Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

System Errors, BSOD's, Program Crashing


  • Please log in to reply
17 replies to this topic

#1 speckstatus

speckstatus

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:22 PM

Posted 14 March 2012 - 08:19 PM

I would really appreciate any input on this. I'm having problems with my Dell laptop since removing numerous trojans over time. Iím running Windows XP 32-bit, service pack 3. Iím getting recurring system errors. Programs are crashing randomly. Iíve had a few BSODís, one relating to lyb.sys. Also, my computer now only shows my desktop background after booting up. I have to ctrl+alt+del and start ďexplorerĒ via a ďnew taskĒ to get my desktop icons and toolbar back. Iím getting system errors that all point back to netevent.dll. The errors are the following:

Event ID 7023 - Application Management service terminated with the following error: The specified module could not be found.

Event ID 7000 - DgiVecp service failed to start due to the following error: The system cannot find the specified file.

Event ID 7031 - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. (This also occurs with adfs service)

Event ID 7034 - The iPod Service service terminated unexpectedly. It has done this 1 time(s).

I cannot overwrite netevent.dll from system restore, but I can rename it. Whatís even stranger is that I canít delete it! It just keeps coming back.

I posted about these issues before, but I didnít put it in the correct section. I've done plenty of scans that come up negative, but these issues cause me to worry that I still have some malware on my pc. Again, insight is much appreciated. Thank you!

BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,707 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:04:22 PM

Posted 18 March 2012 - 03:43 PM

Download Security Check from HERE, and save it to your Desktop.

* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.

=============================================================================

Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

====================================================================================

Please download MiniToolBox and run it.

Checkmark following boxes:
  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices (do NOT change any settings here)
  • List Users, Partitions and Memory size
Click Go and post the result.

=============================================================================

Download Malwarebytes' Anti-Malware (aka MBAM): https://www.bleepingcomputer.com/download/malwarebytes-anti-malware/ to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

=============================================================================

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#3 speckstatus

speckstatus
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:22 PM

Posted 18 March 2012 - 05:11 PM

Thanks for replying so quickly! Here goes...

Results of screen317's Security Check version 0.99.24
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
Avira Free Antivirus
COMODO Internet Security
ZoneAlarm
Avira successfully updated!
```````````````````````````````
Anti-malware/Other Utilities Check:

Ad-Aware
Spybot - Search & Destroy
SUPERAntiSpyware
ThreatFire
Sophos Anti-Rootkit 1.5.4
CCleaner
Toolbar Cleaner 1.0
Java™ 6 Update 24
Out of date Java installed!
Adobe Flash Player ( 10.1.53.64) Flash Player Out of Date!
Adobe Reader X (10.1.2)
Mozilla Firefox (x86 en-US..)
````````````````````````````````
Process Check:
objlist.exe by Laurent

Ad-Aware AAWService.exe is disabled!
Ad-Aware AAWTray.exe is disabled!
WinPatrol winpatrol.exe is disabled!
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
ThreatFire TFTray.exe
ThreatFire TFService.exe
Comodo Firewall cmdagent.exe
Comodo Firewall cfp.exe
``````````End of Log````````````



Farbar Service Scanner Version: 01-03-2012
Ran by Will (administrator) on 18-03-2012 at 17:40:52
Running from "C:\Documents and Settings\Will\Desktop"
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Attempt to access Google IP returned error: Google IP is offline
Yahoo IP is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
cmdHlp(13) Gpc(6) IPSec(4) NetBT(5) Packet(10) PSched(7) Tcpip(3) Tcpip6(11)
0x0C000000040000000100000002000000030000000D0000000B0000000C000000050000000600000007000000080000000A000000
IpSec Tag value is correct.

**** End of log ****



MiniToolBox by Farbar Version: 18-01-2012
Ran by Will (administrator) on 18-03-2012 at 17:42:55
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

========================= FF Proxy Settings: ==============================

"network.proxy.type", 4
========================= Hosts content: =================================

127.0.0.1 localhost

========================= IP Configuration: ================================

Broadcom 440x 10/100 Integrated Controller = Local Area Connection (Disconnected)
1394 Net Adapter = 1394 Connection (Disconnected)
Dell Wireless 1390 WLAN Mini-Card = Wireless Network Connection (Connected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Wireless Network Connection"

set address name="Wireless Network Connection" source=dhcp
set dns name="Wireless Network Connection" source=dhcp register=PRIMARY
set wins name="Wireless Network Connection" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : TheCrow

Primary Dns Suffix . . . . . . . : TheCrow

Node Type . . . . . . . . . . . . : Hybrid

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : TheCrow

hsd1.ma.comcast.net.



Ethernet adapter Wireless Network Connection:



Connection-specific DNS Suffix . : hsd1.ma.comcast.net.

Description . . . . . . . . . . . : Dell Wireless 1390 WLAN Mini-Card

Physical Address. . . . . . . . . : 00-1E-8C-51-11-CF

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.1.146

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.1.1

DHCP Server . . . . . . . . . . . : 192.168.1.1

DNS Servers . . . . . . . . . . . : 75.75.75.75

75.75.76.76

192.168.1.1

Lease Obtained. . . . . . . . . . : Sunday, March 18, 2012 3:51:40 PM

Lease Expires . . . . . . . . . . : Monday, March 19, 2012 3:51:40 PM



Tunnel adapter Teredo Tunneling Pseudo-Interface:



Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface

Physical Address. . . . . . . . . : 00-00-FB-F8-9D-1A-7C-52

Dhcp Enabled. . . . . . . . . . . : No

IP Address. . . . . . . . . . . . : fe80::ffff:ffff:fffd%4

Default Gateway . . . . . . . . . :

NetBIOS over Tcpip. . . . . . . . : Disabled



Tunnel adapter Automatic Tunneling Pseudo-Interface:



Connection-specific DNS Suffix . : hsd1.ma.comcast.net.

Description . . . . . . . . . . . : Automatic Tunneling Pseudo-Interface

Physical Address. . . . . . . . . : C0-A8-01-92

Dhcp Enabled. . . . . . . . . . . : No

IP Address. . . . . . . . . . . . : fe80::5efe:192.168.1.146%2

Default Gateway . . . . . . . . . :

DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1

fec0:0:0:ffff::2%1

fec0:0:0:ffff::3%1

NetBIOS over Tcpip. . . . . . . . : Disabled

DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
Server: UnKnown
Address: 75.75.75.75

Name: google.com
Addresses: 74.125.226.206, 74.125.226.198, 74.125.226.192, 74.125.226.197
74.125.226.199, 74.125.226.193, 74.125.226.201, 74.125.226.196, 74.125.226.200
74.125.226.194, 74.125.226.195



Pinging google.com [173.194.43.8] with 32 bytes of data:



Request timed out.

Request timed out.



Ping statistics for 173.194.43.8:

Packets: Sent = 2, Received = 0, Lost = 2 (100% loss),

Server: cdns01.comcast.net
Address: 75.75.75.75

Name: yahoo.com
Addresses: 98.139.183.24, 209.191.122.70, 72.30.38.140



Pinging yahoo.com [209.191.122.70] with 32 bytes of data:



Reply from 209.191.122.70: bytes=32 time=74ms TTL=50

Reply from 209.191.122.70: bytes=32 time=83ms TTL=50



Ping statistics for 209.191.122.70:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 74ms, Maximum = 83ms, Average = 78ms

Server: cdns01.comcast.net
Address: 75.75.75.75

Name: bleepingcomputer.com
Address: 208.43.87.2



Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:



Reply from 208.43.87.2: Destination host unreachable.

Reply from 208.43.87.2: Destination host unreachable.



Ping statistics for 208.43.87.2:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x10003 ...00 1e 8c 51 11 cf ...... Dell Wireless 1390 WLAN Mini-Card - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.146 25
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.1.0 255.255.255.0 192.168.1.146 192.168.1.146 25
192.168.1.146 255.255.255.255 127.0.0.1 127.0.0.1 25
192.168.1.255 255.255.255.255 192.168.1.146 192.168.1.146 25
224.0.0.0 240.0.0.0 192.168.1.146 192.168.1.146 25
255.255.255.255 255.255.255.255 192.168.1.146 192.168.1.146 1
Default Gateway: 192.168.1.1
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 04 C:\WINDOWS\system32\pnrpnsp.dll [58880] (Microsoft Corporation)
Catalog5 05 C:\WINDOWS\system32\pnrpnsp.dll [58880] (Microsoft Corporation)
Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 20 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 21 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 22 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 23 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 24 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (03/18/2012 02:05:41 PM) (Source: MsiInstaller) (User: Will)Will
Description: Product: Microsoft .NET Framework 4 Client Profile - Update 'KB2518870' could not be installed. Error code 1603. Additional information is available in the log file C:\DOCUME~1\Will\LOCALS~1\Temp\KB2518870_20120318_135955718-Microsoft .NET Framework 4 Client Profile-MSP0.txt.

Error: (03/15/2012 08:15:10 PM) (Source: Application Error) (User: )
Description: Faulting application TFService.exe, version 4.11.2.22, faulting module unknown, version 0.0.0.0, fault address 0x00000015.
Processing media-specific event for [TFService.exe!ws!]

Error: (03/11/2012 10:23:40 PM) (Source: Lavasoft Ad-Aware Service) (User: )
Description: Only one instance of service process is allowed.

Error: (03/11/2012 04:45:05 PM) (Source: Application Error) (User: )
Description: Faulting application unsecapp.exe, version 5.1.2600.0, faulting module TFWAH.dll, version 4.11.2.22, fault address 0x00002dd7.
Processing media-specific event for [unsecapp.exe!ws!]

Error: (03/11/2012 04:01:14 PM) (Source: Application Error) (User: )
Description: Faulting application , version 0.0.0.0, faulting module unknown, version 0.0.0.0, fault address 0x00000000.
Processing media-specific event for [!ws!]

Error: (03/09/2012 00:51:02 AM) (Source: Lavasoft Ad-Aware Service) (User: )
Description: Assertion failed: (m_state == _SDKState::UpdateInProgress || m_state == _SDKState::PreparingScan || m_state == _SDKState::Scanning || m_state == _SDKState::Cleaning) in .\SDKController.cpp:1040

Error: (03/07/2012 04:27:11 PM) (Source: Lavasoft Ad-Aware Service) (User: )
Description: Assertion failed: (s_hCEAPIDLL == NULL) in .\SDKManager.cpp:240

Error: (03/07/2012 08:22:48 AM) (Source: Lavasoft Ad-Aware Service) (User: )
Description: Failed to start service

Error: (03/07/2012 08:22:05 AM) (Source: Lavasoft Ad-Aware Service) (User: )
Description: Failed to start service

Error: (03/07/2012 08:19:05 AM) (Source: Lavasoft Ad-Aware Service) (User: )
Description: Failed to start service


System errors:
=============
Error: (03/18/2012 02:06:29 PM) (Source: Service Control Manager) (User: )
Description: The Windows Installer service terminated unexpectedly. It has done this 1 time(s).

Error: (03/18/2012 02:06:05 PM) (Source: Windows Update Agent) (User: )
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows 7, Server 2008 x86 (KB2633870).

Error: (03/18/2012 02:00:17 PM) (Source: Windows Update Agent) (User: )
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows 7, Server 2008 x86 (KB2656351).

Error: (03/18/2012 02:00:02 PM) (Source: Windows Update Agent) (User: )
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 4 on Windows XP, Windows Server 2003, Windows Vista, Windows 7, Windows Server 2008 x86 (KB2518870).

Error: (03/18/2012 01:59:52 PM) (Source: Service Control Manager) (User: )
Description: The Microsoft .NET Framework NGEN v4.0.30319_X86 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

Error: (03/18/2012 01:59:40 PM) (Source: Service Control Manager) (User: )
Description: The IMF Service service terminated unexpectedly. It has done this 1 time(s).

Error: (03/18/2012 01:56:31 PM) (Source: Service Control Manager) (User: )
Description: The DgiVecp service failed to start due to the following error:
%%2

Error: (03/18/2012 01:56:31 PM) (Source: Service Control Manager) (User: )
Description: The adfs service failed to start due to the following error:
%%2

Error: (03/17/2012 07:59:39 AM) (Source: Service Control Manager) (User: )
Description: The IMF Service service terminated unexpectedly. It has done this 1 time(s).

Error: (03/17/2012 07:56:34 AM) (Source: Service Control Manager) (User: )
Description: The DgiVecp service failed to start due to the following error:
%%2


Microsoft Office Sessions:
=========================
Error: (03/18/2012 02:05:41 PM) (Source: MsiInstaller)(User: Will)Will
Description: Microsoft .NET Framework 4 Client ProfileKB25188701603C:\DOCUME~1\Will\LOCALS~1\Temp\KB2518870_20120318_135955718-Microsoft .NET Framework 4 Client Profile-MSP0.txt

Error: (03/15/2012 08:15:10 PM) (Source: Application Error)(User: )
Description: TFService.exe4.11.2.22unknown0.0.0.000000015

Error: (03/11/2012 10:23:40 PM) (Source: Lavasoft Ad-Aware Service)(User: )
Description: Only one instance of service process is allowed.

Error: (03/11/2012 04:45:05 PM) (Source: Application Error)(User: )
Description: unsecapp.exe5.1.2600.0TFWAH.dll4.11.2.2200002dd7

Error: (03/11/2012 04:01:14 PM) (Source: Application Error)(User: )
Description: 0.0.0.0unknown0.0.0.000000000

Error: (03/09/2012 00:51:02 AM) (Source: Lavasoft Ad-Aware Service)(User: )
Description: Assertion failed: (m_state == _SDKState::UpdateInProgress || m_state == _SDKState::PreparingScan || m_state == _SDKState::Scanning || m_state == _SDKState::Cleaning) in .\SDKController.cpp:1040

Error: (03/07/2012 04:27:11 PM) (Source: Lavasoft Ad-Aware Service)(User: )
Description: Assertion failed: (s_hCEAPIDLL == NULL) in .\SDKManager.cpp:240

Error: (03/07/2012 08:22:48 AM) (Source: Lavasoft Ad-Aware Service)(User: )
Description: Failed to start service

Error: (03/07/2012 08:22:05 AM) (Source: Lavasoft Ad-Aware Service)(User: )
Description: Failed to start service

Error: (03/07/2012 08:19:05 AM) (Source: Lavasoft Ad-Aware Service)(User: )
Description: Failed to start service


=========================== Installed Programs ============================

ĶTorrent (Version: 3.1.2)
32 Bit HP CIO Components Installer (Version: 1.0.0)
470_Help (Version: 1.00.0000)
470_Readme (Version: 1.00.0000)
AC3Filter (remove only)
Ad-Aware (Version: 9.6.0)
Adobe Acrobat X Pro - English, FranÁais, Deutsch (Version: 10.0.0)
Adobe Anchor Service CS4 (Version: 2.0)
Adobe Audition 3.0 (Version: 3.0)
Adobe Bridge CS4 (Version: 3)
Adobe CMaps CS4 (Version: 2.0)
Adobe Color - Photoshop Specific CS4 (Version: 2.0)
Adobe Color EU Extra Settings CS4 (Version: 2.0)
Adobe Color JA Extra Settings CS4 (Version: 2.0)
Adobe Color NA Recommended Settings CS4 (Version: 2.0)
Adobe Color Video Profiles CS CS4 (Version: 2.0)
Adobe CSI CS4 (Version: 1)
Adobe Default Language CS4 (Version: 2.0)
Adobe Device Central CS4 (Version: 2)
Adobe Drive CS4 (Version: 1)
Adobe ExtendScript Toolkit CS4 (Version: 3.0.0)
Adobe Extension Manager CS4 (Version: 2.0)
Adobe Flash Player 10 ActiveX (Version: 10.0.2.54)
Adobe Flash Player 10 Plugin (Version: 10.1.53.64)
Adobe Fonts All (Version: 2.0)
Adobe Linguistics CS4 (Version: 4.0.0)
Adobe Output Module (Version: 2.0)
Adobe PDF Library Files CS4 (Version: 9.0)
Adobe Photoshop CS4 (Version: 11.0)
Adobe Photoshop CS4 Support (Version: 11.0)
Adobe Reader X (10.1.2) (Version: 10.1.2)
Adobe Search for Help (Version: 1.0)
Adobe Service Manager Extension (Version: 1.0)
Adobe Setup (Version: 2.0)
Adobe Type Support CS4 (Version: 9.0)
Adobe Update Manager CS4 (Version: 6.0.0)
Adobe WinSoft Linguistics Plugin (Version: 1.1)
Adobe XMP Panels CS4 (Version: 2.0)
AdobeColorCommonSetCMYK (Version: 2.0)
AdobeColorCommonSetRGB (Version: 2.0)
AIM 7
AnswerWorks 4.0 Runtime - English (Version: 4.0.101)
Any Video to DVD Converter and Burner 3.1
Apple Application Support (Version: 1.5.2)
Apple Mobile Device Support (Version: 3.4.1.2)
Apple Software Update (Version: 2.1.3.127)
Avira Free Antivirus (Version: 12.0.0.898)
BPD_HPSU (Version: 1.00.0000)
BPDSoftware (Version: 50.0.165.000)
BPDSoftware_Ini (Version: 1.00.0000)
Browser Address Error Redirector (Version: 1.00.0000)
BufferChm (Version: 90.0.146.000)
calibre (Version: 0.8.19)
Canon Camera Access Library (Version: 8.4.0.1)
CANON iMAGE GATEWAY Task for ZoomBrowser EX (Version: 1.7.0.4)
Canon MovieEdit Task for ZoomBrowser EX (Version: 3.0.0.20)
Canon PowerShot SD1200 IS_IXUS 95 IS Camera User Guide (Version: 1.0.0.1)
Canon Utilities CameraWindow (Version: 7.2.0.2)
Canon Utilities CameraWindow DC (Version: 7.4.0.9)
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX (Version: 6.5.0.3)
Canon Utilities MyCamera (Version: 7.2.0.4)
Canon Utilities MyCamera DC (Version: 7.2.0.5)
Canon Utilities ZoomBrowser EX (Version: 6.3.0.7)
Canon ZoomBrowser EX Memory Card Utility (Version: 1.2.0.9)
CCleaner (Version: 3.14)
Cisco Connect (Version: 1.3.11083.1)
COMODO Internet Security (Version: 5.5.64714.1383)
Compatibility Pack for the 2007 Office system (Version: 12.0.6021.5000)
Conexant HDA D330 MDC V.92 Modem
Connect (Version: 1.0.0.1)
Counter-Strike Source
CPUID CPU-Z 1.59
Critical Update for Windows Media Player 11 (KB959772)
CustomerResearchQFolder (Version: 1.00.0000)
Dell Network Assistant (Version: 3.0.0.0)
Dell Touchpad (Version: 9.1.18.6)
Dell Wireless WLAN Card (Version: 4.100.15.8)
DeviceDiscovery (Version: 90.0.205.000)
DeviceManagementQFolder (Version: 1.00.0000)
DExposE2
Digidesign Shared Plug-Ins 7.4 (Version: 7.4)
Digital Line Detect (Version: 1.21)
DivX Converter (Version: 7.1.0)
DivX Plus DirectShow Filters
DivX Setup (Version: 2.4.1.4)
DivX Version Checker (Version: 7.1.0.9)
DU Meter (Version: 5.26)
eCalc Calculator
eSupportQFolder (Version: 1.00.0000)
Full Tilt Poker (Version: 4.13.2.WIN.FullTilt.Real)
Google Chrome (Version: 15.0.874.102)
Google Updater (Version: 2.4.2432.1652)
H470 (Version: 50.0.165.000)
High Definition Audio Driver Package - KB835221 (Version: 20040219.000000)
HiJackThis (Version: 1.0.0)
HP Customer Participation Program 9.0 (Version: 9.0)
HP Imaging Device Functions 9.0 (Version: 9.0)
HP Officejet H470 Series (Version: 1.0)
HP Smart Web Printing (Version: 2.15.7.0)
HP Solution Center 9.0 (Version: 9.0)
HP Update (Version: 4.000.006.003)
HPProductAssistant (Version: 90.0.146.000)
HPSSupply (Version: 2.2.0.0000)
IntelliSonic Speech Enhancement (Version: 2.1.37)
Interlok driver setup x32 (Version: 5.7.2.2923)
IObit Malware Fighter (Version: 1.0)
iTunes (Version: 10.4.1.10)
Java Auto Updater (Version: 2.0.3.1)
Java™ 6 Update 24 (Version: 6.0.240)
KeyScrambler (Version: 2.9.1.0)
kuler (Version: 2.0)
Lexmark X125
Malwarebytes Anti-Malware version 1.60.1.1000 (Version: 1.60.1.1000)
MarketResearch (Version: 90.0.146.000)
MediaDirect (Version: 3.5)
Memeo Instant Backup (Version: 4.60.0.7252)
Merriam-Webster 3.0
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office PowerPoint Viewer 2007 (English) (Version: 12.0.4518.1014)
Microsoft Office Professional Edition 2003 (Version: 11.0.5614.0)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft VC9 runtime libraries (Version: 1.0.0)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Works (Version: 08.05.0818)
MobileMe Control Panel (Version: 3.1.6.0)
Mobysaurus Thesaurus
Mozilla Firefox 9.0.1 (x86 en-US) (Version: 9.0.1)
MPM (Version: 1.00.0000)
MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 6.0 Parser (KB933579) (Version: 6.10.1200.0)
NetDeviceManager (Version: 90.0.205.000)
NetWaiting (Version: 2.5.44)
NVIDIA Control Panel 266.58 (Version: 266.58)
NVIDIA Graphics Driver 266.58 (Version: 266.58)
NVIDIA Install Application (Version: 2.265.36.0)
NVIDIA nView 135.50 (Version: 135.50)
NVIDIA nView Desktop Manager (Version: 6.14.10.13550)
NVIDIA PhysX (Version: 9.10.0514)
NVIDIA PhysX System Software 9.10.0514 (Version: 9.10.0514)
OutlookAddinSetup (Version: 1.0.0)
Panda Security Toolbar (Version: 3.0.0.6)
Panda Security URL Filtering (Version: 2.0.0.13)
PDF-Viewer (Version: 2.5.200.0)
PDF Settings CS4 (Version: 9.0)
PeerBlock 1.0+ (r484) (Version: 1.0.0.484)
Photoshop Camera Raw (Version: 5.0)
Planetwide Games Comic Book Creator (Version: 1.1.0)
Process Lasso (Version: 5.0.0.49)
ProductContext (Version: 50.0.165.000)
Promqry (Version: 1.0.0)
QuickSet (Version: 8.1.12)
QuickTime (Version: 7.70.80.34)
RealNetworks - Microsoft Visual C++ 2005 Runtime (Version: 8.0)
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0)
RealPlayer
RealUpgrade 1.1 (Version: 1.1.0)
Seagate Dashboard (Version: 1.0.0.809)
SearchAssist
Smart Defrag 2 (Version: 2.2)
SolutionCenter (Version: 90.0.146.000)
Sonic Activation Module (Version: 1.0)
SopCast 3.2.4 (Version: 3.2.4)
Sophos Anti-Rootkit 1.5.4 (Version: 1.5.4)
Spotify (Version: 0.5.2)
Spybot - Search & Destroy (Version: 1.6.2)
Status (Version: 90.0.146.000)
Steam
Suite Shared Configuration CS4 (Version: 1.0)
SUPERAntiSpyware (Version: 5.0.1134)
System Requirements Lab
theme 1.00
ThreatFire
Toolbar Cleaner 1.0
Toolbox (Version: 90.0.146.000)
TrayApp (Version: 90.0.146.000)
TurboTax 2010
TurboTax 2010 WinPerFedFormset (Version: 010.000.4227)
TurboTax 2010 WinPerReleaseEngine (Version: 010.000.0483)
TurboTax 2010 WinPerTaxSupport (Version: 010.000.0214)
TurboTax 2010 wmaiper (Version: 010.000.1264)
TurboTax 2010 wrapper (Version: 010.000.0157)
Unlocker 1.9.1 (Version: 1.9.1)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Windows Internet Explorer 8 (KB2598845) (Version: 1)
Update for Windows XP (KB2141007) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2467659) (Version: 1)
Update for Windows XP (KB2541763) (Version: 1)
Update for Windows XP (KB2607712) (Version: 1)
Update for Windows XP (KB2616676) (Version: 1)
Update for Windows XP (KB2641690) (Version: 1)
Update for Windows XP (KB951072-v2) (Version: 2)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB955839) (Version: 1)
Update for Windows XP (KB967715) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB971737) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
Update for Windows XP (KB976749) (Version: 1)
Update for Windows XP (KB978207) (Version: 1)
Update for Windows XP (KB980182) (Version: 1)
UxStyle Core Beta (Version: 0.2.1.1)
VC80CRTRedist - 8.0.50727.4053 (Version: 1.1.0)
ViewAhead Photo Center
Visual C++ 2008 x86 Runtime - (v9.0.30729) (Version: 9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (Version: 9.0.30729.01)
VLC media player 1.1.11 (Version: 1.1.11)
VoiceOver Kit (Version: 1.40.128.0)
WebFldrs XP (Version: 9.50.7523)
WebReg (Version: 90.0.146.000)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Media Format 11 runtime
Windows XP Service Pack 3 (Version: 20080414.031525)
WinPatrol (Version: 20.5.2011.0)
WinRAR archiver
XChat 2 (remove only)
ZoneAlarm (Version: 9.2.106.000)

========================= Devices: ================================

Name: Broadcom 440x 10/100 Integrated Controller
Description: Broadcom 440x 10/100 Integrated Controller
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: Broadcom
Service: bcm4sbxp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: 1394 Net Adapter
Description: 1394 Net Adapter
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: Microsoft
Service: NIC1394
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Officejet H470
Description: Officejet H470
Class Guid: {4D36E971-E325-11CE-BFC1-08002BE10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Officejet H470
Description: Officejet H470
Class Guid: {4D36E979-E325-11CE-BFC1-08002BE10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


========================= Memory info: ===================================

Percentage of memory in use: 43%
Total physical RAM: 2046.11 MB
Available physical RAM: 1156.27 MB
Total Pagefile: 6086.6 MB
Available Pagefile: 5168.88 MB
Total Virtual: 2047.88 MB
Available Virtual: 1968.91 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:146.47 GB) (Free:11.7 GB) NTFS

========================= Users: ========================================

User accounts for \\THECROW

Administrator ASPNET Guest
HelpAssistant move SUPPORT_388945a0
Will


**** End of log ****



Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.03.18.03

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Will :: THECROW [administrator]

3/18/2012 5:46:24 PM
mbam-log-2012-03-18 (17-46-24).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 257105
Time elapsed: 9 minute(s), 3 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)



aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-03-18 18:03:41
-----------------------------
18:03:41.468 OS Version: Windows 5.1.2600 Service Pack 3
18:03:41.468 Number of processors: 2 586 0xF0D
18:03:41.468 ComputerName: THECROW UserName: Will
18:03:44.015 Initialize success
18:04:22.437 AVAST engine download error: 0
18:04:32.359 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e
18:04:32.359 Disk 0 Vendor: WDC_WD1600BEVS-75RST0 04.01G04 Size: 152627MB BusType: 3
18:04:32.453 Disk 0 MBR read successfully
18:04:32.453 Disk 0 MBR scan
18:04:32.453 Disk 0 Windows XP default MBR code
18:04:32.500 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 78 MB offset 63
18:04:32.531 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 149981 MB offset 160650
18:04:32.546 Disk 0 Partition - 00 0F Extended LBA 2557 MB offset 307339515
18:04:32.609 Disk 0 Partition 3 00 DD MSDOS5.0 2557 MB offset 307339578
18:04:32.656 Disk 0 scanning sectors +312576705
18:04:32.828 Disk 0 scanning C:\WINDOWS\system32\drivers
18:04:52.343 Service scanning
18:05:14.453 Service vsdatant C:\WINDOWS\System32\vsdatant.sys **LOCKED** 32
18:05:16.968 Modules scanning
18:05:23.656 Disk 0 trace - called modules:
18:05:23.718 ntkrnlpa.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS
18:05:23.718 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x842b0ab8]
18:05:23.734 3 CLASSPNP.SYS[b80e8fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-e[0x843c2d98]
18:05:23.734 Scan finished successfully
18:05:43.906 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Will\Desktop\MBR.dat"
18:05:43.937 The log file has been saved successfully to "C:\Documents and Settings\Will\Desktop\aswMBR.txt"

#4 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,707 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:04:22 PM

Posted 18 March 2012 - 05:18 PM

You have several security programs running:
Avira Free Antivirus
COMODO Internet Security
ZoneAlarm

Avira would be your AV program but what about Comodo and ZoneAlarm?
Are those full security programs (AV + firewall), firewalls only or....
Please explain.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#5 speckstatus

speckstatus
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:22 PM

Posted 18 March 2012 - 06:55 PM

I have Comodo set to just the firewall without "Defense+" enabled. Wikipedia just informed me that this is the host-based intrusion prevention system component of the application apparently. Zonealarm... I don't understand. I had it set to just the firewall, but I thought I disabled it. I mean, it never shows up as a running process in task manager or other applications that monitor such things. It's not even listed as a service to configure when I type in "services.msc" or look in the system config utility. Nonetheless, it always shows up as active in combofix logs and when I do other scans like the "dds" scan required to post in the malware removal sub-forum. Thanks Broni.

#6 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,707 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:04:22 PM

Posted 18 March 2012 - 07:17 PM

I can see "ZoneAlarm (Version: 9.2.106.000)" in "Add\Remove".
Does it give you an option to uninstall it?

Download Autoruns for Windows: http://technet.microsoft.com/en-us/sysinternals/bb963902.aspx
No installation required.
Simply unzip Autoruns.zip file, and double click on autoruns.exe file to run the program.
Go File>Save, and save it as AutoRuns.txt file to know location.
You must select Text from drop-down menu as a file type:

Posted Image

Upload the file(s) here: http://uploadmb.com/
Copy the link inside the Direct Link box and post it in your next reply.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#7 speckstatus

speckstatus
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:22 PM

Posted 18 March 2012 - 07:28 PM

It is listed as potentially uninstallable in the control panel and the "Add/Remove" tool of CCleaner. I don't think I've ever tried to uninstall it before.

http://www.uploadmb.com/dw.php?id=1332116727

#8 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,707 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:04:22 PM

Posted 18 March 2012 - 07:39 PM

We still have some remnants running.

Re-run Autoruns.
Scroll down to "HKLM\System\CurrentControlSet\Services" section and UN-check:
+ "vsmon"
Scroll down to ""HKLM\System\CurrentControlSet\Services" section and UN-check:
+ "vsdatant"

Restart computer.

Delete following folder:
c:\windows\system32\zonelabs
Delete following file:
c:\windows\system32\vsdatant.sys
NOTE. To see the above file....
Open Windows Explorer. Go Tools>Folder Options>View tab, put a checkmark next to Show hidden files, and folders, UN-check Hide protected operating system files.
Press F5 to refresh the view.
Make sure to reverse the above changes, when done with this step.


Since you're using Comodo firewall turn Windows firewall OFF.

Update me on computer status.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#9 speckstatus

speckstatus
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:22 PM

Posted 18 March 2012 - 07:57 PM

"Access Denied." Owned.

Also, I only see "vsdatant." Hrmm.

#10 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,707 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:04:22 PM

Posted 18 March 2012 - 08:06 PM

That's not crucial.
As long as those two services are UN-checked (not running) you should be fine.

Did you turn Windows firewall off?

How is computer doing?

Download Temp File Cleaner (TFC)
Double click on TFC.exe to run the program.
Click on Start button to begin cleaning process.
TFC will close all running programs, and it may ask you to restart computer.

=============================================================================

Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click on List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    NOTE. If Eset doesn't find any threats it'll NOT produce any log.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#11 speckstatus

speckstatus
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:22 PM

Posted 18 March 2012 - 08:16 PM

I'm sorry. What I meant was that I was unable to find "vsmon" under "HKLM\System\CurrentControlSet\Services." Also, I DO see "vsdatant," but it IS checked and when I tried to un-check it, I get the "Access Denied" message. So, I assume this means that "vsdatant" is, in fact, still running.

#12 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,707 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:04:22 PM

Posted 18 March 2012 - 08:32 PM

Restart computer in safe mode and try from there>

I was unable to find "vsmon" under "HKLM\System\CurrentControlSet\Services."


"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "!SASCORE" "SUPERAntiSpyware Core Service" "SUPERAntiSpyware.com" "c:\program files\superantispyware\sascore.exe"
+ "AntiVirSchedulerService" "Service to schedule Avira Free Antivirus jobs and updates." "Avira Operations GmbH & Co. KG" "c:\program files\avira\antivir desktop\sched.exe"
+ "AntiVirService" "Offers permanent protection against viruses and malware with the Avira search engine." "Avira Operations GmbH & Co. KG" "c:\program files\avira\antivir desktop\avguard.exe"
+ "AppMgmt" "Provides software installation services such as Assign, Publish, and Remove." "" "File not found: C:\WINDOWS\System32\appmgmts.dll"
+ "cmdAgent" "COMODO Internet Security Helper Service" "COMODO" "c:\program files\comodo\comodo internet security\cmdagent.exe"
+ "DUMeterSvc" "DU Meter Service collects network traffic statistics " "Hagel Technologies Ltd." "c:\program files\du meter\dumetersvc.exe"
+ "IDriverT" "Provides support for the Running Object Table for InstallShield Drivers" "Macrovision Corporation" "c:\program files\common files\installshield\driver\1050\intel 32\idrivert.exe"
+ "IMFservice" "IObit Malware Fighter Service" "IObit" "c:\program files\iobit\iobit malware fighter\imfsrv.exe"
+ "iPod Service" "iPodService Module (32-bit)" "Apple Inc." "c:\program files\ipod\bin\ipodservice.exe"
+ "JavaQuickStarterService" "Prefetches JRE files for faster startup of Java applets and applications" "Sun Microsystems, Inc." "c:\program files\java\jre6\bin\jqs.exe"
+ "Lavasoft Ad-Aware Service" "Lavasoft Ad-Aware Service" "Lavasoft Limited" "c:\program files\lavasoft\ad-aware\aawservice.exe"
+ "NVSvc" "Provides system and desktop level support to the NVIDIA display driver" "NVIDIA Corporation" "c:\windows\system32\nvsvc32.exe"
+ "ose" "Saves installation files used for updates and repairs and is required for the downloading of Setup updates and Watson error reports." "Microsoft Corporation" "c:\program files\common files\microsoft shared\source engine\ose.exe"
+ "Pml Driver HPZ12" "PmlDrv Module" "Hewlett-Packard" "c:\windows\system32\hpzipm12.dll"
+ "ThreatFire" "The ThreatFire engine responsible for monitoring your system for viruses, spyware, and other malware. Turning this service off makes your machine vulnerable to such attacks." "PC Tools" "c:\program files\threatfire\tfservice.exe"
+ "UnsignedThemes" "Enables the use of unsigned themes." "The Within Network, LLC" "c:\windows\unsignedthemessvc.exe"
+ "vsmon" "Monitors internet traffic and generates alerts for disallowed access." "Check Point Software Technologies LTD" "c:\windows\system32\zonelabs\vsmon.exe"

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#13 speckstatus

speckstatus
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:22 PM

Posted 20 March 2012 - 06:00 PM

OK. I was able to find the two Zonealarm processes while in safe-mode and unchecked them. On start-up, I did have my desktop and toolbar back and did not have to create "explorer" via a new task in the task manager. But, Comodo still won't startup even though it's supposed to. And, stupid Ad-Aware manages to somehow get in at start-up.

Now, I did not turn off windows firewall at all. It has been on.

I ran Temp File Cleaner. Holy crap. There were some seriously bloated files that it emptied. Like, my temporary internet file. I have the click and clean add-on for Firefox that I thought was supposed to clear my temp folder and cache.

Anyway, TFC forced me to reboot. Bootup was same as previous, except that I was automatically connected to the internet, which happens sometimes. This is scary when Comodo wonít run at startup.

Then, I ran the ESET scan. It encountered two things.

C:\Documents and Settings\Will\My Documents\Downloads\cnet2_ComboFix_exe.exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP201\A0102298.exe a variant of Win32/Toolbar.Widgi application deleted - quarantined


The CNet thing seems benign to me due to the source. I donít know what the other item is. I rebooted after the scan and the same problem Iíve been having occurred. That is, my desktop icons and toolbar were missing after signing in. Just the background is visible. The services are running, e.g. Avira, Threatfire, Processlasso, but their tray icon process isnít running. Annoying! I want to see my security tools are running! Then, I have to do the thing where I start explorer via a new task in the task manager.

#14 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,707 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:04:22 PM

Posted 20 March 2012 - 07:37 PM

The services are running, e.g. Avira, Threatfire, Processlasso, but their tray icon process isnít running

Please reinstall all those programs and reinstall Comodo as well.

When done update me on current issues.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#15 speckstatus

speckstatus
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:22 PM

Posted 22 March 2012 - 09:40 PM

Hi Broni,

Fun news. I uninstalled Comodo, Avira, and Threatfire, and rebooted. I then began to install Avira and the program told me that the following software might conflict with Avira Antivirus: Zonealarm Firewall, AVG Antivirus Free Edition 2012, Lavasoft Ad-Watch Live Antivirus, Spybot Search and Destroy. I uninstalled AVG and Zonealarm. I do not understand this. So, I installed Avira. Then, I enabled Windows Firewall so I could download Avira updates. Once updates finished, I installed Comodo. After install, Comodo asked me if I wanted to restart. I declined because I wanted to install Threatfire before rebooting. Suddenly, I get the red windows shield in the system tray, which said, ďWarning, Zonealarm Firewall is off.Ē WTF. This effing program is not installed. On top of that, I thought these ghost processes were disabled with Autoruns. Also, why did my Windows Firewall disable! I was on the internet!

I reboot. Startup is slow. Comodo and Avira started and appeared in the system tray. Threatfire did not start up. Adaware did. And so did the IMF service from Iobit that I decided to uncheck in Autoruns. Thatís another process that continues despite being unchecked in this application. I started Threatfire. The TFtray process was running, but not visible in the system tray (same problem as before).

Then, I was watching a video on youtube about unbuntu because Iím becoming frustrated with windows. Windows must have heard through the grapevine because it promptly gave me a BSOD related to fltmgr.sys, error signature:

BCCode : 1000008e BCP1 : C0000005 BCP2 : B7E58ABA BCP3 : B21F5AE4
BCP4 : 00000000 OSVer : 5_1_2600 SP : 3_0 Product : 768_1

Upon restrart, Threatfire started up, but again is not visible in system tray despite TFtray running. It connected me right to the internet again, wheee. And, adaware started up again.

Again, your input is very much appreciated.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users