Tech Support Forum banner
Status
Not open for further replies.

Need some help. Virus/malware Thanks!

10K views 7 replies 3 participants last post by  amateur 
#1 ·
:upset:

Tons of popup windows saying this file is infected and that file is infected, do I want to open up my security software (and this isn't my CA security suite doing this). Even if I'm using Firefox random windows in IE will open with (******.com/porno.com/adult.com). Hardly any security/log software will run. You have to do it in safe mode. I have some programs listed in the add/remove with fast browser search/etc (My Face LOL) that are questionable, but won't let me remove them. I couldn't get the second file of the DDS (attach) zipped up, it kept crashing on me with whatever is going on, so I attached it. Sorry. Thank you VERY much for any and all help provided, I understand the free-time you guys donate to this cause and it is awesome.


==============================
Ran DDS in safemode, only way it'd let me
==============================

DDS (Ver_10-12-12.02) - NTFSx86 MINIMAL
Run by Jen at 15:48:39.69 on Mon 01/10/2011
Internet Explorer: 7.0.6000.17037
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.3061.2620 [GMT -5:00]


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\Explorer.EXE
C:\Windows\helppane.exe
C:\Users\Jen\Downloads\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=127.0.0.1:8074
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: BrowserHelper Class: {8a9d74f9-560b-4fe7-abeb-3b2e638e5cd6} - c:\program files\sgpsa\SearchAssistant.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Search Assistant: {f0626a63-410b-45e2-99a1-3f2475b2d695} - c:\program files\sgpsa\BHO.dll
BHO: Fast Browser Search Toolbar Helper: {fcbccb87-9224-4b8d-b117-f56d924beb18} - c:\program files\fast browser search\ie\FBStoolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Fast Browser Search Toolbar: {1bb22d38-a411-4b13-a746-c2a4f4ec7344} - c:\program files\fast browser search\ie\FBStoolbar.dll
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [RTHDBPL] c:\users\jen\appdata\roaming\systemproc\lsass.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [hlukvhvt] c:\users\jen\appdata\local\temp\enchsjsdj\elolsyhlajb.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [FBSSA] c:\program files\sgpsa\ie3sh.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [cctray] "c:\program files\ca\ca internet security suite\cctray\cctray.exe"
mRun: [CAVRID] "c:\program files\ca\ca internet security suite\ca anti-virus\CAVRID.exe"
mRun: [cafwc] c:\program files\ca\ca internet security suite\ca personal firewall\cafw.exe -cl
mRun: [capfasem] c:\program files\ca\ca internet security suite\ca personal firewall\capfasem.exe
mRun: [<NO NAME>]
StartupFolder: c:\users\jen\appdata\roaming\micros~1\windows\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
LSP: c:\windows\system32\VetRedir.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://photo2.walgreens.com/WalgreensActivia.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} - hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-31-0.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - hxxp://3dlifeplayer.dl.3dvia.com/player/install/3DVIA_player_installer.exe
DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://192.168.0.105/activex/AMC.cab
Notify: igfxcui - igfxdev.dll
Notify: PFW - UmxWnp.Dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\jen\appdata\roaming\mozilla\firefox\profiles\edomeoe2.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/|http://www.facebook.com/|http://mail.yahoo.com/
FF - plugin: c:\program files\virtools\3d life player\npvirtools.dll
FF - plugin: c:\users\jen\appdata\roaming\facebook\npfbplugin_1_0_3.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

============= SERVICES / DRIVERS ===============

S0 KmxFw;KmxFw;c:\windows\system32\drivers\KmxFw.sys [2008-6-24 103952]
S1 KmxAgent;KmxAgent;c:\windows\system32\drivers\KmxAgent.sys [2008-6-24 63504]
S1 KmxFile;KmxFile;c:\windows\system32\drivers\KmxFile.sys [2008-6-24 45584]
S1 KmxFilter;HIPS Core Filter Driver;c:\windows\system32\drivers\KmxFilter.sys [2007-10-18 51728]
S1 VET-FILT;VET File System Filter;c:\windows\system32\drivers\vet-filt.sys [2010-2-2 26352]
S1 VET-REC;VET File System Recognizer;c:\windows\system32\drivers\vet-rec.sys [2010-2-2 21104]
S1 VETMONNT;VET File Monitor;c:\windows\system32\drivers\vetmonnt.sys [2010-2-2 32240]
S2 CAISafe;CAISafe;c:\program files\ca\ca internet security suite\ca anti-virus\isafe.exe [2010-2-2 144960]
S2 dlcx_device;dlcx_device;c:\windows\system32\dlcxcoms.exe -service --> c:\windows\system32\dlcxcoms.exe -service [?]
S2 KmxCF;KmxCF;c:\windows\system32\drivers\KmxCF.sys [2008-6-24 138744]
S2 KmxSbx;KmxSbx;c:\windows\system32\drivers\KmxSbx.sys [2008-6-24 66576]
S2 UmxAgent;HIPS Event Manager;c:\program files\ca\sharedcomponents\hipsengine\UmxAgent.exe [2007-10-18 1010192]
S2 UmxCfg;HIPS Configuration Interpreter;c:\program files\ca\sharedcomponents\hipsengine\UmxCfg.exe [2007-10-18 801296]
S2 UmxPol;HIPS Policy Manager;c:\program files\ca\sharedcomponents\hipsengine\UmxPol.exe [2008-6-24 281104]
S2 VETMSGNT;VET Message Service;c:\program files\ca\ca internet security suite\ca anti-virus\vetmsg.exe [2010-6-8 238928]
S3 KmxCfg;KmxCfg;c:\windows\system32\drivers\KmxCfg.sys [2008-6-24 88816]
S3 PPCtlPriv;PPCtlPriv;c:\program files\ca\ca internet security suite\ca anti-spyware\PPCtlPriv.exe [2007-8-16 189704]
S3 tap0801;TAP-Win32 Adapter V8;c:\windows\system32\drivers\tap0801.sys [2008-10-6 26624]
S3 VETEBOOT;VET Boot Scan Engine;c:\windows\system32\drivers\veteboot.sys [2010-6-3 130280]

=============== Created Last 30 ================

2011-01-07 07:28:19 6273872 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{996016bf-925d-4961-bedf-b2af2489c009}\mpengine.dll
2011-01-04 22:39:53 -------- d-sh--w- c:\users\jen\appdata\roaming\SystemProc

==================== Find3M ====================

2010-10-19 15:41:44 222080 ------w- c:\windows\system32\MpSigStub.exe

============= FINISH: 15:49:45.17 ===============






*********************************************************


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-12-12.02)

Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume3
Install Date: 12/6/2008 6:08:54 PM
System Uptime: 1/10/2011 3:45:52 PM (1 hours ago)

Motherboard: Dell Inc. | | 0WG860
Processor: Intel(R) Core(TM)2 CPU 6300 @ 1.86GHz | Microprocessor | 1861/1066mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 223 GiB total, 166.834 GiB free.
D: is FIXED (NTFS) - 10 GiB total, 5.67 GiB free.
E: is Removable

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP813: 12/14/2010 3:04:00 PM - Scheduled Checkpoint
RP814: 12/15/2010 2:06:48 AM - Windows Update
RP815: 12/16/2010 12:00:33 AM - Scheduled Checkpoint
RP816: 12/16/2010 3:00:10 AM - Windows Update
RP817: 12/17/2010 12:00:18 AM - Scheduled Checkpoint
RP818: 12/17/2010 2:07:30 AM - Windows Update
RP819: 12/18/2010 12:00:33 AM - Scheduled Checkpoint
RP820: 12/18/2010 11:52:16 PM - Scheduled Checkpoint
RP821: 12/20/2010 12:00:33 AM - Scheduled Checkpoint
RP822: 12/21/2010 12:00:32 AM - Scheduled Checkpoint
RP823: 12/21/2010 2:01:36 AM - Windows Update
RP824: 12/21/2010 11:30:57 PM - Scheduled Checkpoint
RP825: 12/23/2010 12:00:17 AM - Scheduled Checkpoint
RP826: 12/24/2010 12:38:36 AM - Scheduled Checkpoint
RP827: 12/24/2010 2:05:16 AM - Windows Update
RP828: 12/24/2010 8:36:42 PM - Scheduled Checkpoint
RP829: 12/25/2010 11:26:46 PM - Scheduled Checkpoint
RP830: 12/27/2010 12:00:32 AM - Scheduled Checkpoint
RP831: 12/27/2010 9:30:52 PM - Scheduled Checkpoint
RP832: 12/28/2010 1:48:18 AM - Windows Update
RP833: 12/29/2010 12:00:40 AM - Scheduled Checkpoint
RP834: 12/30/2010 12:00:45 AM - Scheduled Checkpoint
RP835: 12/30/2010 1:35:29 AM - Windows Update
RP836: 12/31/2010 8:37:05 AM - Windows Update
RP837: 1/1/2011 12:00:14 AM - Scheduled Checkpoint
RP838: 1/2/2011 12:00:21 AM - Scheduled Checkpoint
RP839: 1/3/2011 12:00:26 AM - Scheduled Checkpoint
RP840: 1/3/2011 5:45:18 PM - Scheduled Checkpoint
RP841: 1/4/2011 2:17:20 AM - Windows Update
RP842: 1/4/2011 4:21:44 PM - Scheduled Checkpoint
RP843: 1/5/2011 1:16:24 PM - Scheduled Checkpoint
RP844: 1/7/2011 2:26:41 AM - Windows Update

==== Installed Programs ======================

3DVIA player 5.0
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.1
Adobe Shockwave Player 11.5
Amazon MP3 Downloader 1.0.10
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AXIS Camera Management 2.00
AXIS Media Control Embedded
BizPortz-PostFrame Manager
Bonjour
CA Anti-Spyware
CA Anti-Virus
CA Internet Security Suite
CA Personal Firewall
Composer 1.7.4
Facebook Plug-In
Fast Browser Search (My Face LOL)
Google Toolbar for Internet Explorer
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Intel(R) Graphics Media Accelerator Driver
iTunes
Java(TM) 6 Update 17
Java(TM) 6 Update 7
Microsoft .NET Framework 3.5 SP1
Mozilla Firefox (3.5.15)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
OpenOffice.org 3.0
QuickTime
Safari
Search Guard Plus (My Face LOL)
Search Guard Plus Updater (My Face LOL)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
WinRAR archiver

==== Event Viewer Messages From Past Week ========

1/9/2011 9:42:58 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: cdrom KmxAgent KmxFile KmxFilter KmxFw spldr VET-FILT VET-REC VETEFILE VETMONNT Wanarpv6
1/9/2011 9:42:58 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
1/9/2011 9:40:12 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service PPCtlPriv with arguments "" in order to run the server: {6BE14B1D-1B37-466C-8FB6-0EC698C224BA}
1/9/2011 9:40:04 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service PPCtlPriv with arguments "" in order to run the server: {5E251242-C8B4-4A66-9AC0-16D0D614783D}
1/9/2011 9:40:03 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service PPCtlPriv with arguments "" in order to run the server: {04B0AE0C-EA2A-4F96-9D6E-EBABE471C353}
1/9/2011 9:40:03 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service PPCtlPriv with arguments "" in order to run the server: {04A3E2EC-BD0D-496D-909A-3DAE453FE08D}
1/9/2011 9:40:02 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service PPCtlPriv with arguments "" in order to run the server: {CF6D2EF2-FCAD-46B3-A49A-F43056AE3E4E}
1/9/2011 9:40:02 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service PPCtlPriv with arguments "" in order to run the server: {55B40878-A898-48A8-B707-060CAEFD0242}
1/9/2011 9:40:01 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service PPCtlPriv with arguments "" in order to run the server: {76538D11-AB58-485B-ABD9-CF1A759FDBA0}
1/9/2011 9:39:55 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service PPCtlPriv with arguments "" in order to run the server: {F974178A-A284-440A-BEFC-5B0D11BCDB68}
1/9/2011 9:39:55 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service CaCCProvSP with arguments "" in order to run the server: {AACF4A1C-BC69-4359-9518-DF3F77E462BF}
1/9/2011 9:39:35 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
1/9/2011 9:39:34 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
1/9/2011 9:39:00 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
1/9/2011 9:39:00 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
1/9/2011 9:39:00 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
1/9/2011 9:38:59 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
1/9/2011 9:38:51 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
1/8/2011 7:08:33 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Media Player Network Sharing Service service to connect.
1/8/2011 7:08:33 AM, Error: Service Control Manager [7000] - The Windows Media Player Network Sharing Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
1/7/2011 7:48:33 AM, Error: Service Control Manager [7000] - The PPCtlPriv service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
1/7/2011 7:48:32 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the PPCtlPriv service to connect.
1/7/2011 7:48:32 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service PPCtlPriv with arguments "" in order to run the server: {F974178A-A284-440A-BEFC-5B0D11BCDB68}
1/7/2011 7:47:49 AM, Error: Service Control Manager [7000] - The iPod Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
1/7/2011 7:47:48 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the iPod Service service to connect.
1/7/2011 7:47:48 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service iPod Service with arguments "" in order to run the server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE}
1/6/2011 11:19:01 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the CaCCProvSP service to connect.
1/6/2011 11:19:01 PM, Error: Service Control Manager [7000] - The CaCCProvSP service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
1/6/2011 11:19:01 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service CaCCProvSP with arguments "" in order to run the server: {AACF4A1C-BC69-4359-9518-DF3F77E462BF}
1/6/2011 11:17:38 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
1/6/2011 11:17:38 PM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
1/6/2011 11:17:23 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the VET Message Service service to connect.
1/6/2011 11:17:23 PM, Error: Service Control Manager [7000] - The VET Message Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
1/4/2011 2:17:54 AM, Error: Microsoft-Windows-FilterManager [3] - Filter Manager failed to attach to volume '\Device\HarddiskVolumeShadowCopy34'. This volume will be unavailable for filtering until a reboot. The final status was 0xc000000e.
1/3/2011 5:45:38 PM, Error: Microsoft-Windows-FilterManager [3] - Filter Manager failed to attach to volume '\Device\HarddiskVolumeShadowCopy33'. This volume will be unavailable for filtering until a reboot. The final status was 0xc000000e.
1/3/2011 5:45:18 PM, Error: Microsoft-Windows-FilterManager [3] - Filter Manager failed to attach to volume '\Device\HarddiskVolumeShadowCopy32'. This volume will be unavailable for filtering until a reboot. The final status was 0xc000000e.
1/3/2011 5:45:16 PM, Error: Microsoft-Windows-FilterManager [3] - Filter Manager failed to attach to volume '\Device\HarddiskVolumeShadowCopy31'. This volume will be unavailable for filtering until a reboot. The final status was 0xc000000e.
1/3/2011 5:45:14 PM, Error: Microsoft-Windows-FilterManager [3] - Filter Manager failed to attach to volume '\Device\HarddiskVolumeShadowCopy30'. This volume will be unavailable for filtering until a reboot. The final status was 0xc000000e.
1/3/2011 5:45:11 PM, Error: Microsoft-Windows-FilterManager [3] - Filter Manager failed to attach to volume '\Device\HarddiskVolumeShadowCopy29'. This volume will be unavailable for filtering until a reboot. The final status was 0xc000000e.
1/3/2011 5:45:09 PM, Error: Microsoft-Windows-FilterManager [3] - Filter Manager failed to attach to volume '\Device\HarddiskVolumeShadowCopy28'. This volume will be unavailable for filtering until a reboot. The final status was 0xc000000e.
1/3/2011 5:45:07 PM, Error: Microsoft-Windows-FilterManager [3] - Filter Manager failed to attach to volume '\Device\HarddiskVolumeShadowCopy27'. This volume will be unavailable for filtering until a reboot. The final status was 0xc000000e.
1/3/2011 5:45:04 PM, Error: Microsoft-Windows-FilterManager [3] - Filter Manager failed to attach to volume '\Device\HarddiskVolumeShadowCopy26'. This volume will be unavailable for filtering until a reboot. The final status was 0xc000000e.
1/3/2011 5:45:02 PM, Error: Microsoft-Windows-FilterManager [3] - Filter Manager failed to attach to volume '\Device\HarddiskVolumeShadowCopy25'. This volume will be unavailable for filtering until a reboot. The final status was 0xc000000e.
1/3/2011 5:45:00 PM, Error: Microsoft-Windows-FilterManager [3] - Filter Manager failed to attach to volume '\Device\HarddiskVolumeShadowCopy24'. This volume will be unavailable for filtering until a reboot. The final status was 0xc000000e.
1/3/2011 5:44:57 PM, Error: Microsoft-Windows-FilterManager [3] - Filter Manager failed to attach to volume '\Device\HarddiskVolumeShadowCopy23'. This volume will be unavailable for filtering until a reboot. The final status was 0xc000000e.
1/3/2011 5:44:55 PM, Error: Microsoft-Windows-FilterManager [3] - Filter Manager failed to attach to volume '\Device\HarddiskVolumeShadowCopy22'. This volume will be unavailable for filtering until a reboot. The final status was 0xc000000e.
1/3/2011 5:44:52 PM, Error: Microsoft-Windows-FilterManager [3] - Filter Manager failed to attach to volume '\Device\HarddiskVolumeShadowCopy21'. This volume will be unavailable for filtering until a reboot. The final status was 0xc000000e.
1/3/2011 5:44:50 PM, Error: Microsoft-Windows-FilterManager [3] - Filter Manager failed to attach to volume '\Device\HarddiskVolumeShadowCopy20'. This volume will be unavailable for filtering until a reboot. The final status was 0xc000000e.
1/3/2011 5:44:47 PM, Error: Microsoft-Windows-FilterManager [3] - Filter Manager failed to attach to volume '\Device\HarddiskVolumeShadowCopy19'. This volume will be unavailable for filtering until a reboot. The final status was 0xc000000e.
1/3/2011 5:44:45 PM, Error: Microsoft-Windows-FilterManager [3] - Filter Manager failed to attach to volume '\Device\HarddiskVolumeShadowCopy18'. This volume will be unavailable for filtering until a reboot. The final status was 0xc000000e.
1/3/2011 5:44:43 PM, Error: Microsoft-Windows-FilterManager [3] - Filter Manager failed to attach to volume '\Device\HarddiskVolumeShadowCopy17'. This volume will be unavailable for filtering until a reboot. The final status was 0xc000000e.
1/3/2011 5:44:41 PM, Error: Microsoft-Windows-FilterManager [3] - Filter Manager failed to attach to volume '\Device\HarddiskVolumeShadowCopy16'. This volume will be unavailable for filtering until a reboot. The final status was 0xc000000e.
1/3/2011 5:44:38 PM, Error: Microsoft-Windows-FilterManager [3] - Filter Manager failed to attach to volume '\Device\HarddiskVolumeShadowCopy15'. This volume will be unavailable for filtering until a reboot. The final status was 0xc000000e.
1/3/2011 5:44:36 PM, Error: Microsoft-Windows-FilterManager [3] - Filter Manager failed to attach to volume '\Device\HarddiskVolumeShadowCopy14'. This volume will be unavailable for filtering until a reboot. The final status was 0xc000000e.
1/3/2011 5:44:33 PM, Error: Microsoft-Windows-FilterManager [3] - Filter Manager failed to attach to volume '\Device\HarddiskVolumeShadowCopy13'. This volume will be unavailable for filtering until a reboot. The final status was 0xc000000e.
1/3/2011 5:44:31 PM, Error: Microsoft-Windows-FilterManager [3] - Filter Manager failed to attach to volume '\Device\HarddiskVolumeShadowCopy12'. This volume will be unavailable for filtering until a reboot. The final status was 0xc000000e.
1/3/2011 5:44:29 PM, Error: Microsoft-Windows-FilterManager [3] - Filter Manager failed to attach to volume '\Device\HarddiskVolumeShadowCopy11'. This volume will be unavailable for filtering until a reboot. The final status was 0xc000000e.
1/3/2011 5:44:26 PM, Error: Microsoft-Windows-FilterManager [3] - Filter Manager failed to attach to volume '\Device\HarddiskVolumeShadowCopy10'. This volume will be unavailable for filtering until a reboot. The final status was 0xc000000e.
1/3/2011 5:44:24 PM, Error: Microsoft-Windows-FilterManager [3] - Filter Manager failed to attach to volume '\Device\HarddiskVolumeShadowCopy9'. This volume will be unavailable for filtering until a reboot. The final status was 0xc000000e.
1/3/2011 5:44:22 PM, Error: Microsoft-Windows-FilterManager [3] - Filter Manager failed to attach to volume '\Device\HarddiskVolumeShadowCopy8'. This volume will be unavailable for filtering until a reboot. The final status was 0xc000000e.
1/3/2011 5:44:19 PM, Error: Microsoft-Windows-FilterManager [3] - Filter Manager failed to attach to volume '\Device\HarddiskVolumeShadowCopy7'. This volume will be unavailable for filtering until a reboot. The final status was 0xc000000e.
1/3/2011 5:44:17 PM, Error: Microsoft-Windows-FilterManager [3] - Filter Manager failed to attach to volume '\Device\HarddiskVolumeShadowCopy6'. This volume will be unavailable for filtering until a reboot. The final status was 0xc000000e.
1/3/2011 5:44:14 PM, Error: Microsoft-Windows-FilterManager [3] - Filter Manager failed to attach to volume '\Device\HarddiskVolumeShadowCopy5'. This volume will be unavailable for filtering until a reboot. The final status was 0xc000000e.
1/3/2011 5:44:11 PM, Error: Microsoft-Windows-FilterManager [3] - Filter Manager failed to attach to volume '\Device\HarddiskVolumeShadowCopy4'. This volume will be unavailable for filtering until a reboot. The final status was 0xc000000e.
1/3/2011 5:44:09 PM, Error: Microsoft-Windows-FilterManager [3] - Filter Manager failed to attach to volume '\Device\HarddiskVolumeShadowCopy3'. This volume will be unavailable for filtering until a reboot. The final status was 0xc000000e.
1/3/2011 5:44:06 PM, Error: Microsoft-Windows-FilterManager [3] - Filter Manager failed to attach to volume '\Device\HarddiskVolumeShadowCopy2'. This volume will be unavailable for filtering until a reboot. The final status was 0xc000000e.
1/3/2011 5:44:04 PM, Error: Microsoft-Windows-FilterManager [3] - Filter Manager failed to attach to volume '\Device\HarddiskVolumeShadowCopy1'. This volume will be unavailable for filtering until a reboot. The final status was 0xc000000e.
1/3/2011 3:50:45 PM, Error: Service Control Manager [7000] - The Windows Modules Installer service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
1/3/2011 3:50:45 PM, Error: Microsoft-Windows-LanguagePackSetup [1001] - Application initialization failed. Last error: 0x80004005
1/3/2011 3:50:44 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Modules Installer service to connect.
1/3/2011 3:50:41 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service TrustedInstaller with arguments "" in order to run the server: {752073A1-23F2-4396-85F0-8FDB879ED0ED}
1/3/2011 3:34:56 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: cdrom
1/3/2011 12:00:43 AM, Error: Microsoft-Windows-FilterManager [3] - Filter Manager failed to attach to volume '\Device\HarddiskVolumeShadowCopy36'. This volume will be unavailable for filtering until a reboot. The final status was 0xc000000e.
1/10/2011 8:42:46 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
1/10/2011 8:29:37 AM, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\??\C:\Users\Jen\AppData\Local\Microsoft\Windows\UsrClass.dat' was corrupted and it has been recovered. Some data might have been lost.
1/10/2011 3:47:53 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD cdrom DfsC KmxAgent KmxFile KmxFilter KmxFw NetBIOS netbt nsiproxy PSched RasAcd rdbss Smb spldr Tcpip tdx VET-FILT VET-REC VETEFILE VETMONNT Wanarpv6
1/10/2011 3:47:53 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
1/10/2011 3:47:53 PM, Error: Service Control Manager [7001] - The WebDav Client Redirector Driver service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
1/10/2011 3:47:53 PM, Error: Service Control Manager [7001] - The WebClient service depends on the WebDav Client Redirector Driver service which failed to start because of the following error: The dependency service or group failed to start.
1/10/2011 3:47:53 PM, Error: Service Control Manager [7001] - The TCP/IP Registry Compatibility service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
1/10/2011 3:47:53 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
1/10/2011 3:47:53 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
1/10/2011 3:47:53 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
1/10/2011 3:47:53 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
1/10/2011 3:47:53 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service service which failed to start because of the following error: A device attached to the system is not functioning.
1/10/2011 3:47:53 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
1/10/2011 3:47:53 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
1/10/2011 3:47:53 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
1/10/2011 3:47:53 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
1/10/2011 3:47:53 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
1/10/2011 3:47:53 PM, Error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
1/10/2011 3:47:53 PM, Error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.

==== End Of File ===========================
 

Attachments

See less See more
1
#2 ·
Hello and welcome. Please follow these guidelines while we work on your PC:
  • Malware removal is a sometimes lengthy and tedious process. Please stick with the thread until I’ve given you the “All clear.” Absence of symptoms does not mean your machine is clean!
  • Please do not run any scans or install/uninstall any applications without being directed to do so.
  • Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.
Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Download GMER Rootkit Scanner from herehttp://www.gmer.net/download.php to your desktop.
  • Double click the exe file. If asked to allow gmer.sys driver to load, please consent .
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.



    Click the image to enlarge it


  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)
  • Then click the Scan button & wait for it to finish.
  • Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.
  • Save it where you can easily find it, such as your desktop, and post it in reply.
**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries


If you have trouble running GEMR:
  • Make sure that your security software is disabled
  • Uncheck the box next to "Files" this time also
  • If you still can't run it, try in the Safe Mode
Please include the following in your next post:
  • GMER log
 
#5 ·
R Willis:

Download Combofix from either of the links below, and save it to your desktop.

Link 1
Link 2

**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------
IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
--------------------------------------------------------------------

Double click on ComboFix.exe & follow the prompts.
  • If you have trouble, stop and post back. Do not try to repeatedly run comboFix!
  • When finished, it will produce a report for you.
.
Please include the following in your next post:
  • ComboFix log
 
Status
Not open for further replies.
You have insufficient privileges to reply here.
Top