Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer is shutting down within a minute and shows 'NT AUTHORITY\SYSTEM' as a part of that prompt.


  • This topic is locked This topic is locked
8 replies to this topic

#1 Natick Girly

Natick Girly

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:01 AM

Posted 02 May 2011 - 08:07 AM

Hi Grinler.

I'm a new poster here and like everyone else who finds your site for the first time (I actually have used your rkill in the past though), I am having some type of malware problem.

The error I get is that my computer is shutting down within a minute and shows 'NT AUTHORITY\SYSTEM' as a part of that prompt.

When I googled this, I came up with info for MSBlaster as being the culprit. After using the Symantec W32.Blaster.Worm Removal Tool, it stated that this was not detected, nor did it show up in processes.

Do you know of any type of malware that mirrors MSBlast.exe that I should search for and remove? (and if so - what should I do to remove? ).

I'm at my wits end. I know this worm is years old, so not sure how to proceed.

Thank you for your time. :)

BC AdBot (Login to Remove)

 


#2 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,676 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:07:01 AM

Posted 02 May 2011 - 01:37 PM

Does it say in the message that lsass.exe has shutdown unexpectedly?

You would get that message with msblaster and sasser not because the infection was running on your computer, but due to lsass.exe crashing when an external infected computer tried to infect yours over the network.

Do you have other computers on your network? If you disable those and reboot your problematic one, does the behavior still occur?

#3 Natick Girly

Natick Girly
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:01 AM

Posted 02 May 2011 - 06:47 PM

Does it say in the message that lsass.exe has shutdown unexpectedly?

You would get that message with msblaster and sasser not because the infection was running on your computer, but due to lsass.exe crashing when an external infected computer tried to infect yours over the network.

Do you have other computers on your network? If you disable those and reboot your problematic one, does the behavior still occur?



Thank you for your reply. :)

I don't have any other computers on a network here at home.

As of yesterday and this morning I was getting the message in my previous post, now I am getting "Windows cannot find 'c:\WINDOWS\is=TN7EK.exe'. Make sure you typed the name correctly, and then try again. To search for a file, click the Start button, and then click Search."

I have run Malwarebytes, Webroot Antivirus, and one that I found on this site (Super something) and while they found the usual adware, nothing out of the ordinary besides those have popped up to quarantine.

-NG

#4 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,676 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:07:01 AM

Posted 02 May 2011 - 08:11 PM

I can tell you that c:\WINDOWS\is=TN7EK.exe looks like it was prob malware. It also looks like one of the scans you did was able to remove the infection if you now getting this message. This is just a leftover run entry that is most likely harmless.

This does not mean that there isn't any other malware running on your computer though. You may want to consider getting a more thorough review through this process:

http://www.bleepingcomputer.com/forums/topic34773.html

#5 Natick Girly

Natick Girly
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:01 AM

Posted 02 May 2011 - 08:21 PM

ty. I will look at that link right now and update shortly.

-NG

#6 Natick Girly

Natick Girly
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:01 AM

Posted 02 May 2011 - 08:37 PM

Thank you so much for your time with this.

I am unable to save to Desktop in Safe Mode, so I will post log and Attach - Notepad here (I hope that is okay, I don't really know what else to do in regards to this).


.
DDS (Ver_11-03-05.01) - NTFSx86 NETWORK
Run by HP_Administrator at 21:52:06.50 on Mon 05/02/2011
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_24
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1014.563 [GMT -4:00]
.
AV: Webroot AntiVirus with Spy Sweeper *Enabled/Updated* {77E10C7F-2CCA-4187-9394-BDBC267AD597}
.
============== Running Processes ===============
.
C:\Program Files\Webroot\Security\Current\Framework\WRConsumerService.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Webroot\Security\current\plugins\antimalware\AEI.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75.001\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75.001\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75.001\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75.001\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75.001\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75.001\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75.001\My Documents\Downloads\dds.scr
.
============== Pseudo HJT Report ===============
.
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PAVILION&pf=desktop
mSearchAssistant = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PAVILION&pf=desktop
BHO: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.1203.0\msneshellx.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.1203.0\msneshellx.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
TB: {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No File
uRun: [ctfmon.exe] "c:\windows\system32\ctfmon.exe"
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [Google Update] "c:\documents and settings\hp_administrator.your-4dacd0ea75.001\local settings\application data\google\update\GoogleUpdate.exe" /c
mRun: [ehTray] "c:\windows\ehome\ehtray.exe"
mRun: [RTHDCPL] "RTHDCPL.EXE"
mRun: [igfxhkcmd] "c:\windows\system32\hkcmd.exe"
mRun: [igfxpers] "c:\windows\system32\igfxpers.exe"
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\iaanotif.exe"
mRun: [DISCover] "c:\program files\disc\DISCover.exe"
mRun: [DiscUpdateManager] "c:\program files\disc\DiscUpdMgr.exe"
mRun: [DMAScheduler] "c:\program files\hp digitalmedia archive\DMAScheduler.exe"
mRun: [Recguard] "c:\windows\sminst\RECGUARD.EXE"
mRun: [PCDrProfiler]
mRun: [HPBootOp] "c:\program files\hewlett-packard\hp boot optimizer\HPBootOp.exe" /run
mRun: [Reminder] "c:\windows\creator\Remind_XP.exe"
mRun: [BluetoothAuthenticationAgent] "rundll32.exe" bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [HP Software Update] "c:\program files\hp\hp software update\HPWuSchd2.exe"
mRun: [KodakShareButtonApp] "c:\program files\kodak\kodak share button app\Listener.exe"
mRun: [ISUSPM Startup] "c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe" -startup
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [<NO NAME>]
mRun: [WebrootTrayApp] "c:\program files\webroot\security\current\framework\WRTray.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
Trusted Zone: facebook.com\www
Trusted Zone: intuit.com\ttlc
Trusted Zone: trymedia.com
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
Notify: igfxcui - igfxdev.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\docume~1\hp_adm~1.001\applic~1\mozilla\firefox\profiles\alxjatwp.default\
FF - component: c:\documents and settings\hp_administrator.your-4dacd0ea75.001\application data\mozilla\firefox\profiles\alxjatwp.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\hp_administrator.your-4dacd0ea75.001\application data\mozilla\firefox\profiles\alxjatwp.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCore.dll
FF - plugin: c:\documents and settings\hp_administrator.your-4dacd0ea75.001\local settings\application data\google\update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60310.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox 3.6 beta 5\plugins\np_gp.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\nos\bin\np_gp.dll
.
============= SERVICES / DRIVERS ===============
.
R2 WebrootSpySweeperService;Webroot Spy Sweeper Engine;c:\program files\webroot\security\current\plugins\antimalware\AEI.exe [2011-4-18 3899008]
R2 WRConsumerService;Webroot Client Service;c:\program files\webroot\security\current\framework\WRConsumerService.exe [2011-4-18 3251928]
S2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
S2 SSFMONM;Spy Sweeper File System Filter Driver;c:\windows\system32\drivers\ssfmonm.sys [2011-4-18 45072]
S3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2004-8-10 14336]
.
=============== Created Last 30 ================
.
2011-05-02 14:40:25 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-02 14:40:22 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-02 14:40:22 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-05-02 12:51:28 -------- d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2011-05-02 12:08:25 -------- d-----w- c:\docume~1\hp_adm~1.001\applic~1\Sammsoft
2011-05-02 09:15:14 -------- d-----w- C:\7e5f7b12e8bb220560769b0f7400aa
2011-04-19 00:52:54 45072 ----a-w- c:\windows\system32\drivers\ssfmonm.sys
2011-04-19 00:52:54 24496 ----a-w- c:\windows\system32\drivers\sshrmd.sys
2011-04-19 00:52:54 182056 ----a-w- c:\windows\system32\drivers\ssidrv.sys
2011-04-19 00:51:22 -------- dc-h--w- c:\docume~1\alluse~1\applic~1\{3140EA8C-7399-4EC4-819C-16996F38FCFC}
2011-04-19 00:51:02 -------- d-----w- c:\program files\Webroot
2011-04-19 00:50:17 -------- d-----w- c:\docume~1\alluse~1\applic~1\Webroot
2011-04-17 10:24:45 -------- d-----w- c:\windows\system32\Adobe
2011-04-07 22:57:38 -------- d-----w- c:\windows\SxsCaPendDel
2011-04-05 00:16:25 -------- d-----w- c:\docume~1\hp_adm~1.001\locals~1\applic~1\PackageAware
.
==================== Find3M ====================
.
2011-02-04 22:48:32 456192 ------w- c:\windows\system32\encdec.dll
2011-02-04 22:48:30 291840 ----a-w- c:\windows\system32\sbe.dll
2011-02-03 02:40:23 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-02-03 00:19:39 73728 -c--a-w- c:\windows\system32\javacpl.cpl
2007-11-17 12:19:33 774144 -c--a-w- c:\program files\RngInterstitial.dll
.
============= FINISH: 21:53:28.93 ===============





And then the Attach - Notepad log:


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 3/4/2010 7:15:20 PM
System Uptime: 5/2/2011 9:47:54 PM (0 hours ago)
.
Motherboard: ASUSTek Computer INC. | | LEUCITE
Processor: Intel® Pentium® D CPU 2.80GHz | Socket 775 | 2800/200mhz
Processor: Intel® Pentium® D CPU 2.80GHz | Socket 775 | 2800/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 177 GiB total, 155.144 GiB free.
D: is FIXED (FAT32) - 9 GiB total, 0.419 GiB free.
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable
J: is FIXED (NTFS) - 466 GiB total, 453.026 GiB free.
K: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
Adobe Download Manager
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Shockwave Player 11.5
AiO_Scan
AiO_Scan_CDA
AiOSoftware
AiOSoftwareNPI
BufferChm
C3100
c3100_Help
CameraDrivers
CameraUserGuides
Customer Experience Enhancement
CustomerResearchQFolder
Data Fax SoftModem with SmartCP
Destinations
DISCover
DocProc
DocProcQFolder
DocumentViewer
Easy Internet Sign-up
Enhanced Multimedia Keyboard Solution
eSupportQFolder
Fax
Fax_CDA
Google Chrome
High Definition Audio Driver Package - KB888111
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows Media Player 10 (KB910393)
Hotfix for Windows XP (KB888795)
Hotfix for Windows XP (KB891593)
Hotfix for Windows XP (KB893357)
Hotfix for Windows XP (KB895961)
Hotfix for Windows XP (KB899337)
Hotfix for Windows XP (KB899510)
Hotfix for Windows XP (KB902841)
Hotfix for Windows XP (KB906569)
Hotfix for Windows XP (KB912024)
Hotfix for Windows XP (KB918997)
Hotfix for Windows XP (KB935448)
Hotfix for Windows XP (KB945060-v3)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Boot Optimizer
HP Customer Participation Program 7.0
HP DigitalMedia Archive
HP Document Viewer 6.1
HP DVD Play 2.1
HP Imaging Device Functions 7.0
HP Photosmart Cameras 6.0
HP Photosmart Essential
HP Photosmart for Media Center PC
HP Photosmart, Officejet and Deskjet 7.0.A
HP PSC & OfficeJet 5.3.B
HP Rhapsody
HP Solution Center 7.0
HP Update
HP Web Helper
hpiCamDrvQFolder
HPPhotoSmartExpress
HPProductAssistant
HpSdpAppCoreApp
InstantShareDevicesMFC
Intel Matrix Storage Manager
Intel® Graphics Media Accelerator Driver
Intel® PRO Network Connections Drivers
Intel® Quick Resume Technology Drivers
Intel® Viiv™ Software
J2SE Runtime Environment 5.0 Update 5
Java Auto Updater
Java™ 6 Update 24
KodakShareButtonApp
LightScribe 1.4.84.1
Malwarebytes' Anti-Malware
MarketResearch
Microsoft .NET Framework 1.0 Hotfix (KB953295)
Microsoft .NET Framework 1.0 Hotfix (KB979904)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
Microsoft Works
Mozilla Firefox 4.0 (x86 en-US)
MSN
MSN Toolbar
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB973686)
muvee autoProducer 5.0
muvee autoProducer unPlugged 2.0
NewCopy
NewCopy_CDA
OCR Software by I.R.I.S 7.0
PanoStandAlone
ProductContextNPI
Readme
Realtek High Definition Audio Driver
Scan
ScannerCopy
Security Update for CAPICOM (KB931906)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB944338-v2)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958470)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971032)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165-v2)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB981350)
Security Update for Windows XP (KB982381)
SolutionCenter
Sonic Express Labeler
Sonic MyDVD Plus
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
Status
Toolbox
TrayApp
Unload
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB898461)
Update for Windows XP (KB912945)
Update for Windows XP (KB925720)
Update for Windows XP (KB932823-v3)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB978207)
Update for Windows XP (KB980182)
Update Rollup 2 for Windows XP Media Center Edition 2005
WebFldrs XP
WebReg
Webroot Software
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 8
Windows Media Format Runtime
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB883667
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB892050
Windows XP Hotfix - KB893066
Windows XP Media Center Edition 2005 KB2502898
Windows XP Media Center Edition 2005 KB908246
Windows XP Media Center Edition 2005 KB912067
Windows XP Media Center Edition 2005 KB973768
.
==== Event Viewer Messages From Past Week ========
.
5/2/2011 9:50:02 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Fips intelppm
5/2/2011 9:50:02 PM, error: Service Control Manager [7023] - The System Restore Service service terminated with the following error: The system cannot find the file specified.
5/2/2011 9:48:59 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
5/1/2011 11:35:53 PM, error: Service Control Manager [7022] - The Intel® Quick Resume Technology Drivers service hung on starting.
4/30/2011 11:40:39 PM, error: Service Control Manager [7022] - The Intel® Quick Resume Technology Drivers service hung on starting.
.
==== End Of File ===========================

Edited by Natick Girly, 02 May 2011 - 08:58 PM.


#7 Natick Girly

Natick Girly
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:01 AM

Posted 02 May 2011 - 09:08 PM

I am presently running the GMER log and will continue to Step 9 when it is through and post the DDS log and GMER log in the proper place 'Virus, Trojan, Spyware, and Malware Removal Logs forum' shortly.

Again, thank you very much for your time. I help people all day and night and it's frustrating to need help myself. I know how tough it can be here, with so many crazy issues and your time and attention to issues are both so respected.

:)

#8 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,676 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:07:01 AM

Posted 02 May 2011 - 10:54 PM

I was about to say we need t get these logs in the virus removal forum. I can tell you from a quick glance I do not see anything concerning, but a more thorough analysis will be done in that forum.

#9 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 37,062 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:07:01 AM

Posted 04 May 2011 - 12:51 AM

Hello,

Now that you have posted a log here: http://www.bleepingcomputer.com/forums/topic395197.html you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a MRT Team member, nor should you ask for help elsewhere. Doing so can result in system changes which may not show in the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the MRT Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the MRT Team members are EXTREMELY busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the MRT Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another MRT Team member is already assisting you and not open the thread to respond.

Please be patient. It may take several days to get a response but your log will be reviewed and answered as soon as possible. I advise checking your topic once a day for responses as the e-mail notification system is unreliable.

To avoid confusion, I am closing this topic. Good luck with your log.

Orange Blossom :cherry:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Internet Security, NoScript Firefox ext.


animinionsmalltext.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users