Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malware or Spyware orVirus [Laptop]


  • This topic is locked This topic is locked
41 replies to this topic

#1 kymberly

kymberly

  • Banned
  • 387 posts
  • OFFLINE
  •  
  • Local time:11:20 PM

Posted 19 June 2009 - 02:40 AM

DDs log detected hidden file. Also when I first ran combo fix it attempted to delete: c/$recycle/bin, but fake windows update window kept shutting system down. So i have to go in safe mode with networking to complete. That fake windows icon shuts system down and it doesnt give you the option to postpone like the real one does. It does this everytime I try to download antivirus programs as well. Also if you notice Norton has been outdated for every but cant delete from system. When I go to control panel it gives me an error.

Sorry this is for my lap-top! I have another topic open here for my pc as well. Just forgot to say this is for laptop!!!

Merged posts. ~ OB

Attached Files


Edited by Orange Blossom, 19 June 2009 - 10:24 PM.


BC AdBot (Login to Remove)

 


#2 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:20 PM

Posted 24 June 2009 - 08:33 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#3 kymberly

kymberly
  • Topic Starter

  • Banned
  • 387 posts
  • OFFLINE
  •  
  • Local time:11:20 PM

Posted 25 June 2009 - 12:59 AM

DDS (Ver_09-05-14.01) - NTFSx86
Run by hell nawl at 0:56:37.62 on Thu 06/25/2009
Internet Explorer: 7.0.6000.16851
Microsoft® Windows Vista™ Home Basic 6.0.6000.0.1252.1.1033.18.501.111 [GMT -5:00]

AV: Norton Internet Security *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: Norton Internet Security *disabled* (Outdated) {CBB7EE13-8244-4DAB-8B55-D5C7AA91E59A}
FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\HP Connections\6811507\Program\HP Connections.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9b.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Students Area\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=laptop
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=laptop
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0\bin\ssv.dll
uRun: [HPAdvisor] c:\program files\hewlett-packard\hp advisor\HPAdvisor.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0\bin\jusched.exe"
mRunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\reader 8.0\reader\reader_sl.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adober~2.lnk - c:\program files\adobe\reader 8.0\reader\AdobeCollabSync.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpconn~1.lnk - c:\program files\hp connections\6811507\program\HP Connections.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0\bin\ssv.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
Notify: igfxcui - igfxdev.dll

============= SERVICES / DRIVERS ===============


=============== Created Last 30 ================

2009-06-25 00:15 61,440 a------- c:\windows\system32\winipsec.dll
2009-06-25 00:15 28,672 a------- c:\windows\system32\FwRemoteSvr.dll
2009-06-25 00:15 361,984 a------- c:\windows\system32\IPSECSVC.DLL
2009-06-25 00:15 272,896 a------- c:\windows\system32\polstore.dll
2009-06-19 02:45 42 a------- c:\windows\system32\AK083E209605E394C.lie
2009-06-19 02:25 <DIR> --dsh--- C:\$RECYCLE.BIN
2009-06-19 01:58 205,824 a------- c:\windows\system32\msoeacct.dll
2009-06-19 01:58 87,040 a------- c:\windows\system32\msoert2.dll
2009-06-19 01:58 39,424 a------- c:\windows\system32\ACCTRES.dll
2009-06-19 01:56 2,028,032 a------- c:\windows\system32\win32k.sys
2009-06-19 01:56 374,456 a------- c:\windows\system32\mcupdate_GenuineIntel.dll
2009-06-19 01:55 268,800 a------- c:\windows\system32\es.dll
2009-06-19 01:54 696,832 a------- c:\windows\system32\localspl.dll
2009-06-19 01:53 788,992 a------- c:\windows\system32\rpcrt4.dll
2009-06-19 01:48 26,624 a------- c:\windows\system32\ieUnatt.exe
2009-06-19 01:48 56,320 a------- c:\windows\system32\iesetup.dll
2009-06-13 04:36 <DIR> --d----- c:\programdata\HP

==================== Find3M ====================

2009-06-19 01:49 72,704 a------- c:\windows\system32\admparse.dll
2009-06-19 01:49 827,392 a------- c:\windows\system32\wininet.dll
2009-06-19 01:49 52,736 a------- c:\windows\apppatch\iebrshim.dll
2009-06-19 01:49 78,336 a------- c:\windows\system32\ieencode.dll
2009-06-19 01:49 48,128 a------- c:\windows\system32\mshtmler.dll
2009-06-13 04:05 51,200 a------- c:\windows\inf\infpub.dat
2009-06-13 04:05 665,600 a------- c:\windows\inf\drvindex.dat
2009-06-13 04:04 86,016 a------- c:\windows\inf\infstrng.dat
2009-06-13 04:04 86,016 a------- c:\windows\inf\infstor.dat
2009-06-13 04:02 174 a--sh--- c:\program files\desktop.ini
2009-06-08 08:10 155,136 a------- c:\windows\PEV.exe
2009-05-22 14:04 110,080 a------- c:\windows\system32\drivers\mrxdav.sys
2009-05-22 14:04 194,560 a------- c:\windows\system32\WebClnt.dll
2009-05-22 14:03 376,320 a------- c:\windows\system32\winsrv.dll
2009-05-22 14:03 49,664 a------- c:\windows\system32\csrsrv.dll
2009-05-22 13:58 376,832 a------- c:\windows\system32\winhttp.dll
2009-05-22 13:55 297,472 a------- c:\windows\system32\gdi32.dll
2009-05-22 13:53 1,060,920 a------- c:\windows\system32\drivers\ntfs.sys
2009-05-22 13:53 41,984 a------- c:\windows\system32\drivers\monitor.sys
2009-05-22 13:51 211,456 a------- c:\windows\system32\drivers\mrxsmb10.sys
2009-05-22 13:50 500,736 a------- c:\windows\system32\msdtcprx.dll
2009-05-22 13:50 30,208 a------- c:\windows\system32\xolehlp.dll
2009-05-22 13:49 28,672 a------- c:\windows\system32\Apphlpdm.dll
2009-05-22 13:49 2,560 a------- c:\windows\apppatch\AcRes.dll
2009-05-22 13:49 2,144,256 a------- c:\windows\apppatch\AcGenral.dll
2009-05-22 13:49 537,600 a------- c:\windows\apppatch\AcLayers.dll
2009-05-22 13:49 449,536 a------- c:\windows\apppatch\AcSpecfc.dll
2009-05-22 13:49 173,056 a------- c:\windows\apppatch\AcXtrnal.dll
2009-05-22 13:49 4,247,552 a------- c:\windows\system32\GameUXLegacyGDFs.dll
2009-05-22 13:49 1,687,040 a------- c:\windows\system32\gameux.dll
2009-05-22 13:47 303,616 a------- c:\windows\system32\wmpeffects.dll
2009-05-22 13:46 1,194,496 a------- c:\windows\system32\msxml3.dll
2009-05-22 13:46 2,048 a------- c:\windows\system32\msxml3r.dll
2009-05-22 13:44 414,208 a------- c:\windows\system32\msscp.dll
2009-05-22 13:43 356,864 a------- c:\windows\system32\MediaMetadataHandler.dll
2009-05-22 13:42 396,800 a------- c:\windows\system32\MPSSVC.dll
2009-05-22 13:42 392,192 a------- c:\windows\system32\FirewallAPI.dll
2009-05-22 13:42 86,016 a------- c:\windows\system32\icfupgd.dll
2009-05-22 13:42 63,488 a------- c:\windows\system32\drivers\mpsdrv.sys
2009-05-22 13:42 178,688 a------- c:\windows\system32\iphlpsvc.dll
2009-05-22 13:42 61,952 a------- c:\windows\system32\cmifw.dll
2009-05-22 13:42 23,040 a------- c:\windows\system32\drivers\tunnel.sys
2009-05-22 13:42 16,896 a------- c:\windows\system32\wfapigp.dll
2009-05-22 13:42 15,360 a------- c:\windows\system32\drivers\TUNMP.SYS
2009-05-22 13:40 2,048 a------- c:\windows\system32\tzres.dll
2009-05-22 13:38 8,147,968 a------- c:\windows\system32\wmploc.DLL
2009-05-22 13:38 7,680 a------- c:\windows\system32\spwmp.dll
2009-05-22 13:38 4,096 a------- c:\windows\system32\dxmasf.dll
2009-05-22 13:34 109,624 a------- c:\windows\system32\drivers\ataport.sys
2009-05-22 13:34 45,112 a------- c:\windows\system32\drivers\pciidex.sys
2009-05-22 13:34 25,656 a------- c:\windows\system32\drivers\msahci.sys
2009-05-22 13:34 21,560 a------- c:\windows\system32\drivers\atapi.sys
2009-05-22 13:34 17,464 a------- c:\windows\system32\drivers\intelide.sys
2009-05-22 13:34 211,000 a------- c:\windows\system32\drivers\volsnap.sys
2009-05-22 13:34 154,624 a------- c:\windows\system32\drivers\nwifi.sys
2009-05-22 13:33 104,448 a------- c:\windows\system32\DWWIN.EXE
2009-05-22 13:32 2,923,520 a------- c:\windows\explorer.exe
2009-05-22 13:31 224,768 a------- c:\windows\system32\drivers\usbport.sys
2009-05-22 13:31 192,000 a------- c:\windows\system32\drivers\usbhub.sys
2009-05-22 13:31 38,400 a------- c:\windows\system32\drivers\usbehci.sys
2009-05-22 13:31 23,040 a------- c:\windows\system32\drivers\usbuhci.sys
2009-05-22 13:31 8,704 a------- c:\windows\system32\hcrstco.dll
2009-05-22 13:31 8,704 a------- c:\windows\system32\hccoin.dll
2009-05-22 13:31 5,888 a------- c:\windows\system32\drivers\usbd.sys
2009-05-22 13:29 216,632 a------- c:\windows\system32\drivers\netio.sys
2009-05-22 13:29 24,064 a------- c:\windows\system32\netcfg.exe
2009-05-22 13:29 803,328 a------- c:\windows\system32\drivers\tcpip.sys
2009-05-22 13:29 167,424 a------- c:\windows\system32\tcpipcfg.dll
2009-05-22 13:29 22,016 a------- c:\windows\system32\netiougc.exe
2009-05-22 13:29 1,808,896 a------- c:\windows\system32\NlsLexicons0046.dll
2009-05-22 13:29 1,793,536 a------- c:\windows\system32\NlsLexicons0045.dll
2009-05-22 13:29 1,411,072 a------- c:\windows\system32\NlsLexicons0047.dll
2009-05-22 13:29 1,558,016 a------- c:\windows\system32\NlsLexicons0049.dll
2009-05-22 13:29 1,236,992 a------- c:\windows\system32\NlsLexicons0020.dll
2009-05-22 13:23 1,585,664 a------- c:\windows\system32\setupapi.dll
2009-05-22 13:21 549,888 a------- c:\windows\system32\rpcss.dll
2009-05-22 13:21 3,503,584 a------- c:\windows\system32\ntkrnlpa.exe
2009-05-22 13:21 3,469,280 a------- c:\windows\system32\ntoskrnl.exe
2009-05-22 13:21 24,576 a------- c:\windows\system32\printfilterpipelineprxy.dll
2009-05-22 13:21 654,336 a------- c:\windows\system32\printfilterpipelinesvc.exe
2009-05-22 13:21 614,912 a------- c:\windows\system32\wbem\fastprox.dll
2009-05-22 13:21 501,760 a------- c:\windows\system32\wbem\WmiPrvSD.dll
2009-05-22 13:21 247,296 a------- c:\windows\system32\wbem\WmiPrvSE.exe
2009-05-22 13:21 130,560 a------- c:\windows\system32\wbem\WmiDcPrv.dll
2009-05-22 13:21 53,248 a------- c:\windows\system32\iasads.dll
2009-05-22 13:21 37,888 a------- c:\windows\system32\iasdatastore.dll
2009-05-22 13:21 158,720 a------- c:\windows\system32\sdohlp.dll
2009-05-22 13:21 97,280 a------- c:\windows\system32\iasrecst.dll
2009-05-22 13:20 82,432 a------- c:\windows\system32\drivers\sdbus.sys
2009-05-22 13:19 223,232 a------- c:\windows\system32\WMASF.DLL
2009-05-22 13:19 9,728 a------- c:\windows\system32\LAPRXY.DLL
2009-05-22 13:19 2,048 a------- c:\windows\system32\asferror.dll
2009-05-22 13:18 1,233,408 a------- c:\windows\system32\lsasrv.dll
2009-05-22 13:18 72,704 a------- c:\windows\system32\secur32.dll
2009-05-22 13:18 7,680 a------- c:\windows\system32\lsass.exe
2009-05-22 13:18 40,960 a------- c:\windows\apppatch\apihex86.dll
2009-05-22 13:18 25,600 a------- c:\windows\system32\amxread.dll
2009-05-22 13:18 14,848 a------- c:\windows\system32\apilogen.dll
2009-05-22 13:17 268,288 a------- c:\windows\system32\mcbuilder.exe
2009-05-22 13:17:51 A------- 223,232 c:\windows\system32\SLC.dll

============= FINISH: 0:58:09.75 ===============
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-05-14.01)

Microsoft® Windows Vista™ Home Basic
Boot Device: \Device\HarddiskVolume1
Install Date: 5/5/2009 8:57:30 PM
System Uptime: 6/25/2009 12:22:50 AM (0 hours ago)

Motherboard: Quanta | | 30BB
Processor: Genuine Intel® CPU T2250 @ 1.73GHz | U2E1 | 1733/533mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 68 GiB total, 55.216 GiB free.
D: is FIXED (NTFS) - 6 GiB total, 0.787 GiB free.
E: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

No restore point in system.

==== Installed Programs ======================

Activation Assistant for the 2007 Microsoft Office suites
Adobe Flash Player 9 ActiveX
Adobe Reader 8
ASL_HS_Installer32
AutoUpdate
Conexant HD Audio
DivX
Hewlett-Packard Active Check
Hewlett-Packard Asset Agent
HP Active Support Library
HP Connections (remove only)
HP Customer Experience Enhancements
HP Easy Setup - Core
HP Help and Support
HP QuickPlay 3.0
HP Total Care Advisor
HP User Guide 0048
HPNetworkAssistant
Intel® Graphics Media Accelerator Driver
Java™ SE Runtime Environment 6
LightScribe 1.4.124.1
Microsoft Works
MSXML 4.0 SP2 (KB954430)
muvee autoProducer 5.0
My HP Games
Norton Internet Security (Symantec Corporation)
Roxio Creator Audio
Roxio Creator Basic v9
Roxio Creator Copy
Roxio Creator Data
Roxio Creator EasyArchive
Roxio Creator Tools
Roxio Express Labeler 3
Roxio MyDVD Basic v9
Soft Data Fax Modem with SmartCP
Sonic Activation Module
Synaptics Pointing Device Driver

==== Event Viewer Messages From Past Week ========

6/19/2009 3:22:20 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: spldr Wanarpv6
6/19/2009 3:22:20 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
6/19/2009 3:20:49 AM, Error: EventLog [6008] - The previous system shutdown at 3:19:38 AM on 6/19/2009 was unexpected.
6/19/2009 3:04:48 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 953733-6_neutral_PACKAGE from package KB953733(Security Update) into Staging(Staging) state
6/19/2009 3:04:48 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 953733-5_neutral_GDR from package KB953733(Security Update) into Staging(Staging) state
6/19/2009 3:04:48 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 953733-4_neutral_LDR from package KB953733(Security Update) into Staging(Staging) state
6/19/2009 3:04:48 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 953733-29_neutral_PACKAGE from package KB953733(Security Update) into Staging(Staging) state
6/19/2009 3:04:48 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 953733-28_neutral_PACKAGE from package KB953733(Security Update) into Staging(Staging) state
6/19/2009 3:04:48 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 953733-27_neutral_PACKAGE from package KB953733(Security Update) into Staging(Staging) state
6/19/2009 3:04:48 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 953733-26_neutral_PACKAGE from package KB953733(Security Update) into Staging(Staging) state
6/19/2009 3:04:48 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 953733-25_neutral_PACKAGE from package KB953733(Security Update) into Staging(Staging) state
6/19/2009 3:04:48 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 953733-23_neutral_PACKAGE from package KB953733(Security Update) into Staging(Staging) state
6/19/2009 3:04:48 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 953733-20_neutral_PACKAGE from package KB953733(Security Update) into Staging(Staging) state
6/19/2009 3:04:48 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 953733-15_neutral_PACKAGE from package KB953733(Security Update) into Staging(Staging) state
6/19/2009 3:04:48 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 953733-14_neutral_GDR from package KB953733(Security Update) into Staging(Staging) state
6/19/2009 3:04:48 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 953733-13_neutral_LDR from package KB953733(Security Update) into Staging(Staging) state
6/19/2009 3:04:48 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB953733 (Security Update) into Staging(Staging) state
6/19/2009 2:50:17 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
6/19/2009 2:13:55 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
6/19/2009 2:13:55 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
6/19/2009 2:13:51 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
6/19/2009 2:13:43 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
6/19/2009 2:13:05 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service TermService with arguments "" in order to run the server: {F9A874B6-F8A8-4D73-B5A8-AB610816828B}
6/19/2009 2:13:05 AM, Error: LSM [1048] - Terminal Service start failed. The relevant status code was This service cannot be started in Safe Mode .
6/19/2009 2:05:45 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800706be: Update for Windows Vista (KB938194).
6/19/2009 2:05:45 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800706ba: Security Update for Windows Vista (KB953733).
6/19/2009 2:01:50 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the PEVSystemStart service to connect.
6/19/2009 2:01:47 AM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
6/19/2009 1:52:19 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB951376 (Security Update) into Staging(Staging) state
6/19/2009 1:52:19 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB951376 (Security Update) into Default(Default) state
6/19/2009 1:43:16 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the HP Health Check Service service to connect.
6/19/2009 1:43:16 AM, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
6/19/2009 1:43:16 AM, Error: Service Control Manager [7000] - The HP Health Check Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
6/19/2009 1:37:00 AM, Error: EventLog [6008] - The previous system shutdown at 9:48:26 AM on 6/13/2009 was unexpected.

==== End Of File ===========================

#4 Hoov

Hoov

  • Malware Response Team
  • 3,519 posts
  • OFFLINE
  •  
  • Location:Mikado Michigan
  • Local time:10:20 PM

Posted 25 June 2009 - 10:34 PM

Howdy, my name is Hoov, and I will be helping you with your dilemma.

Please make sure you watch this thread for responses. If you click the options tab at the top of your first post, you can select to track this thread.

Here is what I am asking you to do during the repair of your computer

*Tell me everything that you have done, if anything, to try and fix this problem.

*Please only use 1 forum to help clear up your problem. Posting on more than 1 and following instructions from more than 1 forum will cause those helping you to pull out thier hair.

*Follow my instructions - If you can't for some reason, or if you don't understand something, please tell me. If you deviate from my instructions, tell me, it may make a difference on where we go. Don't install anything, even other programs that have nothing to do with security or malware, it could cause things to change, and I would never know it.

*Have faith. I will do all I can to get your computer working, and if I can't - someone else here will know something else to try.

*Stick with me to the end. My aim is to fix your problems, and give you the tools and knowledge to keep this from happening again.

Now onto trying to fix your computer.

If I am helping you and you don't hear from me for 24Hrs, send me a PM Please!

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself.
  • Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install. Alternatively, you can update through MBAM's interface from a clean computer, copy the definitions (rules.ref) located in C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware from that system to a usb stick or CD and then copy it to the infected machine.
On the Scanner tab:
  • Make sure the "Perform Full Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you after scanning with MBAM. Please temporarily disable such programs or permit them to allow the changes.
Visiting From SpywareHammer.com and DonHoover.net

Tilting at windmills hurts you more than the windmills.
-From the Notebooks of Lazarus Long
Senior of the Howard Families

Posted Image

#5 kymberly

kymberly
  • Topic Starter

  • Banned
  • 387 posts
  • OFFLINE
  •  
  • Local time:11:20 PM

Posted 29 June 2009 - 04:57 PM

will post tonite

#6 kymberly

kymberly
  • Topic Starter

  • Banned
  • 387 posts
  • OFFLINE
  •  
  • Local time:11:20 PM

Posted 30 June 2009 - 03:19 AM

This can not be true because my computer is slow as a snail! Somthing is lurking!! I dont believe this!!

Attached Files



#7 Hoov

Hoov

  • Malware Response Team
  • 3,519 posts
  • OFFLINE
  •  
  • Location:Mikado Michigan
  • Local time:10:20 PM

Posted 30 June 2009 - 02:29 PM

m0le is going to be taking over this thread, I am going on vacation.

Don't get discouraged because a scan shows no problems, there may be something that will be found in a different scan.
Visiting From SpywareHammer.com and DonHoover.net

Tilting at windmills hurts you more than the windmills.
-From the Notebooks of Lazarus Long
Senior of the Howard Families

Posted Image

#8 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:03:20 AM

Posted 30 June 2009 - 05:49 PM

Hi again kymberly,

MBAM is only one scanner and, as Hoov says, it doesn't mean that you are clean.

Please run these scans for me.

We need to scan for Rootkits with GMER
  • Please download GMER from one of the following locations, and save it to your desktop, please rename it as gamer.exe.
    • Main Mirror
      This version will download a randomly named file (Recommended)
    • Zip Mirror
      This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Close any and all open programs, as this process may crash your computer.
  • Double click Posted Image or Posted Image on your desktop.
  • Allow the gmer.sys driver to load if asked.
  • You may see this window. If you do, click No.
    Posted Image
  • Click on Posted Image and wait for the scan to finish.
  • If you see a rootkit warning window, click OK.
  • Push Posted Image and save the logfile to your desktop.
  • Copy and Paste the contents of that file in your next post.

Then

I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image
Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#9 kymberly

kymberly
  • Topic Starter

  • Banned
  • 387 posts
  • OFFLINE
  •  
  • Local time:11:20 PM

Posted 02 July 2009 - 01:29 PM

I have gotten the blue screen of death some many times, I am blue myself. Whn I first ran gmer it ran fine and scan everything but the program stalled once it finished and wldnt let me save the scan, which ran its entirety. Then had to shut computer down because I couldnt move the mouse, clt+alt+del, or shut down machine just stalled. Then went in safe mode and started the program and got the blue screen of death there. No its only posting part of the report. I tried selectn SHOW ALL but its grayed out and wont let you put a check there. Whateva is on my pc is probably on my laptop also. Very powerful malware or virus. Also when I have a screen up and try to exit out of that screens it stalls and stays there. THen I bring up another screen and that screens that stalls is right in the middle! You talkn about frustated. I ran the eset scan and it found no threats but didnt give me the option to save the report! I will try running it again if it gives me that prompt I will save and post!

Attached Files


Edited by kymberly, 02 July 2009 - 02:37 PM.


#10 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:03:20 AM

Posted 02 July 2009 - 05:54 PM

Hi kymberly,

As with your other topic we are not finding anything with these scans.

There has been several powerful tools run which would find a trace of malware somewhere in this amount of logs. ESET and Gmer, which we just ran, show nothing as does MBAM.

There is no powerful malware which can avoid detection completely and so there may be another cause.

Let's concentrate on the blue screens.

Can you provide the error code(s) and message(s) that you receive.

Also, have you run any tools which may have removed or corrupted any of your system files?
Have you seen any evidence of specific malware activity, it seems that the cause of the tools not running may also be a system error rather than a malware one.
Posted Image
m0le is a proud member of UNITE

#11 Hoov

Hoov

  • Malware Response Team
  • 3,519 posts
  • OFFLINE
  •  
  • Location:Mikado Michigan
  • Local time:10:20 PM

Posted 07 July 2009 - 09:36 AM

Howdy kymberly, I am back from Vacation and will be taking back over from m0le. In looking over what you have accomplished so far, in addition to the last question m0le asked (the BSOD stop codes and messages) There are also a few other things I need from you.

I need you to go to the administration tools in Vista. They are in the Control Panel. Open the Admin tools, then open the event viewer. Over on the left hand side expand the window category and then click on System. Then up at the top click on Action and then click on Save Events As, type in system as the file name, make sure file type EVTX is selected, and then navigate so it will save the file to your desktop, then click save. Over on the left hand side and click on Application. Then up at the top click on Action and then click on Save Events As, type in application as the file name, make sure file type EVTX is selected, and then navigate so it will save the file to your desktop, then click save. Zip them both up into a single zip file, post them back here in your next reply as attachments.


Please download RunScanner
  • Save it to a folder you create such as C:\Runscanner (this assumes Windows is installed on your C: drive).
  • Launch Runscanner by double-clicking runscanner.exe within the C:\Runscanner folder.
  • Vista users must also click Continue to open Runscanner when prompted by User Account Control (UAC)
  • Check Beginner Mode
  • Click Scan computer
  • Your will see a "Runscanner scan in progress" window displayed while Runscanner scans your system
  • At the conclusion of the scan, save the run file called runscanner.run to your documents folder or directly to the Runscanner folder. This is the file you will need to upload.
  • A runscanner.log file will automatically open in Notepad. Just close the Notepad window because, it is ONLY the runscanner.run file that we are interested in.
  • Next, zip up the runscanner.run file that you just saved.
  • I want you to upload the zipped runscanner.run file as an attachment in your next reply
  • To do that choose "Additional Options" under "Post Reply"
  • Browse to the zipped RUN file location and then click the "Post" button to attach the file.
  • I will review the run file, and then upload it back to you with items marked for deletion.
  • Please await my directions and the returned RUN file, and do not delete anything in the interim

Visiting From SpywareHammer.com and DonHoover.net

Tilting at windmills hurts you more than the windmills.
-From the Notebooks of Lazarus Long
Senior of the Howard Families

Posted Image

#12 kymberly

kymberly
  • Topic Starter

  • Banned
  • 387 posts
  • OFFLINE
  •  
  • Local time:11:20 PM

Posted 08 July 2009 - 05:48 PM

Hi there Hoov, Im looking forward too working with you as well/ Will post results tonite when get back from my exciting class of aeroboxing!!

Thanks so much for your help!!!

#13 kymberly

kymberly
  • Topic Starter

  • Banned
  • 387 posts
  • OFFLINE
  •  
  • Local time:11:20 PM

Posted 09 July 2009 - 10:48 PM

Hi, Hoov, sory for the delay. My laptop is crazy here. When I tried to run the event system and got through to left side and got the screen applications and system my computer grayed it out completely where I couldnt copy as you stated. It was just a blue circle going around and and I had to wait until it release the screen that was up. I don't understand how to zip these files, please explain. I did not see "additional options" mayb i am missing something here!
Runscanner logfile

* = signed file
- = file not found

General info
------------
Computer name : HELLNAWL-PC
Creation time : 7/9/2009 10:40:02 PM
Hosts <> 127.0.0.1 : 0
Hosts file location : %SystemRoot%\System32\drivers\etc
IE version : 7.0.6000.16851
OS : Windows Vista ™ Home Basic
OS Build : 6000
OS SP :
RunScanner Version : 1.8.1.0
User Language : English (United States)
User rights : Administrator
Windows folder : C:\Windows

Running processes
-----------------
* C:\Windows\system32\Macromed\Flash\FlashUtil9b.exe (Adobe Systems, Inc.)
C:\Program Files\a-squared Free\a2service.exe (Emsi Software GmbH)
C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
* C:\Windows\system32\csrss.exe (Microsoft Corporation)
* C:\Windows\system32\csrss.exe (Microsoft Corporation)
C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
* C:\Windows\system32\Dwm.exe (Microsoft Corporation)
* C:\Windows\System32\hkcmd.exe (Intel Corporation)
* C:\Windows\system32\svchost.exe (Microsoft Corporation)
* C:\Windows\system32\svchost.exe (Microsoft Corporation)
* C:\Windows\system32\svchost.exe (Microsoft Corporation)
* C:\Windows\system32\svchost.exe (Microsoft Corporation)
* C:\Windows\System32\svchost.exe (Microsoft Corporation)
* C:\Windows\system32\svchost.exe (Microsoft Corporation)
* C:\Windows\system32\svchost.exe (Microsoft Corporation)
* C:\Windows\System32\svchost.exe (Microsoft Corporation)
* C:\Windows\System32\svchost.exe (Microsoft Corporation)
* C:\Windows\System32\svchost.exe (Microsoft Corporation)
* C:\Windows\system32\svchost.exe (Microsoft Corporation)
* C:\Program Files\HP Connections\6811507\Program\HP Connections.exe (Hewlett Packard)
* C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe (Hewlett-Packard)
* C:\Windows\System32\igfxtray.exe (Intel Corporation)
* C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
* C:\Program Files\Internet Explorer\ieuser.exe (Microsoft Corporation)
* C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
* C:\Windows\system32\lsass.exe (Microsoft Corporation)
* C:\Windows\system32\lsm.exe (Microsoft Corporation)
C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
* C:\Windows\system32\SLsvc.exe (Microsoft Corporation)
* C:\Windows\system32\SearchFilterHost.exe (Microsoft Corporation)
* C:\Windows\system32\SearchIndexer.exe (Microsoft Corporation)
* C:\Windows\system32\SearchProtocolHost.exe (Microsoft Corporation)
* C:\Windows\system32\DRIVERS\xaudio.exe (Conexant Systems, Inc.)
* C:\Program Files\Tall Emu\Online Armor\OAcat.exe (Tall Emu)
* C:\Windows\System32\igfxpers.exe (Intel Corporation)
* C:\Users\hell nawl\Desktop\runscanner\RunScanner.exe (Runscanner.net)
* C:\Windows\system32\services.exe (Microsoft Corporation)
* C:\Windows\System32\spoolsv.exe (Microsoft Corporation)
* C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
* C:\Windows\system32\taskeng.exe (Microsoft Corporation)
* C:\Windows\system32\taskeng.exe (Microsoft Corporation)
* C:\Windows\system32\taskeng.exe (Microsoft Corporation)
* C:\Windows\system32\audiodg.exe (Microsoft Corporation)
* C:\Windows\Explorer.EXE (Microsoft Corporation)
* C:\Windows\system32\winlogon.exe (Microsoft Corporation)
* C:\Windows\servicing\TrustedInstaller.exe (Microsoft Corporation)
* c:\windows\System32\smss.exe (Microsoft Corporation)
* C:\Windows\system32\wininit.exe (Microsoft Corporation)
* C:\Windows\system32\wuauclt.exe (Microsoft Corporation)

Unrated items
-------------
002 * C:\Program Files\Tall Emu\Online Armor\OAui.exe (Tall Emu)
002 * C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
005 * C:\Program Files\HP Connections\6811507\Program\HP Connections.exe (Hewlett Packard)
006 * C:\Program Files\HP Connections\6811507\Program\HP Connections.exe (Hewlett Packard)
010 C:\Program Files\a-squared Free\a2service.exe (a-squared Free Service)
010 C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe (CyberLink Background Capture Service (CBCS))
010 C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe (CyberLink Task Scheduler (CTS))
010 * C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe (HP Health Check Service)
010 C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe (InstallDriver Table Manager)
010 C:\Program Files\Common Files\LightScribe\LSSrvc.exe (LightScribeService Direct Disc Labeling Service)
010 * C:\Program Files\Tall Emu\Online Armor\oasrv.exe (Online Armor)
010 * C:\Program Files\Tall Emu\Online Armor\OAcat.exe (Online Armor Helper Service)
010 C:\Program Files\Common Files\SureThing Shared\stllssvr.exe (stllssvr)
011 * C:\Windows\system32\drivers\OADriver.sys (OADriver)
011 * C:\Windows\system32\drivers\OAmon.sys (OAmon)
011 C:\Windows\System32\Drivers\PxHelp20.sys (PxHelp20)
011 * C:\Windows\system32\DRIVERS\SynTP.sys (Synaptics TouchPad Driver)
031 C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation) {0A9007C0-4076-11D3-8789-0000F8105754}
042 GUID / CLSID not found {08B0E5C0-4FCB-11CF-AAA5-00401C608501}
061 C:\Program Files\a-squared Free\a2freecontmenu.dll (Emsi Software GmbH) {A155339D-CCCD-4714-85EB-3754B804C9DF}
061 * C:\PROGRA~1\TALLEM~1\ONLINE~1\oaevent.dll (Tall Emu) {4F07DA46-8170-4859-9B5F-037EF2970034}
061 C:\Windows\System32\ShellvRTF.dll (XSS) {7F67036B-66F1-411A-AD85-759FB9C5B0DB}
062 C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll (Adobe Systems, Inc.) {F9DB5320-233E-11D1-9F84-707F02C10627}
100 Start Page HKCU : http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop
100 Start Page HKLM : http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop
173 GUID / CLSID not found
173 * C:\PROGRA~1\TALLEM~1\ONLINE~1\oaevent.dll (Tall Emu) {4F07DA46-8170-4859-9B5F-037EF2970034}
221 GUID / CLSID not found
221 * C:\PROGRA~1\TALLEM~1\ONLINE~1\oaevent.dll (Tall Emu) {4F07DA46-8170-4859-9B5F-037EF2970034}
223 C:\Program Files\a-squared Free\a2freecontmenu.dll (Emsi Software GmbH) {A155339D-CCCD-4714-85EB-3754B804C9DF}
225 GUID / CLSID not found
225 GUID / CLSID not found
225 C:\Program Files\a-squared Free\a2freecontmenu.dll (Emsi Software GmbH) {A155339D-CCCD-4714-85EB-3754B804C9DF}
225 C:\Program Files\a-squared Free\a2freecontmenu.dll (Emsi Software GmbH) {A155339D-CCCD-4714-85EB-3754B804C9DF}
225 * C:\PROGRA~1\TALLEM~1\ONLINE~1\oaevent.dll (Tall Emu) {4F07DA46-8170-4859-9B5F-037EF2970034}
225 * C:\PROGRA~1\TALLEM~1\ONLINE~1\oaevent.dll (Tall Emu) {4F07DA46-8170-4859-9B5F-037EF2970034}
227 GUID / CLSID not found
231 C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll (Adobe Systems, Inc.) PDF Column Info

Missing files
-------------
010 C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
010 c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
011 c:\windows\system32\drivers\blbdrive.sys
011 C:\Users\HELLNA~1\AppData\Local\Temp\catchme.sys
011 c:\windows\system32\DRIVERS\ipinip.sys
011 c:\windows\system32\DRIVERS\nwlnkflt.sys
011 c:\windows\system32\DRIVERS\nwlnkfwd.sys
011 c:\windows\system32\drivers\usbstor.sys
032 rdpclip



I just want to make sure you get this before it disappears!

Attached Files


Edited by kymberly, 09 July 2009 - 10:59 PM.


#14 Hoov

Hoov

  • Malware Response Team
  • 3,519 posts
  • OFFLINE
  •  
  • Location:Mikado Michigan
  • Local time:10:20 PM

Posted 10 July 2009 - 12:14 PM

OK they are two different things I would like. If you cannot get to the event viewer logs while in windows, try rebooting to Safe Mode.

To get into safe mode, Restart your computer.
When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu.
Select the option for Safe Mode using the arrow keys.
Then press enter on your keyboard to boot into Safe Mode.

I need you to go to the administration tools in Vista. They are in the Control Panel. Open the Admin tools, then open the event viewer. Over on the left hand side expand the window category and then click on System. Then up at the top click on Action and then click on Save Events As, type in system as the file name, make sure file type EVTX is selected, and then navigate so it will save the file to your desktop, then click save. Over on the left hand side and click on Application. Then up at the top click on Action and then click on Save Events As, type in application as the file name, make sure file type EVTX is selected, and then navigate so it will save the file to your desktop, then click save. Zip them both up into a single zip file, post them back here in your next reply as attachments.

To zip them up, save them to a folder or your desktop. Click on on of the files, and then hold the ctrl key down and click on the other file. Both files should be highlighted. Let go of the ctrl key. Now right click on one of the highlighted files and select send to, and then compressed (zipped) folder. The zipped file will be in the same location that the two original files are.

Now on to runscanner. I used the wrong procedures for attaching the log. The entire procedure should be

Please download RunScanner
  • Save it to a folder you create such as C:\Runscanner (this assumes Windows is installed on your C: drive).
  • Launch Runscanner by double-clicking runscanner.exe within the C:\Runscanner folder.
  • Vista users must also click Continue to open Runscanner when prompted by User Account Control (UAC)
  • Check Beginner Mode
  • Click Scan computer
  • Your will see a "Runscanner scan in progress" window displayed while Runscanner scans your system
  • At the conclusion of the scan, save the run file called runscanner.run to your documents folder or directly to the Runscanner folder. This is the file you will need to upload.
  • A runscanner.log file will automatically open in Notepad. Just close the Notepad window because, it is ONLY the runscanner.run file that we are interested in.
  • Next, zip up the runscanner.run file that you just saved.
  • I want you to upload the zipped runscanner.run file as an attachment in your next reply
  • To do that go down and click the browse button below the reply box. Its on the right side.
  • Browse to the zipped RUN file location and then click the "open" button, and then click "upload" button to attach the file.
  • I will review the run file, and then upload it back to you with items marked for deletion.
  • Please await my directions and the returned RUN file, and do not delete anything in the interim
I need the .run file NOT the .log file.

Sorry about the confusion
Visiting From SpywareHammer.com and DonHoover.net

Tilting at windmills hurts you more than the windmills.
-From the Notebooks of Lazarus Long
Senior of the Howard Families

Posted Image

#15 kymberly

kymberly
  • Topic Starter

  • Banned
  • 387 posts
  • OFFLINE
  •  
  • Local time:11:20 PM

Posted 11 July 2009 - 05:24 PM

Ok hoov, I had to read this 4 times to get it. Know finally I got it

Attached Files


Edited by kymberly, 11 July 2009 - 05:33 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users