Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

A virus stopping me getting on the internet except in safe mode,

Started by QPR , Aug 24 2011 01:14 PM

  • Please log in to reply

#16
QPR
Posted 26 August 2011 - 09:15 AM

QPR

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
http://ad13.geekstogo.com/MBRCheck.exe

Save it and run it by right clicking and Run As Administrator. It will produce a log MBRCheck(date).txt on your desktop. Copy and paste it into a reply.

Open OTL again and post the log.

=======================================
This one it didn't seem to let me C & P it?
  • 0

Advertisements

#17
QPR
Posted 26 August 2011 - 09:19 AM

QPR

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
Vino's Event Viewer v01c run on Windows Vista in English
Report run at 26/08/2011 16:18:22

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 26/08/2011 14:49:40
Type: Error Category: 0
Event: 10005 Source: Microsoft-Windows-DistributedCOM
DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

Log: 'System' Date/Time: 26/08/2011 14:40:58
Type: Error Category: 0
Event: 7026 Source: Service Control Manager
The following boot-start or system-start driver(s) failed to load: aswSnx aswSP aswTdi spldr Wanarpv6

Log: 'System' Date/Time: 26/08/2011 14:40:58
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.

Log: 'System' Date/Time: 26/08/2011 14:40:36
Type: Error Category: 0
Event: 10005 Source: Microsoft-Windows-DistributedCOM
DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Log: 'System' Date/Time: 26/08/2011 14:40:31
Type: Error Category: 0
Event: 10005 Source: Microsoft-Windows-DistributedCOM
DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Log: 'System' Date/Time: 26/08/2011 14:40:26
Type: Error Category: 0
Event: 10000 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN Extensibility Module has failed to start. Module Path: C:\Windows\system32\athihvs.dll Error Code: 21

Log: 'System' Date/Time: 26/08/2011 14:40:22
Type: Error Category: 0
Event: 10005 Source: Microsoft-Windows-DistributedCOM
DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

Log: 'System' Date/Time: 26/08/2011 14:40:00
Type: Error Category: 0
Event: 6008 Source: EventLog
The previous system shutdown at 15:37:51 on 26/08/2011 was unexpected.

Log: 'System' Date/Time: 26/08/2011 14:15:02
Type: Error Category: 0
Event: 7030 Source: Service Control Manager
The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Log: 'System' Date/Time: 26/08/2011 14:12:34
Type: Error Category: 0
Event: 7030 Source: Service Control Manager
The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Log: 'System' Date/Time: 26/08/2011 14:09:00
Type: Error Category: 0
Event: 7030 Source: Service Control Manager
The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Log: 'System' Date/Time: 26/08/2011 12:16:55
Type: Error Category: 0
Event: 10005 Source: Microsoft-Windows-DistributedCOM
DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Log: 'System' Date/Time: 26/08/2011 12:16:54
Type: Error Category: 0
Event: 10005 Source: Microsoft-Windows-DistributedCOM
DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

Log: 'System' Date/Time: 26/08/2011 12:16:49
Type: Error Category: 0
Event: 10005 Source: Microsoft-Windows-DistributedCOM
DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Log: 'System' Date/Time: 26/08/2011 12:16:41
Type: Error Category: 0
Event: 10005 Source: Microsoft-Windows-DistributedCOM
DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

Log: 'System' Date/Time: 26/08/2011 12:15:25
Type: Error Category: 0
Event: 7026 Source: Service Control Manager
The following boot-start or system-start driver(s) failed to load: aswSnx aswSP aswTdi spldr Wanarpv6

Log: 'System' Date/Time: 26/08/2011 12:15:25
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.

Log: 'System' Date/Time: 26/08/2011 12:14:29
Type: Error Category: 0
Event: 10000 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN Extensibility Module has failed to start. Module Path: C:\Windows\system32\athihvs.dll Error Code: 21

Log: 'System' Date/Time: 26/08/2011 12:14:03
Type: Error Category: 0
Event: 6008 Source: EventLog
The previous system shutdown at 13:12:41 on 26/08/2011 was unexpected.

Log: 'System' Date/Time: 26/08/2011 10:10:28
Type: Error Category: 0
Event: 7026 Source: Service Control Manager
The following boot-start or system-start driver(s) failed to load: aswSnx aswSP aswTdi spldr Wanarpv6

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 26/08/2011 14:40:01
Type: Warning Category: 0
Event: 263 Source: PlugPlayManager
The service 'TabletInputService' may not have unregistered for device event notifications before it was stopped.

Log: 'System' Date/Time: 26/08/2011 14:37:28
Type: Warning Category: 0
Event: 4374 Source: Microsoft-Windows-Servicing
Windows Servicing identified that package KB2563227(Update) is not applicable for this system

Log: 'System' Date/Time: 26/08/2011 14:37:28
Type: Warning Category: 0
Event: 4374 Source: Microsoft-Windows-Servicing
Windows Servicing identified that package KB2563227(Update) is not applicable for this system

Log: 'System' Date/Time: 26/08/2011 14:37:19
Type: Warning Category: 0
Event: 4374 Source: Microsoft-Windows-Servicing
Windows Servicing identified that package KB2539633(Security Update) is not applicable for this system

Log: 'System' Date/Time: 26/08/2011 14:37:19
Type: Warning Category: 0
Event: 4374 Source: Microsoft-Windows-Servicing
Windows Servicing identified that package KB2539633(Security Update) is not applicable for this system

Log: 'System' Date/Time: 26/08/2011 14:37:19
Type: Warning Category: 0
Event: 4374 Source: Microsoft-Windows-Servicing
Windows Servicing identified that package KB2539633(Security Update) is not applicable for this system

Log: 'System' Date/Time: 26/08/2011 14:37:19
Type: Warning Category: 0
Event: 4374 Source: Microsoft-Windows-Servicing
Windows Servicing identified that package KB2539633(Security Update) is not applicable for this system

Log: 'System' Date/Time: 26/08/2011 14:37:19
Type: Warning Category: 0
Event: 4374 Source: Microsoft-Windows-Servicing
Windows Servicing identified that package KB2539633(Security Update) is not applicable for this system

Log: 'System' Date/Time: 26/08/2011 14:37:19
Type: Warning Category: 0
Event: 4374 Source: Microsoft-Windows-Servicing
Windows Servicing identified that package KB2539633(Security Update) is not applicable for this system

Log: 'System' Date/Time: 26/08/2011 14:37:18
Type: Warning Category: 0
Event: 4374 Source: Microsoft-Windows-Servicing
Windows Servicing identified that package KB2539633(Security Update) is not applicable for this system

Log: 'System' Date/Time: 26/08/2011 14:37:18
Type: Warning Category: 0
Event: 4374 Source: Microsoft-Windows-Servicing
Windows Servicing identified that package KB2539633(Security Update) is not applicable for this system

Log: 'System' Date/Time: 26/08/2011 14:37:18
Type: Warning Category: 0
Event: 4374 Source: Microsoft-Windows-Servicing
Windows Servicing identified that package KB2539633(Security Update) is not applicable for this system

Log: 'System' Date/Time: 26/08/2011 14:37:18
Type: Warning Category: 0
Event: 4374 Source: Microsoft-Windows-Servicing
Windows Servicing identified that package KB2539633(Security Update) is not applicable for this system

Log: 'System' Date/Time: 26/08/2011 14:37:18
Type: Warning Category: 0
Event: 4374 Source: Microsoft-Windows-Servicing
Windows Servicing identified that package KB2539633(Security Update) is not applicable for this system

Log: 'System' Date/Time: 26/08/2011 14:37:17
Type: Warning Category: 0
Event: 4374 Source: Microsoft-Windows-Servicing
Windows Servicing identified that package KB2539633(Security Update) is not applicable for this system

Log: 'System' Date/Time: 26/08/2011 14:37:17
Type: Warning Category: 0
Event: 4374 Source: Microsoft-Windows-Servicing
Windows Servicing identified that package KB2539633(Security Update) is not applicable for this system

Log: 'System' Date/Time: 26/08/2011 14:37:17
Type: Warning Category: 0
Event: 4374 Source: Microsoft-Windows-Servicing
Windows Servicing identified that package KB2539633(Security Update) is not applicable for this system

Log: 'System' Date/Time: 26/08/2011 14:37:17
Type: Warning Category: 0
Event: 4374 Source: Microsoft-Windows-Servicing
Windows Servicing identified that package KB2539633(Security Update) is not applicable for this system

Log: 'System' Date/Time: 26/08/2011 14:37:17
Type: Warning Category: 0
Event: 4374 Source: Microsoft-Windows-Servicing
Windows Servicing identified that package KB2539633(Security Update) is not applicable for this system

Log: 'System' Date/Time: 26/08/2011 14:37:16
Type: Warning Category: 0
Event: 4374 Source: Microsoft-Windows-Servicing
Windows Servicing identified that package KB2539633(Security Update) is not applicable for this system
  • 0

#18
QPR
Posted 26 August 2011 - 09:21 AM

QPR

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
Vino's Event Viewer v01c run on Windows Vista in English
Report run at 26/08/2011 16:21:20

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 26/08/2011 14:40:58
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Log: 'Application' Date/Time: 26/08/2011 14:40:31
Type: Error Category: 16
Event: 4609 Source: Microsoft-Windows-EventSystem
The COM+ Event System detected a bad return code during its internal processing. HRESULT was 8007043c from line 45 of d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp. Please contact Microsoft Product Support Services to report this error.

Log: 'Application' Date/Time: 26/08/2011 14:17:37
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Log: 'Application' Date/Time: 26/08/2011 14:14:21
Type: Error Category: 16
Event: 4609 Source: Microsoft-Windows-EventSystem
The COM+ Event System detected a bad return code during its internal processing. HRESULT was 8007043c from line 45 of d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp. Please contact Microsoft Product Support Services to report this error.

Log: 'Application' Date/Time: 26/08/2011 12:21:14
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application iron.exe, version 0.0.0.0, time stamp 0x4df770d6, faulting module avgnpss.dll, version 10.0.0.1390, time stamp 0x4e17552a, exception code 0xc0000005, fault offset 0x000d6e8c, process id 0x570, application start time 0x01cc63ea27abb632.

Log: 'Application' Date/Time: 26/08/2011 12:16:49
Type: Error Category: 16
Event: 4609 Source: Microsoft-Windows-EventSystem
The COM+ Event System detected a bad return code during its internal processing. HRESULT was 8007043c from line 45 of d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp. Please contact Microsoft Product Support Services to report this error.

Log: 'Application' Date/Time: 26/08/2011 12:15:25
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Log: 'Application' Date/Time: 26/08/2011 10:12:14
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application iron.exe, version 0.0.0.0, time stamp 0x4df770d6, faulting module avgnpss.dll, version 10.0.0.1390, time stamp 0x4e17552a, exception code 0xc0000005, fault offset 0x000d6e8c, process id 0x5e0, application start time 0x01cc63d87a9b83c5.

Log: 'Application' Date/Time: 26/08/2011 10:10:27
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Log: 'Application' Date/Time: 26/08/2011 10:10:03
Type: Error Category: 16
Event: 4609 Source: Microsoft-Windows-EventSystem
The COM+ Event System detected a bad return code during its internal processing. HRESULT was 8007043c from line 45 of d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp. Please contact Microsoft Product Support Services to report this error.

Log: 'Application' Date/Time: 26/08/2011 10:02:51
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Log: 'Application' Date/Time: 26/08/2011 09:43:46
Type: Error Category: 0
Event: 8193 Source: System Restore
Failed to create restore point on volume (Process = C:\Users\ross\AppData\Local\Temp\_av_sfx.tm~a00880\avast.setup /sfx /sfxstorage "C:\Users\ross\AppData\Local\Temp\_av_sfx.tm~a00880" /brandcode "A" /srcpath "C:\Users\ross\DOWNLO~1" /sfxname "setup_av_free"; Descripton = avast! Free Antivirus Setup; Hr = 0x8007043c).

Log: 'Application' Date/Time: 26/08/2011 09:37:55
Type: Error Category: 0
Event: 8193 Source: System Restore
Failed to create restore point on volume (Process = C:\Windows\system32\msiexec.exe /V; Descripton = Removed STOPzilla. Available with Windows Installer version 1.2 and later.; Hr = 0x8007043c).

Log: 'Application' Date/Time: 26/08/2011 09:37:48
Type: Error Category: 0
Event: 8193 Source: System Restore
Failed to create restore point on volume (Process = C:\Windows\system32\msiexec.exe /V; Descripton = Removed STOPzilla. Available with Windows Installer version 1.2 and later.; Hr = 0x8007043c).

Log: 'Application' Date/Time: 26/08/2011 09:35:39
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application iron.exe, version 0.0.0.0, time stamp 0x4df770d6, faulting module avgnpss.dll, version 10.0.0.1390, time stamp 0x4e17552a, exception code 0xc0000005, fault offset 0x000d6e8c, process id 0x2b4, application start time 0x01cc63d34078383a.

Log: 'Application' Date/Time: 26/08/2011 09:33:50
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Log: 'Application' Date/Time: 26/08/2011 09:32:58
Type: Error Category: 16
Event: 4609 Source: Microsoft-Windows-EventSystem
The COM+ Event System detected a bad return code during its internal processing. HRESULT was 8007043c from line 45 of d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp. Please contact Microsoft Product Support Services to report this error.

Log: 'Application' Date/Time: 26/08/2011 09:28:31
Type: Error Category: 3
Event: 3058 Source: Microsoft-Windows-Search
The application cannot be initialized.

Context: Windows Application

Details:
The content index metadata cannot be read. (0xc0041801)


Log: 'Application' Date/Time: 26/08/2011 09:28:31
Type: Error Category: 3
Event: 3028 Source: Microsoft-Windows-Search
The gatherer object cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
The content index metadata cannot be read. (0xc0041801)


Log: 'Application' Date/Time: 26/08/2011 09:28:31
Type: Error Category: 3
Event: 3029 Source: Microsoft-Windows-Search
The plug-in in <Search.TripoliIndexer> cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
Element not found. (0x80070490)


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 26/08/2011 14:40:21
Type: Warning Category: 0
Event: 6000 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.

Log: 'Application' Date/Time: 26/08/2011 14:15:10
Type: Warning Category: 0
Event: 6000 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.

Log: 'Application' Date/Time: 26/08/2011 14:15:09
Type: Warning Category: 0
Event: 6000 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.

Log: 'Application' Date/Time: 26/08/2011 12:16:40
Type: Warning Category: 0
Event: 6000 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.

Log: 'Application' Date/Time: 26/08/2011 10:09:54
Type: Warning Category: 0
Event: 6000 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.

Log: 'Application' Date/Time: 26/08/2011 10:02:43
Type: Warning Category: 1
Event: 1008 Source: Microsoft-Windows-Search
The Windows Search Service is attempting to remove the old catalog.


Log: 'Application' Date/Time: 26/08/2011 10:00:14
Type: Warning Category: 0
Event: 6000 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.

Log: 'Application' Date/Time: 26/08/2011 10:00:13
Type: Warning Category: 0
Event: 6000 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.

Log: 'Application' Date/Time: 26/08/2011 09:32:48
Type: Warning Category: 0
Event: 6000 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.

Log: 'Application' Date/Time: 26/08/2011 09:28:31
Type: Warning Category: 1
Event: 1008 Source: Microsoft-Windows-Search
The Windows Search Service is attempting to remove the old catalog.


Log: 'Application' Date/Time: 26/08/2011 09:26:29
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 1 user registry handles leaked from \Registry\User\S-1-5-21-3643728123-2836549978-2852808664-1000_Classes:
Process 1796 (\Device\HarddiskVolume2\Windows\System32\notepad.exe) has opened key \REGISTRY\USER\S-1-5-21-3643728123-2836549978-2852808664-1000_CLASSES


Log: 'Application' Date/Time: 26/08/2011 09:26:29
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 3 user registry handles leaked from \Registry\User\S-1-5-21-3643728123-2836549978-2852808664-1000:
Process 1796 (\Device\HarddiskVolume2\Windows\System32\notepad.exe) has opened key \REGISTRY\USER\S-1-5-21-3643728123-2836549978-2852808664-1000
Process 1796 (\Device\HarddiskVolume2\Windows\System32\notepad.exe) has opened key \REGISTRY\USER\S-1-5-21-3643728123-2836549978-2852808664-1000\Software\Microsoft\Windows\CurrentVersion\Explorer
Process 1796 (\Device\HarddiskVolume2\Windows\System32\notepad.exe) has opened key \REGISTRY\USER\S-1-5-21-3643728123-2836549978-2852808664-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts


Log: 'Application' Date/Time: 26/08/2011 09:26:28
Type: Warning Category: 0
Event: 6000 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.

Log: 'Application' Date/Time: 26/08/2011 09:24:57
Type: Warning Category: 0
Event: 6000 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.

Log: 'Application' Date/Time: 26/08/2011 09:04:52
Type: Warning Category: 0
Event: 6000 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.

Log: 'Application' Date/Time: 26/08/2011 08:53:01
Type: Warning Category: 0
Event: 6000 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.

Log: 'Application' Date/Time: 26/08/2011 08:53:01
Type: Warning Category: 0
Event: 6000 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.

Log: 'Application' Date/Time: 26/08/2011 08:12:28
Type: Warning Category: 0
Event: 6000 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.

Log: 'Application' Date/Time: 26/08/2011 06:02:24
Type: Warning Category: 0
Event: 6000 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.

Log: 'Application' Date/Time: 26/08/2011 02:18:23
Type: Warning Category: 0
Event: 6000 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.
  • 0

#19
RKinner
Posted 26 August 2011 - 10:18 AM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Start, right click on Computer and select Manage then Continue. Services and Applications then Services. Find Windows Search service and right click and select Properties then change the Startup Type: to Disabled. Apply. STOP the service if it is running.



Copy the text between the lines of stars by highlighting and Ctrl + c.

******************************************

Killall::

SecCenter::
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

DirLook::
C:\Program Files\Common
%user%\library

Driver::
MpKsl3c25b474
MpKsl44ea8968
MpKsl4991b58e
MpKsl4cc73f51
MpKsl534adb35
MpKsl5925202e
MpKsl66c1280a
MpKsl7353d07b
MpKsl798f7c79
MpKsl81885dd5
MpKsl864b5044
MpKsl87ed1aa5
MpKsl9277ada3
MpKsla5955697
MpKslabc9583c
MpKslada6544c
MpKslcd39b728
MpKsld1f02457
MpKsldd0d01d6
MpKsldf12c5a5
MpKsle1031b13
MpKslf44edd9e
MpKslfd82124c

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
"vvdsvc"=-

******************************************

Now open notepad (Start, Run, notepad, OK) and Ctrl + V to paste the text into Notepad. Make sure you got it all then File, SAVE AS, (to your Desktop), CFScript , OK. Close notepad. (Overwrite the old one if it's still there.) You should see a file CFScript.txt on your desktop.

Pause your anti-virus.

Drag CFScript.txt over to Combofix and let go Combofix should start on its own.

Post the new log.

Clear the event logs as before: Right click on (My) Computer and select Manage (Continue) Then the Event Viewer. Next select Windows Logs. Right click on System and Clear Log, Clear. Repeat for Application.

Reboot and this time go into regular mode. Delete your old logs from VEW.

Run VEW as before:

2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.

If networking is still not working in regular mode then reboot into Safe Mode with Networking and post the two VEW logs.


Ron
  • 0

#20
QPR
Posted 27 August 2011 - 07:47 AM

QPR

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
That seems complicated Ron!
I get to here" Start, right click on Computer and select Manage then Continue. Services and Applications then Services" then can't find where the windows search service is. Can I also ask what VEW is?
Cheers.
  • 0

#21
RKinner
Posted 27 August 2011 - 09:24 AM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Did you get a Combofix log? Please post it.

Let's try it another way to turn off the search service..

Copy the next line of text:

sc config Wsearch start= disabled

Start, Programs, Accessories then right click on Command Prompt and select Run As Administrator, Continue. Right click and select Paste or Edit then Paste. The copied line should appear. Hit Enter


VEW = Vino's Event Viewer which you just ran.

Ron
  • 0

#22
QPR
Posted 27 August 2011 - 09:51 AM

QPR

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
Was this not the combofix log?
===========================

ComboFix 11-08-26.04 - ross 26/08/2011 15:09:17.1.2 - x86 NETWORK
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.44.1033.18.955.279 [GMT 1:00]
Running from: c:\users\ross\Downloads\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: STOPzilla Anti-Spyware *Disabled/Updated* {B2E69928-50DC-94CA-6A80-AAB054008761}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\360Rec
c:\program files\StormII
c:\program files\StormII\Codec\QTSystem\QuickTime.qtp
c:\users\ross\AppData\Local\lkifgctr.dat
c:\users\ross\AppData\Local\lkifgctr_nav.dat
c:\users\ross\AppData\Local\lkifgctr_navps.dat
c:\users\ross\AppData\Roaming\BITS
c:\users\ross\AppData\Roaming\BITS\BITS.ini
c:\users\ross\AppData\Roaming\BITS\UPnP.ini
c:\windows\Downloaded Program Files\Install.inf
c:\windows\system32\Nagasoft
c:\windows\system32\Nagasoft\Codecs\asyncflt.ax
c:\windows\system32\Nagasoft\Codecs\atrc.dll
c:\windows\system32\Nagasoft\Codecs\cook.dll
c:\windows\system32\Nagasoft\Codecs\drvc.dll
c:\windows\system32\Nagasoft\Codecs\raac.dll
c:\windows\system32\Nagasoft\Codecs\RealMediaSplitter.ax
c:\windows\system32\Nagasoft\Codecs\WMFDemux.dll
c:\windows\system32\Nagasoft\GifShower.dll
c:\windows\system32\Nagasoft\vjocx.dll
c:\windows\system32\no
c:\windows\system32\no\toscdspd.cpl.mui
c:\windows\system32\nsis_loader.dll
c:\windows\system32\SV
c:\windows\system32\SV\toscdspd.cpl.mui
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_vvdsvc
-------\Service_vvdsvc
.
.
((((((((((((((((((((((((( Files Created from 2011-07-26 to 2011-08-26 )))))))))))))))))))))))))))))))
.
.
2011-08-26 14:14 . 2011-08-26 14:19 -------- d-----w- c:\users\ross\AppData\Local\temp
2011-08-26 09:44 . 2011-07-04 11:36 309848 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-08-26 09:44 . 2011-07-04 11:32 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-08-26 09:44 . 2011-07-04 11:35 43608 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-08-26 09:44 . 2011-07-04 11:32 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-08-26 09:44 . 2011-07-04 11:36 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-08-26 09:44 . 2011-07-04 11:32 54104 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-08-26 09:43 . 2011-07-04 11:43 40112 ----a-w- c:\windows\avastSS.scr
2011-08-26 09:43 . 2011-07-04 11:43 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-08-26 09:43 . 2011-08-26 09:43 -------- d-----w- c:\programdata\AVAST Software
2011-08-26 09:43 . 2011-08-26 09:43 -------- d-----w- c:\program files\AVAST Software
2011-08-26 08:52 . 2011-08-26 08:52 -------- d-----w- C:\_OTL
2011-08-25 22:15 . 2011-08-26 00:47 -------- d-----w- c:\program files\Emsisoft Anti-Malware
2011-08-25 21:36 . 2011-08-26 09:37 -------- d-----w- c:\programdata\STOPzilla!
2011-08-23 14:27 . 2011-08-23 14:42 -------- d-----w- c:\programdata\PCPitstop
2011-08-23 08:58 . 2011-08-23 08:58 -------- d-----w- c:\program files\Trend Micro
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-17 13:32 . 2011-07-17 13:27 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-06 18:52 . 2011-04-21 11:30 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-06 18:52 . 2011-04-21 11:30 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-02 13:34 . 2011-07-13 09:43 2043392 ----a-w- c:\windows\system32\win32k.sys
2011-06-23 17:07 . 2011-04-22 07:47 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-07-04 11:43 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 1029416]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-08-25 30192]
"Toshiba TEMPO"="c:\program files\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe" [2008-04-24 103824]
"topi"="c:\program files\TOSHIBA\Toshiba Online Product Information\topi.exe" [2007-07-10 581632]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-25 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-25 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-25 145944]
"RtHDVCpl"="RtHDVCpl.exe" [2008-04-08 6037504]
"Skytel"="Skytel.exe" [2007-11-20 1826816]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2008-01-17 431456]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2008-06-24 509816]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2008-05-09 716800]
"Toshiba Registration"="c:\program files\Toshiba\Registration\ToshibaRegistration.exe" [2008-01-11 574864]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-07-06 1047656]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-07-04 3493720]
.
c:\users\ross\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files\TOSHIBA\TRDCReminder\TRDCReminder.exe [2008-3-5 393216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
R1 MpKsl3c25b474;MpKsl3c25b474;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{EDCAF631-F3EF-482E-BEFF-7DB68E41D53C}\MpKsl3c25b474.sys [x]
R1 MpKsl44ea8968;MpKsl44ea8968;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6B944173-9709-488B-A777-60B11DCECF54}\MpKsl44ea8968.sys [x]
R1 MpKsl4991b58e;MpKsl4991b58e;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A63E2EF4-72E0-4B0E-8B43-AF36BD05EEFB}\MpKsl4991b58e.sys [x]
R1 MpKsl4cc73f51;MpKsl4cc73f51;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F5EC5E18-CA4D-4E50-BE4F-77665CD3FEC8}\MpKsl4cc73f51.sys [x]
R1 MpKsl534adb35;MpKsl534adb35;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9C2257FC-8847-47E9-88B2-B1A035AFCE16}\MpKsl534adb35.sys [x]
R1 MpKsl5925202e;MpKsl5925202e;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{AE70E563-CF33-4FFF-AFAD-6BD7C0E1A6EF}\MpKsl5925202e.sys [x]
R1 MpKsl66c1280a;MpKsl66c1280a;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B67871A6-513D-456E-BEA7-63E5AE7E00E6}\MpKsl66c1280a.sys [x]
R1 MpKsl7353d07b;MpKsl7353d07b;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{DA90BD97-522E-4251-832D-5E97C914C363}\MpKsl7353d07b.sys [x]
R1 MpKsl798f7c79;MpKsl798f7c79;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8A350502-24CA-4287-A38B-D442CD471790}\MpKsl798f7c79.sys [x]
R1 MpKsl81885dd5;MpKsl81885dd5;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C350655C-900C-4FE7-BF64-1853F4AEFE20}\MpKsl81885dd5.sys [x]
R1 MpKsl864b5044;MpKsl864b5044;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{12355509-673C-4CCF-89F0-F2A6690B952A}\MpKsl864b5044.sys [x]
R1 MpKsl87ed1aa5;MpKsl87ed1aa5;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{EDCAF631-F3EF-482E-BEFF-7DB68E41D53C}\MpKsl87ed1aa5.sys [x]
R1 MpKsl9277ada3;MpKsl9277ada3;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{12355509-673C-4CCF-89F0-F2A6690B952A}\MpKsl9277ada3.sys [x]
R1 MpKsla5955697;MpKsla5955697;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{DA90BD97-522E-4251-832D-5E97C914C363}\MpKsla5955697.sys [x]
R1 MpKslabc9583c;MpKslabc9583c;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B67871A6-513D-456E-BEA7-63E5AE7E00E6}\MpKslabc9583c.sys [x]
R1 MpKslada6544c;MpKslada6544c;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B67871A6-513D-456E-BEA7-63E5AE7E00E6}\MpKslada6544c.sys [x]
R1 MpKslcd39b728;MpKslcd39b728;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{432918B1-B424-422C-8698-A673BA1C7D8C}\MpKslcd39b728.sys [x]
R1 MpKsld1f02457;MpKsld1f02457;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8A350502-24CA-4287-A38B-D442CD471790}\MpKsld1f02457.sys [x]
R1 MpKsldd0d01d6;MpKsldd0d01d6;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{EDCAF631-F3EF-482E-BEFF-7DB68E41D53C}\MpKsldd0d01d6.sys [x]
R1 MpKsldf12c5a5;MpKsldf12c5a5;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F5EC5E18-CA4D-4E50-BE4F-77665CD3FEC8}\MpKsldf12c5a5.sys [x]
R1 MpKsle1031b13;MpKsle1031b13;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{432918B1-B424-422C-8698-A673BA1C7D8C}\MpKsle1031b13.sys [x]
R1 MpKslf44edd9e;MpKslf44edd9e;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6B944173-9709-488B-A777-60B11DCECF54}\MpKslf44edd9e.sys [x]
R1 MpKslfd82124c;MpKslfd82124c;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B67871A6-513D-456E-BEA7-63E5AE7E00E6}\MpKslfd82124c.sys [x]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 135664]
R3 a2acc;a2acc;c:\program files\EMSISOFT ANTI-MALWARE\a2accx86.sys [2011-02-20 73728]
R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-08-25 30192]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 135664]
R3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\Jumpstart\jswpsapi.exe [2008-04-16 954368]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 jswpslwf;JumpStart Wireless Filter Driver;c:\windows\system32\DRIVERS\jswpslwf.sys [2008-04-28 20384]
S2 a2AntiMalware;Emsisoft Anti-Malware 5.1 - Service;c:\program files\Emsisoft Anti-Malware\a2service.exe [2011-06-30 3029208]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-07-04 54104]
S2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [2008-04-16 40960]
S2 TempoMonitoringService;Notebook Performance Tuning Service ;c:\program files\Toshiba TEMPRO\TempoSVC.exe [2008-04-24 99720]
S2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [2008-02-06 126976]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [2006-11-20 7168]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
vvdsvc REG_MULTI_SZ vvdsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2011-08-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 08:35]
.
2011-08-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 08:35]
.
2011-08-26 c:\windows\Tasks\User_Feed_Synchronization-{B47339CA-7745-4F6B-BF83-E9EB27DE643B}.job
- c:\windows\system32\msfeedssync.exe [2011-06-16 04:32]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.bigseekpro.com/tempcleaner/{A0097B9C-6F50-4E17-8411-CC640E27BABE}
mStart Page = hxxp://www.bigseekpro.com/tempcleaner/{A0097B9C-6F50-4E17-8411-CC640E27BABE}
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.1.254
DPF: {05C1004E-2596-48E5-8E26-39362985EEB9} - hxxp://p3p.sogou.com/MMCShell.cab
DPF: {69731714-6886-4587-A9AA-D80C2763884D} - hxxp://dl.google.com/dl/desktop/nv/GoogleGadgetPluginIEWin.cab
DPF: {AC414988-E5BB-4C2C-873B-EA53D2F3D23A} - hxxp://t.live.cctv.com/ieocx/CCTVUpdateInstall.dll
DPF: {EF0D1A14-1033-41A2-A589-240C01EDC078} - hxxp://dl.pplive.com/PluginSetup.cab
FF - ProfilePath - c:\users\ross\AppData\Roaming\Mozilla\Firefox\Profiles\wsk5pso3.default\
FF - prefs.js: network.proxy.type - 0
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{00000000-6E41-4FD3-8538-502F5495E5FC} - c:\program files\Ask.com\GenericAskToolbar.dll
SafeBoot-mcmscsvc
SafeBoot-MCODS
.
.
.
**************************************************************************
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files:
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\windows\system32\WLANExt.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
c:\windows\system32\TODDSrv.exe
c:\program files\TOSHIBA\Power Saver\TosCoSrv.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\windows\servicing\TrustedInstaller.exe
c:\windows\system32\RacAgent.exe
.
**************************************************************************
.
Completion time: 2011-08-26 15:35:03 - machine was rebooted
ComboFix-quarantined-files.txt 2011-08-26 14:31
.
Pre-Run: 41,083,379,712 bytes free
Post-Run: 39,810,109,440 bytes free
.
- - End Of File - - BA425F97CFA623DF6B356A58B2CD1107


  • 0

#23
RKinner
Posted 27 August 2011 - 10:44 AM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
That's the old one. I asked you to run it again with CFScript.


Copy the text between the lines of stars by highlighting and Ctrl + c.

******************************************

Killall::

SecCenter::
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

DirLook::
C:\Program Files\Common
%user%\library

Driver::
MpKsl3c25b474
MpKsl44ea8968
MpKsl4991b58e
MpKsl4cc73f51
MpKsl534adb35
MpKsl5925202e
MpKsl66c1280a
MpKsl7353d07b
MpKsl798f7c79
MpKsl81885dd5
MpKsl864b5044
MpKsl87ed1aa5
MpKsl9277ada3
MpKsla5955697
MpKslabc9583c
MpKslada6544c
MpKslcd39b728
MpKsld1f02457
MpKsldd0d01d6
MpKsldf12c5a5
MpKsle1031b13
MpKslf44edd9e
MpKslfd82124c

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
"vvdsvc"=-

******************************************

Now open notepad (Start, Run, notepad, OK) and Ctrl + V to paste the text into Notepad. Make sure you got it all then File, SAVE AS, (to your Desktop), CFScript , OK. Close notepad. (Overwrite the old one if it's still there.) You should see a file CFScript.txt on your desktop.

Pause your anti-virus.

Drag CFScript.txt over to Combofix and let go Combofix should start on its own.

Post the new log.
  • 0

#24
QPR
Posted 27 August 2011 - 04:54 PM

QPR

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
Thanks for your trying to help Ron, but I think I've made a mistake and made it worse, too technical for me!
I'm posting this from another PC, as I can't get on-line with the other now.
Cheers Bobby.

Edited by QPR, 27 August 2011 - 04:55 PM.

  • 0

#25
RKinner
Posted 27 August 2011 - 08:30 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
See if you can boot into Last Known Good.

Reboot and when you see the maker's logo, hear a beep or it talks about F8, start tapping the F8 key slowly. Keep tapping until the Safe Mode Menu appears and choose

Last Known Good. See if that works.

If not then do a system restore http://news.softpedi...re-47381.shtml.

If none of that helps then:

In IE, Files, uncheck Work Offline. Restart IE and test. If still no good:

In IE, Tools, Internet Options, Connections, LAN Settings, then uncheck all boxes and OK. Close IE and restart IE.

In FireFox, (Tools or the Firefox button), Options, Advanced, Settings, check No Proxy then OK. Close Firefox and restart Firefox.

In Chrome, Wrench, Options, Under the Hood, Change Proxy Settings, uncheck all boxes, OK.

Restart and test. If still no good:

Start, All Programs, Accessories, (Right click on Command Prompt and Run As Administrator). Type with an Enter after each line in the code box: 


ipconfig /flushdns

netsh  winsock  reset catalog

netsh  int ip reset reset.log
(I use two spaces in the code box so you will be sure to see where 1 space goes.)

Reboot and test. If it still doesn't work:


1. Click "Start," click "Control Panel," click "Network and Internet Connections," and then click "Network Connections."
2. Right-click the network connection that you want to configure (the one you use to connect to the Internet), and then click Properties.
3. On the General tab (for a local area connection), or the Networking tab (for all other connections), click "Internet Protocol (TCP/IP)", and then click "Properties."

4. Click "Use the following DNS server addresses," and then type 8.8.8.8 in the Preferred DNS server and 4.2.2.1 in the Alternate DNS server boxes.

5. Click "OK"

Reboot and test. If it still doesn't work:

(Start) Right click on My Computer, select Manage then Device Manager. Find the Network Adapters and click on the + in front to open up the sub entries. Right click on each sun-entry under Network Adapters and Uninstall. (Doesn't hurt to write down the names in case you need to download the drivers from the PC Maker's website. Normally you don't but with malware you never know.) Reboot and test. If it still doesn't work:

Start, All Programs, Accessories, (Right click on Command Prompt and Run As Administrator). Type with an Enter after each line in the code box: 


ipconfig  /all
ipconfig  /release
ipconfig  /renew
ipconfig  /all

Report any errors you get and the IP addresses of the last ipconfig /all
  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP