Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Music and commercial start playing


  • This topic is locked This topic is locked
9 replies to this topic

#1 jaknb

jaknb

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:10:02 AM

Posted 31 May 2013 - 12:47 PM

Hello,

I am using Windows 7 and Internet Explorer 10.  I have run the latest version of Spybot Search and Destroy and it reports that no immediate threats were found.  I am also running Norton anti virus.  As of late, while on the internet I will get a Norton message that there is high cpu usage, then music and or commercials will start playing, just the audio.  It will come and go and will be only bits and pieces.  I minimize explorer and there is nothing else there.  I ran HijackThis and have attached the log file.  Please review this log file.  Any and all help will be greatly appreciated.

Thanks,

John

Attached Files


Edited by jaknb, 31 May 2013 - 12:50 PM.


BC AdBot (Login to Remove)

 


#2 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:03:02 PM

Posted 31 May 2013 - 01:43 PM

Good evening. :)

As HijackThis has not been seriously updated by Trend Micro in some time, it is now no longer considered to be an effective tool for malware removal. You will need to go here, follow step 6 and post the DDS log and attach the Attach.txt log into your next reply to this thread.


So long, and thanks for all the fish.

 

 


#3 jaknb

jaknb
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:10:02 AM

Posted 31 May 2013 - 03:03 PM

Hello,

Here is the DDS file.  Not sure what to do with the Attach.txt file.  In one place it states to attach, in another it says not to and then in another it says to zip.  Not sure how to zip a file anyway.  I know what a zip file is but have not ever zipped one.

 

Please advise.

Thanks.

John

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16576
Run by Jak at 14:50:29 on 2013-05-31
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.4092.1102 [GMT -5:00]
.
AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe
c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe
C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\Cobian Backup 11\Cobian.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\VIP Access Client\VIPAppService.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Program Files (x86)\Windows Live\Mail\wlmail.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\taskeng.exe
c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\Macromed\Flash\FlashUtil64_11_6_602_180_ActiveX.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
mStart Page = hxxp://start.sweetpacks.com/?src=10&st=12&crg=3.5000006.10045&barid={F09F32A0-C724-11E2-AB1A-001CC0E2DD19}
mWinlogon: Userinit = userinit.exe
BHO: <No Name>: {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Microsoft Money\System\mnyside.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Spybot - Search & Destroy\SDHelper.dll
BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\coieplg.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ips\ipsbho.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - <orphaned>
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\coieplg.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [ABBYY Screenshot Reader Bonus] <no file>
mRun: [Cobian Backup 11] "C:\Program Files (x86)\Cobian Backup 11\Cobian.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: &ieSpell Options - C:\ieSpell\iespell.dll/SPELLOPTION.HTM
IE: Check &Spelling - C:\ieSpell\iespell.dll/SPELLCHECK.HTM
IE: E&xport to Microsoft Excel - C:\MICROS~2\Office14\EXCEL.EXE/3000
IE: Lookup on Merriam Webster - C:\ieSpell\Merriam Webster.HTM
IE: Lookup on Wikipedia - C:\ieSpell\wikipedia.HTM
IE: Open Picture in &Microsoft PhotoDraw - C:\PROGRA~2\MICROS~2\Office\1033\phdintl.dll/phdContext.htm
IE: Se&nd to OneNote - C:\MICROS~2\Office14\ONBttnIE.dll/105
IE: {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\ieSpell\iespell.dll/SPELLCHECK.HTM
IE: {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\ieSpell\iespell.dll/SPELLOPTION.HTM
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Microsoft Office\Office14\ONBttnIE.dll
IE: {5CC5AADB-AD8E-433a-A5DE-46F33901281A} - C:\PC TechZone\Merlin AuctionMagic\IE Toolbar\iebutton.htm
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Spybot - Search & Destroy\SDHelper.dll
IE: {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - {DD6687B5-CB43-4211-BFC9-2942CCBDCB3E} - C:\Microsoft Money\System\mnyside.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 209.18.47.61 209.18.47.62 192.168.1.1
TCP: Interfaces\{61D71D35-EEA3-4F2D-B9A6-EB8ACE4D355E} : DHCPNameServer = 209.18.47.61 209.18.47.62 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Microsoft Office\Office14\GROOVEEX.DLL
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
.
INFO: x64-HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
Hosts: 127.0.0.1    www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\NISx64\1309010.00E\symds64.sys [2013-2-5 451192]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\NISx64\1309010.00E\symefa64.sys [2013-2-5 1129120]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20130515.001\BHDrvx64.sys [2013-5-20 1390680]
R1 ccSet_NIS;Norton Internet Security Settings Manager;C:\Windows\System32\drivers\NISx64\1309010.00E\ccsetx64.sys [2013-2-5 167072]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20130530.001\IDSviA64.sys [2013-5-30 513184]
R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\NISx64\1309010.00E\ironx64.sys [2013-2-5 190072]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\NISx64\1309010.00E\symnets.sys [2013-2-5 405624]
R2 ABBYY.Licensing.PDFTransformer.Classic.3.0;ABBYY PDF Transformer 3.0 Licensing Service;C:\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe [2010-2-1 759048]
R2 cbVSCService11;Cobian Backup 11 Volume Shadow Copy Requester;C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe [2012-12-9 67584]
R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccsvchst.exe [2013-2-5 138272]
R2 PDFProFiltSrvPP;PDFProFiltSrvPP;C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [2010-3-9 144672]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-1-18 383264]
R2 TomTomHOMEService;TomTomHOMEService;C:\TomTom HOME 2\TomTomHOMEService.exe [2013-2-12 93072]
R2 VIPAppService;VIPAppService;C:\VIP Access Client\VIPAppService.exe [2012-11-23 81552]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-10-28 138912]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-6-10 187392]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 BrYNSvc;BrYNSvc;C:\Program Files (x86)\Browny02\BrYNSvc.exe [2012-5-19 245760]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-11-27 19456]
S3 RTL8187B;NETGEAR WG111v3 Wireless-G USB Adapter Win7 Driver;C:\Windows\System32\drivers\wg111v3.sys [2009-11-18 446976]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-11-27 57856]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-2-26 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2013-05-31 15:55:44    --------    d-----w-    C:\Users\Jak\AppData\Local\{61951339-050F-4FBE-9FB7-2DE39B38D70C}
2013-05-30 15:19:54    --------    d-----w-    C:\Users\Jak\AppData\Local\{060FB20E-67F1-4509-9EE7-568AF00F6180}
2013-05-30 12:20:23    --------    d-----w-    C:\Users\Jak\AppData\Local\{C98F13D6-E418-40C2-B9AA-3D387107F7A2}
2013-05-29 15:39:31    --------    d-----w-    C:\Users\Jak\AppData\Local\{5B8730D8-DC1C-46A3-8173-8623643D7AAB}
2013-05-29 03:23:44    --------    d-----w-    C:\Users\Jak\AppData\Local\{0D9B50C9-67C5-4E3E-9BDB-8E7C7CF3F575}
2013-05-28 14:50:50    --------    d-----w-    C:\Users\Jak\AppData\Local\{CA73D6D0-A00F-4C12-B98C-200C460C7422}
2013-05-28 03:19:40    --------    d-----w-    C:\Program Files (x86)\LightScribe Template Labeler
2013-05-27 23:52:29    --------    d-----w-    C:\Program Files (x86)\LightScribe Diagnostic Utility
2013-05-27 23:27:12    829264    ----a-w-    C:\Windows\System32\msvcr100.dll
2013-05-27 23:27:12    608080    ----a-w-    C:\Windows\System32\msvcp100.dll
2013-05-27 15:06:23    --------    d-----w-    C:\Users\Jak\AppData\Local\{3878B53C-E280-4DEF-BB39-0A3E4CEC62F9}
2013-05-27 15:03:58    --------    d-----w-    C:\Users\Jak\AppData\Local\{E2A2E6D1-6D5C-4227-8B53-008F39FEB977}
2013-05-26 16:26:41    --------    d-----w-    C:\Users\Jak\AppData\Local\{2EF3B93B-315C-4608-9FCF-B49425E0FEFC}
2013-05-25 22:45:34    --------    d-----w-    C:\Users\Jak\AppData\Local\{CA5260A3-5C0E-4402-B8B8-66F30C5BE9C9}
2013-05-25 22:39:28    --------    d-----w-    C:\Users\Jak\AppData\Local\{6499F342-557A-48BE-8018-C8C3B6B8CDF7}
2013-05-24 19:21:54    --------    d-----w-    C:\Users\Jak\AppData\Local\{4B8D66A0-60EC-40A7-8C41-39AC85635ECB}
2013-05-24 07:21:43    --------    d-----w-    C:\Users\Jak\AppData\Local\{96BEFF36-F5C3-4FEF-B978-EB2B036F9A32}
2013-05-23 19:21:20    --------    d-----w-    C:\Users\Jak\AppData\Local\{D9216266-36E1-45AE-B0DA-7BB7ACD41138}
2013-05-23 03:10:01    --------    d-----w-    C:\Users\Jak\AppData\Local\{D48E076B-AA09-4A7C-8A89-F5925EC2E448}
2013-05-22 15:03:33    --------    d-----w-    C:\Users\Jak\AppData\Local\{12795A87-995D-4F89-ADFB-5A006F0575AB}
2013-05-22 03:03:10    --------    d-----w-    C:\Users\Jak\AppData\Local\{CFE3CA4C-9FD9-4837-BEF4-5AADCE5E9C91}
2013-05-21 12:56:32    --------    d-----w-    C:\Users\Jak\AppData\Local\{BA8014F2-5789-43FB-9E7D-1897367833D6}
2013-05-20 22:41:32    --------    d-----w-    C:\Users\Jak\AppData\Local\{CBFDE507-88E9-4F0E-8EDD-8678FFF1DEBC}
2013-05-19 18:15:22    --------    d-----w-    C:\Users\Jak\AppData\Local\{60FD1AF8-998A-4ACE-A7A7-94E93E852470}
2013-05-18 14:50:30    --------    d-----w-    C:\Users\Jak\AppData\Local\{4C59CED8-2DA2-4719-BAD5-F6BC981541E8}
2013-05-17 20:54:01    --------    d-----w-    C:\Users\Jak\AppData\Local\{DA2F34D4-0E2A-48D5-990F-43715BA764DD}
2013-05-16 18:28:55    --------    d-----w-    C:\Users\Jak\AppData\Local\{396E5D32-133E-44D0-90F9-DDBF9264D578}
2013-05-15 20:57:57    --------    d-----w-    C:\Users\Jak\AppData\Local\{E1ED96E3-7E5E-4991-9344-AE0FA8D1E854}
2013-05-15 19:19:59    --------    d-----w-    C:\Users\Jak\AppData\Local\{3AFD02E4-D124-46F8-BF6A-C7371AEA095F}
2013-05-15 03:05:07    --------    d-----w-    C:\Users\Jak\AppData\Local\{61D94A14-93CB-4B2E-8908-E7444E348371}
2013-05-15 02:47:38    --------    d-----w-    C:\Users\Jak\AppData\Local\{79B37481-2340-462F-ABCD-3AE92404ACDA}
2013-05-14 12:52:26    --------    d-----w-    C:\Users\Jak\AppData\Local\{297AA824-4405-4573-A2AE-C89E468BAA0C}
2013-05-13 20:58:02    --------    d-----w-    C:\Users\Jak\AppData\Local\{89E127EF-D340-48C8-B1C5-ABFA09C67E78}
2013-05-13 03:08:45    --------    d-----w-    C:\Users\Jak\AppData\Local\{1D7095E2-9C5B-48F0-A245-5CC32C3BF7C6}
2013-05-11 16:05:56    --------    d-----w-    C:\Users\Jak\AppData\Local\{067DE5F3-D436-419E-97EC-7B71024E9A21}
2013-05-10 15:31:16    --------    d-----w-    C:\Users\Jak\AppData\Local\{C2943BFD-AAF2-4A24-832E-1C8318D4C092}
2013-05-10 04:01:38    --------    d-----w-    C:\Program Files\Microsoft Mouse and Keyboard Center
2013-05-09 22:00:55    --------    d-----w-    C:\Users\Jak\Jason Young age
2013-05-09 14:18:00    --------    d-----w-    C:\Users\Jak\AppData\Local\{FD71B6F0-6321-4B5C-B167-B41BA00924A8}
2013-05-09 02:03:24    --------    d-----w-    C:\Users\Jak\AppData\Local\{B5DF2C63-03F7-448B-833E-BFF15E499ED8}
2013-05-08 18:52:07    --------    d-----w-    C:\Users\Jak\My File conversions
2013-05-08 14:01:45    --------    d-----w-    C:\Users\Jak\AppData\Local\{352A045C-616C-4B95-BF1C-5B3EB9357F74}
2013-05-07 17:35:14    --------    d-----w-    C:\Users\Jak\AppData\Local\{31A1FCDC-9B72-4C57-9E8D-75C67E520501}
2013-05-05 19:45:44    --------    d-----w-    C:\Users\Jak\AppData\Local\{78847951-47DB-4E8F-9235-ED6D3AB1FBAF}
2013-05-04 15:20:50    --------    d-----w-    C:\Users\Jak\AppData\Local\{74B822C9-DF67-4991-9492-3EE4546A1E31}
2013-05-03 21:14:10    --------    d-----w-    C:\Users\Jak\AppData\Local\{6226A695-9415-46AD-BF5E-F724E2A57B6B}
2013-05-03 02:41:15    --------    d-----w-    C:\Users\Jak\AppData\Local\{BC2F3FDC-3452-4781-947D-A877A4F01A76}
2013-05-02 14:21:48    --------    d-----w-    C:\Users\Jak\AppData\Local\{0EE38D83-707C-487A-9501-FF147B627D9D}
2013-05-01 20:03:06    --------    d-----w-    C:\Users\Jak\AppData\Local\{6160AA43-8D81-44A4-A717-114FCDC562F2}
.
==================== Find3M  ====================
.
2013-04-13 05:49:23    135168    ----a-w-    C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49:19    350208    ----a-w-    C:\Windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49:19    308736    ----a-w-    C:\Windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49:19    111104    ----a-w-    C:\Windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45:16    474624    ----a-w-    C:\Windows\apppatch\AcSpecfc.dll
2013-04-13 04:45:15    2176512    ----a-w-    C:\Windows\apppatch\AcGenral.dll
2013-04-12 14:45:08    1656680    ----a-w-    C:\Windows\System32\drivers\ntfs.sys
2013-04-10 06:01:54    265064    ----a-w-    C:\Windows\System32\drivers\dxgmms1.sys
2013-04-10 06:01:53    983400    ----a-w-    C:\Windows\System32\drivers\dxgkrnl.sys
2013-04-10 03:30:50    3153920    ----a-w-    C:\Windows\System32\win32k.sys
2013-04-07 01:45:36    208216    ----a-w-    C:\Windows\System32\drivers\97566212.sys
2013-04-05 06:52:14    2242048    ----a-w-    C:\Windows\System32\wininet.dll
2013-04-05 06:50:36    3958784    ----a-w-    C:\Windows\System32\jscript9.dll
2013-04-05 06:50:31    67072    ----a-w-    C:\Windows\System32\iesetup.dll
2013-04-05 06:50:31    136704    ----a-w-    C:\Windows\System32\iesysprep.dll
2013-04-05 05:28:24    1767424    ----a-w-    C:\Windows\SysWow64\wininet.dll
2013-04-05 05:26:26    2877440    ----a-w-    C:\Windows\SysWow64\jscript9.dll
2013-04-05 05:26:21    61440    ----a-w-    C:\Windows\SysWow64\iesetup.dll
2013-04-05 05:26:21    109056    ----a-w-    C:\Windows\SysWow64\iesysprep.dll
2013-04-05 04:43:00    2706432    ----a-w-    C:\Windows\System32\mshtml.tlb
2013-04-05 04:29:45    2706432    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2013-04-05 03:51:11    89600    ----a-w-    C:\Windows\System32\RegisterIEPKEYs.exe
2013-04-05 03:38:25    71680    ----a-w-    C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-03-31 18:14:01    73432    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-03-31 18:14:01    693976    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2013-03-19 06:04:06    5550424    ----a-w-    C:\Windows\System32\ntoskrnl.exe
2013-03-19 05:53:58    48640    ----a-w-    C:\Windows\System32\wwanprotdim.dll
2013-03-19 05:53:58    230400    ----a-w-    C:\Windows\System32\wwansvc.dll
2013-03-19 05:46:56    43520    ----a-w-    C:\Windows\System32\csrsrv.dll
2013-03-19 05:04:13    3968856    ----a-w-    C:\Windows\SysWow64\ntkrnlpa.exe
2013-03-19 05:04:10    3913560    ----a-w-    C:\Windows\SysWow64\ntoskrnl.exe
2013-03-19 04:47:50    6656    ----a-w-    C:\Windows\SysWow64\apisetschema.dll
2013-03-19 03:06:33    112640    ----a-w-    C:\Windows\System32\smss.exe
.
============= FINISH: 14:52:26.02 ===============
 

Attached Files

  • Attached File  DDS.txt   19.36KB   1 downloads

Edited by Noviciate, 31 May 2013 - 03:30 PM.
Added log from attachment.


#4 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:03:02 PM

Posted 31 May 2013 - 03:36 PM

In one place it states to attach, in another it says not to and then in another it says to zip.

 

Can you tell me where it says not to attach the file or to zip it.


So long, and thanks for all the fish.

 

 


#5 jaknb

jaknb
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:10:02 AM

Posted 31 May 2013 - 03:47 PM

This is what it states right at the beginning of the Attach.txt.log    "UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT"

 

I can send it if you want.  just don't know how to zip.

 

Thanks,

John



#6 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:03:02 PM

Posted 31 May 2013 - 05:23 PM

Will you just copy and paste the contents of Attach.txt into your next reply.


So long, and thanks for all the fish.

 

 


#7 jaknb

jaknb
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:10:02 AM

Posted 31 May 2013 - 05:28 PM

Ok, here it is.  Thanks

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 2/26/2012 1:39:53 AM
System Uptime: 5/31/2013 10:09:04 AM (4 hours ago)
.
Motherboard: Intel Corporation |  | DG41RQ
Processor: Pentium® Dual-Core  CPU      E5300  @ 2.60GHz | J2E1 | 2600/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 466 GiB total, 279.702 GiB free.
D: is CDROM ()
E: is Removable
F: is Removable
G: is Removable
H: is Removable
I: is Removable
J: is CDROM ()
K: is Removable
L: is Removable
M: is FIXED (NTFS) - 466 GiB total, 291.676 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP196: 5/29/2013 11:47:26 AM - Scheduled Checkpoint
.
==== Installed Programs ======================
.
ABBYY PDF Transformer 3.0
Adobe Flash Player 11 ActiveX
Adobe Reader XI (11.0.03)
Apple Mobile Device Support
Apple Software Update
Bonjour
Brother MFL-Pro Suite MFC-J430W
CCleaner
Cisco Connect
Cobian Backup 11 Gravity
D3DX10
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Defraggler
Free MP3 Cutter 1.01
Free YouTube Downloader 3.5.134
FrostWire 5.3.8
Google Earth
Google Update Helper
HiJackThis
honestech VHS to DVD 4.0 Plus
ieSpell
iTunes
Java Auto Updater
Java™ 6 Update 24
Junk Mail filter update
LightScribe Applications
LightScribe Diagnostic Utility
LightScribe System Software
LightScribe Template Designs - Animal Pack 1
LightScribe Template Designs - Athletic Pack 1
LightScribe Template Designs - Celebration Pack 1
LightScribe Template Designs - Holiday Pack 1
LightScribe Template Designs - Kids Korner Pack 1
LightScribe Template Designs - Life Events Pack 1
LightScribe Template Designs - Memories
LightScribe Template Designs - Pets Pack 1
LightScribe Template Designs - RoadTrip
LightScribe Template Designs - Special Occasion Pack 1
LightScribe Template Designs - Sports Pack 1
LightScribe Template Designs - Travel Pack 1
LightScribe Template Labeler
Merlin AuctionMagic
Mesh Runtime
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Money 2003
Microsoft Money 2003 System Pack
Microsoft Mouse and Keyboard Center
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access database engine 2007 (English)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office Office 64-bit Components 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared 64-bit MUI (English) 2010
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft PhotoDraw 2000 V2
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Streets & Trips 2010
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable Package
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB2721691)
MSXML 4.0 SP3 Parser (KB2758694)
MSXML 4.0 SP3 Parser (KB973685)
Norton Internet Security
Nuance PaperPort 12
NVIDIA 3D Vision Controller Driver 296.10
NVIDIA 3D Vision Driver 311.06
NVIDIA Control Panel 311.06
NVIDIA Graphics Driver 311.06
NVIDIA Install Application
NVIDIA PhysX
NVIDIA PhysX System Software 9.12.0213
NVIDIA Stereoscopic 3D Driver
NVIDIA Update 1.11.3
NVIDIA Update Components
OLYMPUS CAMEDIA Master 2.5
PaperPort Image Printer 64-bit
QuickTime
Recuva
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition
Security Update for Microsoft Filter Pack 2.0 (KB2553501) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2687422) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2760406) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687501) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition
Security Update for Microsoft OneNote 2010 (KB2760600) 32-Bit Edition
Security Update for Microsoft Publisher 2010 (KB2553147) 32-Bit Edition
Security Update for Microsoft Visio 2010 (KB2810068) 32-Bit Edition
Security Update for Microsoft Visio Viewer 2010 (KB2687505) 32-Bit Edition
Security Update for Microsoft Word 2010 (KB2760410) 32-Bit Edition
SereneScreen Marine Aquarium 3
Speccy
Spybot - Search & Destroy
TomTom HOME
TomTom HOME Visual Studio Merge Modules
Tyre
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition
USB2.0 VIDBOX NW03, NW06
Video Edit Master
VIP Access
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Youtube Music Downloader 5.0
.
==== Event Viewer Messages From Past Week ========
.
5/31/2013 12:58:55 PM, Error: Microsoft-Windows-DistributedCOM [10016]  - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {D3DCB472-7261-43CE-924B-0704BD730D5F}  and APPID  {D3DCB472-7261-43CE-924B-0704BD730D5F}  to the user Jak-Workroom\Jak SID (S-1-5-21-1811317376-1043059874-2995279997-1001) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
5/31/2013 12:58:55 PM, Error: Microsoft-Windows-DistributedCOM [10016]  - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {145B4335-FE2A-4927-A040-7C35AD3180EF}  and APPID  {145B4335-FE2A-4927-A040-7C35AD3180EF}  to the user Jak-Workroom\Jak SID (S-1-5-21-1811317376-1043059874-2995279997-1001) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
5/31/2013 11:18:45 AM, Error: Service Control Manager [7032]  - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error:  An instance of the service is already running.
5/31/2013 11:18:45 AM, Error: Service Control Manager [7032]  - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Multimedia Class Scheduler service, but this action failed with the following error:  An instance of the service is already running.
5/31/2013 11:16:45 AM, Error: Service Control Manager [7034]  - The Application Information service terminated unexpectedly.  It has done this 1 time(s).
5/31/2013 11:16:45 AM, Error: Service Control Manager [7031]  - The Windows Update service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
5/31/2013 11:16:45 AM, Error: Service Control Manager [7031]  - The Windows Management Instrumentation service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
5/31/2013 11:16:45 AM, Error: Service Control Manager [7031]  - The User Profile Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
5/31/2013 11:16:45 AM, Error: Service Control Manager [7031]  - The Themes service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
5/31/2013 11:16:45 AM, Error: Service Control Manager [7031]  - The Task Scheduler service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
5/31/2013 11:16:45 AM, Error: Service Control Manager [7031]  - The System Event Notification Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
5/31/2013 11:16:45 AM, Error: Service Control Manager [7031]  - The Shell Hardware Detection service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
5/31/2013 11:16:45 AM, Error: Service Control Manager [7031]  - The Server service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
5/31/2013 11:16:45 AM, Error: Service Control Manager [7031]  - The Multimedia Class Scheduler service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
5/31/2013 11:16:45 AM, Error: Service Control Manager [7031]  - The IKE and AuthIP IPsec Keying Modules service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
5/31/2013 11:16:45 AM, Error: Service Control Manager [7031]  - The Extensible Authentication Protocol service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
5/31/2013 11:16:45 AM, Error: Service Control Manager [7031]  - The Background Intelligent Transfer Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
5/31/2013 11:16:45 AM, Error: Service Control Manager [7000]  - The Application Experience service failed to start due to the following error:  The pipe has been ended.
5/31/2013 10:12:50 AM, Error: Service Control Manager [7038]  - The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error:  Logon failure: the specified account password has expired. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
5/31/2013 10:12:50 AM, Error: Service Control Manager [7000]  - The NVIDIA Update Service Daemon service failed to start due to the following error:  The service did not start due to a logon failure.
5/31/2013 10:10:22 AM, Error: Service Control Manager [7023]  - The Computer Browser service terminated with the following error:  The specified service does not exist as an installed service.
5/31/2013 10:10:19 AM, Error: Service Control Manager [7023]  - The Function Discovery Resource Publication service terminated with the following error:  %%-2147024891
5/31/2013 10:09:45 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001]  - The computer has rebooted from a bugcheck.  The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff80002f71bba, 0x0000000000000001, 0x0000000000000018). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 053113-31184-01.
5/31/2013 10:07:03 AM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Base Filtering Engine service to connect.
5/31/2013 10:07:03 AM, Error: Service Control Manager [7000]  - The Base Filtering Engine service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
5/30/2013 7:06:55 AM, Error: Microsoft-Windows-WMPNSS-Service [14332]  - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
5/30/2013 7:03:55 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001]  - The computer has rebooted from a bugcheck.  The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffffa80051d9610, 0x0000000000000000, 0x000007fffffa8000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 053013-48656-01.
5/30/2013 7:01:53 PM, Error: Service Control Manager [7034]  - The Windows Management Instrumentation service terminated unexpectedly.  It has done this 5 time(s).
5/30/2013 7:01:53 PM, Error: Service Control Manager [7031]  - The Background Intelligent Transfer Service service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
5/30/2013 6:56:57 PM, Error: Service Control Manager [7034]  - The Windows Management Instrumentation service terminated unexpectedly.  It has done this 4 time(s).
5/30/2013 6:56:57 PM, Error: Service Control Manager [7034]  - The User Profile Service service terminated unexpectedly.  It has done this 4 time(s).
5/30/2013 6:56:57 PM, Error: Service Control Manager [7034]  - The Multimedia Class Scheduler service terminated unexpectedly.  It has done this 5 time(s).
5/30/2013 10:21:10 AM, Error: Service Control Manager [7034]  - The Multimedia Class Scheduler service terminated unexpectedly.  It has done this 4 time(s).
5/30/2013 10:21:10 AM, Error: Service Control Manager [7034]  - The Application Experience service terminated unexpectedly.  It has done this 3 time(s).
5/30/2013 10:16:22 AM, Error: Service Control Manager [7034]  - The Windows Management Instrumentation service terminated unexpectedly.  It has done this 3 time(s).
5/30/2013 10:16:22 AM, Error: Service Control Manager [7034]  - The User Profile Service service terminated unexpectedly.  It has done this 3 time(s).
5/30/2013 10:16:22 AM, Error: Service Control Manager [7034]  - The Themes service terminated unexpectedly.  It has done this 3 time(s).
5/30/2013 10:16:22 AM, Error: Service Control Manager [7034]  - The Task Scheduler service terminated unexpectedly.  It has done this 3 time(s).
5/30/2013 10:16:22 AM, Error: Service Control Manager [7034]  - The System Event Notification Service service terminated unexpectedly.  It has done this 3 time(s).
5/30/2013 10:16:22 AM, Error: Service Control Manager [7034]  - The Server service terminated unexpectedly.  It has done this 3 time(s).
5/30/2013 10:16:22 AM, Error: Service Control Manager [7034]  - The Multimedia Class Scheduler service terminated unexpectedly.  It has done this 3 time(s).
5/30/2013 10:16:22 AM, Error: Service Control Manager [7034]  - The IKE and AuthIP IPsec Keying Modules service terminated unexpectedly.  It has done this 3 time(s).
5/30/2013 10:16:22 AM, Error: Service Control Manager [7034]  - The Extensible Authentication Protocol service terminated unexpectedly.  It has done this 3 time(s).
5/30/2013 10:16:22 AM, Error: Service Control Manager [7031]  - The Application Experience service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
5/30/2013 10:11:01 AM, Error: Service Control Manager [7034]  - The Windows Update service terminated unexpectedly.  It has done this 2 time(s).
5/30/2013 10:11:01 AM, Error: Service Control Manager [7031]  - The Windows Management Instrumentation service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 300000 milliseconds: Restart the service.
5/30/2013 10:11:01 AM, Error: Service Control Manager [7031]  - The User Profile Service service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 300000 milliseconds: Restart the service.
5/30/2013 10:11:01 AM, Error: Service Control Manager [7031]  - The Themes service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
5/30/2013 10:11:01 AM, Error: Service Control Manager [7031]  - The Task Scheduler service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
5/30/2013 10:11:01 AM, Error: Service Control Manager [7031]  - The System Event Notification Service service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 300000 milliseconds: Restart the service.
5/30/2013 10:11:01 AM, Error: Service Control Manager [7031]  - The Server service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
5/30/2013 10:11:01 AM, Error: Service Control Manager [7031]  - The Multimedia Class Scheduler service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 300000 milliseconds: Restart the service.
5/30/2013 10:11:01 AM, Error: Service Control Manager [7031]  - The IKE and AuthIP IPsec Keying Modules service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 300000 milliseconds: Restart the service.
5/30/2013 10:11:01 AM, Error: Service Control Manager [7031]  - The Extensible Authentication Protocol service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
5/30/2013 10:11:01 AM, Error: Service Control Manager [7031]  - The Application Experience service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
5/30/2013 10:00:38 AM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AeLookupSvc service.
5/30/2013 10:00:38 AM, Error: Service Control Manager [7000]  - The Application Experience service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
5/28/2013 8:01:52 PM, Error: volsnap [36]  - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
.
==== End Of File ===========================
 



#8 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:03:02 PM

Posted 01 June 2013 - 01:29 PM

Good evening. :)

Pay a visit to the ESET Online Scanner.

  • Click the ESET Online Scanner button and a new window will open - you may need to maximise it.
  • Click the Run ESET Online Scanner button in the new window.
  • If you are using any other browser than IE, you will be prompted to download and run esetsmartinstaller_enu.exe and the scan will run from within the window that the executable opens.
  • Regardless of which browser you are using, you will be shown some terms and conditions and you will need to accept these to continue.
  • If you are running IE for this scan you will then be prompted to allow an ActiveX component to be downloaded, unless you already have it installed, and the scan will run inside IE.
  • When you see the Computer Scan Settings window, you will need to make the following changes:

    • UNCHECK Remove found threats - this is important.
    • Check Scan archives
    • Click on Advanced settings
    • Check Scan for potentially unsafe applications
  • Once ready, click Start to begin - not a surprise really!
  • The anti-virus definitions will now be downloaded, so don't forget to allow them through your firewall if prompted.
  • The above will take a little time, so now is a good time to fire up the kettle and open the biccies.
  • Once the scan has completed you will be shown the results - assuming that the scanner has found anything.
  • Click List of found threats and then Export to text file... and save the log somewhere convenient.
  • You can then close out the scanner - don't bother uninstalling it as you may need to use it again.
  • Please post the contents of this file in your next reply, or let me know that nothing was identified.


So long, and thanks for all the fish.

 

 


#9 jaknb

jaknb
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:10:02 AM

Posted 02 June 2013 - 11:50 AM

May have asked for help to late. Blue screen. Took in 4 repair.

#10 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:03:02 PM

Posted 02 June 2013 - 02:38 PM

Thanks for letting me know.


So long, and thanks for all the fish.

 

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users