0

Hey all !
I have an Acer laptop with Vista on it. It had some viruses on it and also ZoneAlarm firewall. I "think" I got all the nasties off of it and I removed zonealarm.
Now, everytime I bootup, the Windows firewall stays on for about 30 seconds and then turns itself off. Or something else is turnning it off. Once I restart the windows firewall, it will stay on till I reboot the laptop. I think I may have a rootkit but I can't find it. Any and all help will be greatly appreciated !
Here are some logs that were requested as per instructions.Also, as I read the instruction on what to do before posting a new topic, I need to report that GMER Rootkit Scanner would not work. All I got was an error message that " it wasn't a valid Win32 application". Also, I can run Malwarebytes but it will not update. When I had ran Spybot Search and Destroy yesterday, it wouldn't update either. Here are the logs:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5750

Windows 6.0.6000
Internet Explorer 8.0.6001.18904

2/20/2011 8:04:28 PM
mbam-log-2011-02-20 (20-04-28).txt

Scan type: Full scan (C:\|)
Objects scanned: 269385
Time elapsed: 44 minute(s), 39 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
---------------------------------------------------------------------------------------


DDS (Ver_10-12-12.02) - NTFSx86
Run by spencer at 20:59:30.28 on Sun 02/20/2011
Internet Explorer: 8.0.6001.18904
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.1790.862 [GMT -6:00]


============== Running Processes ===============

C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\ZoneLabs\vsmon.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Google\Update\1.2.183.39\GoogleCrashHandler.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Users\spencer\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
C:\Acer\Empowering Technology\eNet\eNet Service.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Acer\Mobility Center\MobilityService.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Program Files\AVG\AVG10\avgemcx.exe
C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\UI0Detect.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\AVG\AVG10\avgui.exe
C:\Users\spencer\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.facebook.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = <local>
mURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: ShowBarObj Class: {83a2f9b1-01a2-4aa5-87d1-45b6b8505e96} - c:\windows\system32\ActiveToolBand.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\progra~1\yahoo!\companion\installs\cpn\YTSingleInstance.dll
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
TB: AIM Toolbar: {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
mRun: [eDataSecurity Loader] c:\acer\empowering technology\edatasecurity\eDSloader.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
dRun: [MySpaceIM] c:\program files\myspace\im\MySpaceIM.exe
mPolicies-system: EnableLUA = 0 (0x0)
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

============= SERVICES / DRIVERS ===============

R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 25680]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 26064]
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2011-2-19 28552]
R1 AvgLdx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-12-8 251728]
R1 AvgMfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34384]
R1 AvgTdiX;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-11-12 299984]
R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\acer arcade deluxe\play movie\000.fcl [2008-10-21 13560]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-1-6 6128720]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2010-10-22 265400]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-19 123472]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-19 30288]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-19 27216]
R3 enecir;ENE CIR Receiver;c:\windows\system32\drivers\enecir.sys [2007-3-7 32256]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-8-18 133104]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2007-8-21 179712]
S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2010-8-30 54632]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-4-28 704872]
S3 JRV;JRV;c:\users\spencer\appdata\local\temp\jrv.exe --> c:\users\spencer\appdata\local\temp\JRV.exe [?]
S3 LAEECZMJPZ;LAEECZMJPZ;c:\users\spencer\appdata\local\temp\laeeczmjpz.exe --> c:\users\spencer\appdata\local\temp\LAEECZMJPZ.exe [?]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2006-11-2 22016]
S3 PNQGYXNMBW;PNQGYXNMBW;c:\users\spencer\appdata\local\temp\pnqgyxnmbw.exe --> c:\users\spencer\appdata\local\temp\PNQGYXNMBW.exe [?]
S3 PTDUBus;PANTECH UM175 Composite Device Driver ;c:\windows\system32\drivers\PTDUBus.sys [2009-8-17 33024]
S3 PTDUMdm;PANTECH UM175 Drivers;c:\windows\system32\drivers\PTDUMdm.sys [2009-8-17 41344]
S3 PTDUVsp;PANTECH UM175 Diagnostic Port;c:\windows\system32\drivers\PTDUVsp.sys [2009-8-17 39936]
S3 PTDUWWAN;PANTECH UM175 WWAN Driver;c:\windows\system32\drivers\PTDUWWAN.sys [2009-8-17 59904]
S3 winbondcir;Winbond IR Transceiver;c:\windows\system32\drivers\winbondcir.sys [2007-8-21 43008]
S3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\zune\WMZuneComm.exe [2010-9-24 268528]

=============== Created Last 30 ================

2011-02-20 17:42:44 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-02-20 17:42:44 -------- d-----w- c:\progra~2\Spybot - Search & Destroy
2011-02-20 08:04:01 -------- d-----w- c:\users\spencer\appdata\local\temp
2011-02-20 08:03:37 -------- d-sh--w- C:\$RECYCLE.BIN
2011-02-20 05:19:39 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys
2011-02-20 05:19:31 -------- d-----w- c:\program files\Panda Security
2011-02-19 18:28:26 -------- d-----w- c:\users\spencer\Pavark
2011-02-19 08:29:53 388096 ----a-r- c:\users\spencer\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-02-19 08:29:53 -------- d-----w- c:\program files\Trend Micro
2011-02-18 08:59:53 -------- d-----w- c:\windows\pss
2011-02-17 19:33:14 -------- d-----w- c:\users\spencer\appdata\roaming\AVG10
2011-02-17 19:31:39 -------- d--h--w- c:\progra~2\Common Files
2011-02-17 19:28:54 -------- d-----w- c:\progra~2\AVG10
2011-02-17 19:27:12 -------- d-----w- c:\program files\AVG
2011-02-17 19:24:25 -------- d-----w- c:\progra~2\MFAData
2011-02-17 06:37:51 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-02-16 18:29:25 -------- d-----w- c:\users\spencer\appdata\roaming\SUPERAntiSpyware.com
2011-02-16 17:30:32 -------- d-----w- c:\users\spencer\appdata\roaming\Malwarebytes
2011-02-16 08:10:41 -------- d-----w- c:\program files\Auslogics
2011-02-16 07:32:05 -------- d-----w- c:\program files\VS Revo Group
2011-02-13 23:14:55 5890896 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{e16d6249-d81d-4f46-b40d-5834833c15a5}\mpengine.dll
2011-01-22 05:36:56 -------- d-----w- c:\users\spencer\appdata\roaming\DVDVideoSoft
2011-01-22 05:36:52 -------- d-----w- c:\program files\DVDVideoSoft
2011-01-22 05:36:52 -------- d-----w- c:\program files\common files\DVDVideoSoft

==================== Find3M ====================

2011-02-19 06:48:06 472808 ----a-w- c:\windows\system32\deployJava1.dll

============= FINISH: 21:00:12.09 ===============
----------------------------------------------------------------------------------------


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-12-12.02)

Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 10/21/2008 11:01:46 AM
System Uptime: 2/20/2011 11:30:23 AM (10 hours ago)

Motherboard: Acer | | Fuquene
Processor: AMD Turion(tm) 64 X2 Mobile Technology TL-58 | Socket A | 1800/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 149 GiB total, 99.187 GiB free.
D: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID:
Description:
Device ID: ROOT\LEGACY_SASDIFSV\0000
Manufacturer:
Name:
PNP Device ID: ROOT\LEGACY_SASDIFSV\0000
Service:

Class GUID:
Description:
Device ID: ROOT\LEGACY_SASKUTIL\0000
Manufacturer:
Name:
PNP Device ID: ROOT\LEGACY_SASKUTIL\0000
Service:

==== System Restore Points ===================

RP1376: 2/19/2011 2:09:36 AM - Windows Vista Service Pack 1
RP1378: 2/19/2011 2:14:33 AM - Windows Update
RP1380: 2/19/2011 2:29:13 AM - Installed HiJackThis
RP1382: 2/19/2011 9:30:00 PM - Revo Uninstaller's restore point - ESET Online Scanner v3
RP1384: 2/19/2011 11:40:41 PM - Revo Uninstaller's restore point - AVG 2011
RP1386: 2/19/2011 11:41:35 PM - Removed AVG 2011
RP1388: 2/19/2011 11:43:05 PM - Removed AVG 2011
RP1390: 2/19/2011 11:49:39 PM - Revo Uninstaller's restore point - AVG 2011
RP1392: 2/20/2011 2:31:08 AM - Installed AVG 2011
RP1394: 2/20/2011 2:32:16 AM - Installed AVG 2011
RP1396: 2/20/2011 4:43:36 PM - Scheduled Checkpoint

==== Installed Programs ======================

Acer Arcade Deluxe
Acer Crystal Eye webcam
Acer eAudio Management
Acer eDataSecurity Management
Acer eLock Management
Acer Empowering Technology
Acer eNet Management
Acer ePower Management
Acer ePresentation Management
Acer eSettings Management
Acer Mobility Center Plug-In
Acer ScreenSaver
Acer Tour
Acer VCM
Adobe Download Manager
Adobe Flash Player 10 ActiveX
Adobe Reader 8.1.0
Adobe Shockwave Player 11.5
AIM 7
AIM Toolbar
Apple Mobile Device Support
Apple Software Update
Atheros for Acer Driver v7.3.1.73_Foxconn Installation Program
Auslogics Disk Defrag
AVG 2011
AVS Update Manager 1.0
AVS Video Converter 6
AVS4YOU Software Navigator 1.4
Big Kahuna Reef 2
Bing Bar
Bing Bar Platform
Bing Rewards Client Installer
Bonjour
Bricks of Egypt
CCleaner (remove only)
Download Updater (AOL LLC)
Dynasty
Free Video to MP3 Converter version 4.2.14
Galapago
Google Gears
Google Toolbar for Internet Explorer
Google Update Helper
HDAUDIO Soft Data Fax Modem with SmartCP
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
iTunes
Java Auto Updater
Java(TM) 6 Update 24
Jewel Quest Solitaire
LightScribe 1.4.142.1
Luxor 2
Malwarebytes' Anti-Malware
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Default Manager
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft UI Engine
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
MSVCRT
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MyIdentityDefender Toolbar
MySpaceIM
Mystery Case Files - Prime Suspects
Mystery Case Files Ravenhearst
NTI Backup NOW! 4.7
NTI CD & DVD-Maker
NVIDIA Drivers
Orion
Panda ActiveScan 2.0
PANTECH UM175 Driver
PowerProducer 3.72
QuickTime
Realtek High Definition Audio Driver
Revo Uninstaller 1.90
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
Skype Toolbars
Skype™ 5.0
SoulSeek Client 156c
Spybot - Search & Destroy
SpywareBlaster 4.1
Synaptics Pointing Device Driver
Tight Backgrounds
Treasures of the Deep
Uninstall 1.0.0.1
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
VZAccess Manager
Winbond CIR Drivers
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Sync
Windows Live Upload Tool
Windows Mobile Device Updater Component
Yahoo! Messenger
Yahoo! Toolbar
Zuma Deluxe
Zune
Zune Language Pack (DEU)
Zune Language Pack (ESP)
Zune Language Pack (FRA)
Zune Language Pack (ITA)
Zune Language Pack (NLD)
Zune Language Pack (PTB)
Zune Language Pack (PTG)

==== Event Viewer Messages From Past Week ========

2/20/2011 12:18:23 AM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
2/20/2011 12:18:18 AM, Error: Service Control Manager [7034] - The MobilityService service terminated unexpectedly. It has done this 1 time(s).
2/20/2011 12:17:13 AM, Error: Service Control Manager [7034] - The XAudioService service terminated unexpectedly. It has done this 1 time(s).
2/20/2011 1:53:29 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AvgLdx86 AvgMfx86 pavboot spldr Wanarpv6
2/20/2011 1:19:45 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the JRV service to connect.
2/20/2011 1:19:45 PM, Error: Service Control Manager [7000] - The JRV service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
2/20/2011 1:19:14 PM, Error: Service Control Manager [7030] - The JRV service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
2/20/2011 1:19:03 PM, Error: Service Control Manager [7000] - The PNQGYXNMBW service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
2/20/2011 1:19:02 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the PNQGYXNMBW service to connect.
2/20/2011 1:18:32 PM, Error: Service Control Manager [7030] - The PNQGYXNMBW service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
2/19/2011 2:42:17 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AvgLdx86 AvgMfx86 AvgTdiX DfsC NetBIOS netbt nsiproxy PSched RasAcd rdbss Smb spldr Tcpip tdx Vsdatant Wanarpv6
2/19/2011 2:42:17 AM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
2/19/2011 2:42:17 AM, Error: Service Control Manager [7001] - The WebDav Client Redirector Driver service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
2/19/2011 2:42:17 AM, Error: Service Control Manager [7001] - The WebClient service depends on the WebDav Client Redirector Driver service which failed to start because of the following error: The dependency service or group failed to start.
2/19/2011 2:42:17 AM, Error: Service Control Manager [7001] - The TrueVector Internet Monitor service depends on the Zone Alarm Firewall Driver service which failed to start because of the following error: A device attached to the system is not functioning.
2/19/2011 2:42:17 AM, Error: Service Control Manager [7001] - The TCP/IP Registry Compatibility service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
2/19/2011 2:42:17 AM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
2/19/2011 2:42:17 AM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
2/19/2011 2:42:17 AM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
2/19/2011 2:42:17 AM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
2/19/2011 2:42:17 AM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service service which failed to start because of the following error: A device attached to the system is not functioning.
2/19/2011 2:42:17 AM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
2/19/2011 2:42:17 AM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
2/19/2011 2:42:17 AM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
2/19/2011 2:42:17 AM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
2/19/2011 2:42:17 AM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
2/19/2011 2:42:17 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
2/19/2011 2:42:17 AM, Error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
2/19/2011 2:42:17 AM, Error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
2/19/2011 2:41:34 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
2/19/2011 2:41:34 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
2/19/2011 2:41:00 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
2/19/2011 2:41:00 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
2/19/2011 2:41:00 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
2/19/2011 2:40:58 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
2/19/2011 2:40:50 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
2/19/2011 2:40:49 AM, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\??\C:\Users\spencer\AppData\Local\Microsoft\Windows\UsrClass.dat' was corrupted and it has been recovered. Some data might have been lost.
2/19/2011 12:58:42 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.0.12 for the Network Card with network address 001DD924144A has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
2/19/2011 12:56:07 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the LAEECZMJPZ service to connect.
2/19/2011 12:56:07 PM, Error: Service Control Manager [7000] - The LAEECZMJPZ service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
2/19/2011 12:55:37 PM, Error: Service Control Manager [7030] - The LAEECZMJPZ service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
2/19/2011 11:01:50 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {9BA05972-F6A8-11CF-A442-00A0C90A8F39} to the user Sue-PC\spencer SID (S-1-5-21-2307955109-2296341513-3939722359-1002) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
2/19/2011 1:03:25 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.106 for the Network Card with network address 001DD924144A has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
2/19/2011 1:02:03 AM, Error: Microsoft-Windows-Kernel-WHEA [10] - Machine Check Event reported is a fatal Bus or Interconnect error. Memory Hierarchy Level: 2 Participation: 3 Request Type: 15 Memory/IO: 3 Address: 14986924023625826302
2/18/2011 10:41:35 AM, Error: Tcpip [4199] - The system detected an address conflict for IP address 192.168.1.102 with the system having network hardware address 00-13-20-A8-7A-3F. Network operations on this system may be disrupted as a result.
2/17/2011 1:51:38 AM, Error: Microsoft-Windows-Dhcp-Client [1001] - Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 001DD924144A. The following error occurred: The semaphore timeout period has expired.. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
2/17/2011 1:20:08 PM, Error: Microsoft-Windows-Kernel-WHEA [10] - Machine Check Event reported is a fatal Bus or Interconnect error. Memory Hierarchy Level: 3 Participation: 1 Request Type: 14 Memory/IO: 3 Address: 0
2/16/2011 11:26:27 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error: An instance of the service is already running.
2/16/2011 11:25:57 AM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
2/16/2011 11:25:57 AM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error 2147749155 (0x80040D23).
2/16/2011 11:25:27 AM, Error: Microsoft-Windows-ResourcePublication [1002] - Element Provider\Microsoft.Base.Publication/Publication/Computer failed to publish. Ensure that both PKEY_PUBSVCS_METADATA and PKEY_PUBSVCS_TYPE are set properly on the function instance and there were no errors adding the function instance.
2/16/2011 11:23:36 AM, Error: Microsoft-Windows-Kernel-WHEA [10] - Machine Check Event reported is a fatal Bus or Interconnect error. Memory Hierarchy Level: 3 Participation: 1 Request Type: 15 Memory/IO: 3 Address: 0
2/16/2011 11:23:10 AM, Error: ACPI [6] - IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot 13, function 0. Please contact your system vendor for technical assistance.
2/16/2011 11:23:10 AM, Error: ACPI [6] - IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot 12, function 0. Please contact your system vendor for technical assistance.
2/16/2011 1:27:10 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070490: Security Update for Windows Vista (KB970710).
2/16/2011 1:21:31 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.102 for the Network Card with network address 001DD924144A has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
2/16/2011 1:19:15 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070490: Cumulative Update for Media Center for Windows Vista (KB974306).
2/16/2011 1:18:45 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 974306-99_neutral_GDR from package KB974306(Update) into Staged(Staged) state
2/16/2011 1:18:45 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 974306-97_neutral_GDR from package KB974306(Update) into Staged(Staged) state
2/16/2011 1:18:45 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 974306-95_neutral_GDR from package KB974306(Update) into Staged(Staged) state
2/16/2011 1:18:45 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 974306-93_neutral_GDR from package KB974306(Update) into Staged(Staged) state
2/16/2011 1:18:45 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 974306-91_neutral_GDR from package KB974306(Update) into Staged(Staged) state
2/16/2011 1:18:45 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 974306-89_neutral_GDR from package KB974306(Update) into Staged(Staged) state
2/16/2011 1:18:45 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 974306-87_neutral_GDR from package KB974306(Update) into Staged(Staged) state
2/16/2011 1:18:45 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 974306-85_neutral_GDR from package KB974306(Update) into Staged(Staged) state
2/16/2011 1:18:45 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 974306-83_neutral_GDR from package KB974306(Update) into Staged(Staged) state
2/16/2011 1:18:45 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 974306-81_neutral_GDR from package KB974306(Update) into Staged(Staged) state
2/16/2011 1:18:45 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 974306-79_neutral_GDR from package KB974306(Update) into Staged(Staged) state
2/16/2011 1:18:45 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 974306-77_neutral_GDR from package KB974306(Update) into Staged(Staged) state
2/16/2011 1:18:45 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 974306-75_neutral_GDR from package KB974306(Update) into Staged(Staged) state
2/16/2011 1:18:45 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 974306-73_neutral_GDR from package KB974306(Update) into Staged(Staged) state
2/16/2011 1:18:45 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 974306-71_neutral_GDR from package KB974306(Update) into Staged(Staged) state
2/16/2011 1:18:45 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 974306-69_neutral_GDR from package KB974306(Update) into Staged(Staged) state
2/16/2011 1:18:45 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 974306-67_neutral_GDR from package KB974306(Update) into Staged(Staged) state
2/16/2011 1:18:45 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 974306-65_neutral_GDR from package KB974306(Update) into Staged(Staged) state
2/16/2011 1:18:45 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 974306-105_neutral_PACKAGE from package KB974306(Update) into Staged(Staged) state
2/16/2011 1:18:45 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 974306-104_neutral_PACKAGE from package KB974306(Update) into Staged(Staged) state
2/16/2011 1:18:45 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 974306-103_neutral_PACKAGE from package KB974306(Update) into Staged(Staged) state
2/16/2011 1:18:45 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 974306-102_neutral_PACKAGE from package KB974306(Update) into Staged(Staged) state
2/16/2011 1:18:45 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 974306-101_neutral_PACKAGE from package KB974306(Update) into Staged(Staged) state
2/16/2011 1:18:45 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 974306-100_neutral_PACKAGE from package KB974306(Update) into Staged(Staged) state
2/16/2011 1:18:45 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB974306 (Update) into Staged(Staged) state
2/16/2011 1:18:45 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB974306 (Update) into Install Requested(Install Requested) state
2/16/2011 1:09:51 AM, Error: EventLog [6008] - The previous system shutdown at 9:53:09 PM on 2/14/2011 was unexpected.
2/14/2011 9:31:01 PM, Error: Microsoft-Windows-Dhcp-Client [1001] - Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 001DD924144A. The following error occurred: The operation was canceled by the user.. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
2/14/2011 9:30:57 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
2/14/2011 9:24:39 PM, Error: EventLog [6008] - The previous system shutdown at 8:47:52 PM on 2/14/2011 was unexpected.
2/14/2011 8:17:51 PM, Error: EventLog [6008] - The previous system shutdown at 8:15:40 PM on 2/14/2011 was unexpected.
2/14/2011 8:00:40 PM, Error: EventLog [6008] - The previous system shutdown at 7:56:43 PM on 2/14/2011 was unexpected.
2/14/2011 7:58:25 PM, Error: Microsoft-Windows-Kernel-WHEA [10] - Machine Check Event reported is a fatal Bus or Interconnect error. Memory Hierarchy Level: 2 Participation: 3 Request Type: 13 Memory/IO: 3 Address: 14985938723768156126
2/14/2011 7:48:15 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 970710-30_neutral_PACKAGE from package KB970710(Security Update) into Staged(Staged) state
2/14/2011 7:48:15 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 970710-28_neutral_GDR from package KB970710(Security Update) into Staged(Staged) state
2/14/2011 7:48:15 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 970710-26_neutral_GDR from package KB970710(Security Update) into Staged(Staged) state
2/14/2011 7:48:14 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 970710-37_neutral_PACKAGE from package KB970710(Security Update) into Absent(Absent) state
2/14/2011 7:48:14 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 970710-36_neutral_PACKAGE from package KB970710(Security Update) into Staged(Staged) state
2/14/2011 7:48:14 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 970710-35_neutral_PACKAGE from package KB970710(Security Update) into Staged(Staged) state
2/14/2011 7:48:14 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 970710-33_neutral_PACKAGE from package KB970710(Security Update) into Staged(Staged) state
2/14/2011 7:48:14 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 970710-31_neutral_PACKAGE from package KB970710(Security Update) into Staged(Staged) state
2/14/2011 7:48:14 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 970710-29_neutral_PACKAGE from package KB970710(Security Update) into Staged(Staged) state
2/14/2011 7:48:14 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB970710 (Security Update) into Staged(Staged) state
2/14/2011 7:48:14 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB970710 (Security Update) into Install Requested(Install Requested) state
2/14/2011 7:46:37 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80080005: Cumulative Update for Media Center for Windows Vista (KB974306).
2/14/2011 7:20:21 PM, Error: Service Control Manager [7003] - The eSettings Service service depends the following service: int15. This service might not be installed.
2/14/2011 7:20:21 PM, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
2/14/2011 7:18:40 PM, Error: EventLog [6008] - The previous system shutdown at 6:01:09 PM on 2/13/2011 was unexpected.

==== End Of File ===========================

2
Contributors
12
Replies
13
Views
6 Years
Discussion Span
Last Post by jholland1964
0

Your MBA-M program is woefully out of date as you say. Try doing this see if you can boot to Safe Mode with networking and try updating MBA-M and if you can then run the Full Scan while in Safe Mode, have it remove everything found, and then reboot to normal mode and do another scan. If it will scan then have it again remove everything found, reboot and post back here with that log. Then we will go from there.

You say you previously removed an infection, what was it and how did you remove it? Do you have any remaining logs from this removal? If so, post those too.

0

OOOOOOOOPS, that didn't copy right !
Here is the way that it should be with the logs in the right order:
I was able to download updates for MBAM-M program, in Safemode with networking. I will post the log from my safemode scan first. Then I will post the log from where it was run in regular mode after the update. The last scan log is the one that I ran first and removed some of the viruses, a couple days ago.
LOG #1
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5826

Windows 6.0.6000 (Safe Mode)
Internet Explorer 8.0.6001.18904

2/21/2011 12:04:30 AM
mbam-log-2011-02-21 (00-04-30).txt

Scan type: Full scan (C:\|)
Objects scanned: 283016
Time elapsed: 35 minute(s), 38 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
----------------------------------------------------------------------------------
Log #2
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5826

Windows 6.0.6000
Internet Explorer 8.0.6001.18904

2/21/2011 12:59:55 AM
mbam-log-2011-02-21 (00-59-55).txt

Scan type: Full scan (C:\|)
Objects scanned: 269385
Time elapsed: 47 minute(s), 51 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
---------------------------------------------------------------------------------
Log #3
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 5782

Windows 6.0.6000
Internet Explorer 8.0.6001.18904

2/17/2011 1:45:33 AM
mbam-log-2011-02-17 (01-45-33).txt

Scan type: Full scan (C:\|)
Objects scanned: 253800
Time elapsed: 1 hour(s), 4 minute(s), 55 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 1
Registry Keys Infected: 24
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 11
Files Infected: 22

Memory Processes Infected:
C:\Program Files\ClickPotatoLite\bin\10.0.628.0\ClickPotatoLiteSA.exe (Adware.ClickPotato) -> Unloaded process successfully.

Memory Modules Infected:
c:\program files\clickpotatolite\bin\10.0.628.0\clickpotatolitesahook.dll (Adware.ClickPotato) -> Delete on reboot.

Registry Keys Infected:
HKEY_CLASSES_ROOT\clickpotatoliteax.info (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{c55ca95c-324b-451c-b2d2-6e895aa75fec} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{1602f07d-8bf3-4c08-bdd6-dddb1c48aedc} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1602f07d-8bf3-4c08-bdd6-dddb1c48aedc} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1602f07d-8bf3-4c08-bdd6-dddb1c48aedc} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ac6d819e-aa8f-4418-a3bb-d165c1b18bb5} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{ac6d819e-aa8f-4418-a3bb-d165c1b18bb5} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\clickpotatoliteax.info.1 (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\clickpotatoliteax.userprofiles (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\clickpotatoliteax.userprofiles.1 (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\menubuttonie.buttonie (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{814baa91-dc22-4350-87d6-0c86e93f7f08} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{419eda30-6dff-432c-b534-e15d899abee4} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7a3d6d17-9dd5-4c60-8076-d1784dabaf8c} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\menubuttonie.buttonie.1 (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b58926d6-cfb0-45d2-9c28-4b5a0f0368ae} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{b58926d6-cfb0-45d2-9c28-4b5a0f0368ae} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{a078f691-9c07-4af2-bf43-35e79eecf8b7} (Adware.Softomate) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{b58926d6-cfb0-45d2-9c28-4b5a0f0368ae} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{69725738-cd68-4f36-8d02-8c43722ee5da} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\MenuButtonIE.DLL (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\clickpotatolitesa (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\ClickPotatoLite (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\clickpotatolitesa (Adware.ClickPotato) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\clickpotatolitesa (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions\clickpotatolite@clickpotatolite.com (Adware.ClickPotato) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\ProgramData\AV2010 (Rogue.AV2010) -> Quarantined and deleted successfully.
C:\ProgramData\ClickPotatoLiteSA (Adware.ClickPotato) -> Quarantined and deleted successfully.
C:\Users\spencer\AppData\Roaming\ClickPotatoLite (Adware.ClickPotato) -> Delete on reboot.
C:\Program Files\Common Files\System\mgnc (Rogue.ANGantiVirus) -> Quarantined and deleted successfully.
C:\Program Files\ClickPotatoLite (Adware.ClickPotato) -> Quarantined and deleted successfully.
C:\Program Files\ClickPotatoLite\bin (Adware.ClickPotato) -> Quarantined and deleted successfully.
C:\Program Files\ClickPotatoLite\bin\10.0.628.0 (Adware.ClickPotato) -> Quarantined and deleted successfully.
C:\Program Files\ClickPotatoLite\bin\10.0.628.0\firefox (Adware.ClickPotato) -> Quarantined and deleted successfully.
C:\Program Files\ClickPotatoLite\bin\10.0.628.0\firefox\extensions (Adware.ClickPotato) -> Quarantined and deleted successfully.
C:\Program Files\ClickPotatoLite\bin\10.0.628.0\firefox\extensions\plugins (Adware.ClickPotato) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ClickPotato (Adware.ClickPotato) -> Quarantined and deleted successfully.

Files Infected:
C:\Program Files\ClickPotatoLite\bin\10.0.628.0\ClickPotatoLiteSA.exe (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\program files\clickpotatolite\bin\10.0.628.0\clickpotatolitesahook.dll (Adware.ClickPotato) -> Quarantined and deleted successfully.
C:\Program Files\ClickPotatoLite\bin\10.0.628.0\ClickPotatoLiteSAAX.dll (Adware.ClickPotato) -> Quarantined and deleted successfully.
C:\Program Files\ClickPotatoLite\bin\10.0.628.0\ClickPotatoLiteSABHO.dll (Adware.ClickPotato) -> Quarantined and deleted successfully.
C:\Program Files\ClickPotatoLite\bin\10.0.628.0\ClickPotatoLiteUninstaller.exe (Adware.ClickPotato) -> Quarantined and deleted successfully.
C:\Program Files\ClickPotatoLite\bin\10.0.628.0\LaunchHelp.dll (Adware.Seekmo) -> Quarantined and deleted successfully.
C:\Program Files\ClickPotatoLite\bin\10.0.628.0\firefox\extensions\plugins\npclntax_ClickPotatoLiteSA.dll (Adware.ClickPotato) -> Quarantined and deleted successfully.
C:\ProgramData\AV2010\AV2010.exe (Rogue.AV2010) -> Quarantined and deleted successfully.
C:\ProgramData\AV2010\IEDefender.dll (Rogue.AV2010) -> Quarantined and deleted successfully.
C:\ProgramData\AV2010\svchost.exe (Rogue.AV2010) -> Quarantined and deleted successfully.
C:\ProgramData\ClickPotatoLiteSA\ClickPotatoLiteSA.dat (Adware.ClickPotato) -> Quarantined and deleted successfully.
C:\ProgramData\ClickPotatoLiteSA\ClickPotatoLiteSAAbout.mht (Adware.ClickPotato) -> Quarantined and deleted successfully.
C:\ProgramData\ClickPotatoLiteSA\ClickPotatoLiteSAau.dat (Adware.ClickPotato) -> Quarantined and deleted successfully.
C:\ProgramData\ClickPotatoLiteSA\ClickPotatoLiteSAEULA.mht (Adware.ClickPotato) -> Quarantined and deleted successfully.
C:\ProgramData\ClickPotatoLiteSA\ClickPotatoLiteSA_kyf.dat (Adware.ClickPotato) -> Quarantined and deleted successfully.
C:\ProgramData\ClickPotatoLiteSA\ClickPotatoLiteSA_kyf_update.dat (Adware.ClickPotato) -> Quarantined and deleted successfully.
C:\Program Files\ClickPotatoLite\bin\10.0.628.0\firefox\extensions\install.rdf (Adware.ClickPotato) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ClickPotato\About Us.lnk (Adware.ClickPotato) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ClickPotato\ClickPotato Customer Support.lnk (Adware.ClickPotato) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ClickPotato\ClickPotato Uninstall Instructions.lnk (Adware.ClickPotato) -> Quarantined and deleted successfully.
C:\ProgramData\SysLoader.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Windows\System32\winscenter.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
I had also ran Spybot Search and Destroy and removed some infections before I started this thread and here is the log:

--- Report generated: 2011-02-20 12:05 ---

Right Media: Tracking cookie (Internet Explorer: spencer) (Cookie, fixed)


BurstMedia: Tracking cookie (Internet Explorer: spencer) (Cookie, fixed)


MediaPlex: Tracking cookie (Internet Explorer: spencer) (Cookie, fixed)


DoubleClick: Tracking cookie (Internet Explorer: spencer) (Cookie, fixed)


MediaPlex: Tracking cookie (Internet Explorer: spencer) (Cookie, fixed)

--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---

2009-01-26 blindman.exe (1.0.0.8)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDShred.exe (1.0.2.5)
2009-01-26 SDUpdate.exe (1.6.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-01-26 TeaTimer.exe (1.6.4.26)
2011-02-20 unins000.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-01-26 advcheck.dll (1.6.2.15)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2009-01-26 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2009-01-26 Tools.dll (2.1.6.10)
2009-01-16 UninsSrv.dll (1.0.0.0)
2010-10-05 Includes\Adware.sbi (*)
2011-02-15 Includes\AdwareC.sbi (*)
2010-08-13 Includes\Cookies.sbi (*)
2010-12-14 Includes\Dialer.sbi (*)
2010-12-14 Includes\DialerC.sbi (*)
2010-01-25 Includes\HeavyDuty.sbi (*)
2010-11-30 Includes\Hijackers.sbi (*)
2011-01-25 Includes\HijackersC.sbi (*)
2010-06-02 Includes\iPhone.sbi (*)
2010-12-14 Includes\Keyloggers.sbi (*)
2010-12-14 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2010-12-14 Includes\Malware.sbi (*)
2011-02-15 Includes\MalwareC.sbi (*)
2010-05-18 Includes\PUPS.sbi (*)
2011-02-15 Includes\PUPSC.sbi (*)
2010-01-25 Includes\Revision.sbi (*)
2009-01-13 Includes\Security.sbi (*)
2010-12-14 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2011-01-18 Includes\Spyware.sbi (*)
2011-01-18 Includes\SpywareC.sbi (*)
2010-03-08 Includes\Tracks.uti
2010-12-28 Includes\Trojans.sbi (*)
2011-02-15 Includes\TrojansC-02.sbi (*)
2011-02-15 Includes\TrojansC-03.sbi (*)
2011-02-15 Includes\TrojansC-04.sbi (*)
2011-02-15 Includes\TrojansC-05.sbi (*)
2011-02-07 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll

0

SpyBot won't update because you all ready have the latest available updates which were released on the 15th. This shows in the log:

2011-02-15 Includes\TrojansC-02.sbi (*)
2011-02-15 Includes\TrojansC-03.sbi (*)
2011-02-15 Includes\TrojansC-04.sbi (*)

If you have TeaTimer turned on in SpyBot turn it off and leave it off. It interferes with other programs and fixes made with those programs.

Try to update MBA-M and see if it will update now in normal mode.

How did you uninstall Zone Alarm? Your logs show that some of this may remain because it is trying to start, which is why your Windows Firewall may not work.

Completely Uninstall AVG, it likely was damaged by the infection.

It really is not a good antivirus program either. You should use either Avira or Avast.

Edited by jholland1964: n/a

0

MBAM wouldn't update. It only would update while in safemode.
I used REVO Uninstaller to get rid of ZoneAlarm.....BUT, I did notice one the DDS report, under "running proccesses", that there is any entry " C:\Windows\System32\ZoneLabs\vsmon.exe ". May I delete that ? And also, I have read that if someone has Windows Live Care, that it has it's own firewall. I know my computer has LiveCare but I don't know what it is or why it's on my laptop. May I delete it also ?
I'm going to put Avast on the laptop now. I always had heard that AVG and Avast were about the same.

0

No, you can't just delete those items they would have to be Uninstalled. Windows Live Care has a firewall, that is why the built in Windows Firewall won't turn on.
You can UNINSTALL Windows Live One Care.
http://social.microsoft.com/Forums/en/onecaregeneral/thread/732e6371-2e71-479a-8cd6-b189941ed4fb

I always had heard that AVG and Avast were about the same.

I don't know where because it certainly was not here. They are not remotely alike. I have helped clean more machines running AVG than any other AV programs in the last year or more.

0

Ok, Avast it will be.
How do I uninstall something from ZoneAlarm when Revo, nor the Uninstall feature on my computer lists ZoneAlarm ?
I have to get ready for work. I will follow up with ya when I get home tonite. Thanks for working with me !!!

0

Try Administrative Tools, Services to Stop that Service from running at Start up.
AFTER stopping it then go to C:\Windows\System32\ZoneLabs\and delete the Zone Labs folder in there, just that folder, nothing else.

0

Well, Avast is running, Zone Alarm is all gone and Malwarebytes updates in normal mode !!!! The Windows firewall acts right and now stays on and the laptop is running great !
Thanks a million Jholland1964 !!!
Is there anything else I need to do ?

0

If you feel everything is good then I think you are good to go. The thread can be marked as solved. If something else develops in the next few days you can always post right back here and we can take another look.

Judy

This question has already been answered. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.