Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I'm getting the blue screen when I logon (details in body)


  • This topic is locked This topic is locked
42 replies to this topic

#1 JstnGSD

JstnGSD

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:12:42 AM

Posted 24 March 2009 - 12:09 PM

Going through some pictures on the Facebook group 'I am Fluent in Sarcasm' I noticed a small window briefly pop up, I couldn't read what it said because it disappeared quickly. I had a bad feeling about it and afterward my computer started running very slowly. I restarted it, typed in my password, then got a blue screen which said this:

A problem has been detected and windows has been shut down to prevent damage to your computer.
If this is the first time you’ve seen this stop error screen, restart your computer. If this screen appears again, follow these steps.
Check to see if you have adequate disc space. If a driver is identified in the stop message, disable the driver or check with the manufacturer for driver updates. Try charging video updates.
Check with your hardware vendor for any BIOS updates, disable BIOS memory options such as caching or shadowing. If you need to use safe modeto remove or disable components, restart your computer, press f8 to select Advanced Startup Options, and then select Safe Mode.
Technical Information:
***STOP:0x0000008E(0xc0000006,0x81C813673,09xE601A5C,0x00000000)
Collecting data for crash dump…
Initializing disc for crash dump…

Deckard's System Scanner v20071014.68
Run by Justin on 2009-03-24 09:37:16
Computer is in Safe Mode with Networking.
--------------------------------------------------------------------------------

Total Physical Memory: 958 MiB (1024 MiB recommended).
System Drive C: has 5.25 GiB (less than 15%) free.


-- HijackThis (run as Justin.exe) ----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:38:22 AM, on 3/24/2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16809)
Boot mode: Safe mode with network support

Running processes:
C:\Windows\Explorer.EXE
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\Users\Justin\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Justin.exe

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [TosGbWatcher] "C:\Program Files\TOSHIBA\gigabeat room 3.0\TosGbWatcher.exe"
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Users\Justin\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'NETWORK SERVICE')
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab
O18 - Protocol: intu-help-qb1 - {9B0F96C7-2E4B-433E-ABF3-043BA1B54AE3} - C:\Program Files\Intuit\QuickBooks 2008\HelpAsyncPluggableProtocol.dll
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: QBCFMonitorService - Intuit - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

--
End of file - 3588 bytes

-- Files created between 2009-02-24 and 2009-03-24 -----------------------------

2009-03-24 08:21:06 0 d-------- C:\Autoruns
2009-03-23 07:37:20 0 d-------- C:\Windows\Sun


-- Find3M Report ---------------------------------------------------------------

2009-03-22 17:38:04 0 d-------- C:\Users\Justin\AppData\Roaming\DNA
2009-03-22 17:37:41 0 d-------- C:\Users\Justin\AppData\Roaming\Azureus
2009-03-12 16:36:01 0 d-------- C:\Program Files\Windows Mail
2009-03-07 18:27:21 0 d-------- C:\Users\Justin\AppData\Roaming\dvdcss
2009-02-27 12:44:32 0 d-------- C:\Program Files\Vuze
2009-02-04 02:13:10 0 d-------- C:\Users\Justin\AppData\Roaming\BitTorrent
2009-01-13 18:30:32 13072 --a------ C:\Users\Justin\AppData\Roaming\nvModes.001


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
12/11/2008 03:01 PM 34816 --a------ C:\Program Files\Java\jre6\bin\jp2ssv.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" [12/11/2008 03:01 PM]
"TosGbWatcher"="C:\Program Files\TOSHIBA\gigabeat room 3.0\TosGbWatcher.exe" [09/02/2005 04:00 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitTorrent DNA"="C:\Users\Justin\Program Files\DNA\btdna.exe" [12/19/2008 11:05 AM]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [11/02/2006 05:35 AM]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [11/02/2006 05:36 AM]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
QuickBooks Update Agent.lnk - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [10/22/2008 4:45:38 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum
HPZ12 Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt hpqcxs08 hpqddsvc


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI



-- End of Deckard's System Scanner: finished at 2009-03-24 09:38:42 ------------


I'm not sure why but DDS didn't create an attach.txt

BC AdBot (Login to Remove)

 


#2 JstnGSD

JstnGSD
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:12:42 AM

Posted 26 March 2009 - 02:06 AM

DDS.txt:

DDS (Ver_09-03-16.01) - NTFSx86 NETWORK
Run by Justin at 23:54:30.17 on Wed 03/25/2009
Internet Explorer: 7.0.6000.16809 BrowserJavaVersion: 1.6.0_11
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.958.351 [GMT -7:00]


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\Explorer.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\notepad.exe
C:\Users\Justin\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://my.yahoo.com/
uSearch Bar = hxxp://www.google.com/ie
uSearch Page = hxxp://www.google.com
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\4.1.805.4472\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar2.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
uRun: [BitTorrent DNA] "c:\users\justin\program files\dna\btdna.exe"
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [TosGbWatcher] "c:\program files\toshiba\gigabeat room 3.0\TosGbWatcher.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
Handler: intu-help-qb1 - {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - c:\program files\intuit\quickbooks 2008\HelpAsyncPluggableProtocol.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

================= FIREFOX ===================

FF - ProfilePath -

============= SERVICES / DRIVERS ===============

R0 Spssys;Toshiba SPS Service;c:\windows\system32\drivers\spssys.sys [2009-1-3 164256]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2007-10-8 810320]

=============== Created Last 30 ================

2009-03-24 08:21 <DIR> --d----- C:\Autoruns
2009-03-11 08:52 7,680 a------- c:\windows\system32\spwmp.dll
2009-03-11 08:52 4,096 a------- c:\windows\system32\msdxm.ocx
2009-03-11 08:52 4,096 a------- c:\windows\system32\dxmasf.dll
2009-03-11 08:52 8,147,968 a------- c:\windows\system32\wmploc.DLL
2009-03-11 08:52 269,824 a------- c:\windows\system32\schannel.dll
2009-03-11 08:52 2,028,032 a------- c:\windows\system32\win32k.sys

==================== Find3M ====================

2009-01-14 21:16 826,368 a------- c:\windows\system32\wininet.dll
2009-01-14 21:16 56,320 a------- c:\windows\system32\iesetup.dll
2009-01-14 21:16 52,736 a------- c:\windows\apppatch\iebrshim.dll
2009-01-14 21:15 26,624 a------- c:\windows\system32\ieUnatt.exe
2009-01-07 21:43 86,016 a------- c:\windows\inf\infstrng.dat
2009-01-07 21:43 51,200 a------- c:\windows\inf\infpub.dat
2009-01-03 17:09 86,016 a------- c:\windows\inf\infstor.dat
2008-12-10 10:02 174 a--sh--- c:\program files\desktop.ini
2008-08-27 16:48 13,072 a------- c:\users\justin\appdata\roaming\nvModes.dat
2008-06-15 20:12 665,600 a------- c:\windows\inf\drvindex.dat
2008-04-28 21:17 545,278 a------- c:\users\justin\Autoruns.zip
2006-11-02 05:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 05:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 05:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 05:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 02:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 02:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 02:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 02:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat
2008-08-20 10:13 16,384 a--sh--- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
2008-08-20 10:13 32,768 a--sh--- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
2008-08-20 10:13 16,384 a--sh--- c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\cookies\index.dat
2008-09-17 21:10 16,384 a--sh--- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
2008-09-17 21:10 32,768 a--sh--- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
2008-09-17 21:10 16,384 a--sh--- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\cookies\index.dat

============= FINISH: 23:57:03.29 ===============
Attach.txt

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-03-16.01)

Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 9/5/2007 2:34:22 AM
System Uptime: 3/25/2009 10:02:58 PM (1 hours ago)

Motherboard: Quanta | | 30D3
Processor: AMD Athlon™ 64 X2 Dual-Core Processor TK-55 | Socket S1 | 1808/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 104 GiB total, 5.086 GiB free.
D: is FIXED (NTFS) - 8 GiB total, 1.761 GiB free.
E: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP344: 3/19/2009 7:04:14 PM - Windows Update

==== Installed Programs ======================

µTorrent
2007 Microsoft Office Suite Service Pack 1 (SP1)
32 Bit HP CIO Components Installer
5700_Help
Activation Assistant for the 2007 Microsoft Office suites
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Default Language CS3
Adobe Device Central CS3
Adobe ExtendScript Toolkit 2
Adobe Flash Player 10 ActiveX
Adobe Flash Player Plugin
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Illustrator CS3
Adobe Linguistics CS3
Adobe PDF Library Files
Adobe Reader 8.1.2
Adobe Reader 8.1.2 Security Update 1 (KB403742)
Adobe Setup
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
Apple Software Update
Atlas_3
AutoUpdate
Avanquest update
BitTorrent
BPD_Scan
BPDSoftware
BPDSoftware_Ini
BufferChm
Business Plan Pro 11.0
Canon Camera Window DC_DV 6 for ZoomBrowser EX
Canon Camera Window MC 6 for ZoomBrowser EX
Canon G.726 WMP-Decoder
Canon MovieEdit Task for ZoomBrowser EX
Canon RAW Image Task for ZoomBrowser EX
Canon RemoteCapture Task for ZoomBrowser EX
Canon Utilities PhotoStitch
Canon Utilities ZoomBrowser EX
Conexant HD Audio
CustomerResearchQFolder
Data Access Objects (DAO) 3.5
Destinations
DeviceManagementQFolder
DivX Codec
DivX Converter
DivX Player
DivX Web Player
DNA
DocProc
DocProcQFolder
Driver Detective
Driver Install
ESU for Microsoft Vista
eSupportQFolder
Fax
gigabeat S Series Manual
Google Earth
Google Toolbar for Internet Explorer
Google Updater
Hewlett-Packard Active Check for Health Check
Hewlett-Packard Asset Agent for Health Check
HijackThis 2.0.2
HP Active Support Library
HP Active Support Library 32 bit components
HP Customer Experience Enhancements
HP Customer Participation Program 8.0
HP DVD Play 3.2
HP Easy Setup - Frontend
HP Help and Support
HP Imaging Device Functions 8.0
HP OCR Software 8.0
HP Officejet All-In-One Series
HP Photosmart Essential
HP Photosmart Essential 2.0
HP Photosmart Essential2.5
HP Quick Launch Buttons 6.20 D3
HP Solution Center 8.0
HP Total Care Advisor
HP Update
HP User Guides 0041
HP Wireless Assistant
HPNetworkAssistant
HPProductAssistant
HPSSupply
ImgBurn
J5700
Jasc Animation Shop 3
Jasc Paint Shop Pro 9
Java™ 6 Update 11
Java™ 6 Update 5
K-Lite Codec Pack 3.2.5 Standard
Kodak EasyShare software
LightScribe 1.4.136.1
Malwarebytes' Anti-Malware
MarketResearch
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB929729)
Microsoft Expression Web
Microsoft Expression Web MUI (English)
Microsoft Expression Web Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
Motorola Driver Installation 3.7.0
Motorola Phone Tools
Mozilla Firefox (3.0.1)
MP4 Player
MSCU for Microsoft Vista
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 Parser and SDK
My HP Games
NVIDIA Drivers
PDF Settings
ProductContext
PSSWCORE
QuickBooks Pro Timer
QuickBooks Simple Start 2008 (Plus Pack)
QuickTime
Rhapsody
Rhapsody Player Engine
Roxio Activation Module
Roxio Creator Audio
Roxio Creator Basic v9
Roxio Creator Copy
Roxio Creator Data
Roxio Creator EasyArchive
Roxio Creator Tools
Roxio Express Labeler 3
Roxio MyDVD Basic v9
Scan
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for 2007 Microsoft Office System (KB958439)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office Excel 2007 (KB958437)
Security Update for Microsoft Office OneNote 2007 (KB950130)
Security Update for Microsoft Office PowerPoint 2007 (KB951338)
Security Update for Microsoft Office Publisher 2007 (KB950114)
Security Update for Microsoft Office system 2007 (KB954326)
Security Update for Microsoft Office system 2007 (KB956828)
Security Update for Microsoft Office Word 2007 (KB956358)
Security Update for Visio 2007 (KB947590)
Soft Data Fax Modem with SmartCP
SolutionCenter
Spelling Dictionaries Support For Adobe Reader 8
Spybot - Search & Destroy
Spybot - Search & Destroy 1.5.2.20
Status
SupportSoft Assisted Service
Synaptics Pointing Device Driver
Toolbox
TOSHIBA gigabeat applications 3.0
TrayApp
Update for Microsoft Office 2007 Help for Common Features (KB957244)
Update for Microsoft Office Access 2007 Help (KB957241)
Update for Microsoft Office Excel 2007 Help (KB957242)
Update for Microsoft Office InfoPath 2007 Help (KB957243)
Update for Microsoft Office OneNote 2007 Help (KB957245)
Update for Microsoft Office Outlook 2007 (KB952142)
Update for Microsoft Office Outlook 2007 Help (KB957246)
Update for Microsoft Office PowerPoint 2007 Help (KB957247)
Update for Microsoft Office Publisher 2007 Help (KB957249)
Update for Microsoft Office Word 2007 Help (KB957252)
Update for Microsoft Script Editor Help (KB957253)
Update for Office 2007 (KB946691)
Update for Outlook 2007 Junk Email Filter (kb962871)
VLC media player 0.9.8a
Vongo
Vuze
WebReg
WinRAR archiver

==== Event Viewer Messages From Past Week ========

3/18/2009 7:19:55 AM, Error: ACPI [6] - IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot 2, function 0. Please contact your system vendor for technical assistance.
3/18/2009 7:19:55 AM, Error: ACPI [6] - IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot 3, function 0. Please contact your system vendor for technical assistance.
3/18/2009 4:47:31 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {A47979D2-C419-11D9-A5B4-001185AD2B89} to the user Justin-PC\Justin SID (S-1-5-21-4090384393-2958153599-643684306-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
3/21/2009 2:07:27 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
3/22/2009 7:54:53 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
3/22/2009 7:55:31 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
3/22/2009 7:55:35 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
3/22/2009 7:55:35 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
3/22/2009 7:55:35 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
3/22/2009 7:55:35 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service service which failed to start because of the following error: A device attached to the system is not functioning.
3/22/2009 7:55:35 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
3/22/2009 7:55:35 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
3/22/2009 7:55:35 PM, Error: Service Control Manager [7001] - The WebDav Client Redirector Driver service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
3/22/2009 7:55:35 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
3/22/2009 7:55:35 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
3/22/2009 7:55:35 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
3/22/2009 7:55:35 PM, Error: Service Control Manager [7001] - The WebClient service depends on the WebDav Client Redirector Driver service which failed to start because of the following error: The dependency service or group failed to start.
3/22/2009 7:55:35 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
3/22/2009 7:55:35 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
3/22/2009 7:55:35 PM, Error: Service Control Manager [7001] - The TCP/IP Registry Compatibility service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
3/22/2009 7:55:35 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
3/22/2009 7:55:35 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC NetBIOS netbt nsiproxy PSched RasAcd rdbss Smb spldr Tcpip tdx Wanarpv6
3/22/2009 7:55:37 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
3/22/2009 7:55:37 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
3/22/2009 7:55:37 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
3/22/2009 7:56:19 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
3/23/2009 7:33:09 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: spldr Wanarpv6
3/23/2009 7:52:13 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

==== End Of File ===========================

#3 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,911 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:03:42 AM

Posted 03 April 2009 - 01:40 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results, click no to the Optional_Scan
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. You can find information on A/V control HERE

Orange Blossom :thumbup2:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#4 JstnGSD

JstnGSD
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:12:42 AM

Posted 04 April 2009 - 05:13 PM

DDS (Ver_09-03-16.01) - NTFSx86 NETWORK
Run by Justin at 15:04:12.40 on Sat 04/04/2009
Internet Explorer: 7.0.6000.16809 BrowserJavaVersion: 1.6.0_11
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.958.78 [GMT -7:00]


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\Explorer.EXE
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Vuze\Azureus.exe
C:\Program Files\VideoLAN\VLC\vlc.exe
C:\Users\Justin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\17S20MVH\dds[1].scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://my.yahoo.com/
uSearch Bar = hxxp://www.google.com/ie
uSearch Page = hxxp://www.google.com
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\4.1.805.4472\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar2.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
uRun: [BitTorrent DNA] "c:\users\justin\program files\dna\btdna.exe"
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [TosGbWatcher] "c:\program files\toshiba\gigabeat room 3.0\TosGbWatcher.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
Handler: intu-help-qb1 - {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - c:\program files\intuit\quickbooks 2008\HelpAsyncPluggableProtocol.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

================= FIREFOX ===================

FF - ProfilePath -

============= SERVICES / DRIVERS ===============

R0 Spssys;Toshiba SPS Service;c:\windows\system32\drivers\spssys.sys [2009-1-3 164256]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2007-10-8 810320]

=============== Created Last 30 ================

2009-04-02 13:58 <DIR> --dsh--- C:\found.000
2009-03-31 17:55 54,156 a---h--- c:\windows\QTFont.qfn
2009-03-31 17:55 1,409 a------- c:\windows\QTFont.for
2009-03-24 08:21 <DIR> --d----- C:\Autoruns
2009-03-11 08:52 7,680 a------- c:\windows\system32\spwmp.dll
2009-03-11 08:52 4,096 a------- c:\windows\system32\msdxm.ocx
2009-03-11 08:52 4,096 a------- c:\windows\system32\dxmasf.dll
2009-03-11 08:52 8,147,968 a------- c:\windows\system32\wmploc.DLL
2009-03-11 08:52 269,824 a------- c:\windows\system32\schannel.dll
2009-03-11 08:52 2,028,032 a------- c:\windows\system32\win32k.sys

==================== Find3M ====================

2009-03-31 10:21 51,200 a------- c:\windows\inf\infpub.dat
2009-01-14 21:16 826,368 a------- c:\windows\system32\wininet.dll
2009-01-14 21:16 56,320 a------- c:\windows\system32\iesetup.dll
2009-01-14 21:16 52,736 a------- c:\windows\apppatch\iebrshim.dll
2009-01-14 21:15 26,624 a------- c:\windows\system32\ieUnatt.exe
2009-01-07 21:43 86,016 a------- c:\windows\inf\infstrng.dat
2009-01-03 17:09 86,016 a------- c:\windows\inf\infstor.dat
2008-12-10 10:02 174 a--sh--- c:\program files\desktop.ini
2008-08-27 16:48 13,072 a------- c:\users\justin\appdata\roaming\nvModes.dat
2008-06-15 20:12 665,600 a------- c:\windows\inf\drvindex.dat
2008-04-28 21:17 545,278 a------- c:\users\justin\Autoruns.zip
2006-11-02 05:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 05:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 05:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 05:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 02:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 02:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 02:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 02:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat
2008-08-20 10:13 16,384 a--sh--- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
2008-08-20 10:13 32,768 a--sh--- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
2008-08-20 10:13 16,384 a--sh--- c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\cookies\index.dat
2008-09-17 21:10 16,384 a--sh--- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
2008-09-17 21:10 32,768 a--sh--- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
2008-09-17 21:10 16,384 a--sh--- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\cookies\index.dat

============= FINISH: 15:09:36.51 ===============
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-03-16.01)

Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 9/5/2007 2:34:22 AM
System Uptime: 4/4/2009 12:35:24 PM (3 hours ago)

Motherboard: Quanta | | 30D3
Processor: AMD Athlon™ 64 X2 Dual-Core Processor TK-55 | Socket S1 | 1808/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 104 GiB total, 7.164 GiB free.
D: is FIXED (NTFS) - 8 GiB total, 1.761 GiB free.
E: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

No restore point in system.

==== Installed Programs ======================

µTorrent
2007 Microsoft Office Suite Service Pack 1 (SP1)
32 Bit HP CIO Components Installer
5700_Help
Activation Assistant for the 2007 Microsoft Office suites
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Default Language CS3
Adobe Device Central CS3
Adobe ExtendScript Toolkit 2
Adobe Flash Player 10 ActiveX
Adobe Flash Player Plugin
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Illustrator CS3
Adobe Linguistics CS3
Adobe PDF Library Files
Adobe Reader 8.1.2
Adobe Reader 8.1.2 Security Update 1 (KB403742)
Adobe Setup
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
Apple Software Update
Atlas_3
AutoUpdate
Avanquest update
BitTorrent
BPD_Scan
BPDSoftware
BPDSoftware_Ini
BufferChm
Business Plan Pro 11.0
Canon Camera Window DC_DV 6 for ZoomBrowser EX
Canon Camera Window MC 6 for ZoomBrowser EX
Canon G.726 WMP-Decoder
Canon MovieEdit Task for ZoomBrowser EX
Canon RAW Image Task for ZoomBrowser EX
Canon RemoteCapture Task for ZoomBrowser EX
Canon Utilities PhotoStitch
Canon Utilities ZoomBrowser EX
Conexant HD Audio
CustomerResearchQFolder
Data Access Objects (DAO) 3.5
Destinations
DeviceManagementQFolder
DivX Codec
DivX Converter
DivX Player
DivX Web Player
DNA
DocProc
DocProcQFolder
Driver Detective
Driver Install
ESU for Microsoft Vista
eSupportQFolder
Fax
gigabeat S Series Manual
Google Earth
Google Toolbar for Internet Explorer
Google Updater
Hewlett-Packard Active Check for Health Check
Hewlett-Packard Asset Agent for Health Check
HijackThis 2.0.2
HP Active Support Library
HP Active Support Library 32 bit components
HP Customer Experience Enhancements
HP Customer Participation Program 8.0
HP DVD Play 3.2
HP Easy Setup - Frontend
HP Help and Support
HP Imaging Device Functions 8.0
HP OCR Software 8.0
HP Officejet All-In-One Series
HP Photosmart Essential
HP Photosmart Essential 2.0
HP Photosmart Essential2.5
HP Quick Launch Buttons 6.20 D3
HP Solution Center 8.0
HP Total Care Advisor
HP Update
HP User Guides 0041
HP Wireless Assistant
HPNetworkAssistant
HPProductAssistant
HPSSupply
ImgBurn
J5700
Jasc Animation Shop 3
Jasc Paint Shop Pro 9
Java™ 6 Update 11
Java™ 6 Update 5
K-Lite Codec Pack 3.2.5 Standard
Kodak EasyShare software
LightScribe 1.4.136.1
Malwarebytes' Anti-Malware
MarketResearch
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB929729)
Microsoft Expression Web
Microsoft Expression Web MUI (English)
Microsoft Expression Web Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
Motorola Driver Installation 3.7.0
Motorola Phone Tools
Mozilla Firefox (3.0.1)
MP4 Player
MSCU for Microsoft Vista
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 Parser and SDK
My HP Games
NVIDIA Drivers
PDF Settings
ProductContext
PSSWCORE
QuickBooks Pro Timer
QuickBooks Simple Start 2008 (Plus Pack)
QuickTime
Rhapsody
Rhapsody Player Engine
Roxio Activation Module
Roxio Creator Audio
Roxio Creator Basic v9
Roxio Creator Copy
Roxio Creator Data
Roxio Creator EasyArchive
Roxio Creator Tools
Roxio Express Labeler 3
Roxio MyDVD Basic v9
Scan
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for 2007 Microsoft Office System (KB958439)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office Excel 2007 (KB958437)
Security Update for Microsoft Office OneNote 2007 (KB950130)
Security Update for Microsoft Office PowerPoint 2007 (KB951338)
Security Update for Microsoft Office Publisher 2007 (KB950114)
Security Update for Microsoft Office system 2007 (KB954326)
Security Update for Microsoft Office system 2007 (KB956828)
Security Update for Microsoft Office Word 2007 (KB956358)
Security Update for Visio 2007 (KB947590)
Soft Data Fax Modem with SmartCP
SolutionCenter
Spelling Dictionaries Support For Adobe Reader 8
Spybot - Search & Destroy
Spybot - Search & Destroy 1.5.2.20
Status
SupportSoft Assisted Service
Synaptics Pointing Device Driver
Toolbox
TOSHIBA gigabeat applications 3.0
TrayApp
Update for Microsoft Office 2007 Help for Common Features (KB957244)
Update for Microsoft Office Access 2007 Help (KB957241)
Update for Microsoft Office Excel 2007 Help (KB957242)
Update for Microsoft Office InfoPath 2007 Help (KB957243)
Update for Microsoft Office OneNote 2007 Help (KB957245)
Update for Microsoft Office Outlook 2007 (KB952142)
Update for Microsoft Office Outlook 2007 Help (KB957246)
Update for Microsoft Office PowerPoint 2007 Help (KB957247)
Update for Microsoft Office Publisher 2007 Help (KB957249)
Update for Microsoft Office Word 2007 Help (KB957252)
Update for Microsoft Script Editor Help (KB957253)
Update for Office 2007 (KB946691)
Update for Outlook 2007 Junk Email Filter (kb962871)
VLC media player 0.9.8a
Vongo
Vuze
WebReg
WinRAR archiver

==== Event Viewer Messages From Past Week ========

3/28/2009 2:17:56 AM, Error: ACPI [6] - IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot 2, function 0. Please contact your system vendor for technical assistance.
3/28/2009 2:17:56 AM, Error: ACPI [6] - IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot 3, function 0. Please contact your system vendor for technical assistance.
3/28/2009 2:19:25 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
3/28/2009 2:19:58 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
3/28/2009 2:19:58 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: spldr Wanarpv6
3/28/2009 2:20:06 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
3/28/2009 2:20:12 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
3/28/2009 2:20:25 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
3/28/2009 2:39:00 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
3/30/2009 3:18:55 PM, Error: Microsoft-Windows-DriverFrameworks-UserMode [10101] - The driver package installation has failed. The final status was 1084.
3/31/2009 11:08:56 PM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
4/2/2009 2:01:41 PM, Error: EventLog [6008] - The previous system shutdown at 1:22:23 PM on 4/2/2009 was unexpected.
4/2/2009 2:04:59 PM, Error: EventLog [6008] - The previous system shutdown at 2:02:24 PM on 4/2/2009 was unexpected.
4/2/2009 2:05:25 PM, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\??\C:\Users\Justin\ntuser.dat' was corrupted and it has been recovered. Some data might have been lost.

==== End Of File ===========================

#5 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:12:42 AM

Posted 05 April 2009 - 03:24 PM

Hello, JstnGSD
Please run DDS again in normal mode, rather than Safe Mode with Networking.

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#6 JstnGSD

JstnGSD
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:12:42 AM

Posted 05 April 2009 - 03:34 PM

I can't get past the blue screen in normal mode, the only way to get past it is in safe. I'll try again though.

#7 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:12:42 AM

Posted 05 April 2009 - 03:40 PM

Hello, JstnGSD

Deckard's System Scanner

You probably want to delete this from your system. DSS has a known issue where it breaks systems.

I'm sorry ... I didn't realize safe mode was the only way you were able to do anything. Please run this then.

We Need to Run ComboFix

Note to readers of this post other than the starter of this thread:
ComboFix is a VERY POWERFUL tool which should NOT BE USED without guidance of an expert.

If this tool helped you, please consider a donation to it's author: Posted Image

How to run ComboFix:
  • Please download ComboFix from one of the following mirrors, and save it to your desktop.
  • Disable any running Anti-Virus or Anti-Malware programs. This includes Firewalls, Anti-Virus, Spyware Scanners, etc. Any or all of them may interfere with the running of ComboFix.
  • Double click Posted Image on your desktop.
  • Read and accept (Press Yes) to the disclaimer.
  • For Windows XP Systems: Install the Recovery Console:
    • If you are using Windows XP and do not already have the Recovery Console installed, please ensure your internet connection is active (if possible), and press Yes. If for some reason your internet is not working, please press No. If you are not using Windows XP, you will not be prompted.
    • When prompted to accept the EULA, press OK.
    • Accept Microsoft's EULA (Press Yes).
    • When you are told that the RC is installed correctly, please press YES to continue scanning for malware.
  • ComboFix will run. Simply wait for it to finish.
  • When it finishes, ComboFix will produce a log. Please post that log in your next reply here :thumbup2:
NOTE: If ComboFix will not run, please rename it to GlobRemover.exe and try again!

In your next reply, please include the following:
  • ComboFix.txt

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#8 JstnGSD

JstnGSD
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:12:42 AM

Posted 05 April 2009 - 05:09 PM

ComboFix 09-04-04.01 - Justin 2009-04-05 14:50:54.1 - NTFSx86 NETWORK
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.958.559 [GMT -7:00]
Running from: c:\program files\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2009-03-05 to 2009-04-05 )))))))))))))))))))))))))))))))
.

2009-04-05 14:31 . 2009-04-05 14:25 3,067,803 -ra------ c:\program files\ComboFix.exe
2009-04-02 13:58 . 2009-04-02 13:58 <DIR> d--hs---- C:\found.000
2009-03-31 17:55 . 2009-03-31 17:55 54,156 --ah----- c:\windows\QTFont.qfn
2009-03-31 17:55 . 2009-03-31 17:55 1,409 --a------ c:\windows\QTFont.for
2009-03-24 08:21 . 2009-03-24 08:22 <DIR> d-------- C:\Autoruns
2009-03-23 07:37 . 2009-03-23 07:37 <DIR> d-------- c:\windows\Sun
2009-03-11 08:52 . 2008-12-15 21:00 8,147,968 --a------ c:\windows\System32\wmploc.DLL
2009-03-11 08:52 . 2009-02-08 18:59 2,028,032 --a------ c:\windows\System32\win32k.sys
2009-03-11 08:52 . 2008-11-26 21:42 269,824 --a------ c:\windows\System32\schannel.dll
2009-03-11 08:52 . 2008-12-15 22:53 7,680 --a------ c:\windows\System32\spwmp.dll
2009-03-11 08:52 . 2008-12-15 22:53 4,096 --a------ c:\windows\System32\msdxm.ocx
2009-03-11 08:52 . 2008-12-15 22:53 4,096 --a------ c:\windows\System32\dxmasf.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-04 23:17 --------- d-----w c:\users\Justin\AppData\Roaming\Azureus
2009-03-23 00:38 --------- d-----w c:\users\Justin\AppData\Roaming\DNA
2009-03-21 15:38 --------- d-----w c:\progra~2\Google Updater
2009-03-12 23:36 --------- d-----w c:\program files\Windows Mail
2009-03-12 23:29 --------- d-----w c:\progra~2\Microsoft Help
2009-03-08 01:27 --------- d-----w c:\users\Justin\AppData\Roaming\dvdcss
2009-02-27 19:44 --------- d-----w c:\program files\Vuze
2009-01-15 04:16 826,368 ----a-w c:\windows\System32\wininet.dll
2009-01-15 04:16 56,320 ----a-w c:\windows\System32\iesetup.dll
2009-01-15 04:16 52,736 ----a-w c:\windows\AppPatch\iebrshim.dll
2009-01-15 04:15 26,624 ----a-w c:\windows\System32\ieUnatt.exe
2008-12-10 17:02 174 --sha-w c:\program files\desktop.ini
2008-08-27 23:48 13,072 ----a-w c:\users\Justin\AppData\Roaming\nvModes.dat
2008-04-29 04:17 545,278 ----a-w c:\users\Justin\Autoruns.zip
2008-08-20 17:13 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2008-08-20 17:13 32,768 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2008-08-20 17:13 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
2008-09-18 04:10 16,384 --sha-w c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2008-09-18 04:10 32,768 --sha-w c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2008-09-18 04:10 16,384 --sha-w c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitTorrent DNA"="c:\users\Justin\Program Files\DNA\btdna.exe" [2008-12-19 342848]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-11 136600]
"TosGbWatcher"="c:\program files\TOSHIBA\gigabeat room 3.0\TosGbWatcher.exe" [2005-09-02 118837]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]

c:\progra~2\MICROS~1\Windows\STARTM~1\Programs\Startup\
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2008-10-22 972064]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy]
"<NO NAME>"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"<NO NAME>"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile\AuthorizedApplications]
"<NO NAME>"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile\AuthorizedApplications\List]
"c:\\Program Files\\Vongo\\VongoService.exe"= c:\program files\Vongo\VongoService.exe:*:enabled:VongoService
"<NO NAME>"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{8B1EFD3F-0865-45BE-ADA7-CCCC619B71D8}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{2EB80D87-88A9-4C82-90C4-9AEF4D208859}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{3EBA888C-79E1-4680-8DF6-98F1D121A453}"= c:\program files\HP\QuickPlay\QP.exe:Quick Play
"{DEC36C78-CAB4-4A61-AE62-8C04D43D6850}"= c:\program files\HP\QuickPlay\QPService.exe:Quick Play Resident Program
"{8EA3AED1-C1B5-4A18-AB62-8AE628E1498A}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{6A3B5310-9011-4130-A7F0-4C3C4AC56CFC}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{9BD6E2B5-F7BE-491E-ADE1-21667DCE93D9}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{4F0200F0-E972-4675-9D7D-F12481964368}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{ADE15D3D-D0CC-41D3-A211-07F709F240BF}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{A9251460-71C1-4F7D-B46F-8D2B3391E92E}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{B210889F-1754-49B6-95F1-02EBC9196C30}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{4FB647D7-2A37-465A-A9F7-3C1CE4F5872A}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{EB45D43A-5FBB-4613-B44A-9F3DF27FB6DC}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{53B6CCAE-DB15-45D8-93E3-71BA0587A02F}"= Disabled:UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{2C1D1391-96A2-45B6-AF70-57455FC90DE0}"= Disabled:TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{ABEA9E59-7AA2-4A58-BD1A-E439FD2FFC6F}"= UDP:c:\program files\DNA\btdna.exe:DNA
"{B9BD9797-1377-4CA9-8088-D865777CBFBC}"= TCP:c:\program files\DNA\btdna.exe:DNA
"{21152B4D-35DD-4F5D-96C2-124B738993F2}"= UDP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent
"{B808FA36-5736-4E8E-A9CC-E76C4BCFC95D}"= TCP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent
"TCP Query User{C88F4042-ABC8-44AB-A3AC-D7BFC6E85D1A}c:\\program files\\bittorrent\\bittorrent.exe"= UDP:c:\program files\bittorrent\bittorrent.exe:bittorrent
"UDP Query User{1197A050-A687-4A19-921E-5B938BAF615E}c:\\program files\\bittorrent\\bittorrent.exe"= TCP:c:\program files\bittorrent\bittorrent.exe:bittorrent
"TCP Query User{3CF5C55C-4C2F-42F2-A784-A1E499F7C381}c:\\users\\justin\\program files\\dna\\btdna.exe"= UDP:c:\users\justin\program files\dna\btdna.exe:btdna.exe
"UDP Query User{73125F5D-CBE6-4DEB-9255-5AE56999C124}c:\\users\\justin\\program files\\dna\\btdna.exe"= TCP:c:\users\justin\program files\dna\btdna.exe:btdna.exe
"TCP Query User{0975AAC0-70BF-4E92-8F6D-C82E3DD5DA45}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{5FA74C43-611C-45B4-A41D-6473AC6A3730}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"{F7B4B5C5-4E28-4768-8A0E-C2D20825B4EB}"= UDP:c:\program files\DNA\btdna.exe:DNA
"{488AB205-A3F1-4B06-9798-D4DEEB3EBBEA}"= TCP:c:\program files\DNA\btdna.exe:DNA
"{FE044435-009E-48A0-8615-B85942D4598C}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{2F9614FC-999F-4DB5-BA1E-0114669FCE08}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"{02EBC3AE-B27E-417D-A424-0205E2C682B9}"= UDP:c:\program files\Malwarebytes' Anti-Malware\mbam.exe:Malwarebytes' Anti-Malware
"{27522FC1-D311-4FA9-A288-48EE3215912A}"= TCP:c:\program files\Malwarebytes' Anti-Malware\mbam.exe:Malwarebytes' Anti-Malware

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"= c:\program files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink
"c:\\Program Files\\BitTorrent\\bittorrent.exe"= c:\program files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

R0 Spssys;Toshiba SPS Service;c:\windows\System32\drivers\spssys.sys [2009-01-03 164256]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2007-10-08 810320]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
- - - - ORPHANS REMOVED - - - -

HKLM-RunOnce-<NO NAME> - (no file)


.
------- Supplementary Scan -------
.
uStart Page = hxxp://my.yahoo.com/
FF - ProfilePath -
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-05 15:01:45
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(1816)
c:\program files\Hewlett-Packard\HP Advisor\Pillars\Market\MLDeskBand.dll
c:\users\Justin\AppData\Local\Temp\catchme.dll
.
Completion time: 2009-04-05 15:07:14
ComboFix-quarantined-files.txt 2009-04-05 22:05:30

Pre-Run: 7,603,449,856 bytes free
Post-Run: 9,415,102,464 bytes free

148 --- E O F --- 2009-03-20 02:05:18

#9 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:12:42 AM

Posted 05 April 2009 - 09:31 PM

Hello, JstnGSD
Any help on being able to boot?

We need to re-run ComboFix with some additonal directives.
  • Please disable any running anti-virus programs.

    If you are unsure how to do this, see this topic: http://www.bleepingcomputer.com/forums/t/114351/how-to-temporarily-disable-your-anti-virus-firewall-and-anti-malware-programs/

  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Open notepad and copy/paste the text in the quotebox below into it:
    registry::
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
    "GrpConv"=-
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy]
    @=-
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
    @=-
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile\AuthorizedApplications]
    @=-
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile\AuthorizedApplications\List]
    @=-
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
    "DFSR-1"=-
  • Save this as CFScript.txt, in the same location as ComboFix.exe
  • Posted Image
    Refering to the picture above, drag CFScript into ComboFix.exe
  • When finished, it shall produce a log for you at "C:\ComboFix.txt". Please copy and paste that report here.
Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

In your next reply, please include the following:
  • ComboFix.txt

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#10 JstnGSD

JstnGSD
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:12:42 AM

Posted 06 April 2009 - 12:17 AM

I think that all I was using was Spybot and Malwarebytes. Didn't see how to disable them.
Let me know if I need to do it again. Thanks, J

ComboFix 09-04-04.01 - Justin 2009-04-05 21:29:33.1 - NTFSx86 NETWORK
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.958.144 [GMT -7:00]
Running from: c:\program files\ComboFix.exe
Command switches used :: c:\program files\CFScript.txt
.

((((((((((((((((((((((((( Files Created from 2009-03-06 to 2009-04-06 )))))))))))))))))))))))))))))))
.

No new files created in this timespan

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-06 04:10 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-05 21:25 3,067,803 ----a-r c:\program files\ComboFix.exe
2009-04-04 23:17 --------- d-----w c:\users\Justin\AppData\Roaming\Azureus
2009-03-23 00:38 --------- d-----w c:\users\Justin\AppData\Roaming\DNA
2009-03-21 15:38 --------- d-----w c:\progra~2\Google Updater
2009-03-12 23:36 --------- d-----w c:\program files\Windows Mail
2009-03-12 23:29 --------- d-----w c:\progra~2\Microsoft Help
2009-03-08 01:27 --------- d-----w c:\users\Justin\AppData\Roaming\dvdcss
2009-02-27 19:44 --------- d-----w c:\program files\Vuze
2009-01-15 04:16 52,736 ----a-w c:\windows\AppPatch\iebrshim.dll
2008-12-10 17:02 174 --sha-w c:\program files\desktop.ini
2008-08-27 23:48 13,072 ----a-w c:\users\Justin\AppData\Roaming\nvModes.dat
2008-04-29 04:17 545,278 ----a-w c:\users\Justin\Autoruns.zip
2008-08-20 17:13 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2008-08-20 17:13 32,768 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2008-08-20 17:13 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
2008-09-18 04:10 16,384 --sha-w c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2008-09-18 04:10 32,768 --sha-w c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2008-09-18 04:10 16,384 --sha-w c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitTorrent DNA"="c:\users\Justin\Program Files\DNA\btdna.exe" [2008-12-19 342848]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-11 136600]
"TosGbWatcher"="c:\program files\TOSHIBA\gigabeat room 3.0\TosGbWatcher.exe" [2005-09-02 118837]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]

c:\progra~2\MICROS~1\Windows\STARTM~1\Programs\Startup\
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2008-10-22 972064]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy]
"<NO NAME>"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"<NO NAME>"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile\AuthorizedApplications]
"<NO NAME>"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile\AuthorizedApplications\List]
"c:\\Program Files\\Vongo\\VongoService.exe"= c:\program files\Vongo\VongoService.exe:*:enabled:VongoService
"<NO NAME>"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{8B1EFD3F-0865-45BE-ADA7-CCCC619B71D8}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{2EB80D87-88A9-4C82-90C4-9AEF4D208859}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{3EBA888C-79E1-4680-8DF6-98F1D121A453}"= c:\program files\HP\QuickPlay\QP.exe:Quick Play
"{DEC36C78-CAB4-4A61-AE62-8C04D43D6850}"= c:\program files\HP\QuickPlay\QPService.exe:Quick Play Resident Program
"{8EA3AED1-C1B5-4A18-AB62-8AE628E1498A}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{6A3B5310-9011-4130-A7F0-4C3C4AC56CFC}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{9BD6E2B5-F7BE-491E-ADE1-21667DCE93D9}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{4F0200F0-E972-4675-9D7D-F12481964368}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{ADE15D3D-D0CC-41D3-A211-07F709F240BF}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{A9251460-71C1-4F7D-B46F-8D2B3391E92E}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{B210889F-1754-49B6-95F1-02EBC9196C30}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{4FB647D7-2A37-465A-A9F7-3C1CE4F5872A}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{EB45D43A-5FBB-4613-B44A-9F3DF27FB6DC}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{53B6CCAE-DB15-45D8-93E3-71BA0587A02F}"= Disabled:UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{2C1D1391-96A2-45B6-AF70-57455FC90DE0}"= Disabled:TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{ABEA9E59-7AA2-4A58-BD1A-E439FD2FFC6F}"= UDP:c:\program files\DNA\btdna.exe:DNA
"{B9BD9797-1377-4CA9-8088-D865777CBFBC}"= TCP:c:\program files\DNA\btdna.exe:DNA
"{21152B4D-35DD-4F5D-96C2-124B738993F2}"= UDP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent
"{B808FA36-5736-4E8E-A9CC-E76C4BCFC95D}"= TCP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent
"TCP Query User{C88F4042-ABC8-44AB-A3AC-D7BFC6E85D1A}c:\\program files\\bittorrent\\bittorrent.exe"= UDP:c:\program files\bittorrent\bittorrent.exe:bittorrent
"UDP Query User{1197A050-A687-4A19-921E-5B938BAF615E}c:\\program files\\bittorrent\\bittorrent.exe"= TCP:c:\program files\bittorrent\bittorrent.exe:bittorrent
"TCP Query User{3CF5C55C-4C2F-42F2-A784-A1E499F7C381}c:\\users\\justin\\program files\\dna\\btdna.exe"= UDP:c:\users\justin\program files\dna\btdna.exe:btdna.exe
"UDP Query User{73125F5D-CBE6-4DEB-9255-5AE56999C124}c:\\users\\justin\\program files\\dna\\btdna.exe"= TCP:c:\users\justin\program files\dna\btdna.exe:btdna.exe
"TCP Query User{0975AAC0-70BF-4E92-8F6D-C82E3DD5DA45}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{5FA74C43-611C-45B4-A41D-6473AC6A3730}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"{F7B4B5C5-4E28-4768-8A0E-C2D20825B4EB}"= UDP:c:\program files\DNA\btdna.exe:DNA
"{488AB205-A3F1-4B06-9798-D4DEEB3EBBEA}"= TCP:c:\program files\DNA\btdna.exe:DNA
"{FE044435-009E-48A0-8615-B85942D4598C}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{2F9614FC-999F-4DB5-BA1E-0114669FCE08}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"{02EBC3AE-B27E-417D-A424-0205E2C682B9}"= UDP:c:\program files\Malwarebytes' Anti-Malware\mbam.exe:Malwarebytes' Anti-Malware
"{27522FC1-D311-4FA9-A288-48EE3215912A}"= TCP:c:\program files\Malwarebytes' Anti-Malware\mbam.exe:Malwarebytes' Anti-Malware

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"= c:\program files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink
"c:\\Program Files\\BitTorrent\\bittorrent.exe"= c:\program files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

R0 Spssys;Toshiba SPS Service;c:\windows\System32\drivers\spssys.sys [2009-01-03 164256]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2007-10-08 810320]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
- - - - ORPHANS REMOVED - - - -

HKLM-RunOnce-<NO NAME> - (no file)


.
------- Supplementary Scan -------
.
uStart Page = hxxp://my.yahoo.com/
FF - ProfilePath -
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-05 21:37:32
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-04-05 21:57:04
ComboFix-quarantined-files.txt 2009-04-06 04:57:02
ComboFix2.txt 2009-04-05 22:07:16

Pre-Run: The system cannot find message text for message number 0x2379 in the message file for Application.
Post-Run: 9,355,288,576 bytes free

135 --- E O F --- 2009-03-20 02:05:18

#11 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:12:42 AM

Posted 06 April 2009 - 08:15 PM

Hello, JstnGSD
I would like us to use ESET (NOD32)'s Online Scanner
  • Please go to ESET OnlineScan (NOD32)
  • You will then see the Terms of Use, tick the check-box infront of YES, I accept the Terms of Use
  • Now click Start
  • Should you face a Security Warning that asks if you want to install and run a file called "OnlineScanner.cab", click Yes
  • Click Start
    • Note: (the Onlinescanner will now prepare itself for running on your pc)
  • To do a full-scan, tick: "Remove found threats" and "Scan potentially unwanted applications"
  • Press Scan
  • The Onlinescan will now start and scan your pc (this could take a while)
  • When the scan has finished, it will show a screen with two tabs "overview" and "details" and the option to get information or buy software, just close the window
  • Click Start >> Run... >> type: C:\Program Files\EsetOnlineScanner\log.txt
  • The Scanresults will now open in Notepad
  • Click into the text area, right-click and chose "select all" (or use <Control>+A)
  • Right-click again and chose "Copy" (or <Control>+C)
  • Close/Exit Notepad
  • Navigate to this thread and post your log along with anything else requested from us, by right-clicking and "paste" (or ctrl+v) in the text area of the reply post you just created.
Note: For Vista Users: Eset is compatible but Internet Explorer must be run as Administrator. To do this, right-click on the IE icon in the Start Menu or Quick Launch Bar on the Taskbar and select "Run as Administrator" from the context menu.)

In your next reply, please include the following:
  • ESET OnlineScan's Log

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#12 JstnGSD

JstnGSD
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:12:42 AM

Posted 07 April 2009 - 10:25 AM

I'm running Vista and when I right clicked on IE in the start menu there was no run as administrator option. Is that because it's in safe mode?
I ran the scan anyways:

# version=4
# OnlineScanner.ocx=1.0.0.635
# OnlineScannerDLLA.dll=1, 0, 0, 79
# OnlineScannerDLLW.dll=1, 0, 0, 78
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=3991 (20090407)
# vers_arch_module=1.064 (20080214)
# vers_adv_heur_module=1.066 (20070917)
# EOSSerial=27b98b91486bcb41a5f7af3ede083770
# end=finished
# remove_checked=true
# unwanted_checked=true
# utc_time=2009-04-07 07:10:24
# local_time=2009-04-07 12:10:24 (-0800, Pacific Daylight Time)
# country="United States"
# osver=6.0.6000 NT
# scanned=915970
# found=0
# scan_time=8452

#13 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:12:42 AM

Posted 07 April 2009 - 06:28 PM

Hello, JstnGSD

I'm running Vista and when I right clicked on IE in the start menu there was no run as administrator option. Is that because it's in safe mode?

I believe so.

Any better on the logins or are you still unable to do so?

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#14 JstnGSD

JstnGSD
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:12:42 AM

Posted 07 April 2009 - 10:39 PM

I'm still getting the blue screen with the normal boot.

#15 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:12:42 AM

Posted 08 April 2009 - 10:37 PM

Hello, JstnGSD
Please boot into safe mode and then run these instructions:
1. Go to "start"
2. Enter "msconfig" into the search box.
3. Select the "Diagnostic Start" radio button.
4. Click OK and follow the prompts to reboot.

Please let me know of normal mode works then.

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users