Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Problems with Malware using Windows

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Problems with Malware using Windows

Unread postby computerused » September 18th, 2011, 4:19 pm

Dear Malware Removal Team,
I have had problems with my PC shutting down when I try to run a full scan of my hard drive using Norton Antivirus and ESET Nod 32 antivirus software. The scan stops after 10-15 minutes and when it does I heard a slight click noise in my computer.

On occasion my computer also shuts down when doing other work with files or browsing, but mainly it always shuts down for the past number of days, when I try to run a full scan. I have ran a Kaspersky scan online from their website and found nothing and a Malware bytes scan also found nothing.

After my computer shuts down it never starts correctly but prompts me at start up by asking if I want to start in normal or safe mode. Additionally, my computer often will run Check Disk before it finally starts up and removes and repairs various files, but it does the same thing frequently at start up after I am first prompted to select safe mode or normal mode, before logging by using my password to access windows.

One last thing, a number of times when Norton locked up it is usually after around 10,000 files or so are scanned and then I noticed that the file that was listed on a few occasions was listed as:
C:\$RECYCLE.BIN\S-1-5-21-1824055424-3960995947-1068124793-1000\$R6AX....

I have pasted my attached my DSS.txt file below as you indicated in your forum.

Thank you in advance for your help.

Computer Gal

======================================================

DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Station at 14:47:15 on 2011-09-18
Microsoft® Windows Vista™ Home Premium
.
AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\agr64svc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\Program Files (x86)\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe
C:\Windows\System32\alg.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\RAVCpl64.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\wpcumi.exe
C:\Program Files (x86)\Toshiba\ConfigFree\NDSTray.exe
C:\Program Files (x86)\real\realplayer\Update\realsched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Toshiba\ConfigFree\CFSwMgr.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.ixquick.com/
uDefault_Page_URL = hxxp://www.toshibadirect.com/dpdstart
mDefault_Page_URL = hxxp://www.toshibadirect.com/dpdstart
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: H - No File
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\IPS\IPSBHO.DLL
BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9} - No File
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\coIEPlg.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB: {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No File
uRunOnce: [Shockwave Updater] C:\Windows\SysWOW64\Adobe\Shockwave 11\SwHelper_1151601.exe -Update -1151601 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; WOW64; Trident/4.0; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.5.30729; .NET CLR 3.0.30729)" -"http://3d.paginegialle.it/flyertc/resizeindex.jsp?&datasetType=seat&start_dcr=startweb&initDataset=italia&initQueryWhere=Rovereto%2520(TN),%2520Italia&prjQuery=1276429718973&vista=1&width=1265&height=664"
mRun: [NDSTray.exe] NDSTray.exe
mRun: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" /start
mRun: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: Image Converter 2 ??? - C:\Program Files (x86)\Sony\Image Converter 2\menu.htm
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL
LSP: C:\Windows\system32\wpclsp.dll
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/fl ... rashim.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{979BE8CF-FC68-4FAB-93A6-AA0C10C0E9BC} : DhcpNameServer = 10.35.48.1
TCP: Interfaces\{ED27D080-5708-4048-B3EA-185250BBA5D4} : DhcpNameServer = 192.168.1.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
BHO-X64: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO-X64: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\coIEPlg.dll
BHO-X64: Symantec NCO BHO - No File
BHO-X64: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\IPS\IPSBHO.DLL
BHO-X64: Symantec Intrusion Prevention - No File
BHO-X64: {DBC80044-A445-435b-BC74-9C25C1C588A9} - No File
TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\coIEPlg.dll
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB-X64: {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No File
mRun-x64: [NDSTray.exe] NDSTray.exe
mRun-x64: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" /start
mRun-x64: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Station\AppData\Roaming\Mozilla\Firefox\Profiles\dama1b0l.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.ixquick.com/
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\NISx64\1206000.01D\SYMDS64.SYS --> C:\Windows\system32\drivers\NISx64\1206000.01D\SYMDS64.SYS [?]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\NISx64\1206000.01D\SYMEFA64.SYS --> C:\Windows\system32\drivers\NISx64\1206000.01D\SYMEFA64.SYS [?]
R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\Windows\system32\DRIVERS\tos_sps64.sys --> C:\Windows\system32\DRIVERS\tos_sps64.sys [?]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20110909.001\BHDrvx64.sys [2011-9-9 1152632]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20110917.031\IDSviA64.sys [2011-9-18 488568]
R1 JSWPSLWF;JumpStart Wireless Filter Driver;C:\Windows\system32\DRIVERS\jswpslwfx.sys --> C:\Windows\system32\DRIVERS\jswpslwfx.sys [?]
R1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\NISx64\1206000.01D\Ironx64.SYS --> C:\Windows\system32\drivers\NISx64\1206000.01D\Ironx64.SYS [?]
R1 SYMTDIv;Symantec Vista Network Dispatch Driver;C:\Windows\system32\Drivers\NISx64\1206000.01D\SYMTDIV.SYS --> C:\Windows\system32\Drivers\NISx64\1206000.01D\SYMTDIV.SYS [?]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
R2 ConfigFree Gadget Service;ConfigFree Gadget Service;C:\Program Files (x86)\Toshiba\ConfigFree\CFProcSRVC.exe [2008-4-4 36864]
R2 ConfigFree Service;ConfigFree Service;C:\Program Files (x86)\Toshiba\ConfigFree\CFSvcs.exe [2008-4-17 40960]
R2 FontCache;Windows Font Cache Service;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\ccsvchst.exe [2011-5-10 130008]
R2 TMachInfo;TMachInfo;C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe [2008-8-18 46392]
R2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [2007-12-4 175104]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-9-18 136824]
R3 FwLnk;FwLnk Driver;C:\Windows\system32\DRIVERS\FwLnk.sys --> C:\Windows\system32\DRIVERS\FwLnk.sys [?]
R3 SmartFaceVWatchSrv;SmartFaceVWatchSrv;C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe [2008-4-25 84992]
S3 jswpsapi;Jumpstart Wifi Protected Setup;C:\Program Files (x86)\Jumpstart\jswpsapi.exe [2009-6-3 954368]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-21 19968]
S3 PsSdk41;PsSdk41;\??\C:\Windows\system32\Drivers\pssdk41.sys --> C:\Windows\system32\Drivers\pssdk41.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-6-2 89920]
S4 KR10I64;KR10I64;C:\Windows\system32\drivers\kr10i64.sys --> C:\Windows\system32\drivers\kr10i64.sys [?]
S4 KR10N64;KR10N64;C:\Windows\system32\drivers\kr10n64.sys --> C:\Windows\system32\drivers\kr10n64.sys [?]
.
=============== File Associations ===============
.
JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
2011-09-18 11:08:28 -------- d-----w- C:\ProgramData\Kaspersky Lab
2011-09-18 10:47:02 -------- d-sh--w- C:\found.007
2011-09-18 10:21:21 -------- d-----w- C:\$WINDOWS.~LS
2011-09-18 10:18:42 -------- d-----w- C:\$UPGRADE.~OS
2011-09-18 10:18:06 -------- d-----w- C:\$WINDOWS.~BT
2011-09-18 10:07:39 -------- d-----w- C:\e6d099c9c39fb7fc0ceec32647aa70
2011-09-18 10:06:14 41272 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2011-09-18 09:53:13 -------- d-----w- C:\Users\Station\AppData\Roaming\Tific
2011-09-17 11:32:53 -------- d-sh--w- C:\found.006
2011-09-15 00:55:24 -------- d-sh--w- C:\found.005
2011-09-14 07:11:04 -------- d-sh--w- C:\found.004
2011-09-14 01:39:00 2409784 ----a-w- C:\Program Files\Windows Mail\OESpamFilter.dat
2011-09-14 01:39:00 2409784 ----a-w- C:\Program Files (x86)\Windows Mail\OESpamFilter.dat
2011-09-14 01:23:31 -------- d-sh--w- C:\found.003
2011-09-13 05:25:09 -------- d-sh--w- C:\found.002
2011-09-11 04:21:06 -------- d-sh--w- C:\found.001
2011-09-10 14:52:11 -------- d-sh--w- C:\found.000
2011-09-10 10:07:04 -------- d-----w- C:\0403f994d3bd59b6402cac6991
2011-08-24 07:51:36 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2011-08-24 07:51:36 2048 ----a-w- C:\Windows\System32\tzres.dll
.
==================== Find3M ====================
.
2011-09-06 21:05:51 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-08-31 15:00:50 25416 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-07-22 05:42:23 2303488 ----a-w- C:\Windows\System32\jscript9.dll
2011-07-22 05:36:16 1389056 ----a-w- C:\Windows\System32\wininet.dll
2011-07-22 05:32:40 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2011-07-22 02:54:43 1797632 ----a-w- C:\Windows\SysWow64\jscript9.dll
2011-07-22 02:48:26 1126912 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-07-22 02:44:36 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-07-06 15:49:23 275456 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
.
============= FINISH: 14:48:35.73 ===============
computerused
Active Member
 
Posts: 8
Joined: September 18th, 2011, 3:59 pm
Advertisement
Register to Remove

Re: Problems with Malware using Windows

Unread postby Cypher » September 22nd, 2011, 7:04 am

Hi and welcome to Malware Removal Forum.
My name is Cypher, and I will be helping you with your malware problems.
This may or may not, solve other issues you have with your machine.
If you no longer require help i would be grateful if you would let me know.

Before we start please note the following important guidelines.
  • If you don't know or understand something, please don't hesitate to ask.
  • Only post your problem at One help site. Applying fixes from multiple help sites can cause problems.
  • Only reply to this thread do not start another, Please continue responding until I give you the "All Clean"
    Absence of symptoms does not mean that everything is clear.
  • Please DO NOT run any other tools or scans whilst I am helping you.
  • Please DO NOT install any other software (or hardware) during the cleaning process.
  • Print each set of instructions... if possible...your Internet connection will not be available during some fix processes.
  • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  • Note: No Reply Within 3 Days Will Result In Your Topic Being Closed!

Note: If you haven't done so already, please read this topic ALL USERS OF THIS FORUM MUST READ THIS FIRST where the conditions for receiving help here are explained.
Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.

Please run DDS again it should produce two logs, DDS.txt and Attach.txt..
Please copy/paste both these logs in your next reply.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Problems with Malware using Windows

Unread postby computerused » September 22nd, 2011, 3:38 pm

I had another problem occur today, my laptop froze and when I restarted it, all that appears is a blue screen with no log in panel. This is the first time this has happened since I first started to have problems with my computer that were reported previously on this forum.

Should I try to run DDS in safe mode or will that not work properly?

Thank you,

Computer Girl
computerused
Active Member
 
Posts: 8
Joined: September 18th, 2011, 3:59 pm

Re: Problems with Malware using Windows

Unread postby Cypher » September 22nd, 2011, 3:46 pm

Hi computerused,
I had another problem occur today, my laptop froze and when I restarted it, all that appears is a blue screen with no log in panel.

Try this first to see if your computer will boot properly again, if not see if you can run DDS in safe mode.

Last Known Good Configuration

  • If the computer is still on shut it down.
  • Turn the computer on, and begin tapping the F8 key (if this doesn't work try the F5 key).
  • When the Windows Advanced Options menu appears, use the ARROW keys to select Last Known Good Configuration (your most recent settings that worked), and then press ENTER.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Problems with Malware using Windows

Unread postby computerused » September 22nd, 2011, 5:06 pm

.
DDS (Ver_2011-08-26.01) - NTFSAMD64 NETWORK
Internet Explorer: 9.0.8112.16421
Run by Station at 22:57:14 on 2011-09-22
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3964.3117 [GMT 2:00]
.
AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uDefault_Page_URL = hxxp://www.toshibadirect.com/dpdstart
uStart Page = hxxp://www.ixquick.com/
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: H - No File
mWinlogon: Userinit=userinit.exe
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO: Norton Identity Protection: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.1.1.3\coIEPlg.dll
BHO: Norton Vulnerability Protection: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Internet Security\Engine\19.1.1.3\IPS\IPSBHO.DLL
BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9} - No File
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Internet Security\Engine\19.1.1.3\coIEPlg.dll
TB: {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
mRun: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" /start
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [NDSTray.exe] NDSTray.exe
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Image Converter 2 ??? - C:\Program Files (x86)\Sony\Image Converter 2\menu.htm
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\OFFICE11\REFIEBAR.DLL
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/fl ... rashim.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{979BE8CF-FC68-4FAB-93A6-AA0C10C0E9BC} : DhcpNameServer = 10.35.48.1
TCP: Interfaces\{ED27D080-5708-4048-B3EA-185250BBA5D4} : DhcpNameServer = 192.168.1.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
BHO-X64: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO-X64: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.1.1.3\coIEPlg.dll
BHO-X64: Norton Identity Protection - No File
BHO-X64: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.1.1.3\IPS\IPSBHO.DLL
BHO-X64: Norton Vulnerability Protection - No File
BHO-X64: {DBC80044-A445-435b-BC74-9C25C1C588A9} - No File
TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.1.1.3\coIEPlg.dll
TB-X64: {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No File
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
mRun-x64: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" /start
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [NDSTray.exe] NDSTray.exe
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Station\AppData\Roaming\Mozilla\Firefox\Profiles\dama1b0l.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.ixquick.com/
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\NISx64\1301010.003\SYMDS64.SYS --> C:\Windows\system32\drivers\NISx64\1301010.003\SYMDS64.SYS [?]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\NISx64\1301010.003\SYMEFA64.SYS --> C:\Windows\system32\drivers\NISx64\1301010.003\SYMEFA64.SYS [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R3 FwLnk;FwLnk Driver;C:\Windows\system32\DRIVERS\FwLnk.sys --> C:\Windows\system32\DRIVERS\FwLnk.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20110909.001\BHDrvx64.sys [2011-9-9 1152632]
S1 ccSet_NIS;Norton Internet Security Settings Manager;C:\Windows\system32\drivers\NISx64\1301010.003\ccSetx64.sys --> C:\Windows\system32\drivers\NISx64\1301010.003\ccSetx64.sys [?]
S1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20110917.033\IDSviA64.sys [2011-9-20 488568]
S1 JSWPSLWF;JumpStart Wireless Filter Driver;C:\Windows\system32\DRIVERS\jswpslwfx.sys --> C:\Windows\system32\DRIVERS\jswpslwfx.sys [?]
S1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\NISx64\1301010.003\Ironx64.SYS --> C:\Windows\system32\drivers\NISx64\1301010.003\Ironx64.SYS [?]
S1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\system32\Drivers\NISx64\1301010.003\SYMNETS.SYS --> C:\Windows\system32\Drivers\NISx64\1301010.003\SYMNETS.SYS [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 ConfigFree Gadget Service;ConfigFree Gadget Service;C:\Program Files (x86)\Toshiba\ConfigFree\CFProcSRVC.exe [2008-4-4 36864]
S2 ConfigFree Service;ConfigFree Service;C:\Program Files (x86)\Toshiba\ConfigFree\CFSvcs.exe [2008-4-17 40960]
S2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\19.1.1.3\ccsvchst.exe [2011-9-21 138760]
S2 TMachInfo;TMachInfo;C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe [2008-8-18 46392]
S2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [2007-12-4 175104]
S3 jswpsapi;Jumpstart Wifi Protected Setup;C:\Program Files (x86)\Jumpstart\jswpsapi.exe [2009-6-3 954368]
S3 PsSdk41;PsSdk41;\??\C:\Windows\system32\Drivers\pssdk41.sys --> C:\Windows\system32\Drivers\pssdk41.sys [?]
S3 SmartFaceVWatchSrv;SmartFaceVWatchSrv;C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe [2008-4-25 84992]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 KR10I64;KR10I64;C:\Windows\system32\drivers\kr10i64.sys --> C:\Windows\system32\drivers\kr10i64.sys [?]
S4 KR10N64;KR10N64;C:\Windows\system32\drivers\kr10n64.sys --> C:\Windows\system32\drivers\kr10n64.sys [?]
.
=============== Created Last 30 ================
.
2011-09-22 20:49:00 -------- d-sh--w- C:\found.010
2011-09-22 20:33:17 -------- d-----w- C:\Users\Station\AppData\Local\ElevatedDiagnostics
2011-09-21 07:18:15 729720 ----a-w- C:\Windows\System32\drivers\NISx64\1301010.003\srtsp64.sys
2011-09-21 07:18:15 451192 ----a-r- C:\Windows\System32\drivers\NISx64\1301010.003\symds64.sys
2011-09-21 07:18:15 401016 ----a-w- C:\Windows\System32\drivers\NISx64\1301010.003\symnets.sys
2011-09-21 07:18:15 37496 ----a-w- C:\Windows\System32\drivers\NISx64\1301010.003\srtspx64.sys
2011-09-21 07:18:15 189560 ----a-w- C:\Windows\System32\drivers\NISx64\1301010.003\ironx64.sys
2011-09-21 07:18:15 167048 ----a-w- C:\Windows\System32\drivers\NISx64\1301010.003\ccsetx64.sys
2011-09-21 07:18:15 1084536 ----a-w- C:\Windows\System32\drivers\NISx64\1301010.003\symefa64.sys
2011-09-21 07:18:08 -------- d-----w- C:\Windows\System32\drivers\NISx64\1301010.003
2011-09-20 06:40:25 -------- d-----w- C:\Windows\System32\SPReview
2011-09-19 19:02:20 48976 ----a-w- C:\Windows\System32\netfxperf.dll
2011-09-19 19:02:20 1942856 ----a-w- C:\Windows\System32\dfshim.dll
2011-09-19 19:02:11 1130824 ----a-w- C:\Windows\SysWow64\dfshim.dll
2011-09-19 19:00:58 849920 ----a-w- C:\Windows\System32\qmgr.dll
2011-09-19 18:59:58 530432 ----a-w- C:\Windows\SysWow64\comctl32.dll
2011-09-19 18:58:59 921600 ----a-w- C:\Program Files (x86)\Common Files\System\Ole DB\sqloledb.dll
2011-09-19 18:57:55 189952 ----a-w- C:\Windows\SysWow64\sqmapi.dll
2011-09-19 18:57:17 606208 ----a-w- C:\Windows\SysWow64\wbem\fastprox.dll
2011-09-19 18:57:17 363008 ----a-w- C:\Windows\SysWow64\wbemcomn.dll
2011-09-19 18:57:17 189952 ----a-w- C:\Program Files (x86)\Windows Portable Devices\sqmapi.dll
2011-09-19 18:53:29 529408 ----a-w- C:\Windows\System32\wbemcomn.dll
2011-09-19 18:53:29 244736 ----a-w- C:\Program Files\Windows Portable Devices\sqmapi.dll
2011-09-19 18:53:16 244736 ----a-w- C:\Windows\System32\sqmapi.dll
2011-09-19 15:09:10 134104 ----a-w- C:\Program Files (x86)\Mozilla Firefox\components\browsercomps.dll
2011-09-19 14:56:17 2871808 ----a-w- C:\Windows\explorer.exe
2011-09-19 14:56:17 2616320 ----a-w- C:\Windows\SysWow64\explorer.exe
2011-09-19 14:46:00 -------- d-----w- C:\Intel
2011-09-19 14:41:34 -------- d-----w- C:\Windows\Panther
2011-09-19 14:40:15 870912 ----a-w- C:\Windows\SysWow64\XpsPrint.dll
2011-09-19 14:40:15 1465344 ----a-w- C:\Windows\System32\XpsPrint.dll
2011-09-19 14:28:29 -------- d--h--w- C:\$WINDOWS.~Q
2011-09-19 14:27:58 -------- d-sh--w- C:\found.009
2011-09-19 14:23:38 -------- d--h--w- C:\$INPLACE.~TR
2011-09-19 14:06:47 476160 ----a-w- C:\Windows\System32\XpsGdiConverter.dll
2011-09-19 14:06:47 288256 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll
2011-09-19 14:06:46 31232 ----a-w- C:\Windows\SysWow64\prevhost.exe
2011-09-19 14:06:46 31232 ----a-w- C:\Windows\System32\prevhost.exe
2011-09-19 14:06:44 27520 ----a-w- C:\Windows\System32\drivers\Diskdump.sys
2011-09-19 13:54:16 -------- d-----w- C:\Windows\SysWow64\Wat
2011-09-19 13:54:15 -------- d-----w- C:\Windows\System32\Wat
2011-09-19 07:37:03 294912 ----a-w- C:\Windows\System32\browserchoice.exe
2011-09-19 07:11:45 -------- d-sh--w- C:\found.008
2011-09-19 05:57:52 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2011-09-19 05:57:52 2048 ----a-w- C:\Windows\System32\tzres.dll
2011-09-19 05:57:25 288640 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
2011-09-19 05:57:25 1923968 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2011-09-19 05:55:59 642944 ----a-w- C:\Windows\System32\winload.efi
2011-09-19 05:44:41 5561216 ----a-w- C:\Windows\System32\ntoskrnl.exe
2011-09-19 05:44:38 3912576 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2011-09-19 05:44:37 3967872 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2011-09-19 05:40:30 -------- d-sh--w- C:\Recovery
2011-09-19 04:45:09 -------- d-----w- C:\Windows\SysWow64\RTCOM
2011-09-19 04:45:02 -------- d-----w- C:\Program Files\Synaptics
2011-09-18 11:08:28 -------- d-----w- C:\ProgramData\Kaspersky Lab
2011-09-18 10:47:02 -------- d-sh--w- C:\found.007
2011-09-18 10:07:39 -------- d-----w- C:\e6d099c9c39fb7fc0ceec32647aa70
2011-09-18 10:06:14 41272 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2011-09-18 09:53:13 -------- d-----w- C:\Users\Station\AppData\Roaming\Tific
2011-09-17 11:32:53 -------- d-sh--w- C:\found.006
2011-09-15 00:55:24 -------- d-sh--w- C:\found.005
2011-09-14 07:11:04 -------- d-sh--w- C:\found.004
2011-09-14 01:23:31 -------- d-sh--w- C:\found.003
2011-09-13 05:25:09 -------- d-sh--w- C:\found.002
2011-09-11 04:21:06 -------- d-sh--w- C:\found.001
2011-09-10 14:52:11 -------- d-sh--w- C:\found.000
2011-09-10 10:07:04 -------- d-----w- C:\0403f994d3bd59b6402cac6991
.
==================== Find3M ====================
.
2011-09-20 07:08:55 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2011-09-20 07:08:54 175616 ----a-w- C:\Windows\System32\msclmd.dll
2011-09-19 19:36:31 174200 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS
2011-09-06 21:05:51 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-08-31 15:00:50 25416 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-07-16 05:41:50 362496 ----a-w- C:\Windows\System32\wow64win.dll
2011-07-16 05:41:49 243200 ----a-w- C:\Windows\System32\wow64.dll
2011-07-16 05:41:49 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2011-07-16 05:39:10 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2011-07-16 05:37:12 421888 ----a-w- C:\Windows\System32\KernelBase.dll
2011-07-16 04:29:19 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2011-07-16 04:26:00 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2011-07-16 04:25:37 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2011-07-16 04:24:23 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2011-07-16 04:24:22 272384 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2011-07-16 02:21:44 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2011-07-16 02:21:41 2048 ----a-w- C:\Windows\SysWow64\user.exe
2011-07-16 02:17:19 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2011-07-16 02:17:19 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-16 02:17:19 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2011-07-16 02:17:19 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2011-07-09 02:46:28 288768 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
.
============= FINISH: 22:58:21.78 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 9/19/2011 7:40:31 AM
System Uptime: 9/22/2011 10:55:39 PM (0 hours ago)
.
Motherboard: TOSHIBA | | Portable PC
Processor: Intel(R) Pentium(R) Dual CPU T3400 @ 2.16GHz | CPU | 2161/667mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 140 GiB total, 96.824 GiB free.
D: is CDROM ()
F: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: Security Processor Loader Driver
Device ID: ROOT\LEGACY_SPLDR\0000
Manufacturer:
Name: Security Processor Loader Driver
PNP Device ID: ROOT\LEGACY_SPLDR\0000
Service: spldr
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: sptd
Device ID: ROOT\LEGACY_SPTD\0000
Manufacturer:
Name: sptd
PNP Device ID: ROOT\LEGACY_SPTD\0000
Service: sptd
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: JumpStart Wireless Filter Driver
Device ID: ROOT\LEGACY_JSWPSLWF\0000
Manufacturer:
Name: JumpStart Wireless Filter Driver
PNP Device ID: ROOT\LEGACY_JSWPSLWF\0000
Service: JSWPSLWF
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
µTorrent
7-Zip 4.65
Acrobat.com
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Shockwave Player 11.5
Age of Empires III
Allok 3GP PSP MP4 iPod Video Converter 6.2.0603
Any Video Converter 2.7.4
Any Video Converter Professional 3.0.7
Apple Application Support
Apple Software Update
Atheros Driver Installation Program
Atheros Wi-Fi Protected Setup Library
AviSynth 2.5
Big Red Spanish Verb Exercise CD-ROM
Camera Assistant Software for Toshiba
CD/DVD Drive Acoustic Silencer
CDisplay 1.8
Cheetah DVD Burner
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Clean Disk 2010
Compatibility Pack for the 2007 Office system
Cucusoft DVD to PSP + PSP Video Converter Suite 8.2.8.2
DTS+AC3 Filter
DVD Flick 1.3.0.6
DVD MovieFactory for TOSHIBA
Easy CD-DA Extractor 12
Express Burn
ffdshow [rev 1723] [2007-12-24]
Foxit PDF Editor
Foxit Reader
GOM Player
ImgBurn
Malwarebytes' Anti-Malware version 1.51.2.1300
Mavis Beacon Teaches Typing 18
MediaCoder PSP Edition x64
Microsoft Office File Validation Add-In
Microsoft Office Professional Edition 2003
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft XML Parser
mkv2vob
Mozilla Firefox 6.0.2 (x86 en-US)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
Norton Internet Security
QuickTime
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
Realtek 8169 8168 8101E 8102E Ethernet Driver
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
RealUpgrade 1.1
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Skype™ 4.2
Sony MP4 Shared Library
The Matrix Trilogy Screensaver 0.49
TOSHIBA Assist
TOSHIBA ConfigFree
TOSHIBA Desktop Links
TOSHIBA DVD PLAYER
TOSHIBA Extended Tiles for Windows Mobility Center
TOSHIBA Face Recognition
TOSHIBA Hardware Setup
Toshiba Registration
TOSHIBA Service Station
TOSHIBA Speech System Applications
TOSHIBA Speech System SR Engine(U.S.) Version1.0
TOSHIBA Speech System TTS Engine(U.S.) Version1.0
TOSHIBA Supervisor Password
TOSHIBA Value Added Package
Total Video Converter 3.10
trakAxPC
Undelete Plus 2.98
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VLC media player 1.1.4
WinAVI MP4 Converter
Windows Live OneCare safety scanner
Windows Media Encoder 9 Series
WinRAR archiver
Xilisoft DPG Converter
Xilisoft PSP Video Converter
.
==== Event Viewer Messages From Past Week ========
.
9/22/2011 8:25:32 AM, Error: Microsoft-Windows-SharedAccess_NAT [31004] - The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.
9/22/2011 8:25:17 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: JSWPSLWF sptd
9/22/2011 2:39:05 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer COMPUTER-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{ED27D080-5708-4048-B3EA-185250BBA5D4}. The master browser is stopping or an election is being forced.
9/22/2011 10:57:09 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
9/22/2011 10:57:09 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
9/22/2011 10:57:02 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
9/22/2011 10:57:02 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
9/22/2011 10:56:48 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
9/22/2011 10:56:41 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
9/22/2011 10:56:35 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: BHDrvx64 ccSet_NIS discache eeCtrl IDSVia64 JSWPSLWF spldr sptd SRTSPX SymIRON SymNetS Wanarpv6
9/22/2011 10:55:41 PM, Error: sptd [4] - Driver detected an internal error in its data structures for .
9/22/2011 10:33:04 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
9/22/2011 10:28:27 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
9/22/2011 10:28:27 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
9/22/2011 10:27:26 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD BHDrvx64 ccSet_NIS DfsC discache eeCtrl IDSVia64 JSWPSLWF NetBIOS NetBT nsiproxy Psched rdbss spldr sptd SRTSPX SymIRON SymNetS tdx vwififlt Wanarpv6 WfpLwf
9/22/2011 10:27:26 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
9/22/2011 10:27:26 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
9/22/2011 10:27:26 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
9/22/2011 10:27:26 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
9/22/2011 10:27:26 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
9/22/2011 10:27:26 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
9/22/2011 10:27:26 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
9/22/2011 10:27:26 PM, Error: Service Control Manager [7001] - The Network Connections service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
9/22/2011 10:27:26 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
9/22/2011 10:27:26 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
9/22/2011 10:27:26 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
9/21/2011 9:49:02 AM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
9/20/2011 10:05:06 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800b0100: Update for Windows 7 for x64-based Systems (KB2488113).
9/19/2011 9:45:16 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
9/19/2011 9:45:16 PM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473535.
9/19/2011 9:20:57 AM, Error: NetBT [4321] - The name "WORKGROUP :1d" could not be registered on the interface with IP address 192.168.1.2. The computer with the IP address 192.168.1.3 did not allow the name to be claimed by this computer.
9/19/2011 7:32:30 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: JSWPSLWF sptd SYMTDIv
9/19/2011 7:31:52 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the ConfigFree Gadget Service service to connect.
9/19/2011 7:31:52 AM, Error: Service Control Manager [7000] - The ConfigFree Gadget Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
9/19/2011 7:09:53 AM, Error: Service Control Manager [7000] - The Diagnostic Service Host service failed to start due to the following error: A privilege that the service requires to function properly does not exist in the service account configuration. You may use the Services Microsoft Management Console (MMC) snap-in (services.msc) and the Local Security Settings MMC snap-in (secpol.msc) to view the service configuration and the account configuration.
9/19/2011 7:09:26 AM, Error: Service Control Manager [7030] - The O&O Defrag service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
9/19/2011 7:09:26 AM, Error: Service Control Manager [7030] - The ConfigFree Service service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
9/19/2011 7:09:26 AM, Error: Service Control Manager [7030] - The ConfigFree Gadget Service service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
9/19/2011 5:38:04 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
9/19/2011 5:38:04 AM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
9/19/2011 5:38:04 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
9/19/2011 5:37:31 AM, Error: Service Control Manager [7001] - The COM+ System Application service depends on the System Event Notification Service service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
9/19/2011 5:37:31 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service COMSysApp with arguments "" in order to run the server: {182C40F0-32E4-11D0-818B-00A0C9231C29}
9/19/2011 5:16:36 AM, Error: Service Control Manager [7001] - The KtmRm for Distributed Transaction Coordinator service depends on the Security Accounts Manager service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
9/19/2011 5:14:40 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Lbd
9/19/2011 5:14:40 AM, Error: Service Control Manager [7001] - The Windows Image Acquisition (WIA) service depends on the Shell Hardware Detection service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
9/19/2011 4:53:31 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80242016: Update for Internet Explorer 8 Compatibility View List for Windows 7 for x64-based Systems (KB2447568).
9/19/2011 4:46:20 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800b0100: Update for Windows 7 for x64-based Systems (KB2505438).
9/19/2011 4:46:20 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800736cc: Update for Windows 7 for x64-based Systems (KB2515325).
9/19/2011 4:41:30 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800b0100: Update for Windows 7 for x64-based Systems (KB2545698).
9/19/2011 3:58:08 PM, Error: Service Control Manager [7023] -
9/19/2011 3:52:50 PM, Error: Service Control Manager [7023] - The Windows Modules Installer service terminated with the following error: The process cannot access the file because it is being used by another process.
9/18/2011 6:11:35 AM, Error: EventLog [6008] - The previous system shutdown at 6:04:54 AM on 9/18/2011 was unexpected.
9/18/2011 5:49:35 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
9/18/2011 5:48:22 AM, Error: EventLog [6008] - The previous system shutdown at 3:44:49 PM on 9/17/2011 was unexpected.
9/18/2011 3:53:41 PM, Error: EventLog [6008] - The previous system shutdown at 3:46:35 PM on 9/18/2011 was unexpected.
9/18/2011 3:17:57 PM, Error: EventLog [6008] - The previous system shutdown at 3:13:34 PM on 9/18/2011 was unexpected.
9/18/2011 2:33:56 PM, Error: EventLog [6008] - The previous system shutdown at 2:30:28 PM on 9/18/2011 was unexpected.
9/18/2011 12:49:58 PM, Error: EventLog [6008] - The previous system shutdown at 12:25:22 PM on 9/18/2011 was unexpected.
9/18/2011 12:21:17 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 4 time(s).
9/18/2011 12:21:17 PM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error 2147749155 (0x80040D23).
9/18/2011 12:16:53 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 3 time(s).
9/18/2011 12:16:21 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
9/18/2011 12:15:45 PM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume SQ004817V03.
9/18/2011 12:14:56 PM, Error: EventLog [6008] - The previous system shutdown at 12:09:34 PM on 9/18/2011 was unexpected.
9/18/2011 12:12:40 PM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume C:.
9/18/2011 11:51:22 AM, Error: EventLog [6008] - The previous system shutdown at 11:40:34 AM on 9/18/2011 was unexpected.
9/18/2011 11:19:04 AM, Error: EventLog [6008] - The previous system shutdown at 6:22:10 AM on 9/18/2011 was unexpected.
9/18/2011 1:05:50 PM, Error: EventLog [6008] - The previous system shutdown at 1:02:22 PM on 9/18/2011 was unexpected.
9/17/2011 1:35:48 PM, Error: EventLog [6008] - The previous system shutdown at 10:36:33 AM on 9/17/2011 was unexpected.
9/16/2011 5:32:48 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 19 time(s).
9/16/2011 5:29:27 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 18 time(s).
9/16/2011 5:29:03 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 17 time(s).
9/16/2011 5:07:23 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 16 time(s).
9/16/2011 5:06:25 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 15 time(s).
9/16/2011 4:43:20 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 14 time(s).
9/16/2011 3:57:36 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 13 time(s).
9/16/2011 3:47:41 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 12 time(s).
9/16/2011 3:27:55 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error: An instance of the service is already running.
9/16/2011 3:25:54 AM, Error: EventLog [6008] - The previous system shutdown at 2:26:16 PM on 9/15/2011 was unexpected.
9/16/2011 3:02:45 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 11 time(s).
9/16/2011 11:05:20 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 9 time(s).
9/16/2011 11:01:22 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 8 time(s).
9/16/2011 10:47:35 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 7 time(s).
9/16/2011 10:37:09 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 6 time(s).
9/16/2011 10:31:43 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 5 time(s).
9/16/2011 10:25:38 AM, Error: EventLog [6008] - The previous system shutdown at 3:52:31 AM on 9/16/2011 was unexpected.
9/16/2011 1:29:01 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 10 time(s).
9/15/2011 9:46:29 AM, Error: EventLog [6008] - The previous system shutdown at 9:33:07 AM on 9/15/2011 was unexpected.
9/15/2011 9:18:30 AM, Error: EventLog [6008] - The previous system shutdown at 7:10:11 AM on 9/15/2011 was unexpected.
9/15/2011 7:02:32 AM, Error: EventLog [6008] - The previous system shutdown at 6:04:57 AM on 9/15/2011 was unexpected.
9/15/2011 5:56:19 AM, Error: EventLog [6008] - The previous system shutdown at 5:35:18 AM on 9/15/2011 was unexpected.
9/15/2011 5:31:40 AM, Error: EventLog [6008] - The previous system shutdown at 5:20:56 AM on 9/15/2011 was unexpected.
9/15/2011 5:15:30 AM, Error: EventLog [6008] - The previous system shutdown at 5:11:29 AM on 9/15/2011 was unexpected.
9/15/2011 5:04:05 AM, Error: EventLog [6008] - The previous system shutdown at 4:59:36 AM on 9/15/2011 was unexpected.
9/15/2011 4:56:13 AM, Error: EventLog [6008] - The previous system shutdown at 4:41:33 AM on 9/15/2011 was unexpected.
9/15/2011 4:32:07 AM, Error: EventLog [6008] - The previous system shutdown at 4:20:09 AM on 9/15/2011 was unexpected.
9/15/2011 4:15:32 AM, Error: EventLog [6008] - The previous system shutdown at 4:11:36 AM on 9/15/2011 was unexpected.
9/15/2011 4:06:59 AM, Error: EventLog [6008] - The previous system shutdown at 3:59:32 AM on 9/15/2011 was unexpected.
9/15/2011 3:53:06 AM, Error: EventLog [6008] - The previous system shutdown at 3:46:34 AM on 9/15/2011 was unexpected.
9/15/2011 3:42:57 AM, Error: EventLog [6008] - The previous system shutdown at 3:19:45 AM on 9/15/2011 was unexpected.
9/15/2011 3:19:09 AM, Error: EventLog [6008] - The previous system shutdown at 3:11:07 AM on 9/15/2011 was unexpected.
9/15/2011 1:52:52 PM, Error: EventLog [6008] - The previous system shutdown at 9:57:08 AM on 9/15/2011 was unexpected.
9/15/2011 1:38:43 AM, Error: EventLog [6008] - The previous system shutdown at 2:34:48 PM on 9/14/2011 was unexpected.
.
==== End Of File ===========================
computerused
Active Member
 
Posts: 8
Joined: September 18th, 2011, 3:59 pm

Re: Problems with Malware using Windows

Unread postby Cypher » September 23rd, 2011, 5:37 am

Hi computerused,
Is your computer booting up normally again?

Remove P2P Programs

  • I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.
    µTorrent
  • Please read the Guidelines for P2P Programs where we explain why it's not a good idea to have them.
  • Note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.
  • Click on Start > All programs > Accessories > Run.
  • In the open text box copy/paste appwiz.cpl Then click Ok.
  • Uninstall the programs listed above (in red) and any other P2P you have installed NOW.
  • Take care when answering any questions posed by an uninstaller. Some questions may be worded to deceive you into keeping the program.

Next.

Run CKScanner

  • Please download CKScanner from Here
  • Important: - Save it to your desktop.
  • Right-click CKScanner.exe > select " Run as administrator " then click Search For Files.
  • After a very short time, when the cursor hourglass disappears, click Save List To File.
  • A message box will verify the file saved.
  • Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.

Logs/Information to Post in your Next Reply
  • Is your computer booting up normally again?
  • CKFiles.txt
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Problems with Malware using Windows

Unread postby computerused » September 23rd, 2011, 10:21 am

I read the P2P policy that I spoke to you about, but unfortunately I was unable to delete utorrents. I have not been able to log in using the Last Know Good Config. It never gives me the log in panel for name and password. I have been logging in via safe mode and was able to run the CKS scan that way which I have attached below. I tried to delete utorrents in safe mode, but was unable to locate the control panel to go to add/delete programs. Is it accessible in safe mode?

CKScanner - Additional Security Risks - These are not necessarily bad
c:\program files (x86)\xilisoft\dpg converter\script\crack.js
c:\program files (x86)\xilisoft\ipod rip\crack.exe
c:\users\station\documents\xilisoft corporation\dpg converter\crack.js
scanner sequence 3.CP.11.PVAPQA
----- EOF -----
computerused
Active Member
 
Posts: 8
Joined: September 18th, 2011, 3:59 pm

Re: Problems with Malware using Windows

Unread postby Cypher » September 23rd, 2011, 10:47 am

Hi computerused,
I have not been able to log in using the Last Know Good Config. It never gives me the log in panel for name and password.

Lets try this to see if we can get the computer to boot up in normal mode.

  • If the computer is still on shut it down.
  • Turn the computer on, and begin tapping the F8 key (if this doesn't work try the F5 key).
  • When the Windows Advanced Options menu appears, use the ARROW keys to select Repair your computer > Startup Repair.
Let me know how it goes.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Problems with Malware using Windows

Unread postby computerused » September 23rd, 2011, 6:24 pm

I tried to start the computer this way using the F8 key using the Windows Advanced Options > Repair your computer and Startup Repair.
I reached a window panel with 2 user name options: Station which is the one I used with my password and other another I didn't recognize:
HomeGroupUser$ which I couldn't not use my password with.
Once I reached the end of these steps and the fix it scan was completed than a window appeared and indicated that If repairs were completed Windows will restart which it did only to provide me with a blue screen again with no way to log in, because the log in panel didn't appear again.
computerused
Active Member
 
Posts: 8
Joined: September 18th, 2011, 3:59 pm

Re: Problems with Malware using Windows

Unread postby Cypher » September 24th, 2011, 5:47 am

Hi computerused,
Can you tell me if you have your Windows vista installation disk? Or did Windows come pre-installed on the machine?
To be honest the safest a quickest way to solve your problem, is to reformat the computer and reinstall windows.
We can still attempt to clean the computer, but i can't guarantee it will solve the boot up problem.
Let me know what you would like to do.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Problems with Malware using Windows

Unread postby computerused » September 24th, 2011, 11:40 am

Thank you for your attempt to help me, I think at this point, I am going to take my installation dish and reformat. I really wanted to avoid this, because some things are not backed completely, but I don't think there are any other options. So I will close my request on this thread and wish you and your team all the best.

Computerused
computerused
Active Member
 
Posts: 8
Joined: September 18th, 2011, 3:59 pm

Re: Problems with Malware using Windows

Unread postby Cypher » September 24th, 2011, 12:09 pm

Hi computerused,
I am going to take my installation dish and reformat.

I think you have made the right decision, here are some recommendations for protecting your computer once the reformat is done.

You can reinstall Norton Internet Security or one of these free applications.


Install Malwarebytes Anti-malware
These are anti-malware applications that can thoroughly remove even the most advanced malware. They include a number of features, including a built in protection monitor that blocks malicious processes before they even start.
You can find information and Download it from HERE

Install SpywareBlaster
Download and install Javacools SpywareBlaster from Here
SpywareBlaster adds a list of ActiveX controls, tracking cookies and sites which will be blocked in either Internet Explorer or Firefox browsers. You need to manually check for updates regularly.

Install SiteAdvisor
SiteAdvisor is a toolbar for Microsoft Internet Explorer and Mozilla Firefox which alerts you if you're about to enter a potentially dangerous website.
You can find more information and download it from Here

Install WinPatrol
As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.
For more information, please visit HERE

MVPS Hosts

Install MVPS Hosts File From Here
The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer.
You can Find the Tutorial HERE

Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system.
You can use one of these sites to check if any updates are needed for your pc.
Secunia Software Inspector
F-secure Health Check


Microsoft Windows Update
Microsoft releases patches for Windows and Office products regularly to patch up Windows and Office products loopholes and fix any bugs found. Install the updates immediately if they are found.
To update Windows
Go to Start > All Programs > Windows Update > Check for updates.
To update Office
Open up any Office program.
Go to Help > Check for Updates

I would be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can be closed.

Safe surfing!
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Problems with Malware using Windows

Unread postby computerused » September 24th, 2011, 1:21 pm

Thank you I reviewed the information that you communicated in your last reply.

Thread can be closed now.
computerused
Active Member
 
Posts: 8
Joined: September 18th, 2011, 3:59 pm

Re: Problems with Malware using Windows

Unread postby Cypher » September 24th, 2011, 1:28 pm

Hi computerused,
Thank you for the reply i will close this topic, good luck and stay safe.
As this issue will be resolved with a reformat, this topic is now closed.

You can help support this site from this link :
Donations For Malware Removal
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 39 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware