Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help analyzing HijackThis Log - Please!!!!


  • This topic is locked This topic is locked
4 replies to this topic

#1 bwbetts

bwbetts

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:05:55 AM

Posted 02 August 2009 - 10:13 AM

My computer has a bad virus. Adaware and McAfee don't clean all the files. Can't run Malwarebytes. Ran HijackThis, but don't know which items to fix. Below is the log file from HijackThis. I would really appreciate some help reading this file and fixing my computer. Thank you!!!!


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:09:39 AM, on 8/2/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\AOL 9.1\waol.exe
C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
C:\Program Files\AOL 9.1\shellmon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\AOL\1134017501\EE\aolsoftware.exe
c:\program files\common files\aol\1134017501\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe
C:\Program Files\Common Files\AOL\1134017501\EE\aolsoftware.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\Program Files\Internet Explorer\Iexplore.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
c:\PROGRA~1\mcafee\msc\mcshell.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Common Files\AOL\Topspeed\3.0\aoltpsd3.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\Iexplore.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\system32\hphmon04.exe
O4 - HKLM\..\Run: [HPHUPD04] "C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1134017501\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe" -start
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [do_not_delete] C:\WINDOWS\system32\do_not_delete.exe
O4 - HKLM\..\Run: [reader_s] C:\WINDOWS\System32\reader_s.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKLM\..\RunOnce: [InnoSetupRegFile.0000000001] "C:\WINDOWS\is-2NU0A.exe" /REG
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\AOL 9.1\AOL.EXE" -b
O4 - HKLM\..\Policies\Explorer\Run: [none] C:\Program Files\Video ActiveX Object\pmsngr.exe
O4 - HKLM\..\Policies\Explorer\Run: [do_not_delete] C:\WINDOWS\system32\do_not_delete.exe
O4 - HKUS\S-1-5-18\..\Run: [cft] C:\Documents and Settings\Brian Betts\Application Data\cft\cft.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DigiFast] C:\Documents and Settings\Brian Betts\Application Data\digifast\digifast.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [SfKg6wIPuSpdc] C:\Documents and Settings\Brian Betts\Application Data\Microsoft\Windows\iplevn.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [do_not_delete] C:\WINDOWS\system32\do_not_delete.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [reader_s] C:\Documents and Settings\Administrator\reader_s.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [do_not_delete] C:\WINDOWS\system32\do_not_delete.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [cft] C:\Documents and Settings\Brian Betts\Application Data\cft\cft.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: [do_not_delete] C:\WINDOWS\system32\do_not_delete.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: forteManager.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - https://objects.aol.com/mcafee/molbin/share...83/mcinsctl.cab
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/ampx/ampx2.6.1.11_en_dl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - https://objects.aol.com/mcafee/molbin/share...,20/McGDMgr.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flas...ent/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL,C:\WINDOWS\System32\dpnhpast32.dll
O20 - Winlogon Notify: 3438a216583 - C:\WINDOWS\System32\dpnhpast32.dll (file missing)
O21 - SSODL: carbinyl - {8d8c2387-7f80-4022-9be6-43630a969558} - (no file)
O21 - SSODL: eitheror - {2016a466-91a2-43c6-97d8-2fd380f065ef} - (no file)
O22 - SharedTaskScheduler: carbinyl - {8d8c2387-7f80-4022-9be6-43630a969558} - (no file)
O22 - SharedTaskScheduler: eitheror - {2016a466-91a2-43c6-97d8-2fd380f065ef} - (no file)
O23 - Service: McAfee Application Installer Cleanup (0115981241414515) (0115981241414515mcinstcleanup) - Unknown owner - C:\DOCUME~1\BRIANB~1\LOCALS~1\Temp\011598~1.EXE (file missing)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AntipyPro_12 (AntipPro2009_12) - Unknown owner - C:\WINDOWS\svchast.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Unknown owner - C:\Program Files\Canon\CAL\CALMAIN.exe (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\system32\HPHipm11.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: spkrmon - Unknown owner - C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 14213 bytes

BC AdBot (Login to Remove)

 


#2 bwbetts

bwbetts
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:05:55 AM

Posted 02 August 2009 - 01:14 PM

Reading other posts, I downloaded and tried to run Combofix without success (even tried to rename to combo-fix.exe and still no luck). I was able to run GMER. Below is the Log file from GMER. Any help you can provide would be greatly appreciated.



GMER 1.0.15.15011 [p2fr6pgw.exe] - http://www.gmer.net
Rootkit scan 2009-08-02 14:11:30
Windows 5.1.2600 Service Pack 3


---- System - GMER 1.0.15 ----

Code 86AE110E ZwEnumerateKey
Code 86AE6D96 ZwFlushInstructionCache
Code 86AE04ED IofCallDriver
Code 86A7793D IofCompleteRequest
Code 86ADC7C5 ZwSaveKey
Code 86AE79DD ZwSaveKeyEx

---- Devices - GMER 1.0.15 ----

Device \Driver\NDIS \Device\Ndis [86B05984] NDIS.sys[.reloc]

AttachedDevice \Driver\Tcpip \Device\Ip Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
---- Processes - GMER 1.0.15 ----

Library \\?\globalroot\systemroot\system32\hjgruirnkbbjqn.dll (*** hidden *** ) @ C:\WINDOWS\system32\winlogon.exe [784] 0x10000000
Library \\?\globalroot\systemroot\system32\hjgruirnkbbjqn.dll (*** hidden *** ) @ C:\WINDOWS\system32\services.exe [840] 0x10000000
Library \\?\globalroot\systemroot\system32\hjgruirnkbbjqn.dll (*** hidden *** ) @ C:\WINDOWS\system32\lsass.exe [864] 0x10000000
Library \\?\globalroot\systemroot\system32\hjgruirnkbbjqn.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1276] 0x10000000
Library \\?\globalroot\systemroot\system32\UACrbwwbiwqbe.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1276] 0x03580000
Library \\?\globalroot\systemroot\system32\hjgruirnkbbjqn.dll (*** hidden *** ) @ c:\PROGRA~1\mcafee\msc\mcuimgr.exe [1396] 0x10000000
Library \\?\globalroot\systemroot\system32\hjgruirnkbbjqn.dll (*** hidden *** ) @ C:\Program Files\Internet Explorer\Iexplore.exe [1436] 0x10000000
Library \\?\globalroot\systemroot\system32\hjgruirnkbbjqn.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1508] 0x10000000
Library \\?\globalroot\systemroot\system32\hjgruirnkbbjqn.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1564] 0x10000000
Library \\?\globalroot\systemroot\system32\hjgruirnkbbjqn.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1684] 0x10000000
Library \\?\globalroot\systemroot\system32\hjgruirnkbbjqn.dll (*** hidden *** ) @ C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [1744] 0x00E00000
Library \\?\globalroot\systemroot\system32\hjgruirnkbbjqn.dll (*** hidden *** ) @ C:\Documents and Settings\Administrator\Desktop\p2fr6pgw.exe [1940] 0x10000000
Library \\?\globalroot\systemroot\system32\hjgruirnkbbjqn.dll (*** hidden *** ) @ C:\WINDOWS\System32\svchost.exe [1964] 0x10000000
Library \\?\globalroot\systemroot\system32\hjgruirnkbbjqn.dll (*** hidden *** ) @ C:\WINDOWS\System32\svchost.exe [1972] 0x10000000
Library \\?\globalroot\systemroot\system32\hjgruirnkbbjqn.dll (*** hidden *** ) @ C:\WINDOWS\System32\svchost.exe [1980] 0x10000000
Library \\?\globalroot\systemroot\system32\hjgruirnkbbjqn.dll (*** hidden *** ) @ C:\WINDOWS\System32\svchost.exe [2008] 0x10000000
Library \\?\globalroot\systemroot\system32\hjgruirnkbbjqn.dll (*** hidden *** ) @ C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe [2140] 0x10000000
Library \\?\globalroot\systemroot\system32\hjgruirnkbbjqn.dll (*** hidden *** ) @ C:\Program Files\McAfee\MPF\MPFSrv.exe [2292] 0x10000000
Library \\?\globalroot\systemroot\system32\hjgruirnkbbjqn.dll (*** hidden *** ) @ C:\WINDOWS\System32\svchost.exe [2456] 0x10000000
Library \\?\globalroot\systemroot\system32\hjgruirnkbbjqn.dll (*** hidden *** ) @ c:\PROGRA~1\mcafee.com\agent\mcagent.exe [2676] 0x10000000
Library \\?\globalroot\systemroot\system32\hjgruirnkbbjqn.dll (*** hidden *** ) @ C:\WINDOWS\explorer.exe [2772] 0x10000000
Library \\?\globalroot\systemroot\system32\hjgruirnkbbjqn.dll (*** hidden *** ) @ C:\Program Files\Internet Explorer\Iexplore.exe [3292] 0x10000000
Library \\?\globalroot\systemroot\system32\hjgruirnkbbjqn.dll (*** hidden *** ) @ C:\Program Files\Common Files\AOL\Topspeed\3.0\aoltpsd3.exe [3304] 0x10000000
Library \\?\globalroot\systemroot\system32\hjgruirnkbbjqn.dll (*** hidden *** ) @ C:\Program Files\AOL 9.1\waol.exe [3424] 0x10000000
Library \\?\globalroot\systemroot\system32\hjgruirnkbbjqn.dll (*** hidden *** ) @ C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe [3504] 0x10000000
Library \\?\globalroot\systemroot\system32\hjgruirnkbbjqn.dll (*** hidden *** ) @ C:\Program Files\AOL 9.1\shellmon.exe [3756] 0x10000000
Library \\?\globalroot\systemroot\system32\hjgruirnkbbjqn.dll (*** hidden *** ) @ C:\WINDOWS\system32\ctfmon.exe [3820] 0x10000000
Library \\?\globalroot\systemroot\system32\hjgruirnkbbjqn.dll (*** hidden *** ) @ C:\Program Files\Common Files\AOL\1134017501\EE\aolsoftware.exe [3868] 0x10000000
Library \\?\globalroot\systemroot\system32\hjgruirnkbbjqn.dll (*** hidden *** ) @ c:\program files\common files\aol\1134017501\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe [3992] 0x10000000
Library \\?\globalroot\systemroot\system32\hjgruirnkbbjqn.dll (*** hidden *** ) @ C:\Program Files\Common Files\AOL\1134017501\EE\aolsoftware.exe [4020] 0x10000000
Library \\?\globalroot\systemroot\system32\hjgruirnkbbjqn.dll (*** hidden *** ) @ C:\Program Files\Internet Explorer\IEXPLORE.EXE [4028] 0x10000000
Library \\?\globalroot\systemroot\system32\hjgruirnkbbjqn.dll (*** hidden *** ) @ C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe [4084] 0x10000000

---- EOF - GMER 1.0.15 ----

#3 bwbetts

bwbetts
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:05:55 AM

Posted 02 August 2009 - 02:43 PM

The virus removed my cmd.exe, so I wasn't able to run the DDS software. I was able to reinstall cmd.exe and below is the log file from running DDS. Help please!!!



UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-07-30.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 6/6/2005 8:26:07 PM
System Uptime: 8/2/2009 9:36:39 AM (6 hours ago)

Motherboard: Dell Inc. | | 0M3918
Processor: Intel® Pentium® 4 CPU 3.40GHz | Microprocessor | 3392/800mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 149 GiB total, 100.521 GiB free.
D: is CDROM ()
E: is CDROM ()
F: is CDROM ()
G: is CDROM ()
J: is FIXED (FAT32) - 466 GiB total, 450.842 GiB free.

==== Disabled Device Manager Items =============

Class GUID: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA}
Description: HID Non-User Input Data Filter (KB 911895)
Device ID: HID\VID_045E&PID_00F9&MI_01&COL01\7&258A609B&0&0000
Manufacturer: Microsoft
Name: HID Non-User Input Data Filter (KB 911895)
PNP Device ID: HID\VID_045E&PID_00F9&MI_01&COL01\7&258A609B&0&0000
Service: NuidFltr

Class GUID: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA}
Description: HID Non-User Input Data Filter (KB 911895)
Device ID: HID\VID_045E&PID_00F9&MI_01&COL03\7&258A609B&0&0002
Manufacturer: Microsoft
Name: HID Non-User Input Data Filter (KB 911895)
PNP Device ID: HID\VID_045E&PID_00F9&MI_01&COL03\7&258A609B&0&0002
Service: NuidFltr

==== System Restore Points ===================

RP1462: 7/25/2009 11:41:13 AM - System Checkpoint
RP1463: 7/25/2009 11:41:14 AM - System Checkpoint
RP1464: 7/25/2009 11:41:14 AM - System Checkpoint
RP1465: 7/25/2009 11:41:14 AM - System Checkpoint
RP1466: 7/25/2009 11:41:15 AM - System Checkpoint
RP1467: 7/25/2009 11:41:15 AM - Software Distribution Service 3.0
RP1468: 7/25/2009 11:41:15 AM - System Checkpoint
RP1469: 7/25/2009 11:41:15 AM - System Checkpoint
RP1470: 7/25/2009 11:41:15 AM - System Checkpoint
RP1471: 7/25/2009 11:41:15 AM - Installed Java™ 6 Update 13
RP1472: 7/25/2009 11:41:15 AM - Removed iTunes
RP1473: 7/25/2009 11:41:16 AM - Installed iTunes
RP1474: 7/25/2009 11:41:16 AM - Removed iTunes
RP1475: 7/25/2009 11:41:16 AM - Installed iTunes
RP1476: 7/25/2009 11:41:17 AM - Removed iTunes
RP1477: 7/25/2009 11:41:18 AM - Installed iTunes
RP1478: 7/25/2009 11:41:18 AM - System Checkpoint
RP1479: 7/25/2009 11:41:18 AM - System Checkpoint
RP1480: 7/25/2009 11:41:18 AM - System Checkpoint
RP1481: 7/25/2009 11:41:18 AM - System Checkpoint
RP1482: 7/25/2009 11:41:18 AM - System Checkpoint
RP1483: 7/25/2009 11:41:18 AM - System Checkpoint
RP1484: 7/25/2009 11:41:19 AM - System Checkpoint
RP1485: 7/25/2009 11:41:19 AM - Software Distribution Service 3.0
RP1486: 7/25/2009 11:41:19 AM - System Checkpoint
RP1487: 7/25/2009 11:41:19 AM - System Checkpoint
RP1488: 7/25/2009 11:41:19 AM - System Checkpoint
RP1489: 7/25/2009 11:41:19 AM - System Checkpoint
RP1490: 7/25/2009 11:41:19 AM - System Checkpoint
RP1491: 7/25/2009 11:41:19 AM - System Checkpoint
RP1492: 7/25/2009 11:41:19 AM - System Checkpoint
RP1493: 7/25/2009 11:41:20 AM - System Checkpoint
RP1494: 7/25/2009 11:41:21 AM - System Checkpoint
RP1495: 7/25/2009 11:41:21 AM - System Checkpoint
RP1496: 7/25/2009 11:41:21 AM - System Checkpoint
RP1497: 7/25/2009 11:41:21 AM - System Checkpoint
RP1498: 7/25/2009 11:41:21 AM - System Checkpoint
RP1499: 7/25/2009 11:41:22 AM - System Checkpoint
RP1500: 7/25/2009 11:41:22 AM - System Checkpoint
RP1501: 7/25/2009 11:41:23 AM - System Checkpoint
RP1502: 7/25/2009 11:41:23 AM - System Checkpoint
RP1503: 7/25/2009 11:41:23 AM - System Checkpoint
RP1504: 7/25/2009 11:41:23 AM - System Checkpoint
RP1505: 7/25/2009 11:41:23 AM - System Checkpoint
RP1506: 7/25/2009 11:41:23 AM - System Checkpoint
RP1507: 7/25/2009 11:41:23 AM - System Checkpoint
RP1508: 7/25/2009 11:41:23 AM - System Checkpoint
RP1509: 7/25/2009 11:41:23 AM - System Checkpoint
RP1510: 7/25/2009 11:41:23 AM - System Checkpoint
RP1511: 7/25/2009 11:41:24 AM - System Checkpoint
RP1512: 7/25/2009 11:41:24 AM - System Checkpoint
RP1513: 7/25/2009 11:41:24 AM - System Checkpoint
RP1514: 7/25/2009 11:41:24 AM - Software Distribution Service 3.0
RP1515: 7/25/2009 11:41:24 AM - Software Distribution Service 3.0
RP1516: 7/25/2009 11:41:24 AM - System Checkpoint
RP1517: 7/25/2009 11:41:25 AM - System Checkpoint
RP1518: 7/25/2009 11:41:25 AM - Software Distribution Service 3.0
RP1519: 7/25/2009 11:41:25 AM - System Checkpoint
RP1520: 7/25/2009 11:41:25 AM - System Checkpoint
RP1521: 7/25/2009 11:41:25 AM - System Checkpoint
RP1522: 7/25/2009 11:41:25 AM - System Checkpoint
RP1523: 7/25/2009 11:41:25 AM - System Checkpoint
RP1524: 7/25/2009 11:41:25 AM - System Checkpoint
RP1525: 7/25/2009 11:41:26 AM - System Checkpoint
RP1526: 7/25/2009 11:41:26 AM - System Checkpoint
RP1527: 7/25/2009 11:41:26 AM - System Checkpoint
RP1528: 7/25/2009 11:41:26 AM - System Checkpoint
RP1529: 7/25/2009 11:41:26 AM - System Checkpoint
RP1530: 7/25/2009 11:41:26 AM - System Checkpoint
RP1531: 7/25/2009 11:41:26 AM - System Checkpoint
RP1532: 7/25/2009 11:41:26 AM - System Checkpoint
RP1533: 7/25/2009 11:41:26 AM - System Checkpoint
RP1534: 7/25/2009 11:41:26 AM - System Checkpoint
RP1535: 7/25/2009 11:41:26 AM - System Checkpoint
RP1536: 7/25/2009 11:41:26 AM - System Checkpoint
RP1537: 7/25/2009 11:41:26 AM - System Checkpoint
RP1538: 7/25/2009 11:41:26 AM - Software Distribution Service 3.0
RP1539: 7/25/2009 11:41:26 AM - System Checkpoint
RP1540: 7/25/2009 11:41:27 AM - System Checkpoint
RP1541: 7/25/2009 11:41:27 AM - System Checkpoint
RP1542: 7/25/2009 11:41:27 AM - System Checkpoint
RP1543: 7/25/2009 11:41:27 AM - System Checkpoint
RP1544: 7/25/2009 11:41:27 AM - System Checkpoint
RP1545: 7/25/2009 11:41:28 AM - System Checkpoint
RP1546: 7/25/2009 11:41:28 AM - System Checkpoint
RP1547: 7/25/2009 11:41:28 AM - System Checkpoint
RP1548: 7/25/2009 11:41:28 AM - System Checkpoint
RP1549: 7/25/2009 11:41:28 AM - Software Distribution Service 3.0
RP1550: 7/25/2009 11:41:28 AM - System Checkpoint
RP1551: 7/25/2009 11:41:28 AM - System Checkpoint
RP1552: 7/25/2009 11:41:30 AM - System Checkpoint
RP1553: 7/25/2009 11:41:30 AM - System Checkpoint
RP1554: 7/25/2009 11:41:31 AM - System Checkpoint
RP1555: 7/25/2009 11:41:31 AM - System Checkpoint
RP1556: 7/25/2009 11:41:31 AM - System Checkpoint

==== Installed Programs ======================


2007 Microsoft Office Suite Service Pack 1 (SP1)
Ad-Aware
Adobe Flash Player 10 ActiveX
Adobe Reader 7.1.0
Amazon MP3 Downloader 1.0.5
AOL Coach Version 1.0(Build:20030807.3)
AOL Coach Version 2.0(Build:20041026.5 en)
AOL Deskbar
AOL Toolbar 5.0
AOL Uninstaller (Choose which Products to Remove)
AOL You've Got Pictures Screensaver
Apple Mobile Device Support
Apple Software Update
ATI - Software Uninstall Utility
ATI Control Panel
ATI Display Driver
AviSynth 2.5
BearShare
Belkin F5D5005 Gigabit Desktop PCI Card Driver
BitTorrent 4.0.2
Bonjour
Canon Camera Access Library
Canon Camera Support Core Library
Canon Camera Window DC_DV 5 for ZoomBrowser EX
Canon Camera Window DC_DV 6 for ZoomBrowser EX
Canon Camera Window MC 6 for ZoomBrowser EX
Canon G.726 WMP-Decoder
Canon MovieEdit Task for ZoomBrowser EX
Canon RAW Image Task for ZoomBrowser EX
Canon RemoteCapture Task for ZoomBrowser EX
Canon Utilities EOS Utility
Canon Utilities PhotoStitch
Canon Utilities ZoomBrowser EX
Corel Paint Shop Pro Photo XI
Creative MediaSource
Critical Update for Windows Media Player 11 (KB959772)
Dell ResourceCD
DVD Decrypter (Remove Only)
DVD Shrink 3.2
forteManager
Google Desktop
Google Toolbar for Internet Explorer
HijackThis 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
HP Memories Disc
HP Photo and Imaging 2.0 - Photosmart Printer Series
Intel® 537EP V9x DF PCI Modem
Intel® PRO Network Adapters and Drivers
iPod for Windows 2005-10-12
iPod for Windows 2006-01-10
iPod Updater 2004-11-15
iTunes
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 5
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 9
Java™ 6 Update 13
Java™ 6 Update 2
Java™ 6 Update 3
Java™ 6 Update 5
Java™ 6 Update 7
Java™ SE Runtime Environment 6 Update 1
Malwarebytes' Anti-Malware
McAfee SecurityCenter
Memeo AutoBackup
Memeo AutoSync
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft IntelliPoint 6.1
Microsoft IntelliType Pro 6.1
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Software Update for Web Folders (English) 12
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft VC9 runtime libraries
MobileMe Control Panel
Move Networks Player for Internet Explorer
Mozilla Firefox (2.0)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
Photosmart 130,230,7150,7345,7350,7550 (Remove only)
Picasa 3
PowerDVD 5.3
Public Messenger ver 2.03
QuickTime
RealPlayer
Safari
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB969679)
Security Update for Microsoft Office Excel 2007 (KB969682)
Security Update for Microsoft Office OneNote 2007 (KB950130)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office Publisher 2007 (KB969693)
Security Update for Microsoft Office system 2007 (KB954326)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office Word 2007 (KB969604)
Security Update for Visio 2007 (KB947590)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB973346)
Sonic DLA
Sonic MyDVD
Sonic RecordNow!
Sonic Update Manager
Sound Blaster Audigy 2 ZS
SoundMAX
TurboTax Deluxe 2005
TurboTax ItsDeductible 2005
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office Outlook 2007 (KB969907)
Update for Outlook 2007 Junk Email Filter (kb971933)
Update for Windows Internet Explorer 8 (KB971180)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Videora iPod Converter 3.05
Viewpoint Media Player
WD Diagnostics
WebFldrs XP
Windows Cannot Find Fix Wizard
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage v1.3.0254.0
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
WinZip
Yahoo! extras
Yahoo! Install Manager
Yahoo! Internet Mail
Yahoo! Messenger
Yahoo! Toolbar

==== Event Viewer Messages From Past Week ========

8/2/2009 9:35:26 AM, error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Run the configured recovery program) after the unexpected termination of the McAfee Personal Firewall Service service, but this action failed with the following error: Access is denied.
8/2/2009 9:35:26 AM, error: Service Control Manager [7031] - The McAfee Services service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
8/2/2009 9:35:26 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Lavasoft Ad-Aware Service service to connect.
8/2/2009 9:35:21 AM, error: Service Control Manager [7031] - The McAfee Personal Firewall Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Run the configured recovery program.
8/2/2009 9:35:21 AM, error: Service Control Manager [7031] - The Lavasoft Ad-Aware Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
7/27/2009 12:40:38 AM, error: DCOM [10001] - Unable to start a DCOM Server: {C7E39D60-7A9F-42BF-ABB1-03DC0FA4F493} as /. The error: "%233" Happened while starting this command: c:\PROGRA~1\mcafee.com\agent\mcagent.exe -Embedding
7/26/2009 9:56:44 PM, error: System Error [1003] - Error code 100000d1, parameter1 e1efe000, parameter2 00000002, parameter3 00000000, parameter4 ee0bb125.
7/26/2009 8:41:22 PM, error: System Error [1003] - Error code 1000008e, parameter1 c0000005, parameter2 ba2ee24e, parameter3 ec6de168, parameter4 00000000.
7/26/2009 7:50:13 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
7/26/2009 7:49:51 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
7/26/2009 7:48:43 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service McNASvc with arguments "" in order to run the server: {24F616A1-B755-4053-8018-C3425DC8B68A}
7/26/2009 2:29:09 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
7/26/2009 11:51:52 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Fips intelppm mfehidk OMCI
7/26/2009 11:38:30 PM, error: Service Control Manager [7023] - The IPSEC Services service terminated with the following error: The authentication service is unknown.
7/26/2009 11:38:30 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the sfx service to connect.
7/26/2009 11:38:30 PM, error: Service Control Manager [7000] - The sfx service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
7/26/2009 11:38:30 PM, error: Service Control Manager [7000] - The Canon Camera Access Library 8 service failed to start due to the following error: The system cannot find the file specified.
7/26/2009 11:38:11 PM, error: LDMS [3023] - The Logical Disk Manager Service failed while registering for device handle notifications on device \\?\ide#cdromphilips_dvd+-rw_dvd8631_________________9d03____#594d543034373430303735313439484230303446#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}. Win32 Error: 1381.
7/26/2009 11:38:11 PM, error: LDMS [3023] - The Logical Disk Manager Service failed while registering for device handle notifications on device \\?\ide#cdromhl-dt-st_dvd-rom_gdr8163b_______________0d20____#5&e37647&0&0.0.0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}. Win32 Error: 1381.
7/26/2009 10:23:13 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume2'. It has stopped monitoring the volume.
7/26/2009 1:34:36 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
7/26/2009 1:31:07 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Fips intelppm IPSec mfehidk MPFP NetBT OMCI RasAcd sFxdrv Tcpip
7/26/2009 1:31:07 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
7/26/2009 1:31:07 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
7/26/2009 1:31:07 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
7/26/2009 1:31:07 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
7/26/2009 1:31:07 PM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
7/26/2009 1:31:07 PM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.

==== End Of File ===========================

#4 Shannon2012

Shannon2012

  • Security Colleague
  • 3,657 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina, USA
  • Local time:05:55 AM

Posted 11 August 2009 - 06:41 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE
Shannon

#5 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 37,062 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:04:55 AM

Posted 17 August 2009 - 03:18 PM

Due to the lack of feedback, this Topic is now closed.

In case you still have problems, please send me a Private message to reopen this topic within the next 5 days. Beyond that point, please start a new topic.

Orange Blossom :thumbup2:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Internet Security, NoScript Firefox ext.


animinionsmalltext.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users