Jump to content

Recommended Posts

I have the google redirect virus, and today it resulted in a fake virus scanner appearing. I restarted my computer in safe mode right away, and ran spybot search and destroy, which found nothing. I then restarted my computer regularly, but this resulted in a BSOD (picture attached). I then ran spybot and MB again in safemode, which found several malwares, but after clearing them and restarting my computer as prompted, I continue to receive the BSOD whenever restarting in to Windows 7 normally. I do not receive the BSOD when running in safe mode. I also tried restoring my system to two different points, which did not resolve the BSOD. I have attached the logs below:

Thank you.

.

DDS (Ver_2011-08-26.01) - NTFSx86 NETWORK

Internet Explorer: 8.0.7600.16385

Run by mhsu at 0:15:51 on 2012-02-21

Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.1910.902 [GMT -5:00]

.

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\Explorer.EXE

C:\Windows\system32\ctfmon.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\PROGRA~1\Java\jre6\bin\jp2launcher.exe

C:\Program Files\Java\jre6\bin\java.exe

C:\Windows\system32\conhost.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Windows\system32\DllHost.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\Windows\system32\ctfmon.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uInternet Settings,ProxyServer = proxy.seeconline.org:3128

uInternet Settings,ProxyOverride = hxxp://10.0.0.*;http://companyweb;https://companyweb;<local>;*.local

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

uRun: [F.lux] "c:\users\mhsu\local settings\apps\f.lux\flux.exe" /noshow

uRun: [googletalk] c:\users\mhsu\appdata\roaming\google\google talk\googletalk.exe /autostart

uRun: [spybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe

uRun: [Google Update] "c:\users\mhsu\appdata\local\google\update\GoogleUpdate.exe" /c

uRun: [spotify] "c:\users\mhsu\appdata\roaming\spotify\Spotify.exe" /uri spotify:autostart

uRun: [CvtMouseUI] rundll32.exe "c:\users\mhsu\appdata\local\cvtmapapi\CvtMouseUI.dll",SecurityobjClock xpmapEnum

uRunOnce: [sminet64] cmd.exe /c RD /S /Q "c:\users\mhsu\appdata\local\isaMobileman"

mRun: [Apoint] c:\program files\delltpad\Apoint.exe

mRun: [sysTrayApp] c:\program files\idt\wdm\sttray.exe

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [broadcom Wireless Manager UI] c:\program files\dell\dw wlan card\WLTRAY.exe

mRun: [WavXMgr] c:\program files\wave systems corp\services manager\docmgr\bin\WavXDocMgr.exe

mRun: [uSCService] c:\program files\dell\dell controlpoint\security manager\BcmDeviceAndTaskStatusService.exe

mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"

mRun: [DBRMTray] c:\dell\dbrm\reminder\DbrmTrayIcon.exe

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [VX6000] c:\windows\vVX6000.exe

mRun: [LifeCam] "c:\program files\microsoft lifecam\LifeExp.exe"

mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe

mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon

mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey

mRun: [snp2std] c:\windows\vsnp2std.exe

mRun: [gidle] "c:\program files\galwaysidle\gidle.exe"

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript

mRun: [dplaysvr] c:\windows\system32\config\systemprofile\appdata\local\dplaysvr.exe

mRunOnce: [DBRMTray] c:\dell\dbrm\reminder\TrayApp.exe

dRun: [dplaysvr] c:\windows\system32\config\systemprofile\appdata\local\dplaysvr.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\dellsy~1.lnk - c:\program files\dell\dell system manager\DCPSysMgr.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\tdmnot~1.lnk - c:\program files\wave systems corp\trusted drive manager\TdmNotify.exe

uPolicies-explorer: HideSCAHealth = 1 (0x1)

mPolicies-explorer: NoWelcomeScreen = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

IE: E&xport to Microsoft Excel - c:\progra~1\mif5ba~1\office11\EXCEL.EXE/3000

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll

IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mif5ba~1\office11\REFIEBAR.DLL

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

TCP: DhcpNameServer = 192.168.10.1

TCP: Interfaces\{205D6DBF-0672-4653-B26F-8D9A7C7754D4} : NameServer = 208.67.222.222

TCP: Interfaces\{7732D151-615A-4924-BA48-D0FBABCC1278} : DhcpNameServer = 192.168.10.1

TCP: Interfaces\{7732D151-615A-4924-BA48-D0FBABCC1278}\14356434 : DhcpNameServer = 10.5.0.1 66.103.80.4 66.103.64.4

TCP: Interfaces\{7732D151-615A-4924-BA48-D0FBABCC1278}\3496479702F66602D496E6E6561607F6C6963702055726C696360275966496 : DhcpNameServer = 206.55.176.53 206.55.176.52

TCP: Interfaces\{7732D151-615A-4924-BA48-D0FBABCC1278}\35475667560224C616E6B6372E08993702960586F6E656 : DhcpNameServer = 172.26.38.1 172.26.38.2

TCP: Interfaces\{7732D151-615A-4924-BA48-D0FBABCC1278}\35565636 : DhcpNameServer = 10.0.0.201

TCP: Interfaces\{7732D151-615A-4924-BA48-D0FBABCC1278}\E49484D26596379647F62737D275C414E4 : DhcpNameServer = 128.231.128.251 128.231.64.1

TCP: Interfaces\{7732D151-615A-4924-BA48-D0FBABCC1278}\F46756274627966756D2347363 : NameServer = 8.8.8.8,8.8.4.4

TCP: Interfaces\{7732D151-615A-4924-BA48-D0FBABCC1278}\F46756274627966756D2347363 : DhcpNameServer = 192.168.0.1

TCP: Interfaces\{8D4379E3-D6AE-4DA8-8D08-0703A454023F} : NameServer = 208.67.222.222

TCP: Interfaces\{8D4379E3-D6AE-4DA8-8D08-0703A454023F} : DhcpNameServer = 172.6.1.161

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll

Notify: igfxcui - igfxdev.dll

Hosts: 94.63.147.16 www.google.com

Hosts: 94.63.147.17 www.bing.com

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\mhsu\appdata\roaming\mozilla\firefox\profiles\hr8njggg.default\

FF - prefs.js: browser.startup.homepage - nytimes.com

FF - plugin: c:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll

FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll

FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll

FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll

FF - plugin: c:\users\mhsu\appdata\local\google\update\1.3.21.99\npGoogleUpdate3.dll

FF - plugin: c:\users\mhsu\appdata\roaming\mozilla\plugins\npgoogletalk.dll

FF - plugin: c:\users\mhsu\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll

.

============= SERVICES / DRIVERS ===============

.

R0 stdflt;Disk Filter Driver for Accelerometer;c:\windows\system32\drivers\stdfltn.sys [2010-11-20 17072]

R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]

R2 risdpcie;risdpcie;c:\windows\system32\drivers\risdpe86.sys [2010-11-1 59904]

R3 Acceler;Accelerometer Service;c:\windows\system32\drivers\Accelern.sys [2010-11-20 42672]

R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2010-11-1 274984]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 14336]

S1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-3-25 165648]

S2 AESTFilters;Andrea ST Filters Service;c:\program files\idt\wdm\AEstSrv.exe [2010-11-20 81920]

S2 ATService;AuthenTec Fingerprint Service;c:\program files\fingerprint sensor\AtService.exe [2010-5-10 1803584]

S2 BrcmMgmtAgent;Broadcom Management Agent;c:\program files\broadcom\mgmtagent\BrcmMgmtAgent.exe [2009-11-4 114688]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 dcpsysmgrsvc;Dell System Manager Service;c:\program files\dell\dell system manager\DCPSysMgrSvc.exe [2010-8-24 388464]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-12-23 136176]

S2 InstallFilterService;FF Install Filter Service;c:\program files\stmicroelectronics\accelerometerp11\InstallFilterService.exe [2010-11-20 60928]

S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-9-28 366152]

S2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2011-9-27 1153368]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-12-23 136176]

S3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2010-11-1 132480]

S3 IntcDAud;Intel® Display Audio;c:\windows\system32\drivers\IntcDAud.sys [2010-11-1 246272]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-9-28 22216]

S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]

S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2010-3-25 43392]

S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2010-10-24 65024]

S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2011-4-27 208944]

S3 rimspci;rimspci;c:\windows\system32\drivers\rimspe86.sys [2010-11-1 48640]

S3 rixdpcie;rixdpcie;c:\windows\system32\drivers\rixdpe86.sys [2010-11-1 38912]

S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]

S3 VX6000;Microsoft LifeCam VX-6000;c:\windows\system32\drivers\VX6000Xp.sys [2010-5-20 2074480]

S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-11-29 1343400]

.

=============== Created Last 30 ================

.

2012-02-21 05:03:48 -------- d-----w- c:\windows\system32\wbem\repository

2012-02-21 02:31:58 724992 ----a-w- c:\programdata\microsoft\windows\drm\CC63.tmp

2012-02-21 02:31:32 130048 ----a-w- c:\programdata\microsoft\windows\drm\68D0.tmp

2012-02-09 17:06:11 -------- d-----w- c:\users\mhsu\appdata\local\Cvtmapapi

2012-01-31 15:17:38 369352 ----a-w- c:\windows\system32\drivers\cng.sys

2012-01-31 15:17:38 224768 ----a-w- c:\windows\system32\schannel.dll

2012-01-31 15:17:38 134000 ----a-w- c:\windows\system32\drivers\ksecpkg.sys

2012-01-31 15:17:38 1037312 ----a-w- c:\windows\system32\lsasrv.dll

2012-01-31 15:17:37 99840 ----a-w- c:\windows\system32\sspicli.dll

2012-01-31 15:17:37 67440 ----a-w- c:\windows\system32\drivers\ksecdd.sys

2012-01-31 15:17:37 314368 ----a-w- c:\windows\system32\webio.dll

2012-01-31 15:17:37 22528 ----a-w- c:\windows\system32\lsass.exe

2012-01-31 15:17:37 22016 ----a-w- c:\windows\system32\secur32.dll

2012-01-31 15:17:37 15360 ----a-w- c:\windows\system32\sspisrv.dll

.

==================== Find3M ====================

.

2011-12-24 04:44:59 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-12-13 20:13:39 60304 ----a-w- c:\users\mhsu\g2mdlhlpx.exe

2011-11-24 04:23:31 2340352 ----a-w- c:\windows\system32\win32k.sys

.

============= FINISH: 0:17:05.81 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Professional

Boot Device: \Device\HarddiskVolume2

Install Date: 11/29/2010 10:19:15 AM

System Uptime: 2/21/2012 12:03:13 AM (0 hours ago)

.

Motherboard: Dell Inc. | | 00K2MH

Processor: Intel® Core i3 CPU M 370 @ 2.40GHz | CPU 1 | 2394/533mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 134 GiB total, 65.053 GiB free.

D: is CDROM (CDFS)

.

==== Disabled Device Manager Items =============

.

Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Description: Security Processor Loader Driver

Device ID: ROOT\LEGACY_SPLDR\0000

Manufacturer:

Name: Security Processor Loader Driver

PNP Device ID: ROOT\LEGACY_SPLDR\0000

Service: spldr

.

==== System Restore Points ===================

.

RP386: 2/1/2012 3:01:20 AM - Windows Update

RP387: 2/13/2012 2:45:36 PM - Scheduled Checkpoint

RP388: 2/16/2012 3:02:04 AM - Windows Update

.

==== Installed Programs ======================

.

32 Bit HP BiDi Channel Components Installer

AccelerometerP11

Adobe AIR

Adobe Flash Player 10 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader X

Apple Application Support

Apple Mobile Device Support

Apple Software Update

AuthenTec Fingerprint Software

BioAPI Framework

Bonjour

Broadcom NetXtreme-I Netlink Driver and Management Installer

Canon MP Navigator 2.0

Canon MP150

Canon My Printer

CCleaner

Cisco EAP-FAST Module

Cisco LEAP Module

Cisco PEAP Module

Compatibility Pack for the 2007 Office system

D3DX10

Defraggler

Dell Backup and Recovery Manager

Dell Control Point

Dell ControlPoint Security Manager

Dell Edoc Viewer

Dell Embassy Trust Suite by Wave Systems

Dell Security Device Driver Pack

Dell System Manager

Dell Touchpad

Document Manager Lite

DW WLAN Card Utility

EMBASSY Security Center

EMBASSY Security Setup

ESC Home Page Plugin

F.lux

gAlwaysIdle

Gemalto

Google Chrome

Google Talk (remove only)

Google Talk Plugin

Google Update Helper

GoToMeeting 5.1.0.880

HUE HD Webcam

Intel® Graphics Media Accelerator Driver

iTunes

Java Auto Updater

Java 6 Update 22

Junk Mail filter update

Malwarebytes' Anti-Malware version 1.51.2.1300

McAfee Security Scan Plus

Microsoft .NET Framework 4 Client Profile

Microsoft Antimalware

Microsoft Application Error Reporting

Microsoft Corporation

Microsoft LifeCam

Microsoft Office Professional Edition 2003

Microsoft Search Enhancement Pack

Microsoft Security Client

Microsoft Security Essentials

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Mozilla Firefox 4.0.1 (x86 en-US)

MSVCRT

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

NTRU TCG Software Stack

O2Micro OZ776 SCR Driver

OGA Notifier 2.0.0048.0

PowerDVD DX

Preboot Manager

Private Information Manager

QuickTime

RealNetworks - Microsoft Visual C++ 2008 Runtime

RealPlayer

RealUpgrade 1.1

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Wizards

Spotify

Spybot - Search & Destroy

Times Reader

Trusted Drive Manager

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

UPEK TouchChip Fingerprint Reader

Wave Infrastructure Installer

Wave Support Software

Windows Driver Package - AuthenTec Inc. (ATSwpWDF) Biometric (05/13/2009 8.4.2.0)

Windows Driver Package - Dell Inc. PBADRV System (09/11/2009 1.0.1.6)

Windows Live Communications Platform

Windows Live Essentials

Windows Live ID Sign-in Assistant

Windows Live Installer

Windows Live Mail

Windows Live Messenger

Windows Live MIME IFilter

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live Sync

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

Windows Mobile Device Center

.

==== Event Viewer Messages From Past Week ========

.

2/21/2012 12:13:34 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.

2/21/2012 12:07:49 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

2/21/2012 12:05:06 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

2/21/2012 12:04:58 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

2/21/2012 12:04:51 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

2/21/2012 12:04:02 AM, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\System32\bcmihvsrv.dll Error Code: 21

2/21/2012 12:03:48 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service TermService with arguments "" in order to run the server: {F9A874B6-F8A8-4D73-B5A8-AB610816828B}

2/21/2012 12:03:46 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache MpFilter spldr Wanarpv6

2/21/2012 12:03:44 AM, Error: Service Control Manager [7003] - The SBSD Security Center Service service depends the following service: wscsvc. This service might not be installed.

2/21/2012 12:03:44 AM, Error: NETLOGON [5719] - This computer was not able to set up a secure session with a domain controller in domain SEEC-DOM due to the following: There are currently no logon servers available to service the logon request. This may lead to authentication problems. Make sure that this computer is connected to the network. If the problem persists, please contact your domain administrator. ADDITIONAL INFO If this computer is a domain controller for the specified domain, it sets up the secure session to the primary domain controller emulator in the specified domain. Otherwise, this computer sets up the secure session to any domain controller in the specified domain.

2/21/2012 12:03:42 AM, Error: Service Control Manager [7001] - The NTRU TSS v1.2.1.29 TCS service depends on the TPM Base Services service which failed to start because of the following error: The operation completed successfully.

2/21/2012 12:03:41 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000008e (0xc0000005, 0x8364fceb, 0xa9aaf424, 0x00000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 022112-20342-01.

2/21/2012 12:03:19 AM, Error: ACPI [13] - : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly.

2/20/2012 9:58:38 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000008e (0xc0000005, 0x88a41ceb, 0x98aaf424, 0x00000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 022012-18033-01.

2/20/2012 9:35:24 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000008e (0xc0000005, 0x88a6bceb, 0x992af424, 0x00000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 022012-17144-01.

2/20/2012 7:18:49 PM, Error: Microsoft-Windows-TerminalServices-RemoteConnectionManager [1067] - The terminal server cannot register 'TERMSRV' Service Principal Name to be used for server authentication. The following error occured: The specified domain either does not exist or could not be contacted. .

2/20/2012 7:16:13 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.

2/20/2012 11:46:55 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

2/20/2012 11:46:37 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.

2/20/2012 11:46:32 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}

2/20/2012 11:46:32 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}

2/20/2012 11:45:30 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD CSC DfsC discache MpFilter NetBIOS NetBT nsiproxy Psched rdbss spldr tdx vwififlt Wanarpv6 WfpLwf

2/20/2012 11:45:30 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

2/20/2012 11:45:30 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.

2/20/2012 11:45:30 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

2/20/2012 11:45:30 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

2/20/2012 11:45:30 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

2/20/2012 11:45:30 PM, Error: Service Control Manager [7001] - The Network Connections service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

2/20/2012 11:45:30 PM, Error: Service Control Manager [7001] - The Netlogon service depends on the Workstation service which failed to start because of the following error: The dependency service or group failed to start.

2/20/2012 11:45:30 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

2/20/2012 11:45:29 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

2/20/2012 11:45:29 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.

2/20/2012 11:45:29 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.

2/20/2012 11:45:29 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

2/20/2012 11:45:29 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000008e (0xc0000005, 0x83660ceb, 0xaa0a3424, 0x00000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 022012-21075-01.

2/20/2012 11:30:37 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: akfmdd discache MpFilter spldr uyhekcgw Wanarpv6

2/20/2012 11:30:34 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000008e (0xc0000005, 0x88a54ceb, 0x994a3424, 0x00000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 022012-16052-01.

2/20/2012 11:29:01 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000008e (0xc0000005, 0x88a78ceb, 0x9948f424, 0x00000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 022012-19375-01.

2/20/2012 10:53:42 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: akfmdd discache MpFilter spldr Wanarpv6

2/20/2012 10:53:39 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000008e (0xc0000005, 0x88a6aceb, 0x99483424, 0x00000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 022012-19578-01.

2/20/2012 10:52:00 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000008e (0xc0000005, 0x88a49ceb, 0x9908f424, 0x00000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 022012-20841-01.

2/20/2012 10:00:14 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000008e (0xc0000005, 0x88a74ceb, 0x8c48f424, 0x00000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 022012-18595-01.

2/20/2012 10:00:11 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD akfmdd CSC DfsC discache MpFilter NetBIOS NetBT nsiproxy Psched rdbss spldr tdx vwififlt Wanarpv6 WfpLwf

2/20/2012 1:11:01 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {9BA05972-F6A8-11CF-A442-00A0C90A8F39} and APPID {9BA05972-F6A8-11CF-A442-00A0C90A8F39} to the user SEEC-DOM\mhsu SID (S-1-5-21-278053664-2185810746-1395160328-7715) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

2/19/2012 9:58:47 PM, Error: Microsoft-Windows-GroupPolicy [1129] - The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.

2/17/2012 11:37:47 AM, Error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{7732D151-615A-4924-BA48-D0FBABCC1278} because another computer on the network has the same name. The server could not start.

2/16/2012 3:01:01 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.

.

==== End Of File ===========================

post-108607-0-73075400-1329801808.jpg

Link to post
Share on other sites

Hello and :welcome:

I see a hosts file hijack here which is responsible for redirects, however I don't exclude a rootkit either so lets check for that first.

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!

  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.

COMBOFIX

---------------

Please download ComboFix from one of these locations:


Bleepingcomputer
ForoSpyware

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Query_RC.gif

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

RC_successful.gif

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\Combofix.txt in your next reply.

Link to post
Share on other sites

  • 1 month later...

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.