Jump to content

After removing Malware, unable to make internet connections


Recommended Posts

Our computer was infected with malware that was removed by Malwarebytes. After the removal process, there are issues that are not allowing us to connect to the internet. I'm not sure where to start to fix this issue.

Below is the most recent Malwarebytes log:

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

Database version: 7082

Windows 6.0.6002 Service Pack 2

Internet Explorer 8.0.6001.19088

7/11/2011 8:53:29 PM

mbam-log-2011-07-11 (20-53-29).txt

Scan type: Full scan (C:\|D:\|)

Objects scanned: 499527

Time elapsed: 2 hour(s), 11 minute(s), 53 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 2

Registry Keys Infected: 0

Registry Values Infected: 6

Registry Data Items Infected: 1

Folders Infected: 0

Files Infected: 21

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

c:\Users\Burkes\AppData\Local\Lecorgsi.dll (Trojan.Hiloti) -> Delete on reboot.

c:\Users\Burkes\AppData\Local\edojefed.dll (Trojan.Agent.U) -> Delete on reboot.

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Lhixuwefokibof (Trojan.Hiloti) -> Value: Lhixuwefokibof -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\conhost (Trojan.Agent) -> Value: conhost -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\conhost (Trojan.Agent) -> Value: conhost -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Load (Trojan.Agent) -> Value: Load -> Delete on reboot.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell.Gen) -> Value: Shell -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rdeziwiquloyaraq (Trojan.Agent.U) -> Value: Rdeziwiquloyaraq -> Delete on reboot.

Registry Data Items Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Load (Trojan.Agent) -> Bad: (C:\Users\Burkes\AppData\Local\Temp\csrss.exe) Good: () -> Quarantined and deleted successfully.

Folders Infected:

(No malicious items detected)

Files Infected:

c:\Users\Burkes\AppData\Local\Lecorgsi.dll (Trojan.Hiloti) -> Quarantined and deleted successfully.

c:\Users\Burkes\AppData\Roaming\microsoft\conhost.exe (Trojan.Agent) -> Quarantined and deleted successfully.

c:\Users\Burkes\AppData\Local\udzclczimf.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

c:\Users\Burkes\AppData\Local\microsoft\Windows\temporary internet files\Content.IE5\1Z8QJYPD\windows-update-sp3-kb85144-setup[1].exe (Trojan.Hiloti) -> Quarantined and deleted successfully.

c:\Users\Burkes\AppData\Local\microsoft\Windows\temporary internet files\Content.IE5\3ZFWIP6P\windows-update-sp3-kb84628-setup[1].exe (Trojan.Agent) -> Quarantined and deleted successfully.

c:\Users\Burkes\AppData\Local\microsoft\Windows\temporary internet files\Content.IE5\9PBARRN4\windows-update-sp2-kb79083-setup[1].exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

c:\Users\Burkes\AppData\Local\microsoft\Windows\temporary internet files\Content.IE5\SA82U7FI\windows-update-sp3-kb66509-setup[1].exe (Trojan.Agent) -> Quarantined and deleted successfully.

c:\Users\Burkes\AppData\Local\Temp\0.40904764012737294.exe (Trojan.Oficla) -> Quarantined and deleted successfully.

c:\Users\Burkes\AppData\Local\Temp\0.668588044524702.exe (Trojan.Oficla) -> Quarantined and deleted successfully.

c:\Users\Burkes\AppData\LocalLow\Sun\Java\deployment\cache\6.0\28\2a7b8dc-499fa168 (Trojan.Oficla) -> Quarantined and deleted successfully.

c:\Users\Burkes\AppData\LocalLow\Sun\Java\deployment\cache\6.0\28\2a7b8dc-6a9614c0 (Trojan.Oficla) -> Quarantined and deleted successfully.

c:\Users\Burkes\AppData\Roaming\dwm.exe (Trojan.Agent) -> Quarantined and deleted successfully.

c:\Users\Burkes\AppData\Roaming\Adobe\plugs\mmc573652414.txt (Trojan.Agent) -> Quarantined and deleted successfully.

c:\Users\Burkes\AppData\Roaming\Adobe\plugs\mmc573683458.txt (Trojan.Hiloti) -> Quarantined and deleted successfully.

c:\Users\Burkes\AppData\Local\Temp\0.6216665016326679.exe (Exploit.Drop.2) -> Quarantined and deleted successfully.

c:\Users\Burkes\AppData\Local\Temp\csrss.exe (Trojan.Agent) -> Quarantined and deleted successfully.

c:\Users\Burkes\AppData\Roaming\Adobe\shed\thr1.chm (Malware.Trace) -> Quarantined and deleted successfully.

c:\Users\Burkes\AppData\Roaming\Adobe\plugs\mmc146.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.

c:\Users\Burkes\AppData\Roaming\Adobe\plugs\mmc188.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.

c:\Users\Burkes\AppData\Roaming\Adobe\plugs\mmc210.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.

c:\Users\Burkes\AppData\Local\edojefed.dll (Trojan.Agent.U) -> Quarantined and deleted successfully.

Below is the DDS file:

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421

Run by Burkes at 22:46:14 on 2012-06-18

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.6142.4886 [GMT -5:00]

.

AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}

FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\system32\Ati2evxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Program Files\Dell\DellDock\DockLogin.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\Ati2evxx.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\taskeng.exe

C:\WINDOWS\System32\wpcumi.exe

C:\WINDOWS\ehome\ehtray.exe

C:\WINDOWS\System32\rundll32.exe

C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Windows\ehome\ehmsas.exe

C:\Windows\SysWOW64\rundll32.exe

C:\Program Files\McAfee.com\Agent\mcagent.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe

C:\Windows\system32\AERTSr64.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE

C:\Program Files (x86)\Bonjour\mDNSResponder.exe

C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe

C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe

C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe

C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe

C:\Windows\system32\rundll32.exe

C:\Windows\system32\rundll32.exe

C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe

C:\Windows\SysWOW64\rundll32.exe

C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe

C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe

C:\Windows\system32\WUDFHost.exe

C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

C:\Windows\System32\mobsync.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Fix Malware\Defogger.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\SysWOW64\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll

uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll

mWinlogon: Userinit=userinit.exe,

BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120426002428.dll

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"

BHO: Avery Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll

TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll

TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

TB: Avery Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll

TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File

uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe

uRun: [DriverScanner] "C:\Program Files (x86)\Uniblue\DriverScanner\launcher.exe" delay 20000

uRun: [rpcthg] rundll32.exe "C:\Users\Burkes\AppData\Roaming\rpcthg.dll",ReadPixels

uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume

mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [TaskTray]

mRun: [<NO NAME>]

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll

IE: {5067A26B-1337-4436-8AFE-EE169C2DA79F} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL

LSP: C:\Windows\system32\wpclsp.dll

Trusted Zone: clonewarsadventures.com

Trusted Zone: freerealms.com

Trusted Zone: real.com\rhap-app-4-0

Trusted Zone: real.com\rhapreg

Trusted Zone: soe.com

Trusted Zone: sony.com

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab

DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab

DPF: {83A4D5A6-E2C1-4EDD-AD48-1A1C50BD06EF} - hxxp://www2.artsonia.com/shared/classes/ImageUploader6.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab

DPF: {B2FC031D-8C74-46AE-8042-BCF4FC03C1EF} - hxxp://qc-usda.saas.hp.com/qcbin/Spider91.cab

DPF: {BEA7310D-06C4-4339-A784-DC3804819809} - hxxp://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab

DPF: {C7DEDA04-2FFF-4B81-AE66-0A0E0EF4AD2F} - hxxp://www.ritzpix.com/net/Uploader/LPUploader57.cab

DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab

DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://srameeting.webex.com/client/T26L10NSP49EP24-srameeting/webex/ieatgpc1.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 209.18.47.61 209.18.47.62

TCP: Interfaces\{745686F3-3B69-438C-9398-3DD06438FE09} : DhcpNameServer = 209.18.47.61 209.18.47.62

Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\McAfee\MSC\McSnIePl.dll

Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll

Handler: intu-help-qb4 - {ACE22922-D07C-4860-B51B-8CF472FEC2CB} - C:\Program Files (x86)\Intuit\QuickBooks 2011\HelpAsyncPluggableProtocol.dll

Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\WINDOWS\System32\mscoree.dll

Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

BHO-X64: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll

BHO-X64: 0x1 - No File

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: Skype add-on (mastermind): {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

BHO-X64: Skype add-on (mastermind) - No File

BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120426002428.dll

BHO-X64: scriptproxy - No File

BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO-X64: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"

BHO-X64: Avery Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll

BHO-X64: Ask Toolbar BHO - No File

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO-X64: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll

TB-X64: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

TB-X64: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll

TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"

TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

TB-X64: Avery Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll

TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun-x64: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume

mRun-x64: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey

mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [TaskTray]

mRun-x64: [(Default)]

.

============= SERVICES / DRIVERS ===============

.

R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?]

R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]

R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\system32\DRIVERS\mfenlfk.sys --> C:\Windows\system32\DRIVERS\mfenlfk.sys [?]

R1 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys --> C:\Windows\system32\drivers\mfewfpk.sys [?]

R2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-9-18 169312]

R2 AERTFilters;Andrea RT Filters Service;C:\Windows\system32\AERTSr64.exe --> C:\Windows\system32\AERTSr64.exe [?]

R2 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-6-15 249648]

R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2008-12-18 155648]

R2 LVPrcS64;Process Monitor;C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2009-10-7 191000]

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe [2009-10-14 103440]

R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-4-16 249936]

R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-4-16 249936]

R2 McShield;McAfee McShield;C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2010-4-16 199272]

R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2010-4-16 210584]

R2 mfevtp;McAfee Validation Trust Protection Service;C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe [2010-4-16 162192]

R2 QBVSS;QBIDPService;C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [2011-6-30 1248256]

R2 RtNdPt60;Realtek NDIS Protocol Driver;C:\Windows\system32\DRIVERS\RtNdPt60.sys --> C:\Windows\system32\DRIVERS\RtNdPt60.sys [?]

R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2009-10-1 648432]

R3 cfwids;McAfee Inc. cfwids;C:\Windows\system32\drivers\cfwids.sys --> C:\Windows\system32\drivers\cfwids.sys [?]

R3 LVPr2M64;Logitech LVPr2M64 Driver;C:\Windows\system32\DRIVERS\LVPr2M64.sys --> C:\Windows\system32\DRIVERS\LVPr2M64.sys [?]

R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?]

R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\system32\drivers\mfefirek.sys --> C:\Windows\system32\drivers\mfefirek.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 FontCache;Windows Font Cache Service;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]

S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-7-6 136176]

S2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-4-16 249936]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-5-31 257696]

S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-7-7 195336]

S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]

S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-7-6 136176]

S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\system32\DRIVERS\lvrs64.sys --> C:\Windows\system32\DRIVERS\lvrs64.sys [?]

S3 LVUVC64;Logitech QuickCam S5500(UVC);C:\Windows\system32\DRIVERS\lvuvc64.sys --> C:\Windows\system32\DRIVERS\lvuvc64.sys [?]

S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?]

S3 mferkdk;McAfee Inc. mferkdk;C:\Windows\system32\drivers\mferkdk.sys --> C:\Windows\system32\drivers\mferkdk.sys [?]

S3 mfesmfk;McAfee Inc. mfesmfk;C:\Windows\system32\drivers\mfesmfk.sys --> C:\Windows\system32\drivers\mfesmfk.sys [?]

S3 PerfHost;Performance Counter DLL Host;C:\WINDOWS\SysWOW64\perfhost.exe [2008-1-20 19968]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]

S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\WINDOWS\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-12-3 89920]

.

=============== File Associations ===============

.

JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*

.

=============== Created Last 30 ================

.

2012-06-19 03:41:49 -------- d-----w- C:\Fix Malware

2012-06-19 00:38:14 -------- d-----w- C:\Windows\pss

2012-06-17 21:34:14 124928 --sha-w- C:\Users\Burkes\AppData\Roaming\rpcthg.dll

2012-06-12 23:55:47 209920 ----a-w- C:\Windows\System32\drivers\rdpwd.sys

2012-06-12 23:55:45 2767360 ----a-w- C:\Windows\System32\win32k.sys

2012-06-12 23:55:25 1267200 ----a-w- C:\Windows\System32\crypt32.dll

2012-06-12 23:55:24 984064 ----a-w- C:\Windows\SysWow64\crypt32.dll

2012-06-12 23:55:24 174592 ----a-w- C:\Windows\System32\cryptsvc.dll

2012-06-12 23:55:24 133120 ----a-w- C:\Windows\SysWow64\cryptsvc.dll

2012-06-12 23:55:24 132096 ----a-w- C:\Windows\System32\cryptnet.dll

2012-06-12 23:55:23 98304 ----a-w- C:\Windows\SysWow64\cryptnet.dll

2012-06-12 12:14:38 329216 ----a-w- C:\Users\Burkes\AppData\Roaming\nhplap.dll

2012-06-08 14:53:58 -------- d-sh--w- C:\Windows\System32\%APPDATA%

2012-06-08 14:37:08 -------- d-----w- C:\Users\Burkes\AppData\Local\{679A9282-B177-11E1-8270-B8AC6F996F26}

2012-06-08 14:36:31 -------- d-----w- C:\ProgramData\F4D55F3B00041DC600204B2E570F1C8B

2012-06-08 14:36:30 -------- d-----w- C:\Users\Burkes\AppData\Local\SmsTarget

2012-05-31 20:48:23 53248 ----a-r- C:\Users\Burkes\AppData\Roaming\Microsoft\Installer\{7196E6BD-4B65-43F9-9D30-73A8E58D0E84}\ARPPRODUCTICON.exe

2012-05-31 20:47:08 -------- d-----w- C:\Users\Burkes\AppData\Roaming\Avery

2012-05-31 20:37:58 -------- d-----w- C:\Program Files (x86)\Ask.com

2012-05-31 20:37:51 -------- d-----w- C:\Users\Burkes\AppData\Local\APN

2012-05-31 20:33:31 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-05-31 20:33:31 419488 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

.

==================== Find3M ====================

.

2012-05-18 02:06:48 2311680 ----a-w- C:\Windows\System32\jscript9.dll

2012-05-18 01:59:14 1392128 ----a-w- C:\Windows\System32\wininet.dll

2012-05-18 01:58:39 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl

2012-05-18 01:55:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe

2012-05-18 01:51:30 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2012-05-17 22:45:37 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll

2012-05-17 22:35:47 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll

2012-05-17 22:35:39 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2012-05-17 22:29:45 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2012-05-17 22:24:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2012-04-04 20:56:40 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-04-03 08:22:15 4699520 ----a-w- C:\Windows\System32\ntoskrnl.exe

2012-03-30 12:45:03 1423744 ----a-w- C:\Windows\System32\drivers\tcpip.sys

.

============= FINISH: 22:49:53.43 ===============

Below is the Attach file:

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft® Windows Vista™ Home Premium

Boot Device: \Device\HarddiskVolume3

Install Date: 10/1/2009 3:48:58 AM

System Uptime: 6/18/2012 10:44:12 PM (0 hours ago)

.

Motherboard: Dell Inc. | | 0M017G

Processor: Intel® Core2 Duo CPU E7500 @ 2.93GHz | CPU 1 | 2936/267mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 451 GiB total, 178.506 GiB free.

D: is FIXED (NTFS) - 15 GiB total, 5.746 GiB free.

E: is CDROM (UDF)

F: is Removable

G: is Removable

H: is Removable

I: is Removable

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

.

==== Installed Programs ======================

.

Update for Microsoft Office 2007 (KB2508958)

Acrobat.com

Adobe AIR

Adobe Flash Player 11 ActiveX

Adobe Photoshop Elements 8.0

Adobe Reader 9.2

Adobe Shockwave Player 11.5

Aleks 3.14

Amazon Kindle

Amazon MP3 Downloader 1.0.12

Apple Application Support

Apple Software Update

Ask Toolbar

ATI Catalyst Control Center

Avery Toolbar Updater

Avery Wizard 4.0

Bing Bar

Brother MFL-Pro Suite

Catalyst Control Center - Branding

Catalyst Control Center Core Implementation

Catalyst Control Center Graphics Full Existing

Catalyst Control Center Graphics Full New

Catalyst Control Center Graphics Light

Catalyst Control Center Graphics Previews Common

Catalyst Control Center Graphics Previews Vista

Catalyst Control Center InstallProxy

Catalyst Control Center Localization All

ccc-core-static

CCC Help Chinese Standard

CCC Help Chinese Traditional

CCC Help English

CCC Help French

CCC Help German

CCC Help Hungarian

CCC Help Italian

CCC Help Japanese

CCC Help Korean

CCC Help Portuguese

CCC Help Spanish

CCC Help Turkish

Choice Guard

Clone Wars

Compatibility Pack for the 2007 Office system

Dell-eBay

Dell DataSafe Local Backup

Dell DataSafe Local Backup - Support Software

Dell DataSafe Online

Dell Getting Started Guide

Dell Support Center (Support Software)

Dell Video Chat

Elements+ for PSE 8 (demo)

Google Chrome

Google Earth Plug-in

Google Toolbar for Internet Explorer

Google Update Helper

GoToAssist 8.0.0.514

GoToMeeting 4.8.0.723

Graffi's Action Effects Sampler 8.0.0.8

Hardware Helper

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Java Auto Updater

Java 6 Update 30

Junk Mail filter update

Malwarebytes Anti-Malware version 1.61.0.1400

McAfee AntiVirus Plus

Microsoft Default Manager

Microsoft Office 2007 Primary Interop Assemblies

Microsoft Office 2007 Service Pack 3 (SP3)

Microsoft Office Access MUI (English) 2007

Microsoft Office Access Setup Metadata MUI (English) 2007

Microsoft Office Excel MUI (English) 2007

Microsoft Office Home and Student 2007

Microsoft Office InfoPath MUI (English) 2007

Microsoft Office OneNote MUI (English) 2007

Microsoft Office Outlook MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office PowerPoint Viewer 2007 (English)

Microsoft Office Professional Plus 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

Microsoft Office Publisher MUI (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Suite Activation Assistant

Microsoft Office Word MUI (English) 2007

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Sync Framework Runtime Native v1.0 (x86)

Microsoft Sync Framework Services Native v1.0 (x86)

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual Studio 2005 Tools for Office Runtime

Microsoft Works

Mighty Math Calculating Crew (Remove only)

Mighty Math Zoo Zillions

MSVCRT

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MSXML 4.0 SP2 Parser and SDK

Musicnotes Software Suite 1.5.5

Picaboo X

PowerDVD DX

QuickBooks

QuickBooks Pro 2011

QuickTime

Realtek Ethernet Network Card Diagnostic tool for Windows Vista

Realtek High Definition Audio Driver

RENESIS® Player Browser Plugins

Rhapsody

Rosetta Stone Version 3

Roxio Creator Audio

Roxio Creator Copy

Roxio Creator Data

Roxio Creator DE

Roxio Creator Tools

Roxio Express Labeler 3

Roxio Update Manager

ScanSoft PaperPort 11

Scratch

Security Update for CAPICOM (KB931906)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition

Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition

Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition

Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition

Shutterfly Express Uploader

Skins

Skype web features

Skype™ 4.1

SmileBooks

Unity Web Player

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft Office 2007 Help for Common Features (KB963673)

Update for Microsoft Office Access 2007 Help (KB963663)

Update for Microsoft Office Excel 2007 Help (KB963678)

Update for Microsoft Office Infopath 2007 Help (KB963662)

Update for Microsoft Office OneNote 2007 Help (KB963670)

Update for Microsoft Office Outlook 2007 Help (KB963677)

Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687267) 32-Bit Edition

Update for Microsoft Office Powerpoint 2007 Help (KB963669)

Update for Microsoft Office Publisher 2007 Help (KB963667)

Update for Microsoft Office Script Editor Help (KB963671)

Update for Microsoft Office Word 2007 Help (KB963665)

Update Installer for WildTangent Games App

virtualPhotographer 1.5.6

WebEx

WildTangent Games

WildTangent Games App (Dell Games)

Windows Live Call

Windows Live Communications Platform

Windows Live Essentials

Windows Live Mail

Windows Live Messenger

Windows Live Photo Gallery

Windows Live Sign-in Assistant

Windows Live Sync

Windows Live Upload Tool

Windows Live Writer

Wizard101

Yahoo! Toolbar

.

==== Event Viewer Messages From Past Week ========

.

6/18/2012 9:32:37 PM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for Security with the following error: Access is denied.

6/18/2012 9:31:08 PM, Error: Microsoft-Windows-PrintSpooler [19] - The print spooler failed to share printer hp deskjet 3600 series (LIDIL) (Copy 3) with shared resource name hp deskjet 3600 series (LIDIL) (Copy 3). Error 1753. The printer cannot be used by others on the network.

6/18/2012 9:31:08 PM, Error: Microsoft-Windows-PrintSpooler [19] - The print spooler failed to share printer Brother DCP-7020 USB with shared resource name Brother DCP-7020 USB. Error 1753. The printer cannot be used by others on the network.

6/18/2012 9:14:53 PM, Error: Service Control Manager [7022] - The McAfee Network Agent service hung on starting.

6/18/2012 8:57:51 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.

6/18/2012 8:57:33 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service McNaiAnn with arguments "" in order to run the server: {DC7EF8E1-824F-4110-AB43-1604DA9B4F40}

6/18/2012 8:56:23 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service McAfee SiteAdvisor Service with arguments "" in order to run the server: {5A90F5EE-16B8-4C2A-81B3-FD5329BA477C}

6/18/2012 8:54:53 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wcncsvc with arguments "" in order to run the server: {375FF000-DD27-11D9-8F9C-0002B3988E81}

6/18/2012 8:54:53 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F}

6/18/2012 8:54:25 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: spldr Wanarpv6

6/18/2012 8:54:04 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

6/18/2012 8:53:48 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}

6/18/2012 8:53:43 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

6/18/2012 8:53:29 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

6/18/2012 7:39:29 PM, Error: VDS Dynamic Provider [10] - The provider failed while storing notifications from the driver. The Virtual Disk Service should be restarted. hr=80042505

6/18/2012 10:46:12 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.

6/18/2012 10:46:12 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.

6/18/2012 10:46:12 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.

6/18/2012 10:46:12 PM, Error: Service Control Manager [7000] - The MCSTRM service failed to start due to the following error: The system cannot find the file specified.

6/18/2012 10:44:40 PM, Error: Microsoft-Windows-PrintSpooler [19] - The print spooler failed to share printer hp deskjet 3600 series (LIDIL) (Copy 3) with shared resource name hp deskjet 3600 series (LIDIL) (Copy 3). Error 2114. The printer cannot be used by others on the network.

6/18/2012 10:44:40 PM, Error: Microsoft-Windows-PrintSpooler [19] - The print spooler failed to share printer Brother DCP-7020 USB with shared resource name Brother DCP-7020 USB. Error 2114. The printer cannot be used by others on the network.

6/18/2012 10:44:36 PM, Error: EventLog [6008] - The previous system shutdown at 10:42:55 PM on 6/18/2012 was unexpected.

6/17/2012 9:41:52 PM, Error: Service Control Manager [7031] - The McAfee McShield service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.

6/17/2012 10:14:45 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service McNaiAnn with arguments "" in order to run the server: {395633B1-EED9-4DFC-B67F-9788B51C9F06}

6/11/2012 10:42:43 PM, Error: Service Control Manager [7034] - The McAfee Scanner service terminated unexpectedly. It has done this 1 time(s).

.

==== End Of File ===========================

I also ran the GMER rootkit scanner and it found no issues.

Thank You!

Link to post
Share on other sites

Hello tonyasrb and :welcome:! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at support@malwarebytes.org or here (http://helpdesk.malwarebytes.org/home). If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.

Step 1

Flash Drive Disinfector

Download Flash_Disinfector.exe by sUBs from here and save it to your desktop.

  • Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
  • The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone. Please do so and allow the utility to clean up those drives as well.
  • Wait until it has finished scanning and then exit the program.
  • Reboot your computer when done.
    Note: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive plugged in when you run it. Don't delete this folder...it will help protect your drives from future infection.

Step 2

Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:

  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices
  • List Users, Partitions and Memory size.
  • List Minidump Files

Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.

Step 3

Please download Farbar Service Scanner and run it on the computer with the issue.

  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update

    [*]Press "Scan".

    [*]It will create a log (FSS.txt) in the same directory the tool is run.

    [*]Please copy and paste the log to your reply.

In your next reply, post the following log files:

  • MiniToolBox log
  • Farbar Service Scanner log
  • a new fresh DDS log file

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.