Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Safe Mode all virus programs stop. Computer shuts down


  • Please log in to reply
1 reply to this topic

#1 Zenophobe

Zenophobe

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:02:23 AM

Posted 04 August 2010 - 06:20 PM

I have removed over 900 malware and or virus's from this pc. I ran HijackThis and removed 4 things and was re running SuperAntiSpyware via USB and got father into the scan untill pc shut down on its own. I have rerun HijackThis and here is the log below:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:14:12 PM, on 8/4/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Safe mode with network support

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSExplorer.EXE
F:HijackThis.exe

R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://mystart.incredimail.com/english/
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelper.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:Program FilesJavajre6binjp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:Program FilesJavajre6libdeployjqsiejqs_plugin.dll
O4 - HKLM..Run: [IgfxTray] "C:WINDOWSSystem32igfxtray.exe"
O4 - HKLM..Run: [HotKeysCmds] "C:WINDOWSSystem32hkcmd.exe"
O4 - HKLM..Run: [SynTPLpr] "C:Program FilesSynapticsSynTPSynTPLpr.exe"
O4 - HKLM..Run: [SynTPEnh] "C:Program FilesSynapticsSynTPSynTPEnh.exe"
O4 - HKLM..Run: [markdesktopEPSON Stylus CX4600 Series] "C:WINDOWSSystem32spoolDRIVERSW32X863E_FATI9AA.EXE" /P40 "markdesktopEPSON Stylus CX4600 Series" /O6 "USB001" /M "Stylus CX4600"
O4 - HKLM..Run: [Adobe Reader Speed Launcher] "C:Program FilesAdobeReader 8.0ReaderReader_sl.exe"
O4 - HKLM..Run: [SunJavaUpdateSched] "C:Program FilesJavajre6binjusched.exe"
O4 - HKLM..Run: [AppleSyncNotifier] "C:Program FilesCommon FilesAppleMobile Device SupportbinAppleSyncNotifier.exe"
O4 - HKLM..Run: [QuickTime Task] "C:Program FilesQuickTimeQTTask.exe" -atboottime
O4 - HKLM..Run: [iTunesHelper] "C:Program FilesiTunesiTunesHelper.exe"
O4 - HKCU..Run: [MSMSGS] "C:Program FilesMessengermsmsgs.exe" /background
O4 - HKCU..Run: [IncrediMail] "C:Program FilesIncrediMailbinIncMail.exe" /c
O4 - HKCU..Run: [gStart] C:GarmingStart.exe
O4 - HKCU..Run: [SUPERAntiSpyware] "C:Program FilesSUPERAntiSpywareSUPERAntiSpyware.exe"
O4 - Global Startup: Microsoft Office.lnk = C:Program FilesMicrosoft OfficeOffice10OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:PROGRA~1MICROS~2Office10EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx
O20 - Winlogon Notify: !SASWinLogon - C:Program FilesSUPERAntiSpywareSASWINLO.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:WINDOWSSystem32browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:WINDOWSSystem32browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:Program FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:Program FilesBonjourmDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:Program FilesiPodbiniPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:Program FilesJavajre6binjqs.exe

--
End of file - 3721 bytes

DDS (Ver_10-03-17.01) - NTFSx86
Run by mark at 19:41:53.39 on Wed 08/04/2010
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.478.194 [GMT -4:00]


============== Running Processes ===============

C:WINDOWSsystem32svchost -k DcomLaunch
svchost.exe
C:WINDOWSSystem32svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:WINDOWSExplorer.EXE
C:WINDOWSsystem32spoolsv.exe
C:Program FilesSynapticsSynTPSynTPLpr.exe
C:Program FilesSynapticsSynTPSynTPEnh.exe
C:Program FilesJavajre6binjusched.exe
C:Program FilesiTunesiTunesHelper.exe
C:Program FilesMessengermsmsgs.exe
C:GarmingStart.exe
svchost.exe
C:Program FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe
C:Program FilesBonjourmDNSResponder.exe
C:Program FilesJavajre6binjqs.exe
C:Program FilesiPodbiniPodService.exe
C:WINDOWSsystem32wscntfy.exe
C:WINDOWSsystem32wuauclt.exe
C:Program FilesInternet Exploreriexplore.exe
C:Program FilesJavajre6binjucheck.exe
C:Documents and SettingsmarkDesktopdds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://mystart.incredimail.com/english/
uInternet Settings,ProxyOverride = <local>
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:program filescommon filesadobeacrobatactivexAcroIEHelper.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:program filesjavajre6binjp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:program filesjavajre6libdeployjqsiejqs_plugin.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [MSMSGS] "c:program filesmessengermsmsgs.exe" /background
uRun: [IncrediMail] "c:program filesincredimailbinIncMail.exe" /c
uRun: [gStart] c:garmingStart.exe
uRun: [SUPERAntiSpyware] "c:program filessuperantispywareSUPERAntiSpyware.exe"
mRun: [IgfxTray] "c:windowssystem32igfxtray.exe"
mRun: [HotKeysCmds] "c:windowssystem32hkcmd.exe"
mRun: [SynTPLpr] "c:program filessynapticssyntpSynTPLpr.exe"
mRun: [SynTPEnh] "c:program filessynapticssyntpSynTPEnh.exe"
mRun: [markdesktopEPSON Stylus CX4600 Series] "c:windowssystem32spooldriversw32x863e_fati9aa.exe" /p40 "markdesktopEPSON Stylus CX4600 Series" /O6 "USB001" /M "Stylus CX4600"
mRun: [Adobe Reader Speed Launcher] "c:program filesadobereader 8.0readerReader_sl.exe"
mRun: [SunJavaUpdateSched] "c:program filesjavajre6binjusched.exe"
mRun: [AppleSyncNotifier] "c:program filescommon filesapplemobile device supportbinAppleSyncNotifier.exe"
mRun: [QuickTime Task] "c:program filesquicktimeQTTask.exe" -atboottime
mRun: [iTunesHelper] "c:program filesitunesiTunesHelper.exe"
StartupFolder: c:docume~1alluse~1startm~1programsstartupmicros~1.lnk - c:program filesmicrosoft officeoffice10OSA.EXE
uPolicies-system: EnableProfileQuota = 1 (0x1)
IE: E&xport to Microsoft Excel - c:progra~1micros~2office10EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:program filesmessengermsmsgs.exe
DPF: DirectAnimation Java Classes - file://c:windowsjavaclassesdajava.cab
DPF: Microsoft XML Parser for Java - file://c:windowsjavaclassesxmldso.cab
DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} - hxxps://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:program filescommon filesmicrosoft sharedweb foldersPKMCDO.DLL
Notify: !SASWinLogon - c:program filessuperantispywareSASWINLO.DLL
Notify: igfxcui - igfxsrvc.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:program filessuperantispywareSASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:docume~1markapplic~1mozillafirefoxprofiles3qxpkt37.default
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:documents and settingsmarkapplication datafacebooknpfbplugin_1_0_3.dll
FF - plugin: c:program filesmozilla firefoxpluginsNPMyWebS.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:program filesmozilla firefoxextensions{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:program filesmozilla firefoxgreprefsall.js - pref("ui.use_native_colors", true);
c:program filesmozilla firefoxgreprefsall.js - pref("ui.use_native_popup_windows", false);
c:program filesmozilla firefoxgreprefsall.js - pref("browser.enable_click_image_resizing", true);
c:program filesmozilla firefoxgreprefsall.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:program filesmozilla firefoxgreprefsall.js - pref("javascript.options.mem.high_water_mark", 32);
c:program filesmozilla firefoxgreprefsall.js - pref("javascript.options.mem.gc_frequency", 1600);
c:program filesmozilla firefoxgreprefsall.js - pref("network.IDN.whitelist.lu", true);
c:program filesmozilla firefoxgreprefsall.js - pref("network.IDN.whitelist.nu", true);
c:program filesmozilla firefoxgreprefsall.js - pref("network.IDN.whitelist.nz", true);
c:program filesmozilla firefoxgreprefsall.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:program filesmozilla firefoxgreprefsall.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:program filesmozilla firefoxgreprefsall.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:program filesmozilla firefoxgreprefsall.js - pref("network.IDN.whitelist.tel", true);
c:program filesmozilla firefoxgreprefsall.js - pref("network.auth.force-generic-ntlm", false);
c:program filesmozilla firefoxgreprefsall.js - pref("network.proxy.type", 5);
c:program filesmozilla firefoxgreprefsall.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:program filesmozilla firefoxgreprefsall.js - pref("svg.smil.enabled", false);
c:program filesmozilla firefoxgreprefsall.js - pref("ui.trackpoint_hack.enabled", -1);
c:program filesmozilla firefoxgreprefsall.js - pref("browser.formfill.debug", false);
c:program filesmozilla firefoxgreprefsall.js - pref("browser.formfill.agedWeight", 2);
c:program filesmozilla firefoxgreprefsall.js - pref("browser.formfill.bucketSize", 1);
c:program filesmozilla firefoxgreprefsall.js - pref("browser.formfill.maxTimeGroupings", 25);
c:program filesmozilla firefoxgreprefsall.js - pref("browser.formfill.timeGroupingSize", 604800);
c:program filesmozilla firefoxgreprefsall.js - pref("browser.formfill.boundaryWeight", 25);
c:program filesmozilla firefoxgreprefsall.js - pref("browser.formfill.prefixWeight", 5);
c:program filesmozilla firefoxgreprefsall.js - pref("accelerometer.enabled", true);
c:program filesmozilla firefoxgreprefsall.js - pref("html5.enable", false);
c:program filesmozilla firefoxgreprefssecurity-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:program filesmozilla firefoxgreprefssecurity-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:program filesmozilla firefoxgreprefssecurity-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:program filesmozilla firefoxgreprefssecurity-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:program filesmozilla firefoxgreprefssecurity-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:program filesmozilla firefoxdefaultspreffirefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:program filesmozilla firefoxdefaultspreffirefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:program filesmozilla firefoxdefaultspreffirefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:program filesmozilla firefoxdefaultspreffirefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:program filesmozilla firefoxdefaultspreffirefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:program filesmozilla firefoxdefaultspreffirefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:program filesmozilla firefoxdefaultspreffirefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:program filesmozilla firefoxdefaultspreffirefox.js - pref("lightweightThemes.update.enabled", true);
c:program filesmozilla firefoxdefaultspreffirefox.js - pref("browser.allTabs.previews", false);
c:program filesmozilla firefoxdefaultspreffirefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:program filesmozilla firefoxdefaultspreffirefox.js - pref("plugins.update.notifyUser", false);
c:program filesmozilla firefoxdefaultspreffirefox.js - pref("toolbar.customization.usesheet", false);
c:program filesmozilla firefoxdefaultspreffirefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:program filesmozilla firefoxdefaultspreffirefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:program filesmozilla firefoxdefaultspreffirefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:program filesmozilla firefoxdefaultspreffirefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:program filesmozilla firefoxdefaultspreffirefox.js - pref("dom.ipc.plugins.enabled", false);
c:program filesmozilla firefoxdefaultspreffirefox.js - pref("browser.taskbar.previews.enable", false);
c:program filesmozilla firefoxdefaultspreffirefox.js - pref("browser.taskbar.previews.max", 20);
c:program filesmozilla firefoxdefaultspreffirefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R1 SASDIFSV;SASDIFSV;c:program filessuperantispywaresasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:program filessuperantispywareSASKUTIL.SYS [2010-5-10 67656]
S3 MBAMSwissArmy;MBAMSwissArmy;c:windowssystem32driversmbamswissarmy.sys [2010-8-4 38224]

=============== Created Last 30 ================

2010-08-04 23:40:43 0 ----a-w- c:documents and settingsmarkdefogger_reenable
2010-08-04 20:29:36 0 d-s---w- C:ComboFix
2010-08-04 20:24:50 0 d-----w- c:docume~1markapplic~1Malwarebytes
2010-08-04 20:24:45 38224 ----a-w- c:windowssystem32driversmbamswissarmy.sys
2010-08-04 20:24:44 0 d-----w- c:docume~1alluse~1applic~1Malwarebytes
2010-08-04 20:24:43 20952 ----a-w- c:windowssystem32driversmbam.sys
2010-08-04 20:24:43 0 d-----w- c:program filesMalwarebytes' Anti-Malware
2010-08-04 19:50:33 0 d-sha-r- C:cmdcons
2010-08-04 19:48:15 98816 ----a-w- c:windowssed.exe
2010-08-04 19:48:15 77312 ----a-w- c:windowsMBR.exe
2010-08-04 19:48:15 256512 ----a-w- c:windowsPEV.exe
2010-08-04 19:48:15 161792 ----a-w- c:windowsSWREG.exe
2010-08-04 00:37:30 0 d-----w- c:docume~1markapplic~1SUPERAntiSpyware.com
2010-08-04 00:37:30 0 d-----w- c:docume~1alluse~1applic~1SUPERAntiSpyware.com
2010-08-04 00:37:11 0 d-----w- c:program filesSUPERAntiSpyware
2010-07-25 22:09:35 0 d-----w- c:program filesWebroot

==================== Find3M ====================


============= FINISH: 19:42:13.14 ===============



UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Professional
Boot Device: DeviceHarddiskVolume1
Install Date: 10/2/2007 4:22:21 PM
System Uptime: 8/4/2010 7:29:59 PM (0 hours ago)

Motherboard: Quanta | | 09B8
Processor: IntelŪ PentiumŪ M processor 1.50GHz | U1 | 1496/100mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 20 GiB total, 7.383 GiB free.
D: is FIXED (NTFS) - 55 GiB total, 4.447 GiB free.
E: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID:
Description: Video Controller (VGA Compatible)
Device ID: PCIVEN_8086&DEV_3582&SUBSYS_3080103C&REV_023&61AAA01&0&10
Manufacturer:
Name: Video Controller (VGA Compatible)
PNP Device ID: PCIVEN_8086&DEV_3582&SUBSYS_3080103C&REV_023&61AAA01&0&10
Service:

Class GUID:
Description: Video Controller
Device ID: PCIVEN_8086&DEV_3582&SUBSYS_3080103C&REV_023&61AAA01&0&11
Manufacturer:
Name: Video Controller
PNP Device ID: PCIVEN_8086&DEV_3582&SUBSYS_3080103C&REV_023&61AAA01&0&11
Service:

==== System Restore Points ===================

RP127: 3/5/2010 11:13:18 AM - System Checkpoint
RP128: 3/6/2010 4:41:13 PM - System Checkpoint
RP129: 3/17/2010 12:07:57 PM - Software Distribution Service 3.0
RP130: 3/20/2010 9:08:55 AM - System Checkpoint
RP131: 3/20/2010 9:58:27 AM - Installed H&R Block Deluxe + Efile 2009.
RP132: 3/20/2010 10:00:38 AM - Installed DeductionPro 2009
RP133: 3/31/2010 5:52:46 PM - Software Distribution Service 3.0
RP134: 4/3/2010 11:49:55 AM - System Checkpoint
RP135: 4/6/2010 3:42:16 PM - System Checkpoint
RP136: 4/8/2010 7:57:54 AM - System Checkpoint
RP137: 4/16/2010 4:58:38 PM - System Checkpoint
RP138: 4/16/2010 5:47:43 PM - Software Distribution Service 3.0
RP139: 5/10/2010 9:53:43 AM - System Checkpoint
RP140: 5/13/2010 1:52:08 PM - Software Distribution Service 3.0
RP141: 5/19/2010 2:07:32 PM - System Checkpoint
RP142: 5/21/2010 10:38:43 AM - System Checkpoint
RP143: 5/26/2010 10:39:58 AM - System Checkpoint
RP144: 5/26/2010 5:10:42 PM - Software Distribution Service 3.0
RP145: 5/30/2010 11:13:18 AM - System Checkpoint
RP146: 6/11/2010 7:41:04 PM - Software Distribution Service 3.0
RP147: 6/23/2010 6:12:51 PM - System Checkpoint
RP148: 6/27/2010 5:03:34 PM - System Checkpoint
RP149: 7/5/2010 9:14:08 PM - Removed Full Tilt Poker
RP150: 8/4/2010 3:48:35 PM - ComboFix created restore point
RP151: 8/4/2010 4:23:42 PM - Removed Safari

==== Installed Programs ======================

Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Media Player
Adobe Reader 8.1.2
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AVS Image Converter 1.1.3.71
AVS Update Manager 1.0
AVS4YOU Software Navigator 1.3
Bonjour
Conexant AC-Link Audio
DeductionPro 2009
EPSON Printer Software
Facebook Plug-In
Garmin Communicator Plugin
Garmin Training Center v5
Garmin USB Drivers
H&R Block Deluxe + Efile 2009
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
IncrediMail Xe
iTunes
Java™ 6 Update 17
Malwarebytes' Anti-Malware
Microsoft Office XP Professional with FrontPage
Microsoft Visual C++ 2005 Redistributable
MobileMe Control Panel
Mozilla Firefox (3.6.6)
QuickTime
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB944338-v2)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958470)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971032)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974455)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB976325)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB981350)
Security Update for Windows XP (KB982381)
SoftV90 Data Fax Modem with SmartCP
SUPERAntiSpyware
Synaptics Pointing Device Driver
TaxCut Premium + Efile 2008
Texas Instruments PCIxx21/x515 drivers.
TIxx21/x515
Update for Windows XP (KB898461)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB976749)
Update for Windows XP (KB978207)
Update for Windows XP (KB980182)
WebFldrs XP
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
Windows Installer 3.1 (KB893803)
Windows Media Format Runtime
Windows XP Hotfix - KB885884
Windows XP Service Pack 2

==== Event Viewer Messages From Past Week ========

8/4/2010 4:28:39 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Fips intelppm SASDIFSV SASKUTIL
8/4/2010 4:28:39 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the WZCSVC service.
8/4/2010 4:28:39 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the dmserver service.
8/4/2010 4:28:39 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the CryptSvc service.
8/4/2010 4:28:39 PM, error: Service Control Manager [7001] - The Windows Firewall/Internet Connection Sharing (ICS) service depends on the Network Connections service which failed to start because of the following error: The service has not been started.
8/4/2010 4:28:39 PM, error: Service Control Manager [7001] - The Security Center service depends on the Windows Management Instrumentation service which failed to start because of the following error: The service has not been started.
8/4/2010 4:28:39 PM, error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The service has not been started.
8/4/2010 4:28:39 PM, error: Service Control Manager [7000] - The Server service failed to start due to the following error: The service has not been started.
8/4/2010 4:28:39 PM, error: Service Control Manager [7000] - The Network Connections service failed to start due to the following error: The service has not been started.
8/4/2010 4:28:39 PM, error: Service Control Manager [7000] - The Network Connections service failed to start due to the following error: All pipe instances are busy.
8/4/2010 4:28:39 PM, error: Service Control Manager [7000] - The Logical Disk Manager service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
8/4/2010 4:28:39 PM, error: Service Control Manager [7000] - The CryptSvc service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
8/4/2010 4:28:04 PM, error: DCOM [10005] - DCOM got error "%231" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
8/4/2010 4:20:05 PM, error: PlugPlayManager [11] - The device RootLEGACY_SSIDRV0000 disappeared from the system without first being prepared for removal.
8/4/2010 4:20:05 PM, error: PlugPlayManager [11] - The device RootLEGACY_SSHRMD0000 disappeared from the system without first being prepared for removal.
8/4/2010 4:20:05 PM, error: PlugPlayManager [11] - The device RootLEGACY_SSFS0BBC0000 disappeared from the system without first being prepared for removal.
8/4/2010 4:19:58 PM, error: Service Control Manager [7034] - The Webroot Spy Sweeper Engine service terminated unexpectedly. It has done this 1 time(s).
8/4/2010 4:19:43 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
8/4/2010 4:17:53 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
8/4/2010 3:46:48 PM, error: Service Control Manager [7034] - The AVG7 Update Service service terminated unexpectedly. It has done this 1 time(s).
8/4/2010 3:43:16 PM, error: Service Control Manager [7034] - The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).
8/3/2010 9:33:36 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Avg7Core Avg7RsW Avg7RsXP Fips intelppm SASDIFSV SASKUTIL
8/3/2010 9:32:24 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service upnphost with arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}
8/3/2010 8:43:38 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Avg7Core Avg7RsW Avg7RsXP Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SASDIFSV SASKUTIL Tcpip
8/3/2010 8:43:38 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD Networking Support Environment service which failed to start because of the following error: A device attached to the system is not functioning.
8/3/2010 8:43:38 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
8/3/2010 8:43:38 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
8/3/2010 8:43:38 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
8/3/2010 8:43:38 PM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
8/3/2010 8:43:38 PM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
8/3/2010 8:43:00 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
8/3/2010 8:42:51 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
8/3/2010 8:34:14 PM, error: ipnathlp [32003] - The Network Address Translator (NAT) was unable to request an operation of the kernel-mode translation module. This may indicate misconfiguration, insufficient resources, or an internal error. The data is the error code.
8/3/2010 8:30:54 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
7/28/2010 6:24:03 PM, error: ssidrv [26] -
7/28/2010 6:18:27 PM, error: Service Control Manager [7034] - The Webroot Client Service service terminated unexpectedly. It has done this 1 time(s).
7/28/2010 5:55:35 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the drv service to connect.
7/28/2010 5:55:35 PM, error: Service Control Manager [7000] - The drv service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
7/28/2010 5:55:35 PM, error: Service Control Manager [7000] - The adfs service failed to start due to the following error: The system cannot find the file specified.
7/28/2010 5:55:21 PM, error: Ftdisk [49] - Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory.
7/28/2010 5:55:21 PM, error: Ftdisk [45] - The system could not sucessfully load the crash dump driver.

==== End Of File ===========================


GMER would not complete PC shuts down byitself.

Edited by hamluis, 04 August 2010 - 07:10 PM.
Merged posts ~ Hamluis.


BC AdBot (Login to Remove)

 


#2 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:02:23 AM

Posted 13 August 2010 - 07:06 AM

Hello Zenophobe

Welcome to BleepingComputer smile.gif
==========================
  • Download OTL to your desktop.
  • Double click on OTL to run it.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Under Custom scan's and fixes section paste in the below in bold

    netsvcs
    %SYSTEMDRIVE%\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\drivers\*.sys /90
    %systemroot%\system32\Spool\prtprocs\w32x86\*.dll

  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users