Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows 7 Recovery Attack - Help


  • This topic is locked This topic is locked
3 replies to this topic

#1 trophywife12

trophywife12

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:10:29 PM

Posted 15 June 2011 - 07:51 PM

My netbook was hit by the Windows 7 Recovery virus and is almost inoperable. Any help would be appreciated.
Here are my DDS logs.


.
DDS (Ver_2011-06-12.02) - NTFSx86 NETWORK
Internet Explorer: 8.0.7600.16385
Run by 1 at 19:51:32 on 2011-06-11
Microsoft Windows 7 Starter 6.1.7600.0.1252.1.1033.18.1013.491 [GMT -5:00]
.
AV: Norton Internet Security Netbook Edition *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security Netbook Edition *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
FW: Norton Internet Security Netbook Edition *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\windows\Explorer.EXE
C:\windows\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\windows\System32\svchost.exe -k secsvcs
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\conhost.exe
C:\windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\17.8.0.5\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\17.8.0.5\IPSBHO.DLL
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\mif5ba~1\office12\GR469A~1.DLL
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5805.1910\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\17.8.0.5\coIEPlg.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [LvKhfngL2zcAppData\Local\Temp\3038774161.exe] c:\users\1\appdata\local\temp\3038774161.exe
uRun: [LvKhfngruf] c:\users\1\appdata\local\temp\wininst.exe
uRun: [LvKhfngM20cAppData\Local\Temp\1639674059.exe] c:\users\1\appdata\local\temp\1639674059.exe
uRun: [LvKhfngL00cAppData\Local\Temp\1238080955.exe] c:\users\1\appdata\local\temp\1238080955.exe
uRun: [LvKhfngN11cAppData\Local\Temp\1948725628.exe] c:\users\1\appdata\local\temp\1948725628.exe
uRun: [LvKhfngL1zcAppData\Local\Temp\1076372940.exe] c:\users\1\appdata\local\temp\1076372940.exe
uRun: [LvKhfngL10cAppData\Local\Temp\1089320963.exe] c:\users\1\appdata\local\temp\1089320963.exe
uRun: [LvKhfngMx1cAppData\Local\Temp\1642004486.exe] c:\users\1\appdata\local\temp\1642004486.exe
uRun: [LvKhfngM02cAppData\Local\Temp\2347073984.exe] c:\users\1\appdata\local\temp\2347073984.exe
uRun: [LvKhfngMz1cAppData\Local\Temp\2533446593.exe] c:\users\1\appdata\local\temp\2533446593.exe
uRun: [LvKhfngM1zcAppData\Local\Temp\3150795370.exe] c:\users\1\appdata\local\temp\3150795370.exe
uRun: [LvKhfngN01cAppData\Local\Temp\3822863179.exe] c:\users\1\appdata\local\temp\3822863179.exe
uRun: [LvKhfngM1ycAppData\Local\Temp\2590940263.exe] c:\users\1\appdata\local\temp\2590940263.exe
uRun: [LvKhfngM21cAppData\Local\Temp\2397819452.exe] c:\users\1\appdata\local\temp\2397819452.exe
uRun: [LvKhfngN0P\AppData\Local\Temp\4616901.exe] c:\users\1\appdata\local\temp\4616901.exe
uRun: [LvKhfngNz2cAppData\Local\Temp\1731908594.exe] c:\users\1\appdata\local\temp\1731908594.exe
uRun: [LvKhfngN00cAppData\Local\Temp\1737368604.exe] c:\users\1\appdata\local\temp\1737368604.exe
uRun: [LvKhfngM3xcAppData\Local\Temp\2497490070.exe] c:\users\1\appdata\local\temp\2497490070.exe
uRun: [LvKhfngM20cAppData\Local\Temp\1683684903.exe] c:\users\1\appdata\local\temp\1683684903.exe
uRun: [LvKhfngM33cAppData\Local\Temp\4039897966.exe] c:\users\1\appdata\local\temp\4039897966.exe
uRun: [LvKhfngM0ycAppData\Local\Temp\3316731109.exe] c:\users\1\appdata\local\temp\3316731109.exe
uRun: [LvKhfngL02cAppData\Local\Temp\1146275497.exe] c:\users\1\appdata\local\temp\1146275497.exe
uRun: [LvKhfngL10cAppData\Local\Temp\1138903482.exe] c:\users\1\appdata\local\temp\1138903482.exe
uRun: [LvKhfngM20cAppData\Local\Temp\4148679361.exe] c:\users\1\appdata\local\temp\4148679361.exe
uRun: [LvKhfngN21cAppData\Local\Temp\1855773980.exe] c:\users\1\appdata\local\temp\1855773980.exe
uRun: [LvKhfngMy0cAppData\Local\Temp\2316319235.exe] c:\users\1\appdata\local\temp\2316319235.exe
uRun: [LvKhfnglb1\AppData\Local\Temp\debug.exe] c:\users\1\appdata\local\temp\debug.exe
uRun: [LvKhfngL31cAppData\Local\Temp\3058797419.exe] c:\users\1\appdata\local\temp\3058797419.exe
uRun: [LvKhfngMz0cAppData\Local\Temp\3319404175.exe] c:\users\1\appdata\local\temp\3319404175.exe
uRun: [LvKhfngN03cAppData\Local\Temp\2704679865.exe] c:\users\1\appdata\local\temp\2704679865.exe
uRun: [LvKhfngN11cAppData\Local\Temp\2923690785.exe] c:\users\1\appdata\local\temp\2923690785.exe
uRun: [LvKhfngN12cAppData\Local\Temp\2743886876.exe] c:\users\1\appdata\local\temp\2743886876.exe
uRun: [LvKhfngO22cAppData\Local\Temp\3938978925.exe] c:\users\1\appdata\local\temp\3938978925.exe
uRun: [LvKhfngLzycAppData\Local\Temp\1151633024.exe] c:\users\1\appdata\local\temp\1151633024.exe
uRun: [LvKhfngM11cAppData\Local\Temp\3259609247.exe] c:\users\1\appdata\local\temp\3259609247.exe
uRun: [LvKhfngM01cAppData\Local\Temp\1331579470.exe] c:\users\1\appdata\local\temp\1331579470.exe
uRun: [LvKhfngoe1\AppData\Local\Temp\avp.exe] c:\users\1\appdata\local\temp\avp.exe
uRun: [LvKhfngre1\AppData\Local\Temp\win.exe] c:\users\1\appdata\local\temp\win.exe
uRun: [LvKhfngsfP] c:\users\1\appdata\local\temp\nvsvc32.exe
uRun: [LvKhfngN0P0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3] c:\users\1\appdata\local\temp\4616901.exe
uRun: [LvKhfnguuc] c:\users\1\appdata\local\temp\system.exe
uRun: [LvKhfngoA] c:\users\1\appdata\local\temp\avp32.exe
uRun: [LvKhfngl/] c:\users\1\appdata\local\temp\gdi32.exe
uRun: [LvKhfngpb] c:\users\1\appdata\local\temp\login.exe
uRun: [LvKhfngmve] c:\users\1\appdata\local\temp\hexdump.exe
uRun: [LvKhfngob] c:\users\1\appdata\local\temp\drweb.exe
uRun: [LvKhfngupf] c:\users\1\appdata\local\temp\sysedit.exe
uRun: [LvKhfngnb] c:\users\1\appdata\local\temp\cmd.exe
uRun: [LvKhfngre] c:\users\1\appdata\local\temp\smss.exe
uRun: [LvKhfngrvg] c:\users\1\appdata\local\temp\spoolsv.exe
uRun: [LvKhfngrA] c:\users\1\appdata\local\temp\win32.exe
uRun: [LvKhfngmtd] c:\users\1\appdata\local\temp\iexplarer.exe
uRun: [LvKhfngtrf] c:\users\1\appdata\local\temp\svchost.exe
uRun: [LvKhfngoh] c:\users\1\appdata\local\temp\csrss.exe
uRun: [LvKhfngosf] c:\users\1\appdata\local\temp\taskmgr.exe
uRun: [LvKhfngpta] c:\users\1\appdata\local\temp\services.exe
uRun: [LvKhfngqd] c:\users\1\appdata\local\temp\lsass.exe
uRun: [LvKhfngne] c:\users\1\appdata\local\temp\mdm.exe
uRun: [LvKhfngoe] c:\users\1\appdata\local\temp\avp.exe
uRun: [LvKhfngrsc] c:\users\1\appdata\local\temp\winlogon.exe
uRun: [LvKhfngta] c:\users\1\appdata\local\temp\user.exe
uRun: [LvKhfnglb] c:\users\1\appdata\local\temp\debug.exe
uRun: [LvKhfngrrc] c:\users\1\appdata\local\temp\winamp.exe
mRun: [<NO NAME>]
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
mRun: [RtHDVBg] c:\program files\realtek\audio\hda\RtHDVBg.exe /FORPCEE3
mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun: [SVPWUTIL] c:\program files\toshiba\utilities\SVPWUTIL.exe SVPwUTIL
mRun: [HWSetup] c:\program files\toshiba\utilities\HWSetup.exe hwSetUP
mRun: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
mRun: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
mRun: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
mRun: [KeNotify] c:\program files\toshiba\utilities\KeNotify.exe
mRun: [TWebCamera] "c:\program files\toshiba\toshiba web camera application\TWebCamera.exe" autorun
mRun: [ToshibaServiceStation] "c:\program files\toshiba\toshiba service station\ToshibaServiceStation.exe" /hide:60
mRun: [TosVolRegulator] c:\program files\toshiba\tosvolregulator\TosVolRegulator.exe
mRun: [TosSENotify] c:\program files\toshiba\toshiba hdd ssd alert\TosWaitSrv.exe
mRun: [TosNC] %ProgramFiles%\Toshiba\BulletinBoard\TosNcCore.exe
mRun: [TosReelTimeMonitor] %ProgramFiles%\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
StartupFolder: c:\users\1\appdata\roaming\micros~1\windows\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\mif5ba~1\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\mif5ba~1\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mif5ba~1\office12\REFIEBAR.DLL
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} - hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocx
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
TCP: DhcpNameServer = 68.87.68.166 68.87.74.166
TCP: Interfaces\{745DF5CC-55B3-45B7-8752-CBCDCD3353FA} : DhcpNameServer = 68.87.68.166 68.87.74.166
TCP: Interfaces\{745DF5CC-55B3-45B7-8752-CBCDCD3353FA}\65562796A7F6E602D496649623230303023464639302355636572756 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{745DF5CC-55B3-45B7-8752-CBCDCD3353FA}\E4544574541425 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{D23942A1-F9C1-42D7-9737-C3D0AB5C90A6} : DhcpNameServer = 100.100.0.101
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\mif5ba~1\office12\GRA32A~1.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\mif5ba~1\office12\GR469A~1.DLL
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nis\1108000.005\symds.sys [2010-9-24 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1108000.005\symefa.sys [2010-9-24 173104]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2010-5-24 277536]
S1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.5.0.127\definitions\bashdefs\20100810.004\BHDrvx86.sys [2010-8-9 692272]
S1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nis\1108000.005\cchpx86.sys [2010-9-24 501888]
S1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.5.0.127\definitions\ipsdefs\20100906.001\IDSvix86.sys [2010-9-6 344112]
S1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nis\1108000.005\ironx86.sys [2010-9-24 116784]
S1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\nis\1108000.005\symtdiv.sys [2010-9-24 339504]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 cvhsvc;Client Virtualization Handler;c:\program files\common files\microsoft shared\virtualization handler\CVHSVC.EXE [2010-2-28 821664]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-8-25 135664]
S2 NIS;Norton Internet Security;c:\program files\norton internet security\engine\17.8.0.5\ccsvchst.exe [2010-9-24 126392]
S2 sftlist;Application Virtualization Client;c:\program files\microsoft application virtualization client\sftlist.exe [2009-12-2 483688]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-8-13 102448]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-8-25 135664]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 PGEffect;Pangu effect driver;c:\windows\system32\drivers\PGEffect.sys [2010-5-24 24064]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2010-5-24 189984]
S3 Sftfs;Sftfs;c:\windows\system32\drivers\Sftfslh.sys [2009-12-2 550760]
S3 Sftplay;Sftplay;c:\windows\system32\drivers\Sftplaylh.sys [2009-12-2 195944]
S3 Sftredir;Sftredir;c:\windows\system32\drivers\Sftredirlh.sys [2009-12-2 21864]
S3 Sftvol;Sftvol;c:\windows\system32\drivers\Sftvollh.sys [2009-12-2 19304]
S3 sftvsa;Application Virtualization Service Agent;c:\program files\microsoft application virtualization client\sftvsa.exe [2009-12-2 209768]
S3 TMachInfo;TMachInfo;c:\program files\toshiba\toshiba service station\TMachInfo.exe [2010-5-24 51512]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\toshiba\toshiba hdd ssd alert\TosSmartSrv.exe [2010-2-5 111960]
.
=============== Created Last 30 ================
.
2011-06-10 22:37:41 7071056 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{80ad4c53-d58b-4fb2-ae4f-1f434f82da2a}\mpengine.dll
2011-06-05 03:03:17 -------- d-----w- c:\program files\Coupons
2011-05-24 22:45:31 -------- d-----w- c:\windows\system32\MpEngineStore
2011-05-24 01:19:26 -------- d-----w- c:\users\1\appdata\roaming\UAs
2011-05-24 00:18:23 112 ----a-w- c:\users\1\appdata\roaming\srvblck2.tmp
2011-05-24 00:18:16 -------- d-----w- c:\users\1\appdata\roaming\xmldm
2011-05-24 00:18:12 -------- d-----w- c:\users\1\appdata\roaming\kock
.
==================== Find3M ====================
.
2011-04-09 06:13:06 3957632 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-04-09 06:13:06 3901824 ----a-w- c:\windows\system32\ntoskrnl.exe
.
============= FINISH: 19:54:03.83 ===============



.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-12.02)
.
Microsoft Windows 7 Starter
Boot Device: \Device\HarddiskVolume1
Install Date: 8/9/2010 11:53:27 AM
System Uptime: 6/11/2011 7:42:18 PM (0 hours ago)
.
Motherboard: TOSHIBA | | PAV10 DDR2
Processor: Intel® Atom™ CPU N455 @ 1.66GHz | U2E1 | 1662/mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 224 GiB total, 193.691 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: Symantec Vista Network Dispatch Driver
Device ID: ROOT\LEGACY_SYMTDIV\0000
Manufacturer:
Name: Symantec Vista Network Dispatch Driver
PNP Device ID: ROOT\LEGACY_SYMTDIV\0000
Service: SYMTDIv
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: Security Processor Loader Driver
Device ID: ROOT\LEGACY_SPLDR\0000
Manufacturer:
Name: Security Processor Loader Driver
PNP Device ID: ROOT\LEGACY_SPLDR\0000
Service: spldr
.
==== System Restore Points ===================
.
RP98: 4/14/2011 7:37:09 PM - Windows Update
RP99: 4/15/2011 9:06:21 PM - Windows Update
RP100: 4/19/2011 9:09:45 PM - Windows Update
RP101: 4/22/2011 8:09:16 PM - Windows Update
RP102: 4/26/2011 5:35:43 PM - Windows Update
RP103: 4/29/2011 10:37:49 PM - Windows Update
RP104: 5/4/2011 6:22:58 PM - Windows Update
RP105: 5/5/2011 9:22:41 PM - Windows Update
RP106: 5/6/2011 10:35:15 PM - Windows Update
RP107: 5/10/2011 8:57:26 PM - Windows Update
RP108: 5/13/2011 3:44:23 PM - Windows Update
RP109: 5/17/2011 8:53:27 PM - Windows Update
RP110: 5/22/2011 8:31:02 PM - Windows Update
RP111: 5/22/2011 8:33:41 PM - Windows Update
RP112: 5/24/2011 3:10:58 PM - Windows Update
RP113: 5/24/2011 10:35:36 PM - Windows Update
RP114: 5/27/2011 10:56:17 PM - Windows Update
RP115: 5/31/2011 9:24:42 PM - Windows Update
RP116: 6/3/2011 10:23:00 PM - Windows Update
RP117: 6/6/2011 8:51:45 PM - Restore Operation
RP118: 6/6/2011 9:23:04 PM - Windows Update
RP119: 6/7/2011 10:44:40 PM - Windows Update
RP120: 6/10/2011 7:48:49 AM - Restore Operation
.
==== Installed Programs ======================
.
Adobe Flash Player 10 ActiveX
Adobe Reader 9.3
Atheros Driver Installation Program
Best Buy Software Installer
Compatibility Pack for the 2007 Office system
ERUNT 1.1j
Google Toolbar for Internet Explorer
Google Update Helper
Hotfix for Office (KB975927)
Intel® Graphics Media Accelerator Driver
Intel® Matrix Storage Manager
Java™ 6 Update 14
Junk Mail filter update
Malwarebytes' Anti-Malware
MDL Chime/Chime Pro for Internet Explorer
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Click-to-Run 2010
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Works
MSVCRT
MSXML 4.0 SP3 Parser (KB973685)
Norton Internet Security
Realtek Ethernet Controller Driver For Windows 7
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
Respondus LockDown Browser
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Skype Toolbars
Skype™ 4.2
SUPERAntiSpyware
Synaptics Pointing Device Driver
TOSHIBA Application and Driver Installer
TOSHIBA Assist
TOSHIBA Bulletin Board
TOSHIBA Flash Cards Support Utility
TOSHIBA Hardware Setup
TOSHIBA HDD/SSD Alert
TOSHIBA Media Controller
TOSHIBA Quality Application
TOSHIBA Recovery Media Creator
TOSHIBA ReelTime
TOSHIBA Service Station
TOSHIBA Supervisor Password
TOSHIBA Value Added Package
TOSHIBA Web Camera Application
ToshibaRegistration
Update for Microsoft Office Word 2007 (KB974631)
Utility Common Driver
Virtual Families
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
.
==== Event Viewer Messages From Past Week ========
.
6/7/2011 10:29:25 PM, Error: Service Control Manager [7043] - The Windows Update service did not shut down properly after receiving a preshutdown control.
6/6/2011 9:20:48 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
6/6/2011 9:18:59 PM, Error: iaStor [9] - The device, \Device\Ide\iaStor0, did not respond within the timeout period.
6/6/2011 8:40:24 PM, Error: Service Control Manager [7001] - The MBAMService service depends on the MBAMProtector service which failed to start because of the following error: The system cannot find the file specified.
6/6/2011 8:40:24 PM, Error: Service Control Manager [7000] - The MBAMProtector service failed to start due to the following error: The system cannot find the file specified.
6/5/2011 9:18:08 PM, Error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{745DF5CC-55B3-45B7-8752-CBCDCD3353FA} because another computer on the network has the same name. The server could not start.
6/5/2011 9:18:08 PM, Error: NetBT [4321] - The name "1-PC :20" could not be registered on the interface with IP address 192.168.1.100. The computer with the IP address 192.168.1.101 did not allow the name to be claimed by this computer.
6/5/2011 9:17:53 PM, Error: NetBT [4321] - The name "1-PC :0" could not be registered on the interface with IP address 192.168.1.100. The computer with the IP address 192.168.1.101 did not allow the name to be claimed by this computer.
6/11/2011 7:48:06 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F}
6/11/2011 7:48:05 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
6/11/2011 7:43:02 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
6/11/2011 7:43:01 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
6/11/2011 7:43:01 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
6/11/2011 7:42:57 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
6/11/2011 7:42:55 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
6/11/2011 7:42:50 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
6/11/2011 7:42:46 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: BHDrvx86 ccHP cdrom discache eeCtrl IDSVix86 SASDIFSV SASKUTIL spldr SRTSPX SymIRON SYMTDIv Wanarpv6
6/11/2011 7:42:44 PM, Error: Service Control Manager [7001] - The Client Virtualization Handler service depends on the Application Virtualization Client service which failed to start because of the following error: The dependency service or group failed to start.
6/11/2011 7:41:51 PM, Error: Service Control Manager [7023] - The Server service terminated with the following error: The data is invalid.
6/11/2011 7:41:41 PM, Error: Service Control Manager [7000] - The Portable Device Enumerator Service service failed to start due to the following error: A system shutdown is in progress.
6/11/2011 7:41:40 PM, Error: Service Control Manager [7038] - The WdiServiceHost service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
6/11/2011 7:41:40 PM, Error: Service Control Manager [7038] - The netprofm service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The security account manager (SAM) or local security authority (LSA) server was in the wrong state to perform the security operation. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
6/11/2011 7:41:40 PM, Error: Service Control Manager [7000] - The Network List Service service failed to start due to the following error: The service did not start due to a logon failure.
6/11/2011 7:41:40 PM, Error: Service Control Manager [7000] - The Diagnostic Service Host service failed to start due to the following error: The service did not start due to a logon failure.
6/11/2011 7:41:36 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: cdrom
6/10/2011 9:54:59 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
6/10/2011 8:28:26 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the NIS service.
6/10/2011 7:50:30 AM, Error: Microsoft-Windows-DNS-Client [1012] - There was an error while attempting to read the local hosts file.
6/10/2011 5:24:17 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
6/10/2011 10:01:03 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Browser service.
.
==== End Of File ===========================

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:29 PM

Posted 21 June 2011 - 11:44 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • Please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.


The first thing I would like you to do is run this for me - http://download.bleepingcomputer.com/grinler/unhide.exe after it is complete restart the computer and continue with these steps


Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Under the Custom Scan box paste this in

    %TEMP%\smtmp\*.* /s

  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTListIt.txt in your next reply.


information and logs:

  • In your next post I need the following

  • .logs from OTL
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:29 PM

Posted 25 June 2011 - 02:38 PM

Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:29 PM

Posted 28 June 2011 - 02:47 AM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users