Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Diagnostic Policy Service - Access Denied


  • This topic is locked This topic is locked
3 replies to this topic

#1 TheszEyz

TheszEyz

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:12:25 AM

Posted 03 December 2009 - 09:08 PM

On yesterday, I read a blog from Prevx regarding the "black screen" that is happening with a lot of Windows 7 and Vista users after running updates, etc (I run Vista). I thought this may have been my problem, as I have a 1.5 yr old monitor that just blacks out at will. I attempted to download the fix, directly from the blogsite, Prevx Black Screen Fix Blog and from that point, lost my internet connection (wireless), and could not reconnect.

The fix was an executible file, "fixshell.exe" with additional instructions to run "http://info.prevx.com/download.asp?GRAB=BLACKSCREENFIX", after download through the Task Manager. By the time I clicked on the download, the internet connection was lost. I called the support desk for Belkin (the wireless router) and LinkSys (the wireless adapter), and both said their components were operating fine after a few instructions.

When I hover over the network icon in the system tray I recieve this message: "The dependency service or group failed to start". I am also unable to do a Restore as all the Restore Dates have been wiped out.

When I click on the network icon to 'diagnose and repair', I receive this message: "Could not start diagnostic policy service on local computer. Error 5: Access denied." I get this also when I attempt to manually start the Diagnostic Policy Service.

I ran RegistryPatrol last night, and attempted to change the parameters of the DPS by creating a "Trusted Installer" user; all to no avail.

I unplugged the wireless connectivity and plugged the internet cable directly to my cpu; again, to no avail. No internet access. I am now getting this error message when I attempt to 'diagnose and repair': "Error 1114: A DLL Initialization routine failed".

Attached File  dps_screenshot.jpg   136.2KB   5 downloads

A relative advised me to come here, download ComboFix and run it. I have since read that you do not recommend that, and though I've ran it, from a cd, nothing happened to fix or repair my issue.

DDS.txt Report:


DDS (Ver_09-12-01.01) - NTFSx86
Run by Linda at 14:23:12.02 on Thu 12/03/2009
Internet Explorer: 7.0.6001.18000
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.1918.1055 [GMT -5:00]

AV: Norton Internet Security *On-access scanning enabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Norton Internet Security *enabled* (Outdated) {CBB7EE13-8244-4DAB-8B55-D5C7AA91E59A}
FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Prevx\prevx.exe
C:\Program Files\Creative\Shared Files\CTDevSrv.exe
C:\Program Files\Common Files\Portrait Displays\Shared\dtsrvc.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Windows\system32\lxbmcoms.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Prevx\prevx.exe
C:\Windows\system32\DllHost.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Windows\system32\schtasks.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Portrait Displays\Pivot Software\wpCtrl.exe
C:\Windows\WindowsMobile\wmdcBase.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe
C:\Windows\system32\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Creative\Software Update 3\SoftAuto.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Portrait Displays\Pivot Software\floater.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Portrait Displays\HP My Display\DTHtml.exe
C:\Program Files\Common Files\Portrait Displays\Shared\HookManager.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\hp\kbd\kbd.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
E:\dds.scr

============== Pseudo HJT Report ===============

uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&fr=yie7c
uStart Page = hxxp://mail.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
mStart Page = hxxp://www.yahoo.com
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn5\yt.dll
uURLSearchHooks: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - c:\program files\freecorder\tbFre0.dll
mURLSearchHooks: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - c:\program files\freecorder\tbFre0.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn5\yt.dll
BHO: HP Print Clips: {053f9267-dc04-4294-a72c-58f732d338c0} - c:\program files\hp\smart web printing\hpswp_framework.dll
BHO: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - c:\program files\freecorder\tbFre0.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\16.7.2.11\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\16.7.2.11\IPSBHO.DLL
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_01\bin\ssv.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn5\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn5\yt.dll
TB: Veoh Browser Plug-in: {d0943516-5076-4020-a3b5-aefaf26ab263} - c:\program files\veoh networks\veoh\plugins\reg\VeohToolbar.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\16.7.2.11\coIEPlg.dll
TB: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - c:\program files\freecorder\tbFre0.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [HPAdvisor] c:\program files\hewlett-packard\hp advisor\HPAdvisor.exe autoRun
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [SoftAuto.exe] "c:\program files\creative\software update 3\SoftAuto.exe"
uRun: [OM2_Monitor] "c:\program files\olympus\olympus master 2\MMonitor.exe" -NoStart
uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
uRun: [Search Protection] c:\program files\yahoo!\search protection\SearchProtection.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [hpsysdrv] c:\hp\support\hpsysdrv.exe
mRun: [KBD] c:\hp\kbd\KbdStub.EXE
mRun: [OsdMaestro] "c:\program files\hewlett-packard\on-screen osd indicator\OSD.exe"
mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe
mRun: [SunJavaUpdateReg] "c:\windows\system32\jureg.exe"
mRun: [DT HPW] c:\program files\common files\portrait displays\shared\DT_startup.exe -HPW
mRun: [Symantec PIF AlertEng] "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe" /a /m "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\AlertEng.dll"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [PivotSoftware] "c:\program files\portrait displays\pivot software\wpctrl.exe"
mRun: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdcBase.exe
mRun: [YSearchProtection] "c:\program files\yahoo!\search protection\SearchProtection.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [nmctxth] "c:\program files\common files\pure networks shared\platform\nmctxth.exe"
mRun: [Linksys Wireless Manager] "c:\program files\linksys\linksys wireless manager\LinksysWirelessManager.exe" /cm /min /lcid 1033
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\snapfi~1.lnk - c:\program files\snapfish picture mover\SnapfishMediaDetector.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_01\bin\ssv.dll
IE: {58ECB495-38F0-49cb-A538-10282ABF65E7} - {E763472E-A716-4CD9-89BD-DBDA6122F741} - c:\program files\hp\smart web printing\hpswp_extensions.dll
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {700259D7-1666-479a-93B1-3250410481E8} - {A93C41D8-01F8-4F8B-B14C-DE20B117E636} - c:\program files\hp\smart web printing\hpswp_extensions.dll
Trusted Zone: 360.com\blog
Trusted Zone: ajc.com\www
Trusted Zone: birdyork.com\www
Trusted Zone: coca-cola.com\www.virtualvender
Trusted Zone: dailymotion.com
Trusted Zone: dailymotion.com\www
Trusted Zone: hell.pl
Trusted Zone: homestarrunner.com\www
Trusted Zone: insightexpressai.com\ai095
Trusted Zone: ladyskylar.com\www
Trusted Zone: make-a-store.com\secure1
Trusted Zone: microsoft.com
Trusted Zone: motion.com\daily
Trusted Zone: msn.com\www
Trusted Zone: nbc.com\www
Trusted Zone: passport.net\login
Trusted Zone: poemofquotes.com\www
Trusted Zone: richstevens.com\www
Trusted Zone: select2perform.com\www
Trusted Zone: stardoll.com\www
Trusted Zone: stumbleupon.com
Trusted Zone: trekkieguy.com\www
Trusted Zone: yahoo.com\360
Trusted Zone: yahoo.com\blog.360
Trusted Zone: yahoo.com\cosmos.bcst
Trusted Zone: yahoo.com\mail
Trusted Zone: yahoo.com\message.360
Trusted Zone: yahoo.com\news
Trusted Zone: yahoo.com\profiles
Trusted Zone: yahoo.com\us.ard
Trusted Zone: yahoo.com\us.f605.mail
Trusted Zone: yahoo.com\us.rd
Trusted Zone: yahoo.com\www
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.systemrequirementslab.com/srl_bin/sysreqlab_srl.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll
Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\program files\norton internet security\engine\16.7.2.11\CoIEPlg.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\linda\appdata\roaming\mozilla\firefox\profiles\clytnx77.default\
FF - prefs.js: browser.startup.homepage - hxxp://mail.yahoo.com/
FF - component: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\coffplgn\components\coFFPlgn.dll
FF - component: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\ipsffplgn\components\IPSFFPl.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============

R0 pxscan;pxscan;c:\windows\system32\drivers\pxscan.sys [2009-12-2 30280]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1007020.00b\SymEFA.sys [2009-8-31 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\nis\1007020.00b\BHDrvx86.sys [2009-8-31 259632]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nis\1007020.00b\cchpx86.sys [2009-8-31 482432]
R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20091111.001\IDSvix86.sys [2009-11-12 343088]
R2 CSIScanner;CSIScanner;c:\program files\prevx\prevx.exe [2009-12-2 6221824]
R2 lxbm_device;lxbm_device;c:\windows\system32\lxbmcoms.exe -service --> c:\windows\system32\lxbmcoms.exe -service [?]
R2 Norton Internet Security;Norton Internet Security;c:\program files\norton internet security\engine\16.7.2.11\ccSvcHst.exe [2009-8-31 117640]
R2 pxrts;pxrts;c:\windows\system32\drivers\pxrts.sys [2009-12-2 47152]
R3 DrmCDriverV32;DrmCDriverV32;c:\windows\system32\drivers\DrmCDriverV32.sys [2008-2-20 22528]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-9-27 102448]
R3 pxkbf;pxkbf;c:\windows\system32\drivers\pxkbf.sys [2009-12-2 24496]
R3 SYMNDISV;Symantec Network Filter Driver;c:\windows\system32\drivers\nis\1007020.00b\symndisv.sys [2009-8-31 48688]
S2 gupdate1c9f8278d129cb0;Google Update Service (gupdate1c9f8278d129cb0);c:\program files\google\update\GoogleUpdate.exe [2009-6-28 133104]
S3 CTUPnPSv;Creative Centrale Media Server;c:\program files\creative\creative centrale\CTUPnPSv.exe [2008-5-21 64000]
S3 DrmCVideo32;DrmCVideo32;c:\windows\system32\drivers\DrmCVideo32.sys [2008-2-20 2688]
S3 PCD5SRVC{BD6912E3-AC9D80E8-05020000};PCD5SRVC{BD6912E3-AC9D80E8-05020000} - PCDR Kernel Mode Service Helper Driver;c:\progra~1\pc-doc~1\PCD5SRVC.pkms [2007-5-15 25632]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2008-9-3 7408]
S3 SoundMovieServer;SoundMovieServer;c:\windows\system32\snmvtsvc.exe [2008-2-20 184320]
S3 WUSB54GCv3;Compact Wireless-G USB Network Adapter;c:\windows\system32\drivers\WUSB54GCv3.sys [2009-11-11 645120]

=============== Created Last 30 ================

2009-12-03 03:07:07 53136 ----a-w- c:\windows\system32\PxSecure.dll
2009-12-03 03:07:07 47152 ----a-w- c:\windows\system32\drivers\pxrts.sys
2009-12-03 03:07:07 30280 ----a-w- c:\windows\system32\drivers\pxscan.sys
2009-12-03 03:07:07 24496 ----a-w- c:\windows\system32\drivers\pxkbf.sys
2009-12-03 03:07:06 0 d-----w- c:\program files\Prevx
2009-12-03 03:06:51 0 d-----w- c:\programdata\PrevxCSI
2009-12-03 02:37:02 77312 ----a-w- c:\windows\MBR.exe
2009-12-03 02:37:02 260608 ----a-w- c:\windows\PEV.exe
2009-12-02 19:22:23 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2009-12-02 00:42:04 24880 ----a-w- c:\windows\system32\drivers\pnarp.sys
2009-12-02 00:41:50 26416 ----a-w- c:\windows\system32\drivers\purendis.sys
2009-12-02 00:41:47 0 d-----w- c:\program files\common files\Pure Networks Shared
2009-12-02 00:41:42 0 d-----w- c:\programdata\Pure Networks
2009-11-26 08:05:54 2048 ----a-w- c:\windows\system32\tzres.dll
2009-11-25 08:05:54 1399296 ----a-w- c:\windows\system32\msxml6.dll
2009-11-25 08:05:54 1257472 ----a-w- c:\windows\system32\msxml3.dll
2009-11-25 08:05:48 714240 ----a-w- c:\windows\system32\timedate.cpl
2009-11-15 16:39:23 268 ---ha-w- C:\sqmdata00.sqm
2009-11-15 16:39:23 244 ---ha-w- C:\sqmnoopt00.sqm
2009-11-12 00:51:32 2035712 ----a-w- c:\windows\system32\win32k.sys
2009-11-12 00:51:16 351232 ----a-w- c:\windows\system32\WSDApi.dll
2009-11-12 00:46:33 0 d-----w- c:\program files\Linksys
2009-11-12 00:44:26 645120 ----a-w- c:\windows\system32\drivers\WUSB54GCv3.sys
2009-11-12 00:44:26 221184 ----a-w- c:\windows\system32\RaCoInst.dll
2009-11-12 00:44:26 15312 ----a-w- c:\windows\system32\RaCoInst.dat

==================== Find3M ====================

2009-12-02 19:55:32 51200 ----a-w- c:\windows\inf\infpub.dat
2009-12-02 19:55:31 86016 ----a-w- c:\windows\inf\infstor.dat
2009-12-02 19:55:30 143360 ----a-w- c:\windows\inf\infstrng.dat
2009-09-18 07:11:01 174 --sha-w- c:\program files\desktop.ini
2009-09-18 07:01:07 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-09-18 06:45:08 101888 ----a-w- c:\windows\system32\ifxcardm.dll
2009-09-18 06:45:00 82432 ----a-w- c:\windows\system32\axaltocm.dll
2009-09-18 06:17:36 47560 ----a-w- c:\windows\system32\SPReview.exe
2009-09-18 06:17:36 152576 ----a-w- c:\windows\system32\SPWizUI.dll
2009-09-10 17:30:12 213504 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-10 15:21:53 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-09-10 15:21:07 310784 ----a-w- c:\windows\system32\unregmp2.exe
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2002-03-29 17:09:14 4138 ----a-w- c:\program files\readmeXP_cs330.html
2002-03-08 20:51:54 1159 ----a-w- c:\program files\questionmark.gif
2002-03-08 20:48:14 1190 ----a-w- c:\program files\Splat.gif
2002-03-08 17:32:26 6569 ----a-w- c:\program files\usb.gif
2001-12-13 14:04:54 4487 ----a-w- c:\program files\newportcam.gif
2001-08-07 15:57:42 33867 ----a-w- c:\program files\icam3d2.cat
2001-07-18 19:55:12 9362 ----a-w- c:\program files\icam3d2.inf
2001-07-18 19:55:00 428656 ----a-w- c:\program files\icam3.cab
2000-10-12 14:39:50 3985 ----a-r- c:\program files\intel.gif
2007-08-24 19:24:05 8192 --sha-w- c:\windows\users\default\NTUSER.DAT

============= FINISH: 14:23:49.29 ===============


I am unable to complete the Rootrepeal Report, as it is hanging up and then stops responding. Here is an example of the issues; it seemingly stops at: C:\windows\winsxs\manifests:

Attached File  root_repeal_screenshot.jpg   147.73KB   5 downloads

Attached Files



BC AdBot (Login to Remove)

 


#2 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,833 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:08:25 AM

Posted 18 December 2009 - 03:42 AM

Hello ,
And :( to the Bleeping Computer Malware Removal Forum
. My name is Elise and I'll be glad to help you with your computer problems.


I will be working on your malware issues, this may or may not solve other issues you may have with your machine.

Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.

You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.
-----------------------------------------------------------
If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results. Post both logs (no need to zip attach.txt).
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.

-------------------------------------------------------------
Please be patient and I'd be grateful if you would note the following
  • The cleaning process is not instant. DDS logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen.
  • Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic.
  • The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.
In the meantime please, do NOT install any new programs or update anything unless told to do so while we are fixing your problem

If you still need help, please include the following in your next reply
  • A detailed description of your problems
  • A new DDS log (don't forget attach.txt)
  • GMER log
Please do NOT post any logs as attachment unless you are unable to paste them directly in the Reply box.


Thanks and again sorry for the delay.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#3 TheszEyz

TheszEyz
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:12:25 AM

Posted 18 December 2009 - 03:33 PM

Thank you very much for the response, and the willingness to help. I work from home and my issue was one that required immediate assistance (I only realized the timeframe after posting), and since it was not available, I wiped my harddrive and restored with the factory settings. It was long, hard and cumbersome, as I also dabble in Digital Graphics, but necessary.

I believe what you all are doing is a wonderful asset to the unlearned (such as me), and I appreciate having such a site to refer to and gain assistance. Wishing you all the best this Holiday Season, and always. Do keep up the good work!!

You may close this request and know that I appreciate the offer of assistance!

#4 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,833 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:08:25 AM

Posted 18 December 2009 - 03:42 PM

Thanks, I hope you have good holidays as well :(

This topic is now closed.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users