Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I am infected with the File Restore virus


  • This topic is locked This topic is locked
12 replies to this topic

#1 bobmaluga

bobmaluga

  • Members
  • 72 posts
  • OFFLINE
  •  
  • Local time:10:22 AM

Posted 13 November 2012 - 02:19 PM

Hi and Thanks in advance.

I am Running Windows Vista Home Premium Service Pack 1 32 bit laptop

To start I followed the instruction guide to removing "File Restore scareware virus" on this site. Rkill stopped it and

TDSSkiller found nothing. But MBAM found many threats and removed them. I was able to get all my files back and stuff

with UNHIDE. I also have not noticed anymore redirects on IE .

But the problem now is I still get the "File Restore " window popup on start up and has a short cut to it on the desktop and

taskbar. It dont seem to be removing files but still fake scans.Everything seems to work fine except for the only way to get

"File Restore" to close out on each startup is to run rkill again . I ran MBAM once on two diffirent startups and both were

clean. Also I am using another cpu to communicate with you until more sure it is safe to use infected one.

I cannot make a DDS log because DDS scan get to please wait and never finishes also the cancel,back,and close buttons

are grayed out so it will no close.


Any help is much appreciated

BC AdBot (Login to Remove)

 


#2 Sightless

Sightless

  • Members
  • 435 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Up in the Clouds
  • Local time:10:22 AM

Posted 13 November 2012 - 07:58 PM

Let's try an ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Check Remove found threats and Scan potentially unwanted applications (If given the option, choose "Quarantine" instead of delete.)
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image

Please include the following in your reply
ESET log
Any questions/comments you may have

Edited by Sightless, 13 November 2012 - 07:58 PM.


#3 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,220 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:10:22 AM

Posted 13 November 2012 - 11:33 PM

Hello, please follow our guide Remove File Restore (Uninstall Guide) first.
Post that log please.
The log is automatically saved and can be viewed by clicking the Logs tab.
Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.


Now run ESET

How is it now?
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#4 bobmaluga

bobmaluga
  • Topic Starter

  • Members
  • 72 posts
  • OFFLINE
  •  
  • Local time:10:22 AM

Posted 14 November 2012 - 02:01 PM

when I try ESET scanner at the update screen I get "Can not update.Is proxy configured?" and here is the results log of the first time.
I did the "File Restore remove guide" and the second one is te one I did today before trying ESET.Im a bit confused with two diffirent
gurus.Thanks For your help.

THE OLD ONE THAT SHOWS WHAT MBAM REMOVED

Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Database version: v2012.11.11.04

Windows Vista Service Pack 1 x86 NTFS
Internet Explorer 8.0.6001.19088
Rebecca Hensley :: HOME-OFFICE [administrator]

11/11/2012 1:35:11 PM
mbam-log-2012-11-11 (13-35-11).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 344738
Time elapsed: 1 hour(s), 5 minute(s), 38 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 1
C:\Users\Rebecca Hensley\AppData\Roaming\Adobe\sp.DLL (Trojan.Proxy) -> Delete on reboot.

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 2
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|sp (Trojan.Proxy) -> Data: C:\Windows\system32\rundll32.exe "C:\Users\Rebecca Hensley\AppData\Roaming\Adobe\sp.DLL",ServiceMain -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|sjswdXxjQG.exe (Trojan.FakeAlert) -> Data: C:\ProgramData\sjswdXxjQG.exe -> Quarantined and deleted successfully.

Registry Data Items Detected: 2
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.

Folders Detected: 0
(No malicious items detected)

Files Detected: 7
C:\Users\Rebecca Hensley\AppData\Roaming\Adobe\sp.DLL (Trojan.Proxy) -> Delete on reboot.
C:\ProgramData\sjswdXxjQG.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Users\Rebecca Hensley\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EYDV20AF\MPLSetup[1].exe (Adware.AdBundle) -> Quarantined and deleted successfully.
C:\Users\Rebecca Hensley\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EYDV20AF\fteoxlimyoiofuklfzf[1].exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Users\Rebecca Hensley\AppData\Local\Temp\wpbt0.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Users\Rebecca Hensley\AppData\Local\Temp\YNqzY8jAko1FqY.exe.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Users\Rebecca Hensley\AppData\Local\Temp\Low\0.03539039172154568.exe (Trojan.Downloader.adb) -> Quarantined and deleted successfully.

(end)





THE NEW ONE

Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Database version: v2012.11.14.05

Windows Vista Service Pack 1 x86 NTFS (Safe Mode/Networking)
Internet Explorer 8.0.6001.19088
Rebecca Hensley :: HOME-OFFICE [administrator]

11/14/2012 12:22:28 PM
mbam-log-2012-11-14 (12-22-28).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 343321
Time elapsed: 50 minute(s), 21 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

#5 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,220 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:10:22 AM

Posted 14 November 2012 - 03:33 PM

Hello, I prefer running the guide first as it directly tagets that infection..

ESET is a good scan to run next to see if there is anything else..Do this and see if ESET will run. Some malwares ghange your proxy settings to protect themselves,

Please click Start > Run, type inetcpl.cpl in the runbox and press enter.
Click the Connections tab and click the LAN settings option.
Verify if "Use a proxy..." is checked, if so, UNcheck it and click OK/OK to exit.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#6 bobmaluga

bobmaluga
  • Topic Starter

  • Members
  • 72 posts
  • OFFLINE
  •  
  • Local time:10:22 AM

Posted 14 November 2012 - 03:51 PM

Hello boopme I the LAN settings was allready unchecked so what next im kinda an ididit at this stuff .

#7 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,220 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:10:22 AM

Posted 14 November 2012 - 04:08 PM

OK. lets see some thing else. Clean the Temp files and lets see some system info.

Please download TFC (Temp File Cleaner) by Old Timer and save it to your desktop.
alternate download link
  • Save any unsaved work. TFC will close ALL open programs including your browser!
  • Double-click on TFC.exe to run it. If you are using Vista, right-click on the file and choose Run As Administrator.
  • Click the Start button to begin the cleaning process and let it run uninterrupted to completion.
  • TFC will clear out all temp folders for all user accounts (temp, IE temp, Java, FF, Opera, Chrome, Safari), including Administrator, All Users, LocalService, NetworkService, and any other accounts in the user folder.
  • Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway to ensure a complete clean.
Note: It is normal for the computer to be slow to boot after running TFC cleaner the first time.



Please download MiniToolBox, save it to your desktop and run it.Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.

Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run. Note: When using "Reset FF Proxy Settings" option Firefox should be closed.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#8 bobmaluga

bobmaluga
  • Topic Starter

  • Members
  • 72 posts
  • OFFLINE
  •  
  • Local time:10:22 AM

Posted 14 November 2012 - 04:48 PM

Here the result and thanks again


MiniToolBox by Farbar Version: 10-11-2012 02
Ran by Rebecca Hensley (administrator) on 14-11-2012 at 16:42:38
Windows Vista ™ Home Premium Service Pack 1 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

::1 localhost

127.0.0.1 localhost

========================= IP Configuration: ================================

Intel® Wireless WiFi Link 4965AGN = Wireless Network Connection (Connected)
Realtek RTL8101 Family PCI-E Fast Ethernet NIC (NDIS 6.0) = Local Area Connection (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : Home-Office
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : zoominternet.net

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . : zoominternet.net
Description . . . . . . . . . . . : Intel® Wireless WiFi Link 4965AGN
Physical Address. . . . . . . . . : 00-13-E8-27-D8-93
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::f4b8:3a0d:bc2c:6e67%9(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.0.2(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Wednesday, November 14, 2012 4:37:26 PM
Lease Expires . . . . . . . . . . : Wednesday, November 14, 2012 5:37:26 PM
Default Gateway . . . . . . . . . : 192.168.0.1
DHCP Server . . . . . . . . . . . : 192.168.0.1
DNS Servers . . . . . . . . . . . : 24.154.1.38
24.154.1.9
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek RTL8101 Family PCI-E Fast Ethernet NIC (NDIS 6.0)
Physical Address. . . . . . . . . : 00-13-A9-F0-61-E9
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 6:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.zoominternet.net
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 7:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{20DA44BE-98A1-475D-B8AC-88DF3AD26CDD}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 9:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 02-00-54-55-4E-01
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:1479:1efa:3f57:fffd(Preferred)
Link-local IPv6 Address . . . . . : fe80::1479:1efa:3f57:fffd%11(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter Local Area Connection* 12:

Connection-specific DNS Suffix . : zoominternet.net
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::5efe:192.168.0.2%15(Preferred)
Default Gateway . . . . . . . . . :
DNS Servers . . . . . . . . . . . : 24.154.1.38
24.154.1.9
NetBIOS over Tcpip. . . . . . . . : Disabled
Server: dns-6.zoominternet.net
Address: 24.154.1.38

Name: google.com.zoominternet.net
Addresses: 66.152.109.102
198.105.251.14



Pinging google.com [74.125.225.34] with 32 bytes of data:

Reply from 74.125.225.34: bytes=32 time=43ms TTL=52

Reply from 74.125.225.34: bytes=32 time=43ms TTL=52



Ping statistics for 74.125.225.34:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 43ms, Maximum = 43ms, Average = 43ms

Server: dns-6.zoominternet.net
Address: 24.154.1.38

Name: yahoo.com.zoominternet.net
Addresses: 66.152.109.102
198.105.251.14



Pinging yahoo.com [72.30.38.140] with 32 bytes of data:

Reply from 72.30.38.140: bytes=32 time=112ms TTL=47

Reply from 72.30.38.140: bytes=32 time=122ms TTL=47



Ping statistics for 72.30.38.140:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 112ms, Maximum = 122ms, Average = 117ms



Pinging 127.0.0.1 with 32 bytes of data:

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
9 ...00 13 e8 27 d8 93 ...... Intel® Wireless WiFi Link 4965AGN
8 ...00 13 a9 f0 61 e9 ...... Realtek RTL8101 Family PCI-E Fast Ethernet NIC (NDIS 6.0)
1 ........................... Software Loopback Interface 1
14 ...00 00 00 00 00 00 00 e0 isatap.zoominternet.net
10 ...00 00 00 00 00 00 00 e0 isatap.{20DA44BE-98A1-475D-B8AC-88DF3AD26CDD}
11 ...02 00 54 55 4e 01 ...... Teredo Tunneling Pseudo-Interface
15 ...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.2 25
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.0.0 255.255.255.0 On-link 192.168.0.2 281
192.168.0.2 255.255.255.255 On-link 192.168.0.2 281
192.168.0.255 255.255.255.255 On-link 192.168.0.2 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.0.2 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.0.2 281
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
11 18 ::/0 On-link
1 306 ::1/128 On-link
11 18 2001::/32 On-link
11 266 2001:0:4137:9e76:1479:1efa:3f57:fffd/128
On-link
9 281 fe80::/64 On-link
11 266 fe80::/64 On-link
15 281 fe80::5efe:192.168.0.2/128
On-link
11 266 fe80::1479:1efa:3f57:fffd/128
On-link
9 281 fe80::f4b8:3a0d:bc2c:6e67/128
On-link
1 306 ff00::/8 On-link
11 266 ff00::/8 On-link
9 281 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\system32\NLAapi.dll [48128] (Microsoft Corporation)
Catalog5 02 C:\Windows\system32\napinsp.dll [50176] (Microsoft Corporation)
Catalog5 03 C:\Windows\system32\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 04 C:\Windows\system32\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 05 C:\Windows\System32\mswsock.dll [223232] (Microsoft Corporation)
Catalog5 06 C:\Windows\System32\winrnr.dll [19968] (Microsoft Corporation)
Catalog9 01 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 20 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 21 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 22 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 23 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 24 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (11/14/2012 04:35:31 PM) (Source: QBCFMonitorService) (User: )
Description: Service cannot be started. System.ArgumentException: The directory name F:\ is invalid.
at System.IO.FileSystemWatcher..ctor(String path, String filter)
at Intuit.SBM.DataHelper.CFScan.CFWatcher..ctor(String folderToWatch, Boolean includeSubdirs)
at Intuit.SBM.DataHelper.CFMonitorService.QBCFMonitorService.OnStart(String[] args)
at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (11/14/2012 01:21:09 PM) (Source: QBCFMonitorService) (User: )
Description: Service cannot be started. System.ArgumentException: The directory name F:\ is invalid.
at System.IO.FileSystemWatcher..ctor(String path, String filter)
at Intuit.SBM.DataHelper.CFScan.CFWatcher..ctor(String folderToWatch, Boolean includeSubdirs)
at Intuit.SBM.DataHelper.CFMonitorService.QBCFMonitorService.OnStart(String[] args)
at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (11/14/2012 00:17:40 PM) (Source: EventSystem) (User: )
Description: d:\vistasp1_gdr\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

Error: (11/14/2012 11:51:12 AM) (Source: QBCFMonitorService) (User: )
Description: Service cannot be started. System.ArgumentException: The directory name F:\ is invalid.
at System.IO.FileSystemWatcher..ctor(String path, String filter)
at Intuit.SBM.DataHelper.CFScan.CFWatcher..ctor(String folderToWatch, Boolean includeSubdirs)
at Intuit.SBM.DataHelper.CFMonitorService.QBCFMonitorService.OnStart(String[] args)
at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (11/13/2012 07:41:38 PM) (Source: QBCFMonitorService) (User: )
Description: Service cannot be started. System.ArgumentException: The directory name F:\ is invalid.
at System.IO.FileSystemWatcher..ctor(String path, String filter)
at Intuit.SBM.DataHelper.CFScan.CFWatcher..ctor(String folderToWatch, Boolean includeSubdirs)
at Intuit.SBM.DataHelper.CFMonitorService.QBCFMonitorService.OnStart(String[] args)
at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (11/13/2012 05:06:29 PM) (Source: QBCFMonitorService) (User: )
Description: Service cannot be started. System.ArgumentException: The directory name F:\ is invalid.
at System.IO.FileSystemWatcher..ctor(String path, String filter)
at Intuit.SBM.DataHelper.CFScan.CFWatcher..ctor(String folderToWatch, Boolean includeSubdirs)
at Intuit.SBM.DataHelper.CFMonitorService.QBCFMonitorService.OnStart(String[] args)
at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (11/13/2012 01:20:51 PM) (Source: QBCFMonitorService) (User: )
Description: Service cannot be started. System.ArgumentException: The directory name F:\ is invalid.
at System.IO.FileSystemWatcher..ctor(String path, String filter)
at Intuit.SBM.DataHelper.CFScan.CFWatcher..ctor(String folderToWatch, Boolean includeSubdirs)
at Intuit.SBM.DataHelper.CFMonitorService.QBCFMonitorService.OnStart(String[] args)
at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (11/13/2012 07:57:28 AM) (Source: QBCFMonitorService) (User: )
Description: Service cannot be started. System.ArgumentException: The directory name F:\ is invalid.
at System.IO.FileSystemWatcher..ctor(String path, String filter)
at Intuit.SBM.DataHelper.CFScan.CFWatcher..ctor(String folderToWatch, Boolean includeSubdirs)
at Intuit.SBM.DataHelper.CFMonitorService.QBCFMonitorService.OnStart(String[] args)
at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (11/13/2012 07:42:10 AM) (Source: QBCFMonitorService) (User: )
Description: Service cannot be started. System.ArgumentException: The directory name F:\ is invalid.
at System.IO.FileSystemWatcher..ctor(String path, String filter)
at Intuit.SBM.DataHelper.CFScan.CFWatcher..ctor(String folderToWatch, Boolean includeSubdirs)
at Intuit.SBM.DataHelper.CFMonitorService.QBCFMonitorService.OnStart(String[] args)
at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (11/12/2012 08:21:39 PM) (Source: QBCFMonitorService) (User: )
Description: Service cannot be started. System.ArgumentException: The directory name F:\ is invalid.
at System.IO.FileSystemWatcher..ctor(String path, String filter)
at Intuit.SBM.DataHelper.CFScan.CFWatcher..ctor(String folderToWatch, Boolean includeSubdirs)
at Intuit.SBM.DataHelper.CFMonitorService.QBCFMonitorService.OnStart(String[] args)
at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)


System errors:
=============
Error: (11/14/2012 04:36:13 PM) (Source: Service Control Manager) (User: )
Description: Parallel port driver%%1058

Error: (11/14/2012 04:35:20 PM) (Source: netbt) (User: )
Description: Initialization failed because the driver device could not be created.
Use the string "0013E827D893" to identify the interface for which initialization
failed. It represents the MAC address of the failed interface or the
Globally Unique Interface Identifier (GUID) if NetBT was unable to
map from GUID to MAC address. If neither the MAC address nor the GUID were
available, the string represents a cluster device name.

Error: (11/14/2012 04:35:20 PM) (Source: netbt) (User: )
Description: Initialization failed because the driver device could not be created.
Use the string "0013E827D893" to identify the interface for which initialization
failed. It represents the MAC address of the failed interface or the
Globally Unique Interface Identifier (GUID) if NetBT was unable to
map from GUID to MAC address. If neither the MAC address nor the GUID were
available, the string represents a cluster device name.

Error: (11/14/2012 04:35:05 PM) (Source: HTTP) (User: )
Description: \Device\Http\ReqQueueKerberos

Error: (11/14/2012 04:35:05 PM) (Source: HTTP) (User: )
Description: \Device\Http\ReqQueue192.168.0.11:63331

Error: (11/14/2012 04:35:05 PM) (Source: HTTP) (User: )
Description: \Device\Http\ReqQueue192.168.0.11:6331

Error: (11/14/2012 04:35:05 PM) (Source: HTTP) (User: )
Description: \Device\Http\ReqQueue169.254.110.103:63331

Error: (11/14/2012 04:35:05 PM) (Source: HTTP) (User: )
Description: \Device\Http\ReqQueue169.254.110.103:6331

Error: (11/14/2012 04:30:36 PM) (Source: Service Control Manager) (User: )
Description: LiveUpdate Notice Service1

Error: (11/14/2012 01:21:45 PM) (Source: Service Control Manager) (User: )
Description: Parallel port driver%%1058


Microsoft Office Sessions:
=========================
Error: (03/13/2012 11:35:08 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6425.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1460 seconds with 1260 seconds of active time. This session ended with a crash.

Error: (03/12/2012 00:58:58 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6425.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 119 seconds with 0 seconds of active time. This session ended with a crash.

Error: (02/13/2011 07:08:49 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6425.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 139 seconds with 0 seconds of active time. This session ended with a crash.


CodeIntegrity Errors:
===================================
Date: 2012-11-14 13:09:58.659
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys because the set of per-page image hashes could not be found on the system.

Date: 2012-11-14 13:09:58.581
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys because the set of per-page image hashes could not be found on the system.

Date: 2012-11-14 13:09:58.456
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys because the set of per-page image hashes could not be found on the system.

Date: 2012-11-14 13:09:58.378
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys because the set of per-page image hashes could not be found on the system.

Date: 2012-11-14 13:09:58.300
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys because the set of per-page image hashes could not be found on the system.

Date: 2012-11-14 13:09:58.238
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys because the set of per-page image hashes could not be found on the system.

Date: 2012-11-14 13:09:58.144
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_b38d4a937f96be60\tcpip.sys because the set of per-page image hashes could not be found on the system.

Date: 2012-11-14 13:09:58.066
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_b38d4a937f96be60\tcpip.sys because the set of per-page image hashes could not be found on the system.

Date: 2012-11-14 13:09:57.942
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_b38d4a937f96be60\tcpip.sys because the set of per-page image hashes could not be found on the system.

Date: 2012-11-14 13:09:57.864
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_b38d4a937f96be60\tcpip.sys because the set of per-page image hashes could not be found on the system.


=========================== Installed Programs ============================

3ivx MPEG-4 5.0.3 (remove only) (Version: 5.0.3)
Activation Assistant for the 2007 Microsoft Office suites
Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0)
Adobe Acrobat 8 Professional - English, Franšais, Deutsch (Version: 8.1.2)
Adobe Acrobat 8.1.2 Professional (Version: 8.1.2)
Adobe Acrobat 8.1.2 Security Update 1 (KB403742)
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742) (Version: 8.1.2)
Adobe Flash Player 10 ActiveX (Version: 10.1.82.76)
Adobe Flash Player 10 Plugin (Version: 10.3.183.7)
Adobe Reader 8.1.2 (Version: 8.1.2)
Adobe Reader 8.1.2 Security Update 1 (KB403742)
Adobe Shockwave Player 11 (Version: 11)
Amazon MP3 Downloader 1.0.3
AOL Helper (Version: 1.0.0)
AOL Toolbar 4.0
Ask Toolbar (Version: 1.15.4.0)
Ask Toolbar Updater (Version: 1.2.2.23821)
Battery Care Function (Version: 1.2.00.04060)
Click to DVD 2.0.05 Menu Data (Version: 2.0.05)
Click to DVD 2.6.00 (Version: 2.6.00)
Corel Paint Shop Pro Photo XI (Version: 11.10.0000)
Corel Snapfire (Version: 1.10.0000)
DSD Direct (Version: 2.0.01)
DSD Playback Plug-in (Version: 1.1)
ESET Online Scanner v3
FlipShare (Version: 4.5.0.39816)
Google Chrome (Version: 23.0.1271.64)
Google Earth (Version: 6.1.0.5001)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.4.3230.2052)
Google Update Helper (Version: 1.3.21.123)
Grouper Screen Saver 1.0 (Version: 1.0)
HDAUDIO SoftV92 Data Fax Modem with SmartCP
Image Converter 3 (Version: 3.0)
Instant Mode (Version: 1.0.0)
Intel® Graphics Media Accelerator Driver
Java Auto Updater (Version: 2.0.6.1)
Java™ 6 Update 29 (Version: 6.0.290)
Java™ 6 Update 7 (Version: 1.6.0.70)
Java™ SE Runtime Environment 6 (Version: 1.6.0.0)
LiveUpdate Notice (Symantec Corporation) (Version: 1.2.0)
LocationFree Player (Version: 3.02.0000)
Malwarebytes Anti-Malware version 1.65.1.1000 (Version: 1.65.1.1000)
McAfee Security Scan Plus (Version: 2.0.181.2)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft IntelliPoint 6.1 (Version: 6.10.156.0)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Professional 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs (Version: 12.0.4518.1014)
Microsoft Silverlight (Version: 4.1.10329.0)
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (VAIO_VEDB) (Version: 9.4.5000.00)
Microsoft SQL Server Native Client (Version: 9.00.5000.00)
Microsoft SQL Server Setup Support Files (English) (Version: 9.00.5000.00)
Microsoft SQL Server VSS Writer (Version: 9.00.5000.00)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Works (Version: 08.05.0818)
Mozilla Firefox (3.6.23) (Version: 3.6.23 (en-US))
MSXML 4.0 SP2 (KB927978) (Version: 4.20.9841.0)
MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 4.0 SP2 Parser and SDK (Version: 4.20.9818.0)
Napster (Version: 3.8.0.9)
Napster Burn Engine (Version: 3.5.0000)
OpenMG Limited Patch 4.7-07-13-24-01
OpenMG Secure Module 4.7.00 (Version: 4.7.00.12140)
OpenOffice.org Installer 1.0 (Version: 1.0.9221)
Photo Story 3 for Windows (Version: 3.0.1115.11)
Power Accounting for First Designs (Version: 4.00.000)
QuickBooks Product Listing Service (Version: 2.0.148)
QuickBooks Simple Start Free Starter Edition (Version: )
REA's TESTware for PPST (Version: 2.1.0)
Realtek High Definition Audio Driver
Roxio Easy Media Creator Home (Version: 9.0.178)
Setting Utility Series (Version: 2.1.00.16040)
Simple Start Entice (Version: 1.00.0000)
SMART Common Platform (Version: 10.8.159.0)
SMART Notebook (Version: 10.8.364.0)
SMART Product Drivers (Version: 10.8.212.0)
SonicStage 4.3 (Version: 4.3)
SonicStage Mastering Studio (Version: 2.3.01)
SonicStage Mastering Studio Audio Filter (Version: 2.3.01)
SonicStage Mastering Studio Audio Filter Custom Preset (Version: 2.3)
SonicStage Mastering Studio Plugins (Version: 2.3)
Sony Utilities DLL (Version: 7.1.00.16050)
Sony Video Shared Library (Version: 3.1.03)
Spelling Dictionaries Support For Adobe Reader 8 (Version: 8.0.0)
Spiderman 3 XXXX
StartNow Toolbar (Version: 2.5.0)
SupportSoft Assisted Service (Version: 15)
Synaptics Pointing Device Driver (Version: 9.1.13.0)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687400) 32-Bit Edition
VAIO AV Mode Launcher (Version: 1.0.00.03210)
VAIO Azure Float Wallpaper (Version: 1.0.00.10100)
VAIO Camera Capture Utility (Version: 2.2.00.14140)
VAIO Camera Utility (Version: 2.2.00.04020)
VAIO Center Access Bar (Version: 1.00.030607)
VAIO Central (Version: 2.0.00.031507)
VAIO Entertainment Center (Version: 1.00.0315)
VAIO Entertainment Platform (Version: 2.0.02.13290)
VAIO Event Service (Version: 3.1.00.16230)
VAIO Floral Dusk Wallpaper (Version: 1.0.00.10100)
VAIO Help And Support (Version: 2.10.0424)
VAIO Media (Version: 6.0.10)
VAIO Media 6.0 (Version: 6.0.10)
VAIO Media AC3 Decoder 1.0
VAIO Media Content Collection 6.0
VAIO Media Integrated Server 6.0
VAIO Media Redistribution 6.0 (Version: 6.0.10)
VAIO Media Registration Tool (Version: 6.0.10)
VAIO Media Registration Tool 6.0 (Version: 6.0.10)
VAIO OOBE (Version: 2.00.0502)
VAIO Photo 2007 (Version: 1.0.01.01250)
VAIO Power Management (Version: 2.1.00.16030)
VAIO Productivity Center (Version: 1.00.0329)
VAIO Security Center (Version: 4.00.0314)
VAIO Service Utility (Version: 1.1.1.3)
VAIO Survey (Version: 5.00.2607)
VAIO Teal Whisper Wallpaper (Version: 1.0.00.10100)
VAIO Update 3 (Version: 3.0.01.02050)
VAIO Video & Photo Suite (Version: 1.1.00.13301)
WinDVD for VAIO (Version: 8.0-B8.220)
Wireless Switch Setting Utility (Version: 3.6.00.14270)

========================= Memory info: ===================================

Percentage of memory in use: 50%
Total physical RAM: 2037.69 MB
Available physical RAM: 1003.3 MB
Total Pagefile: 4310.7 MB
Available Pagefile: 3044.99 MB
Total Virtual: 2047.88 MB
Available Virtual: 1949.65 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:141.92 GB) (Free:85.88 GB) NTFS

========================= Users: ========================================

User accounts for \\HOME-OFFICE

Administrator ASPNET Guest
Rebecca Hensley


**** End of log ****

#9 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,220 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:10:22 AM

Posted 14 November 2012 - 05:06 PM

Can you run DDS now and post a new topic?
I think we should get a deeper look. Please follow this Preparation Guide and post in a new topic.
If Gmer won't run,skip it.

Let me know if all went well.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#10 bobmaluga

bobmaluga
  • Topic Starter

  • Members
  • 72 posts
  • OFFLINE
  •  
  • Local time:10:22 AM

Posted 14 November 2012 - 06:25 PM

Hi DDS still wont run it does what I siad in first post everything is the same as my first post.But i get a new error window stating this
at startup
"wisptis.exe Application error The instuction at 0x0277d7f8 referenced memory at 0x0277d7f8 the memory could not be written click ok to terminate
program.

#11 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,220 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:10:22 AM

Posted 15 November 2012 - 11:13 AM

Ok we will eed a deeper look.. Go to the other forum (Step 9 in Guide). Title post ' Cannot run DDS'
Include this link back to here

http://www.bleepingcomputer.com/forums/topic475027.html/page__pid__2895406#entry2895406

Edited by boopme, 15 November 2012 - 11:13 AM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#12 bobmaluga

bobmaluga
  • Topic Starter

  • Members
  • 72 posts
  • OFFLINE
  •  
  • Local time:10:22 AM

Posted 15 November 2012 - 12:19 PM

Hope I did that right the link says my link but it still goes to my main post

I dont use forum tools that much as I said im a dummy with this stuff.

#13 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,220 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:10:22 AM

Posted 15 November 2012 - 02:51 PM

Perfect ...New topic is here
http://www.bleepingcomputer.com/forums/topic475255.html/page__p__2896031#entry2896031
with a rep[ly from gringo. So I will close this one now.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users