Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infections Keep Returning


  • This topic is locked This topic is locked
13 replies to this topic

#1 pedro101

pedro101

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:23 PM

Posted 22 August 2013 - 12:54 PM

Hey all,

I would really appreciate any help here. My problem is that I have viruses and spyware. When I run Superantispyware and Malewarebytes, they usually find like 60 problems, and they fix them. However, the problems keep returning and slowing my computer down, sometimes to a stand-still. I pasted my most recent log of Hijack-this below. Anyone notice anything, or can possibly provide recommendations to fix this recurring virus? Thanks! Pedro

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 7:35:50 PM, on 8/22/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v10.0 (10.00.9200.16660)
 
 
Boot mode: Normal
 
Running processes:
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Users\Pedro\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Users\Pedro\AppData\Roaming\Spotify\spotify.exe
C:\Program Files (x86)\StrongVPN\StrongDial.exe
C:\Users\Pedro\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe
C:\Users\Pedro\Desktop\Antivirus\HijackThis.exe
 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
O4 - HKCU\..\Run: [Spotify Web Helper] "C:\Users\Pedro\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Spotify] "C:\Users\Pedro\AppData\Roaming\Spotify\spotify.exe" /uri spotify:autostart
O4 - HKCU\..\Run: [StrongVPN Client] "C:\Program Files (x86)\StrongVPN\StrongDial.exe" --silent
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: Dropbox.lnk = Pedro\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Startup: OpenOffice.org 3.4.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2CDCE1AF-C0A1-442A-9EE9-6BAB85EDA6C8}: NameServer = 8.8.8.8 8.8.4.4
O17 - HKLM\System\CCS\Services\Tcpip\..\{73121C67-1583-4164-9C88-C68670D7DDD6}: NameServer = 8.8.8.8 8.8.4.4
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: FABS - Helping agent for MAGIX media database (Fabs) - MAGIX AG - C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe
O23 - Service: FLEXnet Licensing Service - Flexera Software, Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: PACE License Services (PaceLicenseDServices) - PACE Anti-Piracy, Inc. - C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe
O23 - Service: Common Client Job Manager Service (PCCUJobMgr) - Symantec Corporation - C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: SMART Helper Service (SMARTHelperService) - SMART Technologies - C:\Program Files (x86)\SMART Technologies\Education Software\SMARTHelperService.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: StrongVPN Service - Black Oak Computers, Inc. - C:\Program Files (x86)\StrongVPN\StrongService.exe
O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - Unknown owner - C:\windows\system32\TODDSrv.exe (file missing)
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA HDD SSD Alert Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel® Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
 
--
End of file - 8626 bytes
 

 



BC AdBot (Login to Remove)

 


#2 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:04:23 AM

Posted 22 August 2013 - 03:15 PM

Good evening. :)

 

As HijackThis has not been seriously updated by Trend Micro in some time, it is now no longer considered to be an effective tool for malware removal. You will need to go here, follow steps 6, 7 and 8 and post accordingly into this thread.

 

Will you also post the latest logs from both the scanners that are detecting the malware in question.


So long, and thanks for all the fish.

 

 


#3 pedro101

pedro101
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:23 PM

Posted 22 August 2013 - 09:09 PM

Novicate, 

 

Thanks much for the response! Here's my DDS log:

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 10.0.9200.16660
Run by Pedro at 9:42:56 on 2013-08-23
.
============== Running Processes ================
.
C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe
C:\Program Files (x86)\SMART Technologies\Education Software\SMARTHelperService.exe
C:\Program Files (x86)\StrongVPN\StrongService.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Users\Pedro\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Users\Pedro\AppData\Roaming\Spotify\spotify.exe
C:\Program Files (x86)\StrongVPN\StrongDial.exe
C:\Users\Pedro\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
.
============== Pseudo HJT Report ===============
.
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [Spotify Web Helper] "C:\Users\Pedro\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [Spotify] "C:\Users\Pedro\AppData\Roaming\Spotify\spotify.exe" /uri spotify:autostart
uRun: [StrongVPN Client] "C:\Program Files (x86)\StrongVPN\StrongDial.exe" --silent
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{2CDCE1AF-C0A1-442A-9EE9-6BAB85EDA6C8} : NameServer = 8.8.8.8 8.8.4.4
TCP: Interfaces\{31D3DC80-3C44-45C6-9953-E38852C72E5D} : DHCPNameServer = 192.168.88.254
TCP: Interfaces\{7BB9B801-1CCB-4FD3-944A-F52708AC4715} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{7BB9B801-1CCB-4FD3-944A-F52708AC4715}\25577616F6 : NameServer = 202.96.134.133
TCP: Interfaces\{7BB9B801-1CCB-4FD3-944A-F52708AC4715}\25577616F6 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{7BB9B801-1CCB-4FD3-944A-F52708AC4715}\4505D2C494E4B423438383330303 : NameServer = 202.96.134.133
TCP: Interfaces\{7BB9B801-1CCB-4FD3-944A-F52708AC4715}\4505D2C494E4B423438383330303 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{7BB9B801-1CCB-4FD3-944A-F52708AC4715}\4505D2C494E4B4F5237353133343 : NameServer = 202.96.134.133
TCP: Interfaces\{7BB9B801-1CCB-4FD3-944A-F52708AC4715}\4505D2C494E4B4F5237353133343 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{7BB9B801-1CCB-4FD3-944A-F52708AC4715}\4505D2C494E4B4F5835493633363 : DHCPNameServer = 202.96.128.166 202.96.134.133
TCP: Interfaces\{7BB9B801-1CCB-4FD3-944A-F52708AC4715}\64143545D2A4A5 : NameServer = 202.96.134.133
TCP: Interfaces\{7BB9B801-1CCB-4FD3-944A-F52708AC4715}\64143545D2A4A5 : DHCPNameServer = 172.16.1.114 172.16.1.113
TCP: Interfaces\{7BB9B801-1CCB-4FD3-944A-F52708AC4715}\6594C4C4147454 : NameServer = 202.96.134.133
TCP: Interfaces\{7BB9B801-1CCB-4FD3-944A-F52708AC4715}\6594C4C4147454 : DHCPNameServer = 192.168.11.254
TCP: Interfaces\{7C48C71D-34BC-4651-826C-D336D4147810} : DHCPNameServer = 68.28.138.132 68.28.137.132
TCP: Interfaces\{B828D6DF-BFA6-4D7B-A8CB-E0DCA29650F6} : NameServer = 8.8.8.8 8.8.4.4
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.57\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [IgfxTray] C:\windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\windows\System32\igfxpers.exe
x64-Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe /t
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [TPwrMain] C:\Program Files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
x64-Run: [TCrdMain] C:\Program Files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
x64-Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe
x64-Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
x64-Run: [TosNC] C:\Program Files (x86)\Toshiba\BulletinBoard\TosNcCore.exe
x64-Run: [TosReelTimeMonitor] C:\Program Files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R? Application Updater;Application Updater
R? baidupcsuiteservice.exe;baidupcsuiteservice.exe
R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86
R? clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64
R? dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.)
R? FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance
R? RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader
R? SkypeUpdate;Skype Updater
R? TMachInfo;TMachInfo
R? TsUsbFlt;TsUsbFlt
R? TsUsbGD;Remote Desktop Generic USB Device
R? US122;US122 Driver
R? US122DL;US122 Firmware Downloader
R? US122WdmService;US122 Wdm Audio
R? WatAdminSvc;Windows Activation Technologies Service
R? wlcrasvc;Windows Live Mesh remote connections service
S? !SASCORE;SAS Core Service
S? Fabs;FABS - Helping agent for MAGIX media database
S? FwLnk;FwLnk Driver
S? L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller
S? PaceLicenseDServices;PACE License Services
S? PCCUJobMgr;Common Client Job Manager Service
S? PGEffect;Pangu effect driver
S? RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver
S? SASDIFSV;SASDIFSV
S? SASKUTIL;SASKUTIL
S? SBSDWSCService;SBSD Security Center Service
S? SMARTHelperService;SMART Helper Service
S? SMARTMouseFilterx64;HID-compliant mouse
S? SMARTVHidMiniVistaAmd64;SMART HID Device
S? SMARTVTabletPCx64;SMART Virtual TabletPC
S? StrongVPN Service;StrongVPN Service
S? tapklink;Klink Virtual Network Adapter
S? tapstrong;StrongVPN Adapter
S? tos_sps64;TOSHIBA tos_sps64 Service
S? TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service
S? UNS;Intel® Management and Security Application User Notification Service
.
=============== Created Last 30 ================
.
2013-08-22 20:56:01 76232 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{BBC13C48-E3F2-4494-94DF-64D395B4C4DC}\offreg.dll
2013-08-22 12:26:09 -------- d-sh--w- C:\$RECYCLE.BIN
2013-08-22 08:32:28 98816 ----a-w- C:\windows\sed.exe
2013-08-22 08:32:28 256000 ----a-w- C:\windows\PEV.exe
2013-08-22 08:32:28 208896 ----a-w- C:\windows\MBR.exe
2013-08-21 06:51:45 17737608 ----a-w- C:\windows\SysWow64\FlashPlayerInstaller.exe
2013-08-21 02:05:08 9460976 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{BBC13C48-E3F2-4494-94DF-64D395B4C4DC}\mpengine.dll
2013-08-20 04:53:29 -------- d-----w- C:\Program Files\CCleaner
2013-08-19 03:46:32 -------- d-----w- C:\Users\Pedro\AppData\Roaming\SUPERAntiSpyware.com
2013-08-19 03:46:21 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2013-08-19 03:46:21 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2013-08-18 12:38:02 -------- d-----w- C:\Users\Pedro\AppData\Roaming\Mobile Card
2013-08-18 12:36:01 -------- d-----w- C:\Program Files\Mobile Card
2013-08-18 12:35:56 -------- d-----w- C:\InstallC112
2013-08-15 04:36:42 76136 ----a-w- C:\windows\SysWow64\StrongService.exe
2013-08-15 04:36:41 413032 ----a-w- C:\windows\SysWow64\Newtonsoft.Json.dll
2013-08-15 04:36:41 319336 ----a-w- C:\windows\SysWow64\StrongHelper.exe
2013-08-15 04:36:41 226664 ----a-w- C:\windows\SysWow64\DotRas.dll
2013-08-15 04:36:39 1402728 ----a-w- C:\windows\SysWow64\StrongDial.exe
2013-08-15 01:42:17 224256 ----a-w- C:\windows\System32\wintrust.dll
2013-08-15 01:42:17 175104 ----a-w- C:\windows\SysWow64\wintrust.dll
2013-08-15 01:42:17 1472512 ----a-w- C:\windows\System32\crypt32.dll
2013-08-15 01:42:17 1166848 ----a-w- C:\windows\SysWow64\crypt32.dll
2013-08-15 01:42:16 184320 ----a-w- C:\windows\System32\cryptsvc.dll
2013-08-15 01:42:16 140288 ----a-w- C:\windows\SysWow64\cryptsvc.dll
2013-08-15 01:42:16 139776 ----a-w- C:\windows\System32\cryptnet.dll
2013-08-15 01:42:16 103936 ----a-w- C:\windows\SysWow64\cryptnet.dll
2013-08-14 18:18:16 -------- d-----w- C:\Program Files (x86)\FreeRIP Toolbar
2013-08-14 18:18:16 -------- d-----w- C:\Program Files (x86)\Application Updater
2013-08-01 08:20:50 -------- d-----w- C:\Users\Pedro\.android
2013-08-01 08:20:12 -------- d-----w- C:\Users\Pedro\AppData\Roaming\baidu
2013-07-30 08:40:41 -------- d-----w- C:\ProgramData\EA Logs
.
==================== Find3M  ====================
.
2013-08-21 06:52:01 71048 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-08-21 06:52:01 692104 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2013-08-13 02:48:52 35520 ----a-w- C:\windows\System32\drivers\tapstrong.sys
2013-07-26 05:13:37 2241024 ----a-w- C:\windows\System32\wininet.dll
2013-07-26 05:12:08 3958784 ----a-w- C:\windows\System32\jscript9.dll
2013-07-26 05:12:04 136704 ----a-w- C:\windows\System32\iesysprep.dll
2013-07-26 05:12:03 67072 ----a-w- C:\windows\System32\iesetup.dll
2013-07-26 03:35:08 2706432 ----a-w- C:\windows\System32\mshtml.tlb
2013-07-26 03:13:24 1767936 ----a-w- C:\windows\SysWow64\wininet.dll
2013-07-26 03:12:04 2877440 ----a-w- C:\windows\SysWow64\jscript9.dll
2013-07-26 03:12:00 61440 ----a-w- C:\windows\SysWow64\iesetup.dll
2013-07-26 03:12:00 109056 ----a-w- C:\windows\SysWow64\iesysprep.dll
2013-07-26 02:49:14 2706432 ----a-w- C:\windows\SysWow64\mshtml.tlb
2013-07-26 02:39:38 89600 ----a-w- C:\windows\System32\RegisterIEPKEYs.exe
2013-07-26 01:59:38 71680 ----a-w- C:\windows\SysWow64\RegisterIEPKEYs.exe
2013-07-25 09:25:54 1888768 ----a-w- C:\windows\System32\WMVDECOD.DLL
2013-07-25 08:57:27 1620992 ----a-w- C:\windows\SysWow64\WMVDECOD.DLL
2013-07-19 01:58:42 2048 ----a-w- C:\windows\System32\tzres.dll
2013-07-19 01:41:01 2048 ----a-w- C:\windows\SysWow64\tzres.dll
2013-07-09 06:03:30 5550528 ----a-w- C:\windows\System32\ntoskrnl.exe
2013-07-09 05:54:22 1732032 ----a-w- C:\windows\System32\ntdll.dll
2013-07-09 05:53:12 243712 ----a-w- C:\windows\System32\wow64.dll
2013-07-09 05:51:16 1217024 ----a-w- C:\windows\System32\rpcrt4.dll
2013-07-09 05:03:34 3968960 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe
2013-07-09 05:03:34 3913664 ----a-w- C:\windows\SysWow64\ntoskrnl.exe
2013-07-09 04:53:47 1292192 ----a-w- C:\windows\SysWow64\ntdll.dll
2013-07-09 04:52:33 663552 ----a-w- C:\windows\SysWow64\rpcrt4.dll
2013-07-09 04:52:33 5120 ----a-w- C:\windows\SysWow64\wow32.dll
2013-07-09 04:45:07 44032 ----a-w- C:\windows\apppatch\acwow64.dll
2013-07-09 02:49:42 25600 ----a-w- C:\windows\SysWow64\setup16.exe
2013-07-09 02:49:41 7680 ----a-w- C:\windows\SysWow64\instnm.exe
2013-07-09 02:49:39 14336 ----a-w- C:\windows\SysWow64\ntvdm64.dll
2013-07-09 02:49:38 2048 ----a-w- C:\windows\SysWow64\user.exe
2013-07-06 06:03:53 1910208 ----a-w- C:\windows\System32\drivers\tcpip.sys
2013-07-02 17:36:24 447752 ----a-w- C:\windows\SysWow64\vp6vfw.dll
2013-06-15 04:32:16 39936 ----a-w- C:\windows\System32\drivers\tssecsrv.sys
2013-06-05 03:34:27 3153920 ----a-w- C:\windows\System32\win32k.sys
2013-06-04 06:00:13 624128 ----a-w- C:\windows\System32\qedit.dll
2013-06-04 04:53:07 509440 ----a-w- C:\windows\SysWow64\qedit.dll
2013-06-04 01:15:02 103448 ----a-w- C:\windows\System32\drivers\ssudbus.sys
.
============= FINISH:  9:52:19.79 ===============


#4 pedro101

pedro101
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:23 PM

Posted 23 August 2013 - 09:43 PM

Here's more info - Before I discovered this thread, I also ran combofix. It seemed to help, but I read on here later that I shouldn't have run it until the analysis here was performed. However, I unfortunately read that info a bit too late. Anyways, my laptop's performance has definitely improved since running combofix. It seems almost normal much of the time now. However, it's not quite normal yet. It still is extremely slow sometimes, especially when coming out of sleep mode. Yet I notice that if I wait, my computer seems to eventually "catch up" or speed up again. But the wait can be a good 10 or 15 minutes before this happens. Still, the speed has improved greatly since the combofix scan, and most of the time my laptop seems almost normal again. However, because of the sometimes extremely slow speed, I still have fears that there are some viruses lurking about, so the log read would be helpful. Thanks much!



#5 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:04:23 AM

Posted 24 August 2013 - 02:22 PM

Good evening. :)

Will you post the contents of attach.txt that should have been created when you ran DDS.


So long, and thanks for all the fish.

 

 


#6 pedro101

pedro101
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:23 PM

Posted 25 August 2013 - 04:52 AM

Sure thanks!

 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium 
Boot Device: \Device\HarddiskVolume1
Install Date: 4/27/2012 1:30:36 PM
System Uptime: 8/22/2013 10:34:45 PM (11 hours ago)
.
Motherboard: TOSHIBA |  | Portable PC
Processor: Intel® Core™ i3-2350M CPU @ 2.30GHz | CPU | 782/1333mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 451 GiB total, 318.649 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP248: 8/18/2013 1:17:54 AM - Scheduled Checkpoint
RP249: 8/20/2013 11:52:34 PM - Removed Skype Click to Call
RP250: 8/21/2013 10:04:33 AM - Windows Update
RP251: 8/21/2013 1:25:31 PM - Removed HP Deskjet 1000 J110 series Basic Device Software
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Digital Editions 2.0
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X MUI
Amazon Cloud Drive
Amazon Kindle
Amazon MP3 Downloader 1.0.17
Anti-phishing Domain Advisor
Apple Application Support
Apple Software Update
ASIO4ALL
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver
Audacity 1.3.13 (Unicode)
BestPractice (remove only)
Bing Rewards Client Installer
CCleaner
ClipConverter
CMBEdit
Conexant HD Audio
D3DX10
DesignPro 5
Dropbox
Epubsoft Ebook Converter 5.4.3.6000
Faveset Klink
Firebird SQL Server - MAGIX Edition
FL Studio 10
FreeRIP Toolbar v7.4
FreeRIP3 3.70
Google Chrome
Google Earth Plug-in
Google Toolbar for Internet Explorer
Google Update Helper
Guitar Pro 6
HP Deskjet 1000 J110 series Basic Device Software
HP Deskjet 1000 J110 series Help
HP Deskjet 1050 J410 series Basic Device Software
HP Photo Creations
IK Multimedia Authorization Manager version 1.0.8
Intel® Management Engine Components
Intel® Processor Graphics
Intel® Rapid Storage Technology
Interlok driver setup x64
JetMP3
Junk Mail filter update
Kindle DRM Removal 4.5.3
Label@Once 1.0
LAME v3.99.3 (for Windows)
License Support
Lightroom
MAGIX Movie Edit Pro MX Download Version
MAGIX Screenshare
MAGIX Speed burnR (MSI)
Malwarebytes Anti-Malware version 1.75.0.1300
MeldaProduction MFreeEffectsBundle 6
MeldaProduction MFreeEffectsBundle64 6
Mesh Runtime
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB2721691)
MSXML 4.0 SP3 Parser (KB2758694)
MSXML 4.0 SP3 Parser (KB973685)
OpenOffice.org 3.4.1
Paint.NET v3.5.10
PlayReady PC Runtime amd64
PlayReady PC Runtime x86
Power Tab Editor 1.7
QuickTime
Realtek USB 2.0 Card Reader
Realtek WLAN Driver
REAPER (x64)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Skype™ 6.6
SMART Common Files
SMART English (United Kingdom) Language Pack
SMART Product Drivers
Spotify
Spybot - Search & Destroy
StrongVPN Client version 1.2
SUPERAntiSpyware
Synaptics Pointing Device Driver
T-RackS 3 Classic EQ version 3.5.1
T-RackS 3 Deluxe version 3.5.1
T-RackS 3 Standard version 3.5.1
Toshiba App Place
TOSHIBA Application Installer
TOSHIBA Assist
Toshiba Book Place
TOSHIBA Bulletin Board
TOSHIBA Disc Creator
TOSHIBA Face Recognition
TOSHIBA Hardware Setup
TOSHIBA HDD/SSD Alert
Toshiba Laptop Checkup
TOSHIBA Media Controller
TOSHIBA Media Controller Plug-in
Toshiba Online Backup
TOSHIBA Quality Application
TOSHIBA Recovery Media Creator
TOSHIBA ReelTime
TOSHIBA Resolution+ Plug-in for Windows Media Player
TOSHIBA Service Station
TOSHIBA Supervisor Password
TOSHIBA Value Added Package
TOSHIBA Web Camera Application
TOSHIBARegistration
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2836939)
US122 Driver 3.40
VideoPad Video Editor
Visual C++ 64-bit Redistributables
Visual C++ Redistributables
VST Bridge 1.1
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
.
==== Event Viewer Messages From Past Week ========
.
8/22/2013 8:21:57 PM, Error: Service Control Manager [7030]  - The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
8/22/2013 7:25:26 PM, Error: iaStor [9]  - The device, \Device\Ide\iaStor0, did not respond within the timeout period.
8/22/2013 5:37:36 AM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.
8/22/2013 5:12:07 PM, Error: Server [2505]  - The server could not bind to the transport \Device\NetBT_Tcpip_{73121C67-1583-4164-9C88-C68670D7DDD6} because another computer on the network has the same name.  The server could not start.
8/22/2013 4:43:19 PM, Error: Application Popup [1060]  - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
8/22/2013 4:40:17 AM, Error: Server [2505]  - The server could not bind to the transport \Device\NetBT_Tcpip_{F01E4E1A-94DA-4372-B901-B7482905A138} because another computer on the network has the same name.  The server could not start.
8/22/2013 4:24:21 PM, Error: Server [2505]  - The server could not bind to the transport \Device\NetBT_Tcpip_{9557AED1-BCAE-4BF7-8BD0-6D5A8567FA85} because another computer on the network has the same name.  The server could not start.
8/22/2013 2:05:25 PM, Error: Server [2505]  - The server could not bind to the transport \Device\NetBT_Tcpip_{2CDCE1AF-C0A1-442A-9EE9-6BAB85EDA6C8} because another computer on the network has the same name.  The server could not start.
8/22/2013 12:20:56 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001]  - The computer has rebooted from a bugcheck.  The bugcheck was: 0x0000009f (0x0000000000000003, 0xfffffa8004030980, 0xfffff80000b9c3d8, 0xfffffa800a4e09a0). A dump was saved in: C:\windows\MEMORY.DMP. Report Id: 082213-56004-01.
8/22/2013 12:20:51 PM, Error: Service Control Manager [7032]  - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error:  An instance of the service is already running.
8/22/2013 12:20:21 PM, Error: Service Control Manager [7031]  - The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
8/22/2013 12:20:21 PM, Error: Service Control Manager [7024]  - The Windows Search service terminated with service-specific error %%-1073473535.
8/22/2013 10:38:54 PM, Error: Server [2505]  - The server could not bind to the transport \Device\NetBT_Tcpip_{B828D6DF-BFA6-4D7B-A8CB-E0DCA29650F6} because another computer on the network has the same name.  The server could not start.
8/22/2013 10:36:21 PM, Error: Microsoft-Windows-DistributedCOM [10016]  - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID  {C97FCC79-E628-407D-AE68-A06AD6D8B4D1}  and APPID  {344ED43D-D086-4961-86A6-1106F4ACAD9B}  to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
8/22/2013 1:06:46 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the SBSD Security Center Service service to connect.
8/22/2013 1:06:46 PM, Error: Service Control Manager [7000]  - The SBSD Security Center Service service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
8/21/2013 9:56:57 AM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Windows Modules Installer service to connect.
8/21/2013 9:56:57 AM, Error: Service Control Manager [7000]  - The Windows Modules Installer service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
8/21/2013 9:56:57 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1053" attempting to start the service TrustedInstaller with arguments "" in order to run the server: {752073A1-23F2-4396-85F0-8FDB879ED0ED}
8/21/2013 7:33:18 PM, Error: Schannel [36888]  - The following fatal alert was generated: 40. The internal error state is 107.
8/21/2013 7:33:18 PM, Error: Schannel [36874]  - An SSL 3.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.
8/21/2013 7:06:22 PM, Error: Server [2505]  - The server could not bind to the transport \Device\NetBT_Tcpip_{6348B3F3-E533-4A82-B1BA-7BE163648937} because another computer on the network has the same name.  The server could not start.
8/21/2013 2:10:44 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WSearch service.
8/21/2013 1:28:54 PM, Error: Service Control Manager [7022]  - The Intel® Management and Security Application User Notification Service service hung on starting.
8/20/2013 9:15:24 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the RpcSs service.
8/20/2013 9:14:38 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Spooler service.
8/20/2013 9:13:47 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the wlidsvc service.
8/20/2013 7:33:37 PM, Error: Server [2505]  - The server could not bind to the transport \Device\NetBT_Tcpip_{6EB8EC15-55EC-4779-9A01-DBD3941CD7B1} because another computer on the network has the same name.  The server could not start.
8/20/2013 12:39:37 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
8/20/2013 12:38:28 PM, Error: Service Control Manager [7001]  - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:  The dependency service or group failed to start.
8/20/2013 12:38:27 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
8/20/2013 12:38:27 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
8/20/2013 12:38:24 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
8/20/2013 12:38:24 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
8/20/2013 12:38:21 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
8/20/2013 12:38:13 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
8/20/2013 12:38:03 PM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  AFD DfsC discache NetBIOS NetBT nsiproxy Psched rdbss SASDIFSV SASKUTIL spldr tdx vwififlt Wanarpv6 WfpLwf
8/20/2013 12:38:02 PM, Error: Service Control Manager [7001]  - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error:  A device attached to the system is not functioning.
8/20/2013 12:38:02 PM, Error: Service Control Manager [7001]  - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error:  The dependency service or group failed to start.
8/20/2013 12:38:02 PM, Error: Service Control Manager [7001]  - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error:  The dependency service or group failed to start.
8/20/2013 12:38:02 PM, Error: Service Control Manager [7001]  - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
8/20/2013 12:38:01 PM, Error: Service Control Manager [7001]  - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
8/20/2013 12:38:01 PM, Error: Service Control Manager [7001]  - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error:  A device attached to the system is not functioning.
8/20/2013 12:38:01 PM, Error: Service Control Manager [7001]  - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error:  A device attached to the system is not functioning.
8/20/2013 12:38:01 PM, Error: Service Control Manager [7001]  - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
8/20/2013 12:38:01 PM, Error: Service Control Manager [7001]  - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error:  A device attached to the system is not functioning.
8/20/2013 12:38:01 PM, Error: Service Control Manager [7001]  - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error:  A device attached to the system is not functioning.
8/20/2013 1:17:56 PM, Error: Server [2505]  - The server could not bind to the transport \Device\NetBT_Tcpip_{10970271-F029-4836-822E-C422E0611D0F} because another computer on the network has the same name.  The server could not start.
8/19/2013 2:36:09 AM, Error: Server [2505]  - The server could not bind to the transport \Device\NetBT_Tcpip_{B3F0A42F-2CB9-4396-A5E9-2CE2520362AA} because another computer on the network has the same name.  The server could not start.
8/17/2013 1:18:03 PM, Error: Server [2505]  - The server could not bind to the transport \Device\NetBT_Tcpip_{1E59F070-F796-414F-9109-A54F282CB85E} because another computer on the network has the same name.  The server could not start.
8/16/2013 5:10:29 PM, Error: Server [2505]  - The server could not bind to the transport \Device\NetBT_Tcpip_{9E82A12F-35E5-4A56-BA2E-9FCAA39106F8} because another computer on the network has the same name.  The server could not start.
8/16/2013 3:05:59 AM, Error: volsnap [14]  - The shadow copies of volume C: were aborted because of an IO failure on volume C:.
8/16/2013 12:07:43 PM, Error: Server [2505]  - The server could not bind to the transport \Device\NetBT_Tcpip_{CC2504E0-9B26-4772-8544-74960ACDC405} because another computer on the network has the same name.  The server could not start.
8/16/2013 10:56:39 AM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the TMachInfo service to connect.
8/16/2013 10:48:38 AM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Microsoft Software Shadow Copy Provider service to connect.
8/16/2013 10:48:38 AM, Error: Service Control Manager [7000]  - The Microsoft Software Shadow Copy Provider service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
8/16/2013 10:46:59 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1053" attempting to start the service swprv with arguments "" in order to run the server: {65EE1DBA-8FF4-4A58-AC1C-3470EE2F376A}
8/16/2013 10:46:10 AM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Volume Shadow Copy service to connect.
8/16/2013 10:46:10 AM, Error: Service Control Manager [7000]  - The Volume Shadow Copy service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
8/16/2013 10:46:10 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1053" attempting to start the service VSS with arguments "" in order to run the server: {E579AB5F-1CC4-44B4-BED9-DE0991FF0623}
.
==== End Of File ===========================


#7 pedro101

pedro101
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:23 PM

Posted 25 August 2013 - 05:00 AM

Sure thanks!

 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium 
Boot Device: \Device\HarddiskVolume1
Install Date: 4/27/2012 1:30:36 PM
System Uptime: 8/22/2013 10:34:45 PM (11 hours ago)
.
Motherboard: TOSHIBA |  | Portable PC
Processor: Intel® Core™ i3-2350M CPU @ 2.30GHz | CPU | 782/1333mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 451 GiB total, 318.649 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP248: 8/18/2013 1:17:54 AM - Scheduled Checkpoint
RP249: 8/20/2013 11:52:34 PM - Removed Skype Click to Call
RP250: 8/21/2013 10:04:33 AM - Windows Update
RP251: 8/21/2013 1:25:31 PM - Removed HP Deskjet 1000 J110 series Basic Device Software
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Digital Editions 2.0
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X MUI
Amazon Cloud Drive
Amazon Kindle
Amazon MP3 Downloader 1.0.17
Anti-phishing Domain Advisor
Apple Application Support
Apple Software Update
ASIO4ALL
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver
Audacity 1.3.13 (Unicode)
BestPractice (remove only)
Bing Rewards Client Installer
CCleaner
ClipConverter
CMBEdit
Conexant HD Audio
D3DX10
DesignPro 5
Dropbox
Epubsoft Ebook Converter 5.4.3.6000
Faveset Klink
Firebird SQL Server - MAGIX Edition
FL Studio 10
FreeRIP Toolbar v7.4
FreeRIP3 3.70
Google Chrome
Google Earth Plug-in
Google Toolbar for Internet Explorer
Google Update Helper
Guitar Pro 6
HP Deskjet 1000 J110 series Basic Device Software
HP Deskjet 1000 J110 series Help
HP Deskjet 1050 J410 series Basic Device Software
HP Photo Creations
IK Multimedia Authorization Manager version 1.0.8
Intel® Management Engine Components
Intel® Processor Graphics
Intel® Rapid Storage Technology
Interlok driver setup x64
JetMP3
Junk Mail filter update
Kindle DRM Removal 4.5.3
Label@Once 1.0
LAME v3.99.3 (for Windows)
License Support
Lightroom
MAGIX Movie Edit Pro MX Download Version
MAGIX Screenshare
MAGIX Speed burnR (MSI)
Malwarebytes Anti-Malware version 1.75.0.1300
MeldaProduction MFreeEffectsBundle 6
MeldaProduction MFreeEffectsBundle64 6
Mesh Runtime
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB2721691)
MSXML 4.0 SP3 Parser (KB2758694)
MSXML 4.0 SP3 Parser (KB973685)
OpenOffice.org 3.4.1
Paint.NET v3.5.10
PlayReady PC Runtime amd64
PlayReady PC Runtime x86
Power Tab Editor 1.7
QuickTime
Realtek USB 2.0 Card Reader
Realtek WLAN Driver
REAPER (x64)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Skype™ 6.6
SMART Common Files
SMART English (United Kingdom) Language Pack
SMART Product Drivers
Spotify
Spybot - Search & Destroy
StrongVPN Client version 1.2
SUPERAntiSpyware
Synaptics Pointing Device Driver
T-RackS 3 Classic EQ version 3.5.1
T-RackS 3 Deluxe version 3.5.1
T-RackS 3 Standard version 3.5.1
Toshiba App Place
TOSHIBA Application Installer
TOSHIBA Assist
Toshiba Book Place
TOSHIBA Bulletin Board
TOSHIBA Disc Creator
TOSHIBA Face Recognition
TOSHIBA Hardware Setup
TOSHIBA HDD/SSD Alert
Toshiba Laptop Checkup
TOSHIBA Media Controller
TOSHIBA Media Controller Plug-in
Toshiba Online Backup
TOSHIBA Quality Application
TOSHIBA Recovery Media Creator
TOSHIBA ReelTime
TOSHIBA Resolution+ Plug-in for Windows Media Player
TOSHIBA Service Station
TOSHIBA Supervisor Password
TOSHIBA Value Added Package
TOSHIBA Web Camera Application
TOSHIBARegistration
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2836939)
US122 Driver 3.40
VideoPad Video Editor
Visual C++ 64-bit Redistributables
Visual C++ Redistributables
VST Bridge 1.1
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
.
==== Event Viewer Messages From Past Week ========
.
8/22/2013 8:21:57 PM, Error: Service Control Manager [7030]  - The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
8/22/2013 7:25:26 PM, Error: iaStor [9]  - The device, \Device\Ide\iaStor0, did not respond within the timeout period.
8/22/2013 5:37:36 AM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.
8/22/2013 5:12:07 PM, Error: Server [2505]  - The server could not bind to the transport \Device\NetBT_Tcpip_{73121C67-1583-4164-9C88-C68670D7DDD6} because another computer on the network has the same name.  The server could not start.
8/22/2013 4:43:19 PM, Error: Application Popup [1060]  - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
8/22/2013 4:40:17 AM, Error: Server [2505]  - The server could not bind to the transport \Device\NetBT_Tcpip_{F01E4E1A-94DA-4372-B901-B7482905A138} because another computer on the network has the same name.  The server could not start.
8/22/2013 4:24:21 PM, Error: Server [2505]  - The server could not bind to the transport \Device\NetBT_Tcpip_{9557AED1-BCAE-4BF7-8BD0-6D5A8567FA85} because another computer on the network has the same name.  The server could not start.
8/22/2013 2:05:25 PM, Error: Server [2505]  - The server could not bind to the transport \Device\NetBT_Tcpip_{2CDCE1AF-C0A1-442A-9EE9-6BAB85EDA6C8} because another computer on the network has the same name.  The server could not start.
8/22/2013 12:20:56 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001]  - The computer has rebooted from a bugcheck.  The bugcheck was: 0x0000009f (0x0000000000000003, 0xfffffa8004030980, 0xfffff80000b9c3d8, 0xfffffa800a4e09a0). A dump was saved in: C:\windows\MEMORY.DMP. Report Id: 082213-56004-01.
8/22/2013 12:20:51 PM, Error: Service Control Manager [7032]  - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error:  An instance of the service is already running.
8/22/2013 12:20:21 PM, Error: Service Control Manager [7031]  - The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
8/22/2013 12:20:21 PM, Error: Service Control Manager [7024]  - The Windows Search service terminated with service-specific error %%-1073473535.
8/22/2013 10:38:54 PM, Error: Server [2505]  - The server could not bind to the transport \Device\NetBT_Tcpip_{B828D6DF-BFA6-4D7B-A8CB-E0DCA29650F6} because another computer on the network has the same name.  The server could not start.
8/22/2013 10:36:21 PM, Error: Microsoft-Windows-DistributedCOM [10016]  - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID  {C97FCC79-E628-407D-AE68-A06AD6D8B4D1}  and APPID  {344ED43D-D086-4961-86A6-1106F4ACAD9B}  to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
8/22/2013 1:06:46 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the SBSD Security Center Service service to connect.
8/22/2013 1:06:46 PM, Error: Service Control Manager [7000]  - The SBSD Security Center Service service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
8/21/2013 9:56:57 AM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Windows Modules Installer service to connect.
8/21/2013 9:56:57 AM, Error: Service Control Manager [7000]  - The Windows Modules Installer service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
8/21/2013 9:56:57 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1053" attempting to start the service TrustedInstaller with arguments "" in order to run the server: {752073A1-23F2-4396-85F0-8FDB879ED0ED}
8/21/2013 7:33:18 PM, Error: Schannel [36888]  - The following fatal alert was generated: 40. The internal error state is 107.
8/21/2013 7:33:18 PM, Error: Schannel [36874]  - An SSL 3.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.
8/21/2013 7:06:22 PM, Error: Server [2505]  - The server could not bind to the transport \Device\NetBT_Tcpip_{6348B3F3-E533-4A82-B1BA-7BE163648937} because another computer on the network has the same name.  The server could not start.
8/21/2013 2:10:44 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WSearch service.
8/21/2013 1:28:54 PM, Error: Service Control Manager [7022]  - The Intel® Management and Security Application User Notification Service service hung on starting.
8/20/2013 9:15:24 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the RpcSs service.
8/20/2013 9:14:38 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Spooler service.
8/20/2013 9:13:47 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the wlidsvc service.
8/20/2013 7:33:37 PM, Error: Server [2505]  - The server could not bind to the transport \Device\NetBT_Tcpip_{6EB8EC15-55EC-4779-9A01-DBD3941CD7B1} because another computer on the network has the same name.  The server could not start.
8/20/2013 12:39:37 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
8/20/2013 12:38:28 PM, Error: Service Control Manager [7001]  - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:  The dependency service or group failed to start.
8/20/2013 12:38:27 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
8/20/2013 12:38:27 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
8/20/2013 12:38:24 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
8/20/2013 12:38:24 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
8/20/2013 12:38:21 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
8/20/2013 12:38:13 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
8/20/2013 12:38:03 PM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  AFD DfsC discache NetBIOS NetBT nsiproxy Psched rdbss SASDIFSV SASKUTIL spldr tdx vwififlt Wanarpv6 WfpLwf
8/20/2013 12:38:02 PM, Error: Service Control Manager [7001]  - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error:  A device attached to the system is not functioning.
8/20/2013 12:38:02 PM, Error: Service Control Manager [7001]  - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error:  The dependency service or group failed to start.
8/20/2013 12:38:02 PM, Error: Service Control Manager [7001]  - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error:  The dependency service or group failed to start.
8/20/2013 12:38:02 PM, Error: Service Control Manager [7001]  - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
8/20/2013 12:38:01 PM, Error: Service Control Manager [7001]  - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
8/20/2013 12:38:01 PM, Error: Service Control Manager [7001]  - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error:  A device attached to the system is not functioning.
8/20/2013 12:38:01 PM, Error: Service Control Manager [7001]  - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error:  A device attached to the system is not functioning.
8/20/2013 12:38:01 PM, Error: Service Control Manager [7001]  - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
8/20/2013 12:38:01 PM, Error: Service Control Manager [7001]  - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error:  A device attached to the system is not functioning.
8/20/2013 12:38:01 PM, Error: Service Control Manager [7001]  - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error:  A device attached to the system is not functioning.
8/20/2013 1:17:56 PM, Error: Server [2505]  - The server could not bind to the transport \Device\NetBT_Tcpip_{10970271-F029-4836-822E-C422E0611D0F} because another computer on the network has the same name.  The server could not start.
8/19/2013 2:36:09 AM, Error: Server [2505]  - The server could not bind to the transport \Device\NetBT_Tcpip_{B3F0A42F-2CB9-4396-A5E9-2CE2520362AA} because another computer on the network has the same name.  The server could not start.
8/17/2013 1:18:03 PM, Error: Server [2505]  - The server could not bind to the transport \Device\NetBT_Tcpip_{1E59F070-F796-414F-9109-A54F282CB85E} because another computer on the network has the same name.  The server could not start.
8/16/2013 5:10:29 PM, Error: Server [2505]  - The server could not bind to the transport \Device\NetBT_Tcpip_{9E82A12F-35E5-4A56-BA2E-9FCAA39106F8} because another computer on the network has the same name.  The server could not start.
8/16/2013 3:05:59 AM, Error: volsnap [14]  - The shadow copies of volume C: were aborted because of an IO failure on volume C:.
8/16/2013 12:07:43 PM, Error: Server [2505]  - The server could not bind to the transport \Device\NetBT_Tcpip_{CC2504E0-9B26-4772-8544-74960ACDC405} because another computer on the network has the same name.  The server could not start.
8/16/2013 10:56:39 AM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the TMachInfo service to connect.
8/16/2013 10:48:38 AM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Microsoft Software Shadow Copy Provider service to connect.
8/16/2013 10:48:38 AM, Error: Service Control Manager [7000]  - The Microsoft Software Shadow Copy Provider service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
8/16/2013 10:46:59 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1053" attempting to start the service swprv with arguments "" in order to run the server: {65EE1DBA-8FF4-4A58-AC1C-3470EE2F376A}
8/16/2013 10:46:10 AM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Volume Shadow Copy service to connect.
8/16/2013 10:46:10 AM, Error: Service Control Manager [7000]  - The Volume Shadow Copy service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
8/16/2013 10:46:10 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1053" attempting to start the service VSS with arguments "" in order to run the server: {E579AB5F-1CC4-44B4-BED9-DE0991FF0623}
.
==== End Of File ===========================


#8 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:04:23 AM

Posted 25 August 2013 - 03:13 PM

Good evening. :)

Can you tell me how long it has been since you had a dedicated anti-virus program installed on your system.


So long, and thanks for all the fish.

 

 


#9 pedro101

pedro101
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:23 PM

Posted 25 August 2013 - 06:17 PM

I don't think I've ever had one. I didn't know what to use, but I often ran Spybot and Malewarebytes and never had a virus issue. Now I see that it probably wasn't the best choice. I do think my issues started in China, when I bought a fake Samsung phone. When I plugged the phone into my computer, it started installing stuff without my permission. That opened the floodgates. Lately though, things have improved for my laptop I must say. It hasn't been as slow since running Combofix (again I at the time, I didn't know I should have waited to run combofix). It just seems like some of the problems on my laptop have been ironed out a bit. But not sure how long that will last. "Knock on wood"


Edited by pedro101, 25 August 2013 - 06:52 PM.


#10 pedro101

pedro101
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:23 PM

Posted 26 August 2013 - 05:14 AM

OK so while many of my problems have ironed out, the laptop still froze today at the wrong time. I had to force power it off, restart it, and it worked OK after that. I'm not sure if it's a virus or hardware issue at this point though.



#11 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:04:23 AM

Posted 26 August 2013 - 01:06 PM

Good evening. :)

The bottom line is that any PC connected to the internet that doesn't have adequate security, and no anti-virus puts yours directly into that category, is a slime magnet of the highest order. It will be open to any and all malware that you happen to come across, hence:

the problems keep returning and slowing my computer down, sometimes to a stand-still

There is no way of knowing how much damage has been done to your system, system files infected, corrupted, replaced etc..., that my best advice to you is to back up any important data and then reformat and reinstall Windows and then add some security before you reconnect to the internet.


So long, and thanks for all the fish.

 

 


#12 pedro101

pedro101
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:23 PM

Posted 26 August 2013 - 11:11 PM

OK I think this is great advice. My plan is to do this, then install an antivirus immediately, and keep it on there. Forever.

 

My one problem is that I'm in China now. I don't know if I have access to a CD copy of Windows 7. Is there a website I can download it from, since my version is legal? I'm hesitant about finding a copy "on the street".

 

Also, do I need to purchase a backup drive, or can I back up all of my essentials in Dropbox? (I pay for extra space with them)

 

Thanks!!!


Edited by pedro101, 26 August 2013 - 11:26 PM.


#13 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:04:23 AM

Posted 27 August 2013 - 02:26 PM

Good evening. :)

 

Is there a website I can download it from, since my version is legal? I'm hesitant about finding a copy "on the street".

As your machine is a Toshiba I would contact them as they may be able to supply you with the recovery disk necessary to reinstall Windows - much better than a dubious copy with who knows what on it!

 

Also, do I need to purchase a backup drive, or can I back up all of my essentials in Dropbox? (I pay for extra space with them)

If you have only a few files, and it depends on your definition of "a few", you can stick them on a flashdrive, or burn them to blank CDs/DVDs. That will save your band width. As far as i'm aware you can use Dropbox but I would put the files in a password protected folder as I get really paranoid about anything that I no longer have total control over.

 


So long, and thanks for all the fish.

 

 


#14 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:04:23 AM

Posted 02 September 2013 - 04:32 PM

As this issue appears to have been resolved, this thread is now closed.


So long, and thanks for all the fish.

 

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users