44 replies to this topic

[Tomk]

Good.

Now please drag your copy of ComboFix to the recycle bin.

Then download a fresh copy from one of these links.
Link 1
Link 2

Please run a new scan and post.

[Infected Bad]

still no connection... here is requested log

ComboFix 11-11-26.04 - Adge Pro 11/27/2011 0:37.6.1 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.2046.1223 [GMT -5:00]
Running from: H:\ComboFix.exe
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system\svchost.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-10-27 to 2011-11-27 )))))))))))))))))))))))))))))))
.
.
2011-11-27 05:45 . 2011-11-27 05:45 -------- d-----w- c:\users\Adge Pro\AppData\Local\temp
2011-11-27 05:45 . 2011-11-27 05:45 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-11-27 01:47 . 2011-11-27 01:47 -------- d-----w- C:\_OTL
2011-11-25 21:02 . 2011-08-31 22:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-24 03:55 . 2011-11-24 03:55 -------- d-----w- c:\users\Adge Pro\AppData\Roaming\Malwarebytes
2011-11-24 03:54 . 2011-11-24 03:54 -------- d-----w- c:\programdata\Malwarebytes
2011-11-23 23:03 . 2011-11-23 23:22 -------- d-----w- C:\Combo-Fix
2011-11-23 21:19 . 2011-11-23 21:19 -------- d-----w- c:\program files\Antares Audio Technologies
2011-11-23 21:15 . 2003-06-20 18:28 1777664 ----a-w- c:\windows\system32\gdiplus.dll
2011-11-15 03:15 . 2011-11-15 03:15 -------- d-----w- c:\users\Public\Waves Audio
2011-11-15 03:15 . 2011-11-15 03:20 -------- d-----w- c:\programdata\Waves Audio
2011-11-15 03:07 . 2011-11-23 20:34 -------- d-----w- c:\program files\WinPcap
2011-11-14 23:44 . 2011-11-15 03:17 -------- d-----w- c:\users\Adge Pro\AppData\Roaming\Waves Audio
2011-11-14 21:38 . 2011-11-16 19:10 -------- d-----w- c:\users\Adge Pro\riotsGamesLogs
2011-11-14 21:38 . 2011-11-14 21:38 -------- d-----w- c:\users\Adge Pro\AppData\Roaming\LolClient
2011-11-14 21:28 . 2011-11-14 21:28 162304 ----a-w- c:\windows\system32\ncusbw32.dll
2011-11-14 06:59 . 2008-07-31 15:41 68616 ----a-w- c:\windows\system32\XAPOFX1_1.dll
2011-11-14 06:59 . 2008-07-31 15:40 509448 ----a-w- c:\windows\system32\XAudio2_2.dll
2011-11-14 06:59 . 2008-07-12 13:18 467984 ----a-w- c:\windows\system32\d3dx10_39.dll
2011-11-14 06:59 . 2008-07-12 13:18 1493528 ----a-w- c:\windows\system32\D3DCompiler_39.dll
2011-11-14 06:59 . 2008-07-12 13:18 3851784 ----a-w- c:\windows\system32\D3DX9_39.dll
2011-11-13 21:43 . 2011-09-20 21:02 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-13 21:25 . 2011-08-25 16:15 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2011-11-13 21:25 . 2011-08-25 16:14 563712 ----a-w- c:\windows\system32\oleaut32.dll
2011-11-13 21:25 . 2011-08-25 16:14 238080 ----a-w- c:\windows\system32\oleacc.dll
2011-11-13 21:25 . 2011-08-25 13:31 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2011-11-13 21:15 . 2011-09-30 15:57 707584 ----a-w- c:\program files\Common Files\System\wab32.dll
2011-11-13 21:02 . 2011-11-13 21:02 -------- d-----w- c:\programdata\WindowsSearch
2011-11-13 20:46 . 2011-11-20 08:11 -------- d-----w- c:\users\Adge Pro\AppData\Local\Akamai
2011-11-13 20:43 . 2011-11-13 20:43 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{AAEA6980-2D38-404B-91EE-968293813CC2}\offreg.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-21 05:37 . 2009-10-19 19:32 66560 ----a-w- c:\windows\system32\drivers\smb.sys
2011-09-12 23:14 . 2011-09-28 04:45 7269712 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{AAEA6980-2D38-404B-91EE-968293813CC2}\mpengine.dll
2011-06-28 08:47 . 2011-03-24 21:56 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2011-05-17 17:29 1490312 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-05-17 1490312]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-05-17 1490312]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-06-15 15141768]
"Akamai NetSession Interface"="c:\users\Adge Pro\AppData\Local\Akamai\netsession_win.exe" [2011-11-15 3303000]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"USBToolTip"="c:\progra~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe" [2007-02-20 199752]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"SoundMan"="SOUNDMAN.EXE" [2009-04-14 604704]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-02-03 233304]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-03-07 421160]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"DigidesignMMERefresh"="c:\program files\Digidesign\Drivers\MMERefresh.exe" [2009-12-19 77824]
"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2011-05-17 395144]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2009-8-17 2043904]
WDSmartWare.lnk - c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe [2009-8-17 8919040]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"midi1"=usbmn4x4.dll
"midi3"=KORGUMDD.DRV
"wave10"=Digi32.dll
"MIDI10"=diomidi.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2853530515-3039482369-3993899090-1000]
"EnableNotificationsRef"=dword:0000001f
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate1ca52f2ba36a898;Google Update Service (gupdate1ca52f2ba36a898);c:\program files\Google\Update\GoogleUpdate.exe [2009-10-22 133104]
R2 MBAMService;MBAMService;h:\malwarebytes' anti-malware\mbamservice.exe [2011-08-31 366152]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2009-10-22 133104]
R3 KORGUMDS;KORG USB-MIDI Driver for Windows;c:\windows\system32\Drivers\KORGUMDS.SYS [2009-10-15 22232]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [x]
R3 MRV6X32U;Belkin N1 Wireless USB Network Adapter Driver for Windows Vista x86;c:\windows\system32\DRIVERS\MRVW24B.sys [2007-10-29 310016]
R3 USB44LDR;M-Audio USB MidiSport 4x4 Loader;c:\windows\system32\drivers\usb44ldr.sys [2009-11-07 16416]
R3 USBMN4X4;M-Audio USB MidiSport 4x4;c:\windows\system32\drivers\usbmn4x4.sys [2009-11-07 22304]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2008-01-21 21504]
S2 Ast Service;Ast Service;c:\windows\system32\\AstSrv.exe [2008-01-07 57344]
S2 DigiNet;Digidesign Ethernet Support;c:\windows\system32\DRIVERS\diginet.sys [2009-12-19 16400]
S2 lxbf_device;lxbf_device;c:\windows\system32\lxbfcoms.exe [2007-04-25 537520]
S2 necusb;NEC USB Device Service;c:\windows\System32\svchost.exe [2008-01-21 21504]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-06-25 35088]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 WDDMService;WD SmartWare Drive Manager;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2009-08-17 98304]
S2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [2009-06-16 20480]
S3 dalwdmservice;dal service;c:\windows\system32\drivers\dalwdm.sys [2009-12-19 85008]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-08-31 22216]
S3 MBX2DFU;MBX2DFU;c:\windows\system32\DRIVERS\MBX2DFU.sys [2009-12-19 21648]
S3 MBX2MIDK;Digidesign Mbox 2 Midi Driver;c:\windows\system32\drivers\mbx2midk.sys [2009-12-19 21904]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [2008-05-06 11520]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
Akamai REG_MULTI_SZ Akamai
necusb3 REG_MULTI_SZ necusb
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-22 08:36]
.
2011-11-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-22 08:36]
.
2011-11-26 c:\windows\Tasks\Norton Security Scan for Adge Pro.job
- c:\program files\Norton Security Scan\Engine\2.7.0.52\Nss.exe [2010-01-24 04:51]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Adge Pro\AppData\Roaming\Mozilla\Firefox\Profiles\jb6npyyz.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - user.js: yahoo.homepage.dontask - true
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-11-27 00:45
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Akamai]
"ServiceDll"="c:\program files\common files\akamai/netsession_win_d768ebc.dll"
.
Completion time: 2011-11-27 00:47:59
ComboFix-quarantined-files.txt 2011-11-27 05:47
ComboFix2.txt 2011-11-26 01:46
ComboFix3.txt 2011-11-23 23:22
ComboFix4.txt 2011-11-21 07:09
ComboFix5.txt 2011-11-27 05:36
.
Pre-Run: 24,970,162,176 bytes free
Post-Run: 28,103,200,768 bytes free
.
- - End Of File - - 60F9C5834235F4AD687CCE5D496211BB

[Tomk]

Please copy everything in the code box:

@echo off
echo Please post back the %SystemDrive%\MyNICDetails.txt on your next reply
echo.
echo CheckMyNIC by AdvancedSetup >%SystemDrive%\MyNICDetails.txt
echo ... >>%SystemDrive%\MyNICDetails.txt
cmd /c sc qc dhcp >>%SystemDrive%\MyNICDetails.txt
cmd /c sc queryex dhcp >>%SystemDrive%\MyNICDetails.txt
cmd /c sc qc TCPIP >>%SystemDrive%\MyNICDetails.txt
cmd /c sc queryex TCPIP >>%SystemDrive%\MyNICDetails.txt
cmd /c sc qc Afd >>%SystemDrive%\MyNICDetails.txt
cmd /c sc queryex Afd >>%SystemDrive%\MyNICDetails.txt
cmd /c sc qc NetBT >>%SystemDrive%\MyNICDetails.txt
cmd /c sc queryex NetBT >>%SystemDrive%\MyNICDetails.txt
cmd /c sc qc NetBIOS >>%SystemDrive%\MyNICDetails.txt
cmd /c sc queryex NetBIOS >>%SystemDrive%\MyNICDetails.txt
cmd /c sc qc Lmhosts >>%SystemDrive%\MyNICDetails.txt
cmd /c sc queryex Lmhosts >>%SystemDrive%\MyNICDetails.txt
cmd /c sc qc Dnscache >>%SystemDrive%\MyNICDetails.txt
cmd /c sc queryex Dnscache >>%SystemDrive%\MyNICDetails.txt
cmd /c sc qc PolicyAgent >>%SystemDrive%\MyNICDetails.txt
cmd /c sc queryex PolicyAgent >>%SystemDrive%\MyNICDetails.txt
cmd /c sc qc Nla >>%SystemDrive%\MyNICDetails.txt
cmd /c sc queryex Nla >>%SystemDrive%\MyNICDetails.txt
cmd /c sc qc lanmanserver >>%SystemDrive%\MyNICDetails.txt
cmd /c sc queryex lanmanserver >>%SystemDrive%\MyNICDetails.txt
cmd /c sc qc IPSEC >>%SystemDrive%\MyNICDetails.txt
cmd /c sc queryex IPSEC >>%SystemDrive%\MyNICDetails.txt
cmd /c sc qc RPCSS >>%SystemDrive%\MyNICDetails.txt
cmd /c sc queryex RPCSS >>%SystemDrive%\MyNICDetails.txt
pause

Save in Notepad as "MyNICDetails.bat" (with the quote marks) on the desktop.
The icon to click should look like this on your desktop:
Double click on the icon to run the bat file.
Post back the text file it produces please.

The text file will be located here: C:\MyNICDetails.txt

[Infected Bad]

log requested CheckMyNIC by AdvancedSetup ... [SC] QueryServiceConfig SUCCESS SERVICE_NAME: dhcp TYPE : 20 WIN32_SHARE_PROCESS START_TYPE : 2 AUTO_START ERROR_CONTROL : 1 NORMAL BINARY_PATH_NAME : C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted LOAD_ORDER_GROUP : TDI TAG : 0 DISPLAY_NAME : DHCP Client DEPENDENCIES : NSI : Tdx : Afd SERVICE_START_NAME : NT Authority\LocalService SERVICE_NAME: dhcp TYPE : 20 WIN32_SHARE_PROCESS STATE : 4 RUNNING (STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN) WIN32_EXIT_CODE : 0 (0x0) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0 PID : 892 FLAGS : [SC] QueryServiceConfig SUCCESS SERVICE_NAME: TCPIP TYPE : 1 KERNEL_DRIVER START_TYPE : 0 BOOT_START ERROR_CONTROL : 1 NORMAL BINARY_PATH_NAME : \SystemRoot\System32\drivers\tcpip.sys LOAD_ORDER_GROUP : PNP_TDI TAG : 3 DISPLAY_NAME : TCP/IP Protocol Driver DEPENDENCIES : SERVICE_START_NAME : SERVICE_NAME: TCPIP TYPE : 1 KERNEL_DRIVER STATE : 4 RUNNING (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN) WIN32_EXIT_CODE : 0 (0x0) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0 PID : 0 FLAGS : [SC] QueryServiceConfig SUCCESS SERVICE_NAME: Afd TYPE : 1 KERNEL_DRIVER START_TYPE : 1 SYSTEM_START ERROR_CONTROL : 1 NORMAL BINARY_PATH_NAME : \SystemRoot\system32\drivers\afd.sys LOAD_ORDER_GROUP : PNP_TDI TAG : 0 DISPLAY_NAME : Ancilliary Function Driver for Winsock DEPENDENCIES : SERVICE_START_NAME : SERVICE_NAME: Afd TYPE : 1 KERNEL_DRIVER STATE : 4 RUNNING (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN) WIN32_EXIT_CODE : 0 (0x0) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0 PID : 0 FLAGS : [SC] QueryServiceConfig SUCCESS SERVICE_NAME: NetBT TYPE : 1 KERNEL_DRIVER START_TYPE : 1 SYSTEM_START ERROR_CONTROL : 1 NORMAL BINARY_PATH_NAME : System32\DRIVERS\netbt.sys LOAD_ORDER_GROUP : PNP_TDI TAG : 0 DISPLAY_NAME : NETBT DEPENDENCIES : Tdx : tcpip SERVICE_START_NAME : SERVICE_NAME: NetBT TYPE : 1 KERNEL_DRIVER STATE : 4 RUNNING (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN) WIN32_EXIT_CODE : 0 (0x0) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0 PID : 0 FLAGS : [SC] QueryServiceConfig SUCCESS SERVICE_NAME: NetBIOS TYPE : 2 FILE_SYSTEM_DRIVER START_TYPE : 1 SYSTEM_START ERROR_CONTROL : 1 NORMAL BINARY_PATH_NAME : system32\DRIVERS\netbios.sys LOAD_ORDER_GROUP : NetBIOSGroup TAG : 2 DISPLAY_NAME : NetBIOS Interface DEPENDENCIES : SERVICE_START_NAME : SERVICE_NAME: NetBIOS TYPE : 2 FILE_SYSTEM_DRIVER STATE : 4 RUNNING (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN) WIN32_EXIT_CODE : 0 (0x0) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0 PID : 0 FLAGS : [SC] QueryServiceConfig SUCCESS SERVICE_NAME: Lmhosts TYPE : 20 WIN32_SHARE_PROCESS START_TYPE : 2 AUTO_START ERROR_CONTROL : 1 NORMAL BINARY_PATH_NAME : C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted LOAD_ORDER_GROUP : TDI TAG : 0 DISPLAY_NAME : TCP/IP NetBIOS Helper DEPENDENCIES : NetBT : Afd SERVICE_START_NAME : NT AUTHORITY\LocalService SERVICE_NAME: Lmhosts TYPE : 20 WIN32_SHARE_PROCESS STATE : 4 RUNNING (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN) WIN32_EXIT_CODE : 0 (0x0) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0 PID : 892 FLAGS : [SC] QueryServiceConfig SUCCESS SERVICE_NAME: Dnscache TYPE : 20 WIN32_SHARE_PROCESS START_TYPE : 2 AUTO_START ERROR_CONTROL : 1 NORMAL BINARY_PATH_NAME : C:\Windows\system32\svchost.exe -k NetworkService LOAD_ORDER_GROUP : TDI TAG : 0 DISPLAY_NAME : DNS Client DEPENDENCIES : Tdx SERVICE_START_NAME : NT AUTHORITY\NetworkService SERVICE_NAME: Dnscache TYPE : 20 WIN32_SHARE_PROCESS STATE : 4 RUNNING (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN) WIN32_EXIT_CODE : 0 (0x0) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0 PID : 1344 FLAGS : [SC] QueryServiceConfig SUCCESS SERVICE_NAME: PolicyAgent TYPE : 20 WIN32_SHARE_PROCESS START_TYPE : 2 AUTO_START ERROR_CONTROL : 1 NORMAL BINARY_PATH_NAME : C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted LOAD_ORDER_GROUP : TAG : 0 DISPLAY_NAME : IPsec Policy Agent DEPENDENCIES : Tcpip : bfe SERVICE_START_NAME : NT Authority\NetworkService SERVICE_NAME: PolicyAgent TYPE : 20 WIN32_SHARE_PROCESS STATE : 4 RUNNING (STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN) WIN32_EXIT_CODE : 0 (0x0) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0 PID : 352 FLAGS : [SC] OpenService FAILED 1060: The specified service does not exist as an installed service. [SC] EnumQueryServicesStatus:OpenService FAILED 1060: The specified service does not exist as an installed service. [SC] QueryServiceConfig SUCCESS SERVICE_NAME: lanmanserver TYPE : 20 WIN32_SHARE_PROCESS START_TYPE : 2 AUTO_START ERROR_CONTROL : 1 NORMAL BINARY_PATH_NAME : C:\Windows\system32\svchost.exe -k netsvcs LOAD_ORDER_GROUP : TAG : 0 DISPLAY_NAME : Server DEPENDENCIES : SamSS : Srv SERVICE_START_NAME : LocalSystem SERVICE_NAME: lanmanserver TYPE : 20 WIN32_SHARE_PROCESS STATE : 4 RUNNING (STOPPABLE, PAUSABLE, ACCEPTS_SHUTDOWN) WIN32_EXIT_CODE : 0 (0x0) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0 PID : 1040 FLAGS : [SC] OpenService FAILED 1060: The specified service does not exist as an installed service. [SC] EnumQueryServicesStatus:OpenService FAILED 1060: The specified service does not exist as an installed service. [SC] QueryServiceConfig SUCCESS SERVICE_NAME: RPCSS TYPE : 20 WIN32_SHARE_PROCESS START_TYPE : 2 AUTO_START ERROR_CONTROL : 1 NORMAL BINARY_PATH_NAME : C:\Windows\system32\svchost.exe -k rpcss LOAD_ORDER_GROUP : COM Infrastructure TAG : 0 DISPLAY_NAME : Remote Procedure Call (RPC) DEPENDENCIES : DcomLaunch SERVICE_START_NAME : NT AUTHORITY\NetworkService SERVICE_NAME: RPCSS TYPE : 20 WIN32_SHARE_PROCESS STATE : 4 RUNNING (NOT_STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN) WIN32_EXIT_CODE : 0 (0x0) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0 PID : 856 FLAGS :

[Tomk]

Do you have your Vista disk?

[Infected Bad]

Id have to go through a bunch of boxes to find it.

[Tomk]

There is a program called System File Checker built into windows that searches for missed or corrupt system files. It will then replace them from your system disk. You will need the disk in order to do this. Please have a look and see if you can find it. It needs to be the operating system disk (Windows Vista Home Basic). Not a recovery disk or some other disk that might have come with your computer.

[Infected Bad]

OK i have the windows vista disk

[Infected Bad]

where do i locate system file checker?

[Tomk]

Great.

Because you are running Vista, you need to run it from an elevated command prompt. To do this:

• Open the start menu
• In the white line (Start Search) area, type cmd
• Right click on cmd (at top), and click on Run as administrator.
  

Now at the command prompt - type SFC /scannow and press enter.

The system file checker will begin to run. It will look for missing or corrupt system files. If it finds that it needs to replace some - it will ask for your OS disk in order to replace the files.

Once the scan is complete... please get the log to post.

Open an elevated command prompt again and enter the following: findstr /c:"[SR]" %windir%\Logs\CBS\CBS.log >%userprofile%\Desktop\sfcdetails.txt

This should put a file on your desktop called sfcdetails.txt. Double click it to open, and then copy/paste it here please.

[Infected Bad]

the cbs log is 26mb long is there a specific i can copy and past from the file to look at?

[Tomk]

Can you attach it?

[Infected Bad]

no max it will let me upload is 500k

[Infected Bad]

Well it seems the solution to this problem results in reformating. I have a windows 7 disk 64 bit operating system and right now i have a 64 bit processor running 32 bit vista. So I figured id let you know im just going to reformat. I wanted to really figure out the problem so I could help someone else with the same problem. Thanks for all your help tom!

[Tomk]

Infected Bad, From what I've heard... you'll be much happier with Windows 7 (but what do I know... all my computers are XP) I'm sorry that we (me) were unable to find a solution for this also. For you and others that may come here. I have a couple of colleuges that at trying to help people with similar problems and so far... solutions are really hit and miss. If we can determine what caused the problem... I believe we can fix it. But so far it is a mystery. Anyway... good luck and be well. And Seasons Greetings to you and yours.