a-w- c:\windows\system32\wucltux.dll

    2012-06-21 12:37:09 88576 ----a-w- c:\windows\system32\wudriver.dll

    2012-06-21 12:37:00 33792 ----a-w- c:\windows\system32\wuapp.exe

    2012-06-21 12:37:00 171904 ----a-w- c:\windows\system32\wuwebv.dll

    2012-06-15 06:26:07 -------- d-----w- c:\windows\pss

    2012-06-14 13:44:11 984064 ----a-w- c:\windows\system32\crypt32.dll

    2012-06-14 13:44:11 98304 ----a-w- c:\windows\system32\cryptnet.dll

    2012-06-14 13:44:11 133120 ----a-w- c:\windows\system32\cryptsvc.dll

    2012-06-14 13:43:41 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys

    2012-06-14 13:43:40 2045440 ----a-w- c:\windows\system32\win32k.sys

    2012-06-13 10:03:28 713784 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{b59662fc-4332-4adb-aa00-f93c82e4812b}\gapaengine.dll

    2012-06-12 17:25:12 -------- d-----w- c:\users\bodlin\appdata\local\{039B4B0A-9A18-447E-97F7-59AD8FA6C95F}

    2012-06-12 17:24:55 -------- d-----w- c:\users\bodlin\appdata\local\{B648D53D-18BA-46DC-A760-B92AD60B1C7B}

    2012-06-12 08:21:14 772504 ----a-w- c:\windows\system32\npdeployJava1.dll

    .

    ==================== Find3M ====================

    .

    2012-06-13 09:49:47 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

    2012-06-13 09:49:47 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe

    2012-06-12 08:20:42 472864 ----a-w- c:\windows\system32\deployJava1.dll

    2012-05-17 22:45:37 1800192 ----a-w- c:\windows\system32\jscript9.dll

    2012-05-17 22:35:47 1129472 ----a-w- c:\windows\system32\wininet.dll

    2012-05-17 22:35:39 1427968 ----a-w- c:\windows\system32\inetcpl.cpl

    2012-05-17 22:29:45 142848 ----a-w- c:\windows\system32\ieUnatt.exe

    2012-05-17 22:24:45 2382848 ----a-w- c:\windows\system32\mshtml.tlb

    2012-04-03 08:16:12 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe

    2012-04-03 08:16:11 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe

    .

    ============= FINISH: 20:56:07.68 ===============

    and the second log is as follows:

    .

    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

    IF REQUESTED, ZIP IT UP & ATTACH IT

    .

    DDS (Ver_2011-08-26.01)

    .

    Microsoft® Windows Vista™ Home Premium

    Boot Device: \Device\HarddiskVolume3

    Install Date: 08/08/2008 13:36:23

    System Uptime: 01/07/2012 18:23:04 (2 hours ago)

    .

    Motherboard: Dell Inc. | | 0TP406

    Processor: Intel® Core™2 Quad CPU Q6600 @ 2.40GHz | CPU | 2394/1066mhz

    .

    ==== Disk Partitions =========================

    .

    C: is FIXED (NTFS) - 916 GiB total, 446.006 GiB free.

    D: is FIXED (NTFS) - 15 GiB total, 5 GiB free.

    E: is CDROM ()

    F: is Removable

    G: is Removable

    H: is Removable

    I: is Removable

    .

    ==== Disabled Device Manager Items =============

    .

    ==== System Restore Points ===================

    .

    .

    ==== Installed Programs ======================

    .

    ABBYY FineReader 6.0 Sprint

    Adobe AIR

    Adobe Anchor Service CS3

    Adobe Asset Services CS3

    Adobe Bridge CS3

    Adobe Bridge Start Meeting

    Adobe Camera Raw 4.0

    Adobe CMaps

    Adobe Default Language CS3

    Adobe Device Central CS3

    Adobe Elements Studio Launcher

    Adobe ExtendScript Toolkit 2

    Adobe Flash Player 11 ActiveX

    Adobe Help Viewer CS3

    Adobe PDF Library Files

    Adobe Photoshop Elements 6.0

    Adobe Premiere Elements 4.0

    Adobe Premiere Elements 4.0 Templates

    Adobe Reader X (10.1.3)

    Adobe Setup

    Adobe Shockwave Player 11.5

    Adobe Soundbooth CS3

    Adobe Soundbooth CS3 Codecs

    Adobe Soundbooth CS3 Scores

    Adobe Type Support

    Adobe Update Manager CS3

    Adobe Version Cue CS3 Client

    Adobe XMP DVA Panels CS3

    Adobe XMP Panels CS3

    Apple Application Support

    Apple Mobile Device Support

    Apple Software Update

    Babylon toolbar on IE

    Bonjour

    Browser Address Error Redirector

    CCScore

    Compatibility Pack for the 2007 Office system

    D3DX10

    Dell Getting Started Guide

    Dell Support Center

    Dell Wireless WLAN Card

    Dell Xcelerator™ for Portable Devices

    DIGReqEx

    DirectXInstallService

    Disney Princess Screen Saver

    EDocs

    ESSBrwr

    ESSCDBK

    ESScore

    ESSgui

    ESSini

    ESSPCD

    ESSPDock

    ESSSONIC

    ESSTOOLS

    essvatgt

    Family Tree Maker

    Family Tree Maker 2005

    fflink

    Getting Ready for School

    Google Chrome

    Google Desktop

    Google Earth

    Google Toolbar for Internet Explorer

    Google Update Helper

    Google Updater

    Hauppauge MCE XP/Vista Software Encoder (2.0.25296)

    Hauppauge TV Tuner Driver

    Highlight Viewer (Windows Live Toolbar)

    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

    Intel® Matrix Storage Manager

    Intel® PRO Network Connections 12.1.12.4

    InterActual Player

    iTunes

    Java Auto Updater

    Java™ 6 Update 20

    Java™ 6 Update 32

    Java™ 6 Update 5

    Java™ 6 Update 7

    Java™ 7 Update 5

    JavaFX 2.1.1

    Junk Mail filter update

    kgcbaby

    kgcbase

    kgchday

    kgchlwn

    kgcinvt

    kgckids

    kgcmove

    kgcvday

    Kidizoom® Pro & Plus

    Kodak EasyShare software

    Learning Ladder Preschool

    LEGO Digital Designer

    Lexmark 3500-4500 Series

    Lexmark Fax Solutions

    Lexmark S600 Series

    Lexmark Toolbar

    Lizardtech DjVu Control

    Malwarebytes Anti-Malware version 1.61.0.1400

    Map Button (Windows Live Toolbar)

    Mesh Runtime

    Messenger Companion

    Microsoft .NET Framework 3.5 SP1

    Microsoft .NET Framework 4 Client Profile

    Microsoft Application Error Reporting

    Microsoft Corporation

    Microsoft Office PowerPoint Viewer 2007 (English)

    Microsoft Office Word Viewer 2003

    Microsoft Search Enhancement Pack

    Microsoft Security Client

    Microsoft Security Essentials

    Microsoft Silverlight

    Microsoft SQL Server 2005 Compact Edition [ENU]

    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

    Microsoft Visual C++ 2005 Redistributable

    Microsoft Works

    MobileMe Control Panel

    Mouse Suite for Desktop Computers

    MSN

    MSVCRT

    MSXML 4.0 SP2 (KB936181)

    MSXML 4.0 SP2 (KB941833)

    MSXML 4.0 SP2 (KB954430)

    MSXML 4.0 SP2 (KB973688)

    My First CD-ROM - Getting Ready for School XP Update

    MyFelix

    Nessy Fingers - Demo Version

    netbrdg

    NVIDIA Drivers

    OfotoXMI

    OGA Notifier 2.0.0048.0

    OpenOffice.org 3.2

    QuickTime

    RealPlayer

    RealUpgrade 1.0

    RedShift 6 Premium

    Roxio Activation Module

    Roxio CinePlayer Decoder Pack

    Roxio Creator Audio

    Roxio Creator Copy

    Roxio Creator Data

    Roxio Creator Premier

    Roxio Creator Premier 10

    Roxio Creator Tools

    Roxio Express Labeler

    Roxio Update Manager

    Safari

    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)

    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)

    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

    Segoe UI

    SFR

    SHASTA

    skin0001

    SKINXSDK

    Skype Click to Call

    Skype™ 5.8

    Smart Menus (Windows Live Toolbar)

    Sony Picture Utility

    SpeedyPC Pro

    Spelling Dictionaries Support For Adobe Reader 8

    Spy Sweeper Core

    Spy Sweeper for MSN

    staticcr

    SUPERAntiSpyware

    Tesco Download Manager

    tooltips

    TouchCopy 11

    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

    Virtual Puppy

    VPRINTOL

    WIDCOMM Bluetooth Software 6.0.1.4300

    Windows Live Communications Platform

    Windows Live Essentials

    Windows Live Family Safety

    Windows Live Favorites for Windows Live Toolbar

    Windows Live ID Sign-in Assistant

    Windows Live Installer

    Windows Live Mail

    Windows Live Mesh

    Windows Live Mesh ActiveX Control for Remote Connections

    Windows Live Messenger

    Windows Live Messenger Companion Core

    Windows Live MIME IFilter

    Windows Live Movie Maker

    Windows Live Photo Common

    Windows Live Photo Gallery

    Windows Live PIMT Platform

    Windows Live Remote Client

    Windows Live Remote Client Resources

    Windows Live Remote Service

    Windows Live Remote Service Resources

    Windows Live SOXE

    Windows Live SOXE Definitions

    Windows Live Sync

    Windows Live Toolbar Extension (Windows Live Toolbar)

    Windows Live UX Platform

    Windows Live UX Platform Language Pack

    Windows Live Writer

    Windows Live Writer Resources

    WIRELESS

    XPS MiniView Gadget

    .

    ==== Event Viewer Messages From Past Week ========

    .

    30/06/2012 21:34:03, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}

    30/06/2012 21:22:02, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.129.566.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8502.0 Error code: 0x8007043c Error description: This service cannot be started in Safe Mode

    30/06/2012 21:17:33, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.129.566.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8502.0 Error code: 0x8007043c Error description: This service cannot be started in Safe Mode

    30/06/2012 21:16:05, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.129.566.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8502.0 Error code: 0x8007043c Error description: This service cannot be started in Safe Mode

    30/06/2012 21:16:05, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

    30/06/2012 21:09:42, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.

    30/06/2012 21:06:24, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.129.566.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8502.0 Error code: 0x8007043c Error description: This service cannot be started in Safe Mode

    30/06/2012 21:04:07, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC MpFilter NetBIOS netbt nsiproxy PSched RasAcd rdbss SASDIFSV SASKUTIL Smb spldr Tcpip tdx Wanarpv6

    30/06/2012 21:04:07, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

    30/06/2012 21:04:07, Error: Service Control Manager [7001] - The WebDav Client Redirector Driver service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.

    30/06/2012 21:04:07, Error: Service Control Manager [7001] - The WebClient service depends on the WebDav Client Redirector Driver service which failed to start because of the following error: The dependency service or group failed to start.

    30/06/2012 21:04:07, Error: Service Control Manager [7001] - The TCP/IP Registry Compatibility service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.

    30/06/2012 21:04:07, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

    30/06/2012 21:04:07, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.

    30/06/2012 21:04:07, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

    30/06/2012 21:04:07, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

    30/06/2012 21:04:07, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service service which failed to start because of the following error: A device attached to the system is not functioning.

    30/06/2012 21:04:07, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.

    30/06/2012 21:04:07, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

    30/06/2012 21:04:07, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.

    30/06/2012 21:04:07, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

    30/06/2012 21:04:07, Error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.

    30/06/2012 21:04:07, Error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.

    30/06/2012 21:03:32, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}

    30/06/2012 21:03:32, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}

    28/06/2012 21:54:47, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: MpFilter spldr Wanarpv6

    28/06/2012 21:49:57, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC MpFilter NetBIOS netbt nsiproxy PSched RasAcd rdbss Smb spldr Tcpip tdx Wanarpv6

    28/06/2012 21:46:25, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wcncsvc with arguments "" in order to run the server: {375FF000-DD27-11D9-8F9C-0002B3988E81}

    28/06/2012 21:46:25, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F}

    28/06/2012 19:26:16, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.129.566.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8502.0 Error code: 0x8007043c Error description: This service cannot be started in Safe Mode

    27/06/2012 22:05:54, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.129.469.0 Update Source: Microsoft Update Server Update Stage: Install Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8502.0 Error code: 0x8024001e Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

    27/06/2012 21:18:53, Error: EventLog [6008] - The previous system shutdown at 21:17:40 on 27/06/2012 was unexpected.

    27/06/2012 19:40:47, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.129.469.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8502.0 Error code: 0x8007043c Error description: This service cannot be started in Safe Mode

    26/06/2012 21:03:57, Error: EventLog [6008] - The previous system shutdown at 16:33:22 on 26/06/2012 was unexpected.

    26/06/2012 01:42:59, Error: EventLog [6008] - The previous system shutdown at 21:38:00 on 25/06/2012 was unexpected.

    24/06/2012 22:05:52, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.129.349.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8502.0 Error code: 0x8007043c Error description: This service cannot be started in Safe Mode

    24/06/2012 19:30:31, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.129.349.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8502.0 Error code: 0x8007043c Error description: This service cannot be started in Safe Mode

    24/06/2012 08:25:25, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.129.349.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8502.0 Error code: 0x8007043c Error description: This service cannot be started in Safe Mode

    24/06/2012 08:23:53, Error: EventLog [6008] - The previous system shutdown at 08:21:28 on 24/06/2012 was unexpected.

    01/07/2012 19:43:12, Error: Microsoft-Windows-WMPNSS-Service [14365] - Proximity detection failed due to unknown error '0x80004004'. The best proximity time detected was -1 milliseconds.

    01/07/2012 18:23:57, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the lxedCATSCustConnectService service to connect.

    01/07/2012 18:23:57, Error: Service Control Manager [7000] - The SupportSoft Sprocket Service (dellsupportcenter) service failed to start due to the following error: The system cannot find the file specified.

    01/07/2012 18:23:57, Error: Service Control Manager [7000] - The SessionLauncher service failed to start due to the following error: The system cannot find the path specified.

    01/07/2012 18:23:57, Error: Service Control Manager [7000] - The lxedCATSCustConnectService service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

    01/07/2012 17:48:03, Error: Service Control Manager [7001] - The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.

    01/07/2012 17:46:37, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: MpFilter SASDIFSV SASKUTIL spldr Wanarpv6

    01/07/2012 17:46:37, Error: Service Control Manager [7001] - The Windows Media Center Extender Service service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.

    01/07/2012 17:46:37, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.

    01/07/2012 17:46:35, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

    01/07/2012 17:46:26, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

    01/07/2012 17:46:24, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}

    01/07/2012 17:46:23, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

    01/07/2012 17:46:17, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

    01/07/2012 17:46:03, Error: Microsoft-Windows-TerminalServices-LocalSessionManager [1048] - Terminal Service start failed. The relevant status code was This service cannot be started in Safe Mode .

    01/07/2012 17:46:03, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service TermService with arguments "" in order to run the server: {F9A874B6-F8A8-4D73-B5A8-AB610816828B}

    01/07/2012 17:45:53, Error: EventLog [6008] - The previous system shutdown at 12:05:56 on 01/07/2012 was unexpected.

    01/07/2012 12:06:27, Error: BTHUSB [17] - The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.

    .

    ==== End Of File ===========================

    I have looked a lot on the internet for ways to try and sort this out, and have ticked checkboxes and disabled all the Startup things trying to get things right. I hope I haven't made a terrible mess.

    Thank you very much for taking the time to look at our post and for trying to help us. It would be great to know if you find anything.

    Kind regards,

    Helena

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.