Jump to content

Broken Firewall?


Recommended Posts

Earlier this week I had contracted a nasty little Malware that made all kinds of havoc, it hid all my files, icons, etc.. etc.. and messed with all kinds of settings. Luckily I was able to get rid of the lil' bugger (Or at least I BELIEVE it's removed) thanks to windows safe mode & my Malwarebytes Pro.

My problem however is that after my battle with this beast my Windows Firewall is completely useless..

It's been turned off, if I try to make any changes at all to a Firewall setting I get the following error:

Windows Firewall can't change some of your settings. Error Code 0x8007042c

I've looked into this particular error and I've tried

"Run" /SCANNOW and the problem is still here.

Microsofts recommendation of downloading and running "Microsoft Safety Scanner" and it didn't fix anything.

Created the following repair file


sc config MpsSvc start= auto

sc config KeyIso start= auto

sc config BFE start= auto

sc config FwcAgent start= auto

net stop MpsSvc

net start MpsSvc

net stop KeyIso

net start KeyIso

net stop BFE

net start BFE

net stop FwcAgent

net start FwcAgentit

also didn't fix anything.

I'm at the point where I could use someone elses expertise... Part of me wonders if there is still a small part of this beast hidden on my PC that's preventing my Firewall from working that my Malwarebytes Pro isn't finding?

Thanks in advance for any help.

Link to post
Share on other sites

Hello Delong7221! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/paste in your next reply.

Let's take a look what is going on there. To beginning, please follow the instructions here: I'm infected - What do I do now?

Please post the log files, when you are ready to go.

Link to post
Share on other sites

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 8.0.7601.17514

Run by Brandon at 15:49:43 on 2011-11-12

Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.4095.2006 [GMT -6:00]

.

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\WUDFHost.exe

C:\Windows\system32\WUDFHost.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\sppsvc.exe

C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

C:\Windows\system32\WUDFHost.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Logitech Gaming Software\LCore.exe

C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe

C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Logitech Gaming Software\plugins\LCDAppletsMono-1.00.027\Applets\x64\LCDClock.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files\Windows Media Player\WMPSideShowGadget.exe

C:\Program Files (x86)\Windows Media Player\wmplayer.exe

C:\Windows\system32\taskhost.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

C:\Windows\SysWOW64\ping.exe

C:\Windows\system32\conhost.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.wowhead.com/

mDefault_Page_URL = hxxp://www.yahoo.com

mStart Page = hxxp://www.yahoo.com

uURLSearchHooks: YTNavAssist.YTNavAssistPlugin Class: {81017ea9-9aa8-4a6a-9734-7af40e7d593f} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\YTNavAssist.dll

uURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTo0.dll

mURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTo0.dll

mWinlogon: Userinit=userinit.exe,

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTo0.dll

TB: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll

TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File

uRun: [DAEMON Tools Pro Agent] "C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe" -autorun

uRun: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

mRun: [Adobe ARM] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

dRun: [volmgr] C:\Windows\system32\config\systemprofile\AppData\Local\volmgr.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000

IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html

IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

LSP: mswsock.dll

DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} - hxxps://s3.amazonaws.com/content.systemrequirementslab.com/global/bin/srldetect_cyri_4.1.72.0_x.cab

DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab

DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} - hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 192.168.1.254

TCP: Interfaces\{59E6906C-3997-4F4F-BC53-6A0CCB05E91A} : DhcpNameServer = 192.168.1.254

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL

SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 consrv:ConServerDllInitialization,2 sxssrv,4

BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO-X64: 0x1 - No File

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL

BHO-X64: URLRedirectionBHO - No File

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB-X64: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTo0.dll

TB-X64: Conduit Engine : {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll

TB-X64: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File

mRun-x64: [Adobe ARM] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

Hosts: 94.63.240.164 www.bing.com

.

============= SERVICES / DRIVERS ===============

.

R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]

R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]

R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]

R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [2011-7-18 140672]

R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-10-23 366152]

R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-1-7 378984]

R2 supersafer64;supersafer64;C:\Windows\SysWOW64\drivers\supersafer64.sys [2011-7-31 238072]

R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;C:\Windows\system32\drivers\LGBusEnum.sys --> C:\Windows\system32\drivers\LGBusEnum.sys [?]

R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;C:\Windows\system32\drivers\LGVirHid.sys --> C:\Windows\system32\drivers\LGVirHid.sys [?]

R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]

R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]

R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]

R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-4-12 136176]

S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-4-12 136176]

S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-1-21 30963576]

S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

.

=============== Created Last 30 ================

.

2011-11-11 23:46:49 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{B98A42C8-FECE-4392-89E4-0A3B64B6FD1E}\offreg.dll

2011-11-10 23:46:04 -------- d-sh--w- C:\found.003

2011-11-10 02:40:20 -------- d-----w- C:\Users\Brandon\AppData\Local\Secunia PSI

2011-11-10 02:39:46 -------- d-----w- C:\Program Files (x86)\Secunia

2011-11-10 02:27:46 -------- d-----w- C:\TDSSKiller_Quarantine

2011-11-10 00:39:15 737072 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll

2011-11-10 00:39:00 4283672 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll

2011-11-10 00:38:49 42776 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll

2011-11-10 00:38:46 539968 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll

2011-11-09 04:32:15 886784 ----a-w- C:\Program Files\Common Files\System\wab32.dll

2011-11-09 04:32:15 708608 ----a-w- C:\Program Files (x86)\Common Files\System\wab32.dll

2011-11-09 04:32:14 1923952 ----a-w- C:\Windows\System32\drivers\tcpip.sys

2011-11-09 04:32:13 3144704 ----a-w- C:\Windows\System32\win32k.sys

2011-11-08 02:06:38 -------- d-----w- C:\Users\Brandon\AppData\Local\Diagnostics

2011-11-08 01:34:21 -------- d-----w- C:\Program Files (x86)\Xiph.Org

2011-11-07 03:44:24 -------- d-----w- C:\Users\Brandon\AppData\Roaming\SUPERAntiSpyware.com

2011-11-07 03:44:09 -------- d-----w- C:\ProgramData\!SASCORE

2011-11-04 01:41:29 -------- d-----w- C:\ProgramData\STOPzilla!

2011-11-04 01:27:46 -------- d-----w- C:\Program Files (x86)\Free Offers from Freeze.com

2011-11-04 01:27:40 -------- d-----w- C:\ProgramData\Tarma Installer

2011-11-03 22:41:33 -------- d-----w- C:\Users\Brandon\AppData\Local\The Witcher

2011-11-03 12:23:41 312480 ----a-w- C:\Windows\System32\drivers\atksgt.sys

2011-11-03 12:23:40 43168 ----a-w- C:\Windows\System32\drivers\lirsgt.sys

2011-11-03 12:07:42 -------- d-----w- C:\Program Files (x86)\The Witcher Enhanced Edition

2011-11-02 12:07:14 8570192 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{B98A42C8-FECE-4392-89E4-0A3B64B6FD1E}\mpengine.dll

2011-10-31 13:00:46 -------- d-----w- C:\ProgramData\Firefly Studios

2011-10-30 23:12:26 -------- d-----w- C:\Users\Brandon\AppData\Local\ALI213

2011-10-30 23:11:35 -------- d-----w- C:\Users\Brandon\AppData\Roaming\The Creative Assembly

2011-10-30 21:12:38 -------- d-----w- C:\Users\Brandon\AppData\Local\PhoenixViewer

2011-10-30 21:11:45 -------- d-----w- C:\Program Files (x86)\Phoenix Viewer

2011-10-30 21:04:47 -------- d-----w- C:\game

2011-10-30 21:03:35 519000 ----a-w- C:\Windows\System32\d3dx10_40.dll

2011-10-30 21:03:35 452440 ----a-w- C:\Windows\SysWow64\d3dx10_40.dll

2011-10-30 21:03:35 2605920 ----a-w- C:\Windows\System32\D3DCompiler_40.dll

2011-10-30 21:03:35 2036576 ----a-w- C:\Windows\SysWow64\D3DCompiler_40.dll

2011-10-30 21:03:34 5631312 ----a-w- C:\Windows\System32\D3DX9_40.dll

2011-10-30 21:03:34 4379984 ----a-w- C:\Windows\SysWow64\D3DX9_40.dll

2011-10-28 11:42:50 -------- d-----w- C:\Users\Brandon\AppData\Local\SKIDROW

2011-10-28 01:00:50 272448 ----a-w- C:\Windows\System32\drivers\dtsoftbus01.sys

2011-10-28 01:00:44 -------- d-----w- C:\Program Files (x86)\DAEMON Tools Pro

2011-10-28 01:00:22 -------- d-----w- C:\Users\Brandon\AppData\Roaming\DAEMON Tools Pro

2011-10-28 01:00:22 -------- d-----w- C:\ProgramData\DAEMON Tools Pro

2011-10-28 00:46:04 -------- d-----we C:\Windows\system64

2011-10-27 00:28:01 -------- d-----w- C:\Users\Brandon\AppData\Local\uTorrent

.

==================== Find3M ====================

.

2011-11-10 02:56:20 233227242 ----a-w- C:\Users\Brandon\AppData\Roaming\hkey_local_machine.reg

2011-11-04 03:16:37 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2011-10-03 12:41:04 175616 ----a-w- C:\Windows\System32\msclmd.dll

2011-10-03 12:41:04 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll

2011-10-03 11:06:03 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2011-10-01 03:25:37 1638912 ----a-w- C:\Windows\System32\mshtml.tlb

2011-10-01 02:42:56 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2011-09-15 04:51:34 593 ----a-w- C:\Windows\wininit.tmp

2011-08-31 22:00:50 25416 ----a-w- C:\Windows\System32\drivers\mbam.sys

2011-08-27 05:37:49 861696 ----a-w- C:\Windows\System32\oleaut32.dll

2011-08-27 05:37:48 331776 ----a-w- C:\Windows\System32\oleacc.dll

2011-08-27 04:26:27 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll

2011-08-27 04:26:27 233472 ----a-w- C:\Windows\SysWow64\oleacc.dll

2011-08-20 05:37:58 1188864 ----a-w- C:\Windows\System32\wininet.dll

2011-08-20 04:31:05 981504 ----a-w- C:\Windows\SysWow64\wininet.dll

2011-08-17 05:26:46 613888 ----a-w- C:\Windows\System32\psisdecd.dll

2011-08-17 05:25:08 108032 ----a-w- C:\Windows\System32\psisrndr.ax

2011-08-17 04:24:12 465408 ----a-w- C:\Windows\SysWow64\psisdecd.dll

2011-08-17 04:19:27 75776 ----a-w- C:\Windows\SysWow64\psisrndr.ax

.

============= FINISH: 15:50:39.64 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Ultimate

Boot Device: \Device\HarddiskVolume2

Install Date: 4/11/2011 9:43:02 PM

System Uptime: 11/12/2011 4:58:07 AM (11 hours ago)

.

Motherboard: Gateway | | RS780

Processor: AMD Phenom 9150e Quad-Core Processor | AM2 | 1800/200mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 586 GiB total, 309.074 GiB free.

D: is CDROM (UDF)

E: is Removable

F: is Removable

G: is Removable

H: is Removable

I: is CDROM ()

.

==== Disabled Device Manager Items =============

.

Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Description: Windows Firewall Authorization Driver

Device ID: ROOT\LEGACY_MPSDRV\0000

Manufacturer:

Name: Windows Firewall Authorization Driver

PNP Device ID: ROOT\LEGACY_MPSDRV\0000

Service: mpsdrv

.

==== System Restore Points ===================

.

RP65: 10/31/2011 7:48:16 AM - Installed DirectX

RP66: 10/31/2011 8:21:18 AM - Installed Stronghold Legends Bonus Maps

RP67: 11/3/2011 7:07:23 AM - Installed The Witcher Enhanced Edition

RP68: 11/3/2011 7:22:11 AM - Installed DirectX

RP70: 11/3/2011 10:13:51 PM - Removed 7-Zip 9.20 (x64 edition)

RP71: 11/3/2011 10:20:01 PM - Removed STOPzilla. Available with Windows Installer version 1.2 and later.

RP72: 11/9/2011 12:41:54 AM - Windows Update

RP73: 11/9/2011 7:50:07 PM - Installed Java 6 Update 29

RP75: 11/10/2011 10:34:03 AM - Windows Defender Checkpoint

RP76: 11/10/2011 6:34:07 PM - Windows Update

.

==== Installed Programs ======================

.

µTorrent

Adobe AIR

Adobe Flash Player 10 Plugin

Adobe Reader X (10.1.1)

Apple Application Support

Apple Software Update

ATMA V 5.05

City of Heroes

Conduit Engine

Curse Client

DAEMON Tools Pro

Definition update for Microsoft Office 2010 (KB982726) 32-Bit Edition

Diablo II

FriendFinder Messenger v4.1

Google Update Helper

InstaCodecs

Java Auto Updater

Java 6 Update 29

K-Lite Codec Pack 7.2.0 (Basic)

Malwarebytes' Anti-Malware version 1.51.2.1300

Microsoft Application Compatibility Toolkit 5.6

Microsoft Office Access MUI (English) 2010

Microsoft Office Access Setup Metadata MUI (English) 2010

Microsoft Office Excel MUI (English) 2010

Microsoft Office Groove MUI (English) 2010

Microsoft Office InfoPath MUI (English) 2010

Microsoft Office OneNote MUI (English) 2010

Microsoft Office Outlook MUI (English) 2010

Microsoft Office PowerPoint MUI (English) 2010

Microsoft Office Professional Plus 2010

Microsoft Office Proof (English) 2010

Microsoft Office Proof (French) 2010

Microsoft Office Proof (Spanish) 2010

Microsoft Office Proofing (English) 2010

Microsoft Office Publisher MUI (English) 2010

Microsoft Office Shared MUI (English) 2010

Microsoft Office Shared Setup Metadata MUI (English) 2010

Microsoft Office Word MUI (English) 2010

Microsoft Silverlight

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

NCsoft Launcher

NVIDIA PhysX

NVIDIA Stereoscopic 3D Driver

Origin

QuickTime

Razer Mamba

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Skype™ 5.5

Spotmau PowerSuite Golden Edition 6.0.1

Steam

Stronghold

Stronghold 3

Stronghold Legends

Stronghold Legends Bonus Maps

System Requirements Lab

Team Fortress 2

The Elder Scrolls IV: Oblivion

The Witcher Enhanced Edition

TVersity Codec Pack 1.7

TVersity Media Server 1.9.7

Update for Microsoft Office 2010 (KB2494150)

Update for Microsoft Office 2010 (KB2553092)

uTorrentBar Toolbar

VLC media player 1.1.11

Warcraft III

Warcraft III: All Products

Xiph.Org Open Codecs 0.85.17777

Yahoo! BrowserPlus 2.9.8

Yahoo! Detect

Yahoo! Messenger

Yahoo! Software Update

.

==== Event Viewer Messages From Past Week ========

.

11/9/2011 7:38:22 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ehSched with arguments "-Service" in order to run the server: {33D8C85A-B8C1-4828-B51A-4F3349AD5F9E}

11/9/2011 7:32:57 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}

11/9/2011 7:30:46 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.

11/9/2011 7:30:46 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

11/9/2011 7:30:46 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

11/9/2011 7:30:44 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

11/9/2011 7:30:39 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

11/9/2011 7:30:35 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache SASDIFSV SASKUTIL spldr Wanarpv6

11/9/2011 7:30:33 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.

11/9/2011 7:29:05 PM, Error: Service Control Manager [7031] - The SAS Core Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.

11/9/2011 7:28:22 PM, Error: Service Control Manager [7034] - The Yahoo! Updater service terminated unexpectedly. It has done this 1 time(s).

11/9/2011 7:28:22 PM, Error: Service Control Manager [7034] - The NVIDIA Stereoscopic 3D Driver Service service terminated unexpectedly. It has done this 1 time(s).

11/9/2011 7:28:21 PM, Error: Service Control Manager [7034] - The NVIDIA Driver Helper Service service terminated unexpectedly. It has done this 1 time(s).

11/9/2011 7:28:21 PM, Error: Service Control Manager [7034] - The Adobe Acrobat Update Service service terminated unexpectedly. It has done this 1 time(s).

11/9/2011 7:21:41 PM, Error: Service Control Manager [7034] - The NVIDIA Driver Helper Service service terminated unexpectedly. It has done this 2 time(s).

11/9/2011 7:18:18 PM, Error: Service Control Manager [7031] - The TVersity Media Server service terminated unexpectedly. It has done this 3 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.

11/9/2011 7:18:13 PM, Error: Service Control Manager [7031] - The TVersity Media Server service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 3000 milliseconds: Restart the service.

11/9/2011 7:18:11 PM, Error: Service Control Manager [7034] - The MBAMService service terminated unexpectedly. It has done this 1 time(s).

11/9/2011 7:18:11 PM, Error: Service Control Manager [7031] - The TVersity Media Server service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.

11/9/2011 7:11:06 PM, Error: Microsoft-Windows-DNS-Client [1012] - There was an error while attempting to read the local hosts file.

11/7/2011 8:42:02 PM, Error: Service Control Manager [7030] - The Windows Firewall service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

11/7/2011 8:41:49 PM, Error: Service Control Manager [7001] - The Windows Firewall service depends on the Base Filtering Engine service which failed to start because of the following error: The account specified for this service is different from the account specified for other services running in the same process.

11/7/2011 8:41:49 PM, Error: Service Control Manager [7000] - The Base Filtering Engine service failed to start due to the following error: The account specified for this service is different from the account specified for other services running in the same process.

11/7/2011 8:34:55 PM, Error: Service Control Manager [7030] - The Base Filtering Engine service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

11/6/2011 9:48:32 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.

11/6/2011 8:11:18 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.

11/6/2011 8:11:18 AM, Error: Service Control Manager [7000] - The Steam Client Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

11/6/2011 8:06:03 AM, Error: atapi [11] - The driver detected a controller error on \Device\Ide\IdePort0.

11/6/2011 2:39:49 AM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume OS.

11/11/2011 7:41:50 PM, Error: Microsoft-Windows-HAL [12] - The platform firmware has corrupted memory across the previous system power transition. Please check for updated firmware for your system.

11/11/2011 5:52:45 PM, Error: Service Control Manager [7024] - The HomeGroup Listener service terminated with service-specific error %%-2147023143.

11/11/2011 5:46:44 PM, Error: Service Control Manager [7001] - The Windows Firewall service depends on the Base Filtering Engine service which failed to start because of the following error: The endpoint mapper database entry could not be created.

11/11/2011 5:46:44 PM, Error: Service Control Manager [7001] - The IPsec Policy Agent service depends on the Base Filtering Engine service which failed to start because of the following error: The endpoint mapper database entry could not be created.

11/11/2011 5:46:44 PM, Error: Service Control Manager [7001] - The Internet Connection Sharing (ICS) service depends on the Base Filtering Engine service which failed to start because of the following error: The endpoint mapper database entry could not be created.

11/11/2011 5:46:44 PM, Error: Service Control Manager [7000] - The Windows Firewall Authorization Driver service failed to start due to the following error: Cannot create a file when that file already exists.

11/11/2011 5:46:44 PM, Error: Service Control Manager [7000] - The Diagnostic Policy Service service failed to start due to the following error: The account specified for this service is different from the account specified for other services running in the same process.

11/11/2011 5:46:44 PM, Error: Service Control Manager [7000] - The atksgt service failed to start due to the following error: This driver has been blocked from loading

11/11/2011 5:46:44 PM, Error: Application Popup [875] - Driver atksgt.sys has been blocked from loading.

11/11/2011 5:46:43 PM, Error: Service Control Manager [7023] - The Base Filtering Engine service terminated with the following error: The endpoint mapper database entry could not be created.

11/11/2011 11:31:55 PM, Error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{59E6906C-3997-4F4F-BC53-6A0CCB05E91A} because another computer on the network has the same name. The server could not start.

11/10/2011 9:28:09 PM, Error: Service Control Manager [7001] - The Windows Firewall service depends on the Windows Firewall Authorization Driver service which failed to start because of the following error: Cannot create a file when that file already exists.

11/10/2011 6:57:58 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Schedule service.

.

==== End Of File ===========================

Link to post
Share on other sites

Step 1

You have p2p software installed on your system, which is very dangerous and illegal. Please check our rules for piracy and uninstall µTorrent and uTorrentBar Toolbar:

http://forums.malwarebytes.org/index.php?showtopic=97700

Step 2

Open Start => Control Panel => Programs => Programs and Features, highlight the following application and click on Uninstall button:

Conduit Engine - More information you can find here: What is conduit engine?

Step 3

Your system is still infected.

  • Launch Malwarebytes' Anti-Malware
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

In your next reply, please Malwarebytes' Anti-Malware log file and a new fresh DDS log file.

Link to post
Share on other sites

  • 2 weeks later...

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.