 |
Spyware Warrior
Help with Spyware, Hijacking & Other Internet Nuisances
|
| View previous topic :: View next topic |
| Author |
Message |
pjb17
Joined: 03 Jan 2012
Last Visit: 03 Jan 2012
Posts: 0
|
 Posted: Tue Jan 03, 2012 4:42 pm Post subject: hijacked search engine results |
 |
|
everytime I do a search and click on a result, it gets redirected to a random web site like get-answers-fast.com.
I ran these in safe mode, let me know if i need to do anything else and thanks for the help.
here is dds.txt
.
DDS (Ver_2011-08-26.01) - NTFSAMD64 NETWORK
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_29
Run by PJ'S at 16:26:25 on 2012-01-03
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.5887.4712 [GMT -8:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spyware Doctor *Enabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\svchost.exe -k NetworkService
C:\Windows\SysWOW64\atashost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Windows\sysWOW64\wbem\wmiprvse.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\PC Tools Security\pctsGui.exe
C:\Program Files (x86)\PC Tools Security\pctsAuxs.exe
C:\Program Files (x86)\PC Tools Security\pctsSvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Microsoft Office\Office10\OUTLOOK.EXE
C:\Windows\system32\REGSVR32.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uSearch Bar = Preserve
uStart Page = hxxp://excite.com/
uDefault_Page_URL = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=dx4300&r=173607109816p0495v155k45515230
mDefault_Page_URL = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=dx4300&r=173607109816p0495v155k45515230
mStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=dx4300&r=173607109816p0495v155k45515230
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: H - No File
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: SpecialSavings: {74f475fa-6c75-43bd-aab9-ecda6184f600} - C:\Program Files (x86)\SpecialSavings\SpecialSavingsSinged.dll
BHO: ViewerHelper Class: {78104a01-8e71-4f30-9a36-3793799615b4} - C:\Program Files (x86)\Microsoft\Rights Management Add-on\RMAFilt.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll
BHO: File2LinkIB: {c23b756a-bd9f-4ca6-aded-17ab8ccf3e8b} - C:\Program Files (x86)\file2linkib\file2linkibX.dll
BHO: Act.UI.InternetExplorer.Plugins.AttachFile.CAttachFile: {d5233fcd-d258-4903-89b8-fb1568e7413d} - mscoree.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: File2LinkIB: {c23b756a-bd9f-4ca6-aded-17ab8ccf3e8b} - C:\Program Files (x86)\file2linkib\file2linkibX.dll
TB: {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - No File
TB: {0123B506-0AD9-43AA-B0CF-916C122AD4C5} - No File
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
uRun: [Communicator] "C:\Program Files (x86)\Microsoft Office Communicator\Communicator.exe"
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [TivoServer] C:\Program Files (x86)\TiVo\Desktop\TiVoServer.exe /service /registry /auto:TivoServer
uRun: [TivoTransfer] C:\Program Files (x86)\TiVo\Desktop\TiVoTransfer.exe
uRun: [TivoNotify] C:\Program Files (x86)\TiVo\Desktop\TiVoNotify.exe /service /registry /auto:TivoNotify
uRun: [TranscodingService] C:\Program Files (x86)\TiVo\Desktop\Plus\\TranscodingService.exe
mRun: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe" -h -k
mRun: [Gateway Photo Frame] C:\Program Files (x86)\Gateway Photo Frame\ButtonMonitor.exe -A
mRun: [lxddmon.exe] "C:\Program Files (x86) (x86)\Lexmark 2500 Series\lxddmon.exe"
mRun: [lxddamon] "C:\Program Files (x86) (x86)\Lexmark 2500 Series\lxddamon.exe"
mRun: [nmctxth] "C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
mRun: [nmapp] "C:\Program Files (x86)\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [FaxCenterServer] "C:\Program Files (x86)\Lexmark Fax Solutions\fm3032.exe" /s
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Act.Outlook.Service] "C:\Program Files (x86)\ACT\Act for Windows\Act.Outlook.Service.exe"
mRun: [Act! Preloader] "C:\Program Files (x86)\ACT\Act for Windows\ActSage.exe" -preload
mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [ISTray] "C:\Program Files (x86)\PC Tools Security\pctsGui.exe" /hideGUI
mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
StartupFolder: C:\Users\PJ'S\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\WkCalRem.LNK - C:\Program Files (x86)\Microsoft Works\WkCalRem.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ACROBA~1.LNK - C:\Program Files (x86)\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MICROS~1.LNK - C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\PHOTOF~1.LNK - C:\Program Files (x86)\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ROADRU~1.LNK - C:\Windows\Installer\{8C92F717-6AF8-445C-A5EE-0570C864365E}\_4E67E20696D9AD37E90475.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SAGEAC~1.LNK - C:\Program Files (x86)\ACT\Act for Windows\Sage.ACT.Integration.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "C:\Program Files (x86)\Fiddler2\Fiddler.exe"
IE: {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files (x86)\PokerStars.NET\PokerStarsUpdate.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {685ec120-f786-4498-a8f0-794d47916161} - {C733FB84-6DB3-4363-8AA7-678F9B5E828E} - C:\Program Files (x86)\Microsoft\Rights Management Add-on\RMAFilt.dll
IE: {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - mscoree.dll
IE: {A69A551A-1AAE-4B67-8C2E-52F8B8A19504} - {A69A551A-1AAE-4B67-8C2E-52F8B8A19504} - C:\Program Files (x86)\SpecialSavings\SpecialSavingsSinged.dll
IE: {aede78a6-42b6-4c3c-96eb-5ae6dbec4859} - {78104A01-8E71-4F30-9A36-3793799615B4} - C:\Program Files (x86)\Microsoft\Rights Management Add-on\RMAFilt.dll
LSP: C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll
Trusted Zone: classicvacations.com\www
Trusted Zone: excite.com\www
Trusted Zone: travelwizard.com\backoffice
Trusted Zone: travelwizard.com\cbb
Trusted Zone: travelwizard.com\owa
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://support.gateway.com/support/profiler/PCPitStop.CAB
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {9A57B18E-2F5D-11D5-8997-00104BD12D94} - hxxp://support.gateway.com/support/serialharvest/gwCID.CAB
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://23touchpointssupport.webex.com/client/T27L10NSP11EP5/support/ieatgpc1.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://access.expedia.biz/dana-cached/sc/JuniperSetupClient.cab
TCP: DhcpNameServer = 192.168.1.1 209.18.47.61 209.18.47.62
TCP: Interfaces\{C90B11A7-8BCE-4086-B494-FACCB87465D7} : DhcpNameServer = 192.168.1.1 209.18.47.61 209.18.47.62
Filter: application/msword - {DFF82902-0B96-3B98-6F62-D655E146A23A} - C:\Program Files (x86)\Microsoft\Rights Management Add-on\RMAFilt.dll
Filter: application/octet-stream - {F969FE8E-1937-45AD-AF42-8A4D11CBDC2A} - C:\Program Files (x86)\Microsoft\Rights Management Add-on\RMAFilt.dll
Filter: application/vnd.ms-excel - {DFF82902-0B96-3B98-6F62-D655E146A23A} - C:\Program Files (x86)\Microsoft\Rights Management Add-on\RMAFilt.dll
Filter: application/vnd.ms-powerpoint - {DFF82902-0B96-3B98-6F62-D655E146A23A} - C:\Program Files (x86)\Microsoft\Rights Management Add-on\RMAFilt.dll
Filter: application/x-microsoft-rpmsg-message - {DFF82902-0B96-3B98-6F62-D655E146A23A} - C:\Program Files (x86)\Microsoft\Rights Management Add-on\RMAFilt.dll
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files (x86)\Common Files\microsoft shared\Web Folders\PKMCDO.DLL
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\puresp4.dll
Handler: rmh - {23C585BB-48FF-4865-8934-185F0A7EB84C} - C:\Program Files (x86)\Microsoft\Rights Management Add-on\RMAFilt.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs: protector.dll
BHO-X64: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: SpecialSavings: {74F475FA-6C75-43BD-AAB9-ECDA6184F600} - C:\Program Files (x86)\SpecialSavings\SpecialSavingsSinged.dll
BHO-X64: SpecialSavings - No File
BHO-X64: ViewerHelper Class: {78104A01-8E71-4F30-9A36-3793799615B4} - C:\Program Files (x86)\Microsoft\Rights Management Add-on\RMAFilt.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll
BHO-X64: File2LinkIB: {c23b756a-bd9f-4ca6-aded-17ab8ccf3e8b} - C:\Program Files (x86)\file2linkib\file2linkibX.dll
BHO-X64: File2LinkIB - No File
BHO-X64: Act.UI.InternetExplorer.Plugins.AttachFile.CAttachFile: {D5233FCD-D258-4903-89B8-FB1568E7413D} - mscoree.dll
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: File2LinkIB: {c23b756a-bd9f-4ca6-aded-17ab8ccf3e8b} - C:\Program Files (x86)\file2linkib\file2linkibX.dll
TB-X64: {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - No File
TB-X64: {0123B506-0AD9-43AA-B0CF-916C122AD4C5} - No File
TB-X64: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
mRun-x64: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe" -h -k
mRun-x64: [Gateway Photo Frame] C:\Program Files (x86)\Gateway Photo Frame\ButtonMonitor.exe -A
mRun-x64: [lxddmon.exe] "C:\Program Files (x86) (x86)\Lexmark 2500 Series\lxddmon.exe"
mRun-x64: [lxddamon] "C:\Program Files (x86) (x86)\Lexmark 2500 Series\lxddamon.exe"
mRun-x64: [nmctxth] "C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
mRun-x64: [nmapp] "C:\Program Files (x86)\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [FaxCenterServer] "C:\Program Files (x86)\Lexmark Fax Solutions\fm3032.exe" /s
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [Act.Outlook.Service] "C:\Program Files (x86)\ACT\Act for Windows\Act.Outlook.Service.exe"
mRun-x64: [Act! Preloader] "C:\Program Files (x86)\ACT\Act for Windows\ActSage.exe" -preload
mRun-x64: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [ISTray] "C:\Program Files (x86)\PC Tools Security\pctsGui.exe" /hideGUI
mRunOnce-x64: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
IE-X64: {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "C:\Program Files (x86)\Fiddler2\Fiddler.exe"
IE-X64: {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files (x86)\PokerStars.NET\PokerStarsUpdate.exe
IE-X64: {1FBA04EE-3024-11d2-8F1F-0000F87ABD16} - C:\Users\PJ'S\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\UB\UB.lnk
IE-X64: {e4e8c758-34b4-44bb-8ef9-1f0786e81d2d} - C:\Users\PJ'S\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CarbonPoker\CarbonPoker.lnk
AppInit_DLLs-X64: protector.dll
Hosts: 74.82.36.74 sip.travelwizard.local
Hosts: 74.82.36.74 _sip._tls.travelwizard.local
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\PJ'S\AppData\Roaming\Mozilla\Firefox\Profiles\w5vknlcg.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?form=babtdf&pc=bbln&q=
FF - prefs.js: browser.startup.homepage - hxxp://www.travel-wizard.com/
FF - prefs.js: keyword.url - hxxp://www.bing.com/search?form=babtdf&pc=bbln&q=
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npatgpc.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 PCTCore;PCTools KDS;C:\Windows\system32\drivers\PCTCore64.sys --> C:\Windows\system32\drivers\PCTCore64.sys [?]
R0 pctDS;PC Tools Data Store;C:\Windows\system32\drivers\pctDS64.sys --> C:\Windows\system32\drivers\pctDS64.sys [?]
R0 pctEFA;PC Tools Extended File Attributes;C:\Windows\system32\drivers\pctEFA64.sys --> C:\Windows\system32\drivers\pctEFA64.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R2 atashost;WebEx Service Host for Support Center;C:\Windows\SysWOW64\atashost.exe [2010-10-29 43928]
R2 sdAuxService;PC Tools Auxiliary Service;C:\Program Files (x86)\PC Tools Security\pctsAuxs.exe [2012-1-3 366840]
R2 sdCoreService;PC Tools Security Service;C:\Program Files (x86)\PC Tools Security\pctsSvc.exe [2012-1-3 1150936]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
S2 ActService;ACT! Service Host;C:\Program Files (x86)\ACT\Act for Windows\Act.Server.Host.exe [2011-8-17 18432]
S2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]
S2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
S2 bProtector;bProtector;C:\ProgramData\bProtector\bProtect.exe [2012-1-3 803328]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 Greg_Service;GRegService;C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe [2009-8-28 1150496]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-7-8 135664]
S2 InstallBrainService;InstallBrain Updater Service;C:\Program Files (x86)\InstallBrainService\InstallBrainService.exe [2012-1-3 273912]
S2 lxdd_device;lxdd_device;C:\Windows\system32\lxddcoms.exe -service --> C:\Windows\system32\lxddcoms.exe -service [?]
S2 lxddCATSCustConnectService;lxddCATSCustConnectService;C:\Windows\System32\spool\DRIVERS\x64\3\lxddserv.exe [2007-5-25 34224]
S2 MSSQL$ACT7;SQL Server (ACT7);C:\Program Files\Microsoft SQL Server\MSSQL10_50.ACT7\MSSQL\Binn\sqlservr.exe [2010-5-5 61913952]
S2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe [2009-8-12 62208]
S2 SQLAgent$ACT7;SQL Server Agent (ACT7);C:\Program Files\Microsoft SQL Server\MSSQL10_50.ACT7\MSSQL\Binn\SQLAGENT.EXE [2010-5-5 428384]
S2 TivoBeacon2;TiVo Beacon Service;C:\Program Files (x86)\TiVo\Desktop\TiVoBeacon.exe [2010-8-24 1104656]
S2 Updater Service;Updater Service;C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe [2009-10-27 240160]
S2 yksvc;Marvell Yukon Service;C:\Windows\System32\svchost.exe -k yksvcs [2009-7-13 20992]
S3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
S3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-7-8 135664]
S3 HPEWSFXBULK;HPEWSFXBULK;C:\Windows\system32\drivers\hpfx64bulk.sys --> C:\Windows\system32\drivers\hpfx64bulk.sys [?]
S3 SrvHsfPCI;SrvHsfPCI;C:\Windows\system32\DRIVERS\VSTBS26.SYS --> C:\Windows\system32\DRIVERS\VSTBS26.SYS [?]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2010-5-5 59744]
S4 RsFx0150;RsFx0150 Driver;C:\Windows\system32\DRIVERS\RsFx0150.sys --> C:\Windows\system32\DRIVERS\RsFx0150.sys [?]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);C:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2010-5-5 428384]
.
=============== Created Last 30 ================
.
2012-01-04 00:12:11 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{479A9935-A326-46D7-B995-001FD2D0357B}\offreg.dll
2012-01-03 23:38:15 816016 ----a-w- C:\Windows\System32\drivers\pctEFA64.sys
2012-01-03 23:38:15 452872 ----a-w- C:\Windows\System32\drivers\pctDS64.sys
2012-01-03 23:38:12 334976 ----a-w- C:\Windows\System32\drivers\pctgntdi64.sys
2012-01-03 23:38:12 137704 ----a-w- C:\Windows\System32\drivers\pctwfpfilter64.sys
2012-01-03 23:38:02 257232 ----a-w- C:\Windows\System32\drivers\PCTCore64.sys
2012-01-03 23:37:49 92896 ----a-w- C:\Windows\System32\drivers\pctplsg64.sys
2012-01-03 23:37:42 -------- d-----w- C:\Users\PJ'S\AppData\roaming\PC Tools
2012-01-03 23:37:42 -------- d-----w- C:\Program Files (x86)\PC Tools Security
2012-01-03 23:37:42 -------- d-----w- C:\Program Files (x86)\Common Files\PC Tools
2012-01-03 23:36:23 -------- d-----w- C:\ProgramData\PC Tools
2012-01-03 23:31:13 -------- d-----w- C:\Windows\SysWow64\Extensions
2012-01-03 23:21:07 -------- d-----w- C:\Program Files (x86)\SpecialSavings
2012-01-03 23:21:02 748544 ----a-w- C:\Windows\SysWow64\protector.dll.tmp
2012-01-03 23:21:02 748544 ----a-w- C:\Windows\SysWow64\protector.dll
2012-01-03 23:21:02 -------- d-----w- C:\ProgramData\bProtector
2012-01-03 23:20:52 -------- d-----w- C:\Program Files (x86)\file2linkib
2012-01-03 23:20:44 -------- d-----w- C:\Users\PJ'S\AppData\roaming\PerformerSoft
2012-01-03 23:20:43 16752 ----a-w- C:\Windows\System32\roboot64.exe
2012-01-03 23:20:34 -------- d-----w- C:\Program Files (x86)\InstallBrainService
2012-01-03 15:48:13 -------- d-----w- C:\Users\PJ'S\AppData\Local\{95FDEEEB-8571-405B-A5D9-4B0B31EE2CB1}
2012-01-03 15:47:58 -------- d-----w- C:\Users\PJ'S\AppData\Local\{21B671E5-330B-451C-91AD-3829F563E5E2}
2012-01-03 15:02:05 -------- d-----w- C:\Users\PJ'S\AppData\Local\{A670EDE5-489C-4E58-9B15-C4E7013A9CF5}
2012-01-03 03:01:19 -------- d-----w- C:\Users\PJ'S\AppData\Local\{46BD6D9B-DA7C-49B3-BD91-7C6197AAE444}
2012-01-03 03:01:00 -------- d-----w- C:\Users\PJ'S\AppData\Local\{D25C4257-ACC2-4CCB-8B08-31A6400CDECA}
2012-01-03 02:44:08 8570192 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{479A9935-A326-46D7-B995-001FD2D0357B}\mpengine.dll
2012-01-02 23:22:47 -------- d-----w- C:\Program Files (x86)\Sophos
2012-01-02 17:00:20 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-01-02 16:01:05 917840 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{C0F2A6F4-6FEF-4A6E-9D6B-92CB23F6D791}\gapaengine.dll
2012-01-02 15:57:07 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2012-01-02 15:57:00 -------- d-----w- C:\Program Files\Microsoft Security Client
2012-01-02 13:59:40 0 ---ha-w- C:\Users\PJ'S\AppData\Local\BITEDB3.tmp
2011-12-19 23:36:01 -------- d-----w- C:\Program Files (x86)\WildGames
2011-12-15 15:25:50 -------- d-----w- C:\Program Files (x86)\PC Cleaners
2011-12-12 15:42:45 -------- d-----w- C:\Users\PJ'S\AppData\Local\NLOP
.
==================== Find3M ====================
.
2011-11-15 22:32:48 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-10-24 22:29:02 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
2011-10-24 22:29:02 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
2011-10-06 21:52:53 95568 ----a-w- C:\Windows\System32\vetredir.dll
2011-10-06 21:52:53 141136 ----a-w- C:\Windows\System32\isafeif64.dll
2011-10-06 21:52:53 128336 ----a-w- C:\Windows\System32\isafeif.dll
2011-10-06 21:52:53 103760 ----a-w- C:\Windows\System32\vetredir64.dll
.
============= FINISH: 16:35:19.46 ===============
here is attach.txt
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 7/8/2010 1:48:58 PM
System Uptime: 1/3/2012 4:09:12 PM (0 hours ago)
.
Motherboard: Gateway | | RS780
Processor: AMD Phenom(tm) II X4 810 Processor | AM2 | 2592/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 914 GiB total, 539.71 GiB free.
D: is CDROM ()
E: is Removable
F: is Removable
G: is Removable
H: is Removable
I: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e96b-e325-11ce-bfc1-08002be10318}
Description: Standard PS/2 Keyboard
Device ID: ACPI\PNP0303\4&2A700557&0
Manufacturer: (Standard keyboards)
Name: Standard PS/2 Keyboard
PNP Device ID: ACPI\PNP0303\4&2A700557&0
Service: i8042prt
.
Class GUID: {4d36e96f-e325-11ce-bfc1-08002be10318}
Description: Microsoft PS/2 Mouse
Device ID: ACPI\PNP0F03\4&2A700557&0
Manufacturer: Microsoft
Name: Microsoft PS/2 Mouse
PNP Device ID: ACPI\PNP0F03\4&2A700557&0
Service: i8042prt
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: Security Processor Loader Driver
Device ID: ROOT\LEGACY_SPLDR\0000
Manufacturer:
Name: Security Processor Loader Driver
PNP Device ID: ROOT\LEGACY_SPLDR\0000
Service: spldr
.
==== System Restore Points ===================
.
RP170: 12/9/2011 5:20:06 PM - Scheduled Checkpoint
RP171: 12/10/2011 6:14:39 AM - Windows Update
RP172: 12/12/2011 1:55:17 PM - Installed hp LaserJet 1010 Series
RP173: 12/15/2011 7:33:40 AM - Before running PC Cleaners system fix
RP174: 12/15/2011 7:43:19 AM - Before running PC Cleaners system fix
RP175: 12/16/2011 4:46:08 AM - Windows Update
RP176: 12/16/2011 5:15:37 AM - Restore Operation
RP177: 12/16/2011 10:28:02 AM - Windows Update
RP178: 12/20/2011 3:25:29 AM - Windows Update
RP182: 12/23/2011 10:47:29 AM - CA Internet Security Suite
RP183: 12/27/2011 5:09:30 AM - Windows Update
RP184: 12/28/2011 12:47:14 PM - Installed iTunes
RP185: 1/2/2012 4:35:08 PM - Restore Operation
RP190: 1/3/2012 3:24:14 PM - PC Performer Tue, Jan 03, 12 15:23
.
==== Installed Programs ======================
.
ABBYY FineReader 6.0 Sprint
Acrobat.com
Active@ ISO Burner
Adobe Acrobat 5.0
Adobe AIR
Adobe Flash Player 10 Plugin
Adobe Reader X (10.1.1)
Adobe Shockwave Player 11.5
Advertising Center
AMD DnD V1.0.19
Apple Application Support
Apple Software Update
Backup Manager Advance
CarbonPoker
Catalyst Control Center InstallProxy
Chinese Simplified Fonts Support For Adobe Reader X
Cisco Network Magic
Compatibility Pack for the 2007 Office system
Corel Applications
D3DX10
eBay Worldwide
Fiddler2
File2LinkIB
FLV to MP4 Converter 2009.2.20
Free PDF to Word Doc Converter v1.1
Gateway Games
Gateway InfoCentre
Gateway MyBackup
Gateway Photo Frame 4.2.3.10
Gateway Recovery Management
Gateway Registration
Gateway ScreenSaver
Gateway Updater
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
GoToMeeting 5.0.0.799
Hustler Casino
Identity Card
ImagXpress
InstallBrain Updater Service
Java Auto Updater
Java(TM) 6 Update 29
Juniper Networks Host Checker
Juniper Networks Network Connect 7.0.0
Juniper Networks Setup Client
Junk Mail filter update
Malwarebytes Anti-Malware version 1.60.0.1800
Marvell Miniport Driver
Microsoft Office Communicator 2005
Microsoft Office Live Meeting 2007
Microsoft Office XP Professional
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server Browser
Microsoft SQL Server Compact 3.5 SP2 ENU
Microsoft Sync Framework 2.0 Core Components (x86) ENU
Microsoft Sync Framework 2.0 Provider Services (x86) ENU
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft Works
Moyea FLV Player version: 2.0.2.96
Mozilla Firefox 8.0 (x86 en-US)
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NBC Sports
Nero 9 Essentials
Nero ControlCenter
Nero DiscSpeed
Nero DiscSpeed Help
Nero DriveSpeed
Nero DriveSpeed Help
Nero Express Help
Nero InfoTool
Nero InfoTool Help
Nero Installer
Nero Online Upgrade
Nero StartSmart
Nero StartSmart Help
Nero StartSmart OEM
NeroExpress
neroxml
Network Magic
OpenMG Limited Patch 4.7-07-14-05-01
OpenMG Secure Module 4.7.00
PDFTOEXCEL
PHOTOfunSTUDIO 6.1 HD Lite Edition
PokerStars.net
Pure Networks Platform
QuickTime
RAR File Open Knife - Free Opener
Realtek High Definition Audio Driver
Rights Management Add-on for Internet Explorer
Road Runner Safe Storage
Safari
Sage ACT! Pro 2012
Sage Download Manager
SonicStage 4.3
SpecialSavings
Spyware Doctor 8.0
TextTwist 2 Unlimited
TiVo Desktop 2.8.2
TiVo Photos 2.0
TWC Customer Controls
Update Installer for WildTangent Games App
WebEx
WebEx Support Manager for Firefox or Chrome
Welcome Center
WildTangent Games App (Gateway Games)
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Player Firefox Plugin
WinMaximizer 1.2.86
Yahoo! Detect
.
==== Event Viewer Messages From Past Week ========
.
12/30/2011 7:51:50 AM, Error: Schannel [36888] - The following fatal alert was generated: 10. The internal error state is 10.
12/29/2011 3:48:26 PM, Error: Service Control Manager [7023] - The Server service terminated with the following error: The data is invalid.
12/29/2011 3:48:25 PM, Error: Service Control Manager [7038] - The WSearch service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
12/29/2011 3:48:25 PM, Error: Service Control Manager [7038] - The WinHttpAutoProxySvc service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
12/29/2011 3:48:25 PM, Error: Service Control Manager [7038] - The WdiServiceHost service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
12/29/2011 3:48:25 PM, Error: Service Control Manager [7038] - The netprofm service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
12/29/2011 3:48:25 PM, Error: Service Control Manager [7000] - The WinHTTP Web Proxy Auto-Discovery Service service failed to start due to the following error: The service did not start due to a logon failure.
12/29/2011 3:48:25 PM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not start due to a logon failure.
12/29/2011 3:48:25 PM, Error: Service Control Manager [7000] - The Portable Device Enumerator Service service failed to start due to the following error: A system shutdown is in progress.
12/29/2011 3:48:25 PM, Error: Service Control Manager [7000] - The Network List Service service failed to start due to the following error: The service did not start due to a logon failure.
12/29/2011 3:48:25 PM, Error: Service Control Manager [7000] - The Network Connections service failed to start due to the following error: A system shutdown is in progress.
12/29/2011 3:48:25 PM, Error: Service Control Manager [7000] - The iPod Service service failed to start due to the following error: The pipe has been ended.
12/29/2011 3:48:25 PM, Error: Service Control Manager [7000] - The Human Interface Device Access service failed to start due to the following error: A system shutdown is in progress.
12/29/2011 3:48:25 PM, Error: Service Control Manager [7000] - The Diagnostic Service Host service failed to start due to the following error: The service did not start due to a logon failure.
12/29/2011 3:48:25 PM, Error: Service Control Manager [7000] - The Background Intelligent Transfer Service service failed to start due to the following error: A system shutdown is in progress.
12/29/2011 3:48:25 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1115" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
12/29/2011 3:48:25 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1115" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}
12/29/2011 3:48:25 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "109" attempting to start the service iPod Service with arguments "" in order to run the server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE}
12/29/2011 3:48:25 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1069" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
12/29/2011 3:48:25 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1069" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
12/29/2011 1:57:23 PM, Error: atapi [11] - The driver detected a controller error on \Device\Ide\IdePort0.
12/28/2011 3:47:33 PM, Error: Microsoft-Windows-DistributedCOM [10000] - Unable to start a DCOM Server: {9DB6C03C-C511-11D2-A9AE-00C04F72DAEB}. The error: "5" Happened while starting this command: c:\PROGRA~2\MICROS~2\WksCal.exe -Embedding
12/27/2011 7:36:37 AM, Error: Service Control Manager [7022] - The Pure Networks Platform Service service hung on starting.
1/3/2012 8:56:06 AM, Error: Service Control Manager [7034] - The ACT! Service Host service terminated unexpectedly. It has done this 1 time(s).
1/3/2012 7:45:47 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Live ID Sign-in Assistant service to connect.
1/3/2012 7:45:47 AM, Error: Service Control Manager [7000] - The Windows Live ID Sign-in Assistant service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
1/3/2012 4:33:30 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
1/3/2012 4:12:00 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
1/3/2012 4:10:30 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
1/3/2012 4:10:29 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
1/3/2012 4:10:29 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
1/3/2012 4:10:26 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
1/3/2012 4:10:18 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
1/3/2012 4:10:09 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache spldr Wanarpv6
1/3/2012 4:10:07 PM, Error: Service Control Manager [7001] - The Fax service depends on the Print Spooler service which failed to start because of the following error: The dependency service or group failed to start.
1/3/2012 3:35:45 PM, Error: Microsoft-Windows-WMPNSS-Service [14346] - A new media server was not initialized because RegisterRunningDevice() encountered error '0x80070005'. Restart your computer, and then restart the WMPNetworkSvc service.
1/3/2012 3:34:50 PM, Error: Service Control Manager [7034] - The SQL Server (SQLEXPRESS) service terminated unexpectedly. It has done this 1 time(s).
1/3/2012 3:32:57 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the lxddCATSCustConnectService service to connect.
1/3/2012 3:32:57 PM, Error: Service Control Manager [7000] - The lxddCATSCustConnectService service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
1/2/2012 7:54:21 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Media Player Network Sharing Service service to connect.
1/2/2012 7:54:21 AM, Error: Service Control Manager [7000] - The Windows Media Player Network Sharing Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
1/2/2012 7:46:05 AM, Error: Service Control Manager [7034] - The Kaspersky Anti-Virus Service service terminated unexpectedly. It has done this 1 time(s).
1/2/2012 4:30:18 PM, Error: Service Control Manager [7001] - The MBAMService service depends on the MBAMProtector service which failed to start because of the following error: The system cannot find the file specified.
1/2/2012 4:30:18 PM, Error: Service Control Manager [7000] - The MBAMProtector service failed to start due to the following error: The system cannot find the file specified.
1/2/2012 4:28:17 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SAVRKBootTasks
1/2/2012 4:26:20 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Machine Debug Manager service to connect.
1/2/2012 4:26:20 PM, Error: Service Control Manager [7000] - The Machine Debug Manager service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
1/2/2012 4:18:06 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC discache MpFilter NetBIOS NetBT nsiproxy Psched rdbss SAVRKBootTasks spldr sptd tdx Wanarpv6 WfpLwf
1/2/2012 4:18:05 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
1/2/2012 4:18:05 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
1/2/2012 4:18:05 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
1/2/2012 4:18:05 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
1/2/2012 4:18:05 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
1/2/2012 4:18:05 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
1/2/2012 4:18:05 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
1/2/2012 4:18:05 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
1/2/2012 4:18:05 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
1/2/2012 4:18:05 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
1/2/2012 4:17:31 PM, Error: sptd [4] - Driver detected an internal error in its data structures for .
1/2/2012 3:56:54 PM, Error: Service Control Manager [7001] - The SQL Server Agent (ACT7) service depends on the SQL Server (ACT7) service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion.
1/2/2012 3:56:51 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the SQL Server (SQLEXPRESS) service to connect.
1/2/2012 3:56:51 PM, Error: Service Control Manager [7000] - The SQL Server (SQLEXPRESS) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
1/2/2012 3:55:22 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the SQL Server (ACT7) service to connect.
1/2/2012 3:55:22 PM, Error: Service Control Manager [7000] - The SQL Server (ACT7) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
1/2/2012 3:50:53 PM, Error: Service Control Manager [7000] - The MEMSWEEP2 service failed to start due to the following error: This driver has been blocked from loading
1/2/2012 3:50:53 PM, Error: Application Popup [1060] - \??\C:\Windows\system32\8177.tmp has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
1/2/2012 3:22:56 PM, Error: Application Popup [1060] - \??\C:\Windows\system32\2A7.tmp has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
1/1/2012 5:51:15 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the DNS Client service, but this action failed with the following error: An instance of the service is already running.
1/1/2012 5:49:15 AM, Error: Service Control Manager [7031] - The DNS Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
.
==== End Of File =========================== |
|
| Back to top |
|
 |
Scolabar
SWW Honors Graduate
Joined: 24 Aug 2011
Last Visit: 27 Jun 2012
Posts: 105
|
| Posted: Sun Jan 08, 2012 11:32 am Post subject: |
|
|
Hi pjb17,
Firstly, welcome to the Spyware Warrior Forum. 
My name is Scolabar, and I'll be helping you with your malware problems.
Logs can take a while to research, so please be patient.
If you no longer require help I would be grateful if you would let me know.
Please note the following important guidelines before proceeding:
- The instructions that will be provided are for YOUR computer and system only!
Using these instructions on a different computer can cause damage to that computer and possibly render it inoperable!
- If you have any questions or do not understand something, please do not hesitate to ask, don't guess or assume.
- Only post your problem at One help site. Applying fixes from multiple help sites can cause problems.
- Only reply to this thread, do not start another. Please, continue responding, until I give you the All Clean.
Absence of symptoms does not necessarily mean that everything is clear.
- DO NOT run any other fix or removal tools unless instructed to do so!
- DO NOT install any other software (or hardware) during the cleaning process. This adds more items to be researched.
- Print each set of instructions, if possible. Your Internet connection will not be available during some fix processes.
- Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
- Note: No Reply Within 3 Days Will Result In Your Topic Being Closed!
Please Note: If you haven't done so already, please read this topic "Help with Spyware removal Forum Guidelines (PLEASE READ) where the conditions for receiving help here are explained.
Windows 7 Advice:
Please Note: The programs I ask you to use will need to be run in Administrator Mode.
In order to do this Right-click on the program file and select the Run as Administrator option.
Additionally, the built-in User Account Control (UAC) utility, if enabled, may prompt you for permission to run the program.
If prompted, please click on the Allow button.
Reference: User Account Control (UAC) and Running as Administrator
| Quote: |
| Please be aware that removing Malware is a hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop. |
In light of this, it would be advisable for you to back up any important files and folders that you don't want to lose before we start.
If you follow these guidelines, things should proceed smoothly.
I am currently reviewing your log and will return, as soon as possible, with additional instructions.
Thank you for your patience.
Scolabar
_________________
Malware Removal University - You too could train to help others
Member of ASAP and UNITE |
|
| Back to top |
|
|
Scolabar
SWW Honors Graduate
Joined: 24 Aug 2011
Last Visit: 27 Jun 2012
Posts: 105
|
| Posted: Sun Jan 08, 2012 3:09 pm Post subject: |
|
|
Hi pjb17,
Thank you again for your patience.
Please read these instructions carefully before executing and perform the steps, in the order given.
lf, you have any questions about or problems with, executing these instructions, <STOP> do not proceed, post back with the question or problem before going any further.
Before we proceed please make sure any open programs are closed.
Step 1:
Company Owned Computer?
There are indications of software installed on this computer that would only be expected to be seen on a business use computer.
Please could you confirm whether or not the computer is company-owned?
Step 2:
Security Check
- Please download Security Check by screen317 and Save it to your Desktop.
Alternate download site: Link 2
- Right-click on SecurityCheck.exe and select the Run As Administrator option to launch the program. If you receive a UAC prompt, please allow it.
- Press the Space Bar when you see the Press any key to continue... message.
Please Note: This scan will take a short while to complete, so please be patient.
- When the scan has completed, a Notepad file will automatically open called checkup.txt.
- Save the file checkup.txt to your Desktop.
Please Note: This output file is NOT automatically saved!
- Then Copy and Paste the entire contents of the checkup.txt file into your next reply.
Step 3:
MGA Diagnostics
- Please download this tool from Microsoft and Save it to your Desktop.
- Right-click on MGADiag.exe and select the Run As Administrator option to launch the program. If you receive a UAC prompt, please allow it.
- Click on the Continue button to proceed.
- The program will now run. It will take a short while to complete its diagnosis, please be patient.
- When it has finished click on the Copy button.
- Open Notepad by clicking Start > Run, type in Notepad then click OK.
- Paste the copied contents into the new Notepad window and Save the file as checkup.txt to your Desktop.
- Click on the OK button to exit the MGA Diagnostics program.
- Then Copy and Paste the entire contents of checkup.txt into your next reply.
Step 4:
WVCheck
- Please download WVCheck and Save it to your Desktop.
- Right-click on WVCheck.exe and select the Run As Administrator option to launch the program. If you receive a UAC prompt, please allow it.
- Read the comments on the screen and then press Enter.
The scan can take a while depending on the size of your hard drive.
- Once the program is finished, a scan report named WVCheck_hhmm_dd-mm-yyyy.txt will automatically saved to your Desktop and opened in Notepad.
- Please Copy and Paste the entire contents of WVCheck_hhmm_dd-mm-yyyy.txt into your next reply.
Step 5:
Include in Next Post
- Did you have any problems carrying out the instructions?
- Please confirm whether or not this computer is used for business and/or is company-owned.
- checkup.txt.
- mgadiag.txt.
- WVCheck_hhmm_dd-mm-yyyy.txt.
- Do you have the original Windows installation media for your PC?
Scolabar
--------------------------------------------------------------------------
No Reply Within 3 Days Will Result In Your Topic Being Closed
_________________
Malware Removal University - You too could train to help others
Member of ASAP and UNITE |
|
| Back to top |
|
|
Scolabar
SWW Honors Graduate
Joined: 24 Aug 2011
Last Visit: 27 Jun 2012
Posts: 105
|
| Posted: Wed Jan 11, 2012 12:57 am Post subject: |
|
|
Hi pjb17,
It has been over 48 hours since my last post.
- Do you still need help?
- Do you need more time?
- Are you having problems following my instructions?
- In line with Malware Removal's latest policy, topics will be closed after 3 days without a response.
- If you do not reply within the next 24 hours, this topic will be closed.
Scolabar
--------------------------------------------------------------------------
No Reply Within 3 Days Will Result In Your Topic Being Closed
_________________
Malware Removal University - You too could train to help others
Member of ASAP and UNITE |
|
| Back to top |
|
|
Cypher
Moderator
Joined: 05 Jul 2009
Last Visit: 17 May 2013
Posts: 4041
Location: Land Of The Leprechauns
|
| Posted: Thu Jan 12, 2012 1:59 am Post subject: |
|
|
| Quote: |
Due to a lack of response this topic is now closed.
If you still need help you must open a new thread in the Help with spyware removal forum, post a new set of DDS logs, and wait for a new helper.
If you have been helped and wish to donate to help with the costs of this volunteer site, please read Spyware Warrior Donations |
_________________
Admin/Teacher at Malware Removal University
Member of...
 |
|
| Back to top |
|
|
|
|
You can post new topics in this forum
You can reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
smartBlue Style © 2002 Smartor
Powered by phpBB © 2001, 2002 phpBB Group
|
