1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Inactive Error: (login): 0x10e0 The operator or administrator has refused

Discussion in 'Malware and Virus Removal Archive' started by MoonRabbit, 2009/11/09.

  1. 2009/11/09
    MoonRabbit

    MoonRabbit Inactive Thread Starter

    Joined:
    2009/11/09
    Messages:
    4
    Likes Received:
    0
    [Inactive] Error: (login): 0x10e0 The operator or administrator has refused

    Hello :)

    I have a brand-new computer that is producing the IE error:

    "Error: (login): 0x10e0 The operator or administrator has refused the request "

    On searching, it seems that this error is malware-related, however I have run three different anti-malware/spyware programs and it is still occurring. I will post the results from those scans.

    --------------------------
    DDS
    ====================
    DDS (Ver_09-10-26.01) - NTFSX64
    Run by Heather at 20:40:17.96 on Mon 11/09/2009
    Internet Explorer: 8.0.7600.16385
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.8183.6658 [GMT -8:00]

    SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}

    ============== Running Processes ===============

    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\Hewlett-Packard\HP Easy Backup\HPBtnSrv.exe
    c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files (x86)\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
    C:\Program Files (x86)\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
    C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe
    C:\Windows\SysWOW64\compl.exe
    C:\Program Files (x86)\Cyberlink\PowerDVD9\PDVD9Serv.exe
    C:\Program Files (x86)\Cyberlink\Shared files\brs.exe
    C:\Windows\system32\WUDFHost.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files (x86)\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    C:\Windows\system32\taskeng.exe
    c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
    c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Users\Heather\Downloads\dds.scr
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\wbem\wmiprvse.exe

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cndt
    uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cndt
    mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cndt
    BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files (x86)\norton internet security\engine\16.7.2.11\coIEPlg.dll
    BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files (x86)\norton internet security\engine\16.7.2.11\IPSBHO.DLL
    BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files (x86)\msn\toolbar\3.0.0560.0\msneshellx.dll
    TB: Microsoft Live Search Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files (x86)\msn\toolbar\3.0.0560.0\msneshellx.dll
    TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files (x86)\norton internet security\engine\16.7.2.11\coIEPlg.dll
    TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
    uRun: [HPADVISOR] c:\program files (x86)\hewlett-packard\hp advisor\HPAdvisor.exe view=DOCKVIEW
    uRun: [SUPERAntiSpyware] c:\program files (x86)\superantispyware\SUPERAntiSpyware.exe
    uRun: [PCKitchenRegistryCleaner] c:\users\public\heather\pc-kitchen\registrycleaner\RegistryCleaner.exe -boot
    mRun: [hpsysdrv] c:\program files (x86)\hewlett-packard\hp odometer\hpsysdrv.exe
    mRun: [HP Remote Solution] %ProgramFiles%\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
    mRun: [HP Software Update] c:\program files (x86)\hp\hp software update\HPWuSchd2.exe
    mRun: [<NO NAME>]
    mRun: [NortonOnlineBackupReminder] "c:\program files (x86)\symantec\norton online backup\activation\NobuActivation.exe" UNATTENDED
    mRun: [UpdatePRCShortCut] "c:\program files (x86)\hewlett-packard\recovery\muitransfer\muistartmenu.exe" "c:\program files (x86)\hewlett-packard\recovery" updatewithcreateonce "software\cyberlink\PowerRecover "
    mRun: [compl.exe] c:\windows\system32\compl.exe
    mRun: [RemoteControl9] "c:\program files (x86)\cyberlink\powerdvd9\PDVD9Serv.exe "
    mRun: [PDVD9LanguageShortcut] "c:\program files (x86)\cyberlink\powerdvd9\language\Language.exe "
    mRun: [BDRegion] c:\program files (x86)\cyberlink\shared files\brs.exe
    mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files (x86)\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
    StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\pictur~1.lnk - c:\program files (x86)\picturemover\bin\PictureMover.exe
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\program files (x86)\norton internet security\engine\16.7.2.11\CoIEPlg.dll
    Notify: !SASWinLogon - c:\program files (x86)\superantispyware\SASWINLO.dll
    SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files (x86)\superantispyware\SASSEH.DLL
    TB-X64: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
    TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
    mRun-x64: [IAAnotif] c:\program files (x86)\intel\intel matrix storage manager\iaanotif.exe
    mRun-x64: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun-x64: [SmartMenu] c:\program files\hewlett-packard\hp mediasmart\SmartMenu.exe /background

    ================= FIREFOX ===================

    FF - ProfilePath - c:\users\heather\appdata\roaming\mozilla\firefox\profiles\5du14kqx.default\
    FF - prefs.js: browser.startup.homepage - hxxp://auryanne.livejournal.com
    FF - component: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\coffplgn\components\coFFPlgn.dll
    FF - component: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\ipsffplgn\components\IPSFFPl.dll

    ---- FIREFOX POLICIES ----
    c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl3.rsa_seed_sha ", true);

    ============= SERVICES / DRIVERS ===============

    R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nisx64\1007020.00b\SymEFA64.sys [2009-11-7 402992]
    R1 BHDrvx64;Symantec Heuristics Driver;c:\windows\system32\drivers\nisx64\1007020.00b\BHDrvx64.sys [2009-11-7 334384]
    R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nisx64\1007020.00b\cchpx64.sys [2009-11-7 583296]
    R1 IDSVia64;IDSVia64;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20091105.001\IDSviA64.sys [2009-11-7 466992]
    R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 59904]
    R2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2009/11/07 18:56:21];c:\program files (x86)\cyberlink\powerdvd9\000.fcl [2009-8-28 146928]
    R2 HPBtnSrv;HP Easy Backup Button Service;c:\program files (x86)\hewlett-packard\hp easy backup\HPBtnSrv.exe [2009-9-11 192512]
    R2 Norton Internet Security;Norton Internet Security;c:\program files (x86)\norton internet security\engine\16.7.2.11\ccSvcHst.exe [2009-11-7 117640]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-11-8 132656]
    R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt64win7.sys [2009-9-11 233472]
    R3 SYMNDISV;Symantec Network Filter Driver;c:\windows\system32\drivers\nisx64\1007020.00b\symndisv.sys [2009-11-7 56880]
    S1 SASDIFSV;SASDIFSV;c:\program files (x86)\superantispyware\sasdifsv.sys [2009-10-12 9968]
    S1 SASKUTIL;SASKUTIL;c:\program files (x86)\superantispyware\SASKUTIL.SYS [2009-10-12 74480]
    S3 SASENUM;SASENUM;c:\program files (x86)\superantispyware\SASENUM.SYS [2009-10-12 7408]

    =============== Created Last 30 ================

    2009-11-10 04:09:28 0 d-----w- c:\windows\pss
    2009-11-10 02:40:31 0 d-----w- c:\programdata\SUPERAntiSpyware.com
    2009-11-10 02:40:26 0 d-----w- c:\users\heather\appdata\roaming\SUPERAntiSpyware.com
    2009-11-10 02:40:26 0 d-----w- c:\program files (x86)\SUPERAntiSpyware
    2009-11-10 02:32:08 0 d-----w- c:\users\heather\appdata\roaming\Malwarebytes
    2009-11-10 02:32:03 22104 ----a-w- c:\windows\system32\drivers\mbam.sys
    2009-11-10 02:32:03 0 d-----w- c:\programdata\Malwarebytes
    2009-11-10 02:32:03 0 d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2009-11-10 02:28:13 0 d-----w- c:\program files (x86)\CCleaner
    2009-11-09 11:01:11 311808 ----a-w- c:\windows\system32\msv1_0.dll
    2009-11-09 11:01:11 257024 ----a-w- c:\windows\syswow64\msv1_0.dll
    2009-11-09 11:01:05 0 d-----w- c:\program files (x86)\MSXML 4.0
    2009-11-08 21:36:10 0 d-----w- c:\program files (x86)\Canon
    2009-11-08 21:34:10 45568 ----a-w- c:\windows\system32\CNQU112.DLL
    2009-11-08 21:34:10 225792 ----a-w- c:\windows\system32\CNQL2410.dll
    2009-11-08 21:34:10 0 d--h--w- C:\CanoScan
    2009-11-08 21:32:53 0 d-----w- c:\program files\Paint.NET
    2009-11-08 16:46:49 0 d-----w- c:\users\heather\appdata\roaming\HP Support Assistant
    2009-11-08 16:46:47 0 d-----w- c:\users\heather\appdata\roaming\HpUpdate
    2009-11-08 11:02:44 46592 ----a-w- c:\windows\system32\msasn1.dll
    2009-11-08 11:02:44 34816 ----a-w- c:\windows\syswow64\msasn1.dll
    2009-11-08 11:02:43 64512 ----a-w- c:\windows\syswow64\msfeedsbs.dll
    2009-11-08 11:02:41 5958656 ----a-w- c:\windows\syswow64\mshtml.dll
    2009-11-08 04:38:48 0 d-----w- c:\programdata\Blizzard Entertainment
    2009-11-08 03:19:48 0 d-----w- c:\programdata\PopCap Games
    2009-11-08 03:19:48 0 d-----w- c:\program files (x86)\PopCap Games
    2009-11-08 02:13:24 0 d-----w- c:\program files (x86)\common files\Symantec Shared
    2009-11-08 01:55:42 0 d-----w- c:\program files (x86)\common files\CyberLink
    2009-11-08 01:54:56 163840 ----a-w- c:\windows\syswow64\compl.exe
    2009-11-08 01:54:56 10 ----a-w- c:\windows\syswow64\db
    2009-11-08 01:54:54 29480 ----a-w- c:\windows\syswow64\msxml3a.dll
    2009-11-08 01:38:32 0 d-----w- c:\program files (x86)\common files\Blizzard Entertainment
    2009-11-08 01:35:00 0 d-----w- c:\program files\WinRAR
    2009-11-08 01:00:05 0 d-----w- c:\program files\Ventrilo
    2009-11-08 01:00:04 262 ----a-w- c:\windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
    2009-11-08 00:59:43 0 d-----w- c:\program files (x86)\common files\Wise Installation Wizard
    2009-11-08 00:34:25 0 d-----w- c:\programdata\Blizzard
    2009-11-08 00:30:48 31280 ----a-r- c:\windows\system32\drivers\SymIMV.sys
    2009-11-08 00:30:46 855 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.INF
    2009-11-08 00:30:46 7440 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.CAT
    2009-11-08 00:30:46 172592 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
    2009-11-08 00:30:46 0 d-----w- c:\program files\Symantec
    2009-11-08 00:30:46 0 d-----w- c:\program files\common files\Symantec Shared
    2009-11-08 00:29:13 0 d-----w- c:\users\heather\appdata\roaming\PictureMover
    2009-11-08 00:24:53 0 d-----w- c:\users\heather\appdata\roaming\HP TCS

    ==================== Find3M ====================

    2009-11-08 00:24:40 1771 --sha-r- c:\windows\system32\drivers\103C_HP_CPC_NY556AA-ABA e9260f_YC_0Pavi_QMXX941_E94NAv6PrA3_49_IIndio_SMSI_V1.0_B5.05_T090911_WUH0_L409_M8184_J1000_7Intel_8Core i5 750_92.67_#_N10EC8168_Z_G10DE0603_Ohp DVD A DH16AAL_DIQT217D_HST31000528AS.MRK
    2009-10-02 04:32:07 982600 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
    2009-09-12 01:11:30 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_09_00.Wdf
    2009-09-03 07:36:39 1975296 ----a-w- c:\windows\system32\CertEnroll.dll
    2009-09-03 07:04:15 1320960 ----a-w- c:\windows\syswow64\CertEnroll.dll
    2009-08-29 07:45:05 12625920 ----a-w- c:\windows\system32\wmploc.DLL
    2009-08-29 06:59:32 11406336 ----a-w- c:\windows\syswow64\wmp.dll
    2009-08-29 06:54:52 12625408 ----a-w- c:\windows\syswow64\wmploc.DLL
    2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
    2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
    2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
    2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
    2009-07-14 04:54:24 174 --sha-w- c:\program files\desktop.ini
    2009-07-14 04:54:24 174 --sha-w- c:\program files (x86)\desktop.ini
    2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
    2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
    2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
    2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
    2009-06-10 20:44:08 9633792 --sha-r- c:\windows\fonts\StaticCache.dat
    2009-07-14 01:39:53 398848 --sha-w- c:\windows\winsxs\amd64_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_4d4d1f2f696639a2\WinMail.exe
    2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

    ============= FINISH: 20:40:27.91 ===============

    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_09-10-26.01)

    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 11/7/2009 5:24:07 PM
    System Uptime: 11/9/2009 8:12:33 PM (0 hours ago)

    Motherboard: MSI | | Indio
    Processor: Intel(R) Core(TM) i5 CPU 750 @ 2.67GHz | CPU 1 | 2668/133mhz

    ==== Disk Partitions =========================

    C: is FIXED (NTFS) - 919 GiB total, 858.92 GiB free.
    D: is FIXED (NTFS) - 12 GiB total, 2.199 GiB free.
    E: is CDROM ()
    F: is Removable
    G: is Removable
    H: is Removable
    I: is Removable

    ==== Disabled Device Manager Items =============

    ==== System Restore Points ===================

    RP1: 11/7/2009 5:47:39 PM - Scripted restore
    RP2: 11/7/2009 5:59:55 PM - Installed Ventrilo Client for Windows x64
    RP3: 11/7/2009 6:54:25 PM - Installed PowerDVD
    RP4: 11/7/2009 6:57:21 PM - Installed PowerDVD
    RP5: 11/8/2009 8:48:22 AM - Windows Modules Installer
    RP6: 11/8/2009 8:48:56 AM - Windows Modules Installer
    RP8: 11/8/2009 1:32:44 PM - Paint.NET v3.5
    RP9: 11/8/2009 1:34:40 PM - Windows Update
    RP10: 11/9/2009 3:00:33 AM - Windows Update
    RP11: 11/9/2009 6:40:05 PM - Installed SUPERAntiSpyware Free Edition
    RP12: 11/9/2009 7:21:04 PM - Windows Modules Installer
    RP13: 11/9/2009 7:44:37 PM - RegistryBackup11.9.2009-7_44_35-PM
    RP14: 11/9/2009 8:06:36 PM - RegistryBackup11.9.2009-8_06_36-PM

    ==== Installed Programs ======================

    Activate Norton Online Backup
    ActiveCheck component for HP Active Support Library
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    CanoScan Toolbox Ver4.9
    CCleaner
    Compatibility Pack for the 2007 Office system
    CyberLink DVD Suite Deluxe
    CyberLink PowerDVD 9
    DirectX for Managed Code Update (Summer 2004)
    FileZilla Client 3.2.8.1
    Homepage Protection
    HP Advisor
    HP Customer Experience Enhancements
    HP Easy Backup
    HP Games
    HP MediaSmart Demo
    HP MediaSmart DVD
    HP MediaSmart Movie Themes
    HP MediaSmart Music/Photo/Video
    HP Odometer
    HP Remote Solution
    HP Setup
    HP Support Assistant
    HP Support Information
    HP Update
    HPAsset component for HP Active Support Library
    LabelPrint
    LightScribe System Software
    Malwarebytes' Anti-Malware
    Microsoft Live Search Toolbar
    Microsoft Office PowerPoint Viewer 2007 (English)
    Microsoft Silverlight
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Works
    Mozilla Firefox (3.5.5)
    MSXML 4.0 SP2 (KB954430)
    Norton Internet Security
    PictureMover
    Power2Go
    PowerDirector
    PowerRecover
    Realtek High Definition Audio Driver
    SUPERAntiSpyware Free Edition
    World of Warcraft
    Zuma's Revenge!

    ==== Event Viewer Messages From Past Week ========

    11/9/2009 8:13:01 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SASDIFSV SASKUTIL
    11/9/2009 8:12:41 PM, Error: Application Popup [1060] - \??\C:\Program Files (x86)\SUPERAntiSpyware\SASKUTIL.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
    11/9/2009 8:12:41 PM, Error: Application Popup [1060] - \??\C:\Program Files (x86)\SUPERAntiSpyware\SASDIFSV.SYS has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
    11/9/2009 8:11:05 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
    11/9/2009 8:10:36 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments " " in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    11/9/2009 8:10:36 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments " " in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    11/9/2009 8:10:36 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments " " in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
    11/9/2009 8:10:36 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments " " in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
    11/9/2009 8:10:34 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments " " in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    11/9/2009 8:10:27 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments " " in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
    11/9/2009 8:10:16 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD BHDrvx64 ccHP DfsC discache eeCtrl IDSVia64 NetBIOS NetBT nsiproxy Psched rdbss SASDIFSV SASKUTIL spldr SRTSPX SymIM SYMTDI tdx vwififlt Wanarpv6 WfpLwf
    11/9/2009 8:10:16 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    11/9/2009 8:10:16 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    11/9/2009 8:10:16 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
    11/9/2009 8:10:16 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    11/9/2009 8:10:16 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    11/9/2009 8:10:16 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
    11/9/2009 8:10:16 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    11/9/2009 8:10:16 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    11/9/2009 8:10:16 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    11/9/2009 8:10:16 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    11/9/2009 6:40:34 PM, Error: Service Control Manager [7000] - The SASENUM service failed to start due to the following error: This driver has been blocked from loading
    11/9/2009 6:40:34 PM, Error: Application Popup [1060] - \??\C:\Program Files (x86)\SUPERAntiSpyware\SASENUM.SYS has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
    11/9/2009 6:40:31 PM, Error: Service Control Manager [7000] - The SASKUTIL service failed to start due to the following error: This driver has been blocked from loading
    11/9/2009 6:40:31 PM, Error: Service Control Manager [7000] - The SASDIFSV service failed to start due to the following error: This driver has been blocked from loading
    11/9/2009 6:34:19 PM, Error: NetBT [4321] - The name "WORKGROUP :1d" could not be registered on the interface with IP address 192.168.1.111. The computer with the IP address 192.168.1.114 did not allow the name to be claimed by this computer.
    11/9/2009 6:13:39 PM, Error: BROWSER [8009] - The browser was unable to promote itself to master browser. The computer that currently believes it is the master browser is DEANLIA-PC.
    11/8/2009 1:36:18 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800706be: Windows Malicious Software Removal Tool x64 - October 2009 (KB890830).
    11/8/2009 1:36:18 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800706ba: Update for Windows 7 for x64-based Systems (KB974431).
    11/8/2009 1:36:18 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800706ba: Update for Internet Explorer 8 Compatibility View List for Windows 7 for x64-based Systems (KB975364).
    11/8/2009 1:36:18 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800706ba: Security Update for Windows 7 for x64-based Systems (KB975467).
    11/8/2009 1:36:18 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800706ba: Security Update for Windows 7 for x64-based Systems (KB974571).
    11/8/2009 1:36:18 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800706ba: Security Update for Microsoft XML Core Services 4.0 Service Pack 2 for x64-based Systems (KB954430).
    11/8/2009 1:36:18 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800706ba: Security Update for Internet Explorer 8 for Windows 7 for x64-based Systems (KB974455).

    ==== End Of File ===========================
     
    MoonRabbit,
    #1
  2. 2009/11/09
    MoonRabbit

    MoonRabbit Inactive Thread Starter

    Joined:
    2009/11/09
    Messages:
    4
    Likes Received:
    0
    SUPERAntiSpyware Scan Log
    http://www.superantispyware.com

    Generated 11/09/2009 at 06:52 PM

    Application Version : 4.29.1004

    Core Rules Database Version : 4252
    Trace Rules Database Version: 2141

    Scan type : Quick Scan
    Total Scan Time : 00:09:48

    Memory items scanned : 565
    Memory threats detected : 0
    Registry items scanned : 413
    Registry threats detected : 0
    File items scanned : 21464
    File threats detected : 0

    Malwarebytes' Anti-Malware 1.41
    Database version: 3137
    Windows 6.1.7600 (Safe Mode)

    11/9/2009 8:11:53 PM
    mbam-log-2009-11-09 (20-11-53).txt

    Scan type: Quick Scan
    Objects scanned: 82234
    Time elapsed: 1 minute(s), 6 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)
     
    MoonRabbit,
    #2


  3. to hide this advert.

  4. 2009/11/10
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Download Dr.Web CureIt to the desktop:
    ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe
    • Doubleclick the drweb-cureit.exe file and click Scan to run express scan. Click OK in pop-up window to allow scan.
    • This will scan the files currently running in memory and when something is found, click the Yes button when it asks you if you want to cure it. This is only a short scan.
    • Once the short scan has finished, select Complete scan.
    • Click the green arrow [​IMG] at the right, and the scan will start.
    • Click Yes to all if it asks if you want to cure/move the file.
    • When the scan has finished, in the menu, click File and choose Save report list
    • Save the report to your desktop. The report will be called DrWeb.csv
    • Close Dr.Web Cureit.
    • Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.
    • Copy and paste that log in the next reply. You can use Notepad to open the DrWeb.cvs report.

    NOTE. During the scan, pop-up window will open asking for full version purchase. Simply close the window by clicking on X in upper right corner.


    Download HijackThis:
    http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download
    by clicking on Download HijackThis Installer
    Install, and run it.
    Post HijackTHis log.
    Do NOT attempt to fix anything!

    NOTE. If you're using Vista, right click on HijackThis, and click Run as Administrator
     
    broni,
    #3
  5. 2009/11/10
    MoonRabbit

    MoonRabbit Inactive Thread Starter

    Joined:
    2009/11/09
    Messages:
    4
    Likes Received:
    0
    DrWeb results:

    Blackhawk2-WT.exe;C:\Program Files (x86)\HP Games\Blackhawk Striker 2;Probably Trojan.Packed.191;;
    bb2-WT.exe;C:\Program Files (x86)\HP Games\Blasterball 2 Revolution;Probably Trojan.Packed.191;;
    BobTheBuilder Zoo-WT.exe;C:\Program Files (x86)\HP Games\Bob the Builder Can-Do-Zoo;Probably Trojan.Packed.191;;
    Buildalot3-WT.exe;C:\Program Files (x86)\HP Games\Build-a-lot 3;Probably Trojan.Packed.191;;
    Chuzzle-WT.exe;C:\Program Files (x86)\HP Games\Chuzzle Deluxe;Probably Trojan.Packed.191;;
    dora-WT.exe;C:\Program Files (x86)\HP Games\Dora's Carnival Adventure;Probably Trojan.Packed.191;;
    haulin-WT.exe;C:\Program Files (x86)\HP Games\Eighteen Wheels of Steel Haulin';Probably Trojan.Packed.191;;
    FamilyFeud3-WT.exe;C:\Program Files (x86)\HP Games\Family Feud 3;Probably Trojan.Packed.191;;
    FarmFrenzyPizzaParty-WT.exe;C:\Program Files (x86)\HP Games\Farm Frenzy - Pizza Party;Probably Trojan.Packed.191;;
    Fate-WT.exe;C:\Program Files (x86)\HP Games\FATE Undiscovered Realms;Probably Trojan.Packed.191;;
    JQSolitaire2-WT.exe;C:\Program Files (x86)\HP Games\Jewel Quest Solitaire 2;Probably Trojan.Packed.191;;
    DriveGreen1-WT.exe;C:\Program Files (x86)\HP Games\John Deere Drive Green;Probably Trojan.Packed.191;;
    liong2-WT.exe;C:\Program Files (x86)\HP Games\Liong - The Lost Amulets;Probably Trojan.Packed.191;;
    MahJong2-WT.exe;C:\Program Files (x86)\HP Games\Mah Jong Medley;Probably Trojan.Packed.191;;
    MortimerTimeParadox-WT.exe;C:\Program Files (x86)\HP Games\Mortimer Beckett and the Time Paradox;Probably Trojan.Packed.191;;
    MysteryPINewYork-WT.exe;C:\Program Files (x86)\HP Games\Mystery P.I. - The New York Fortune;Probably Trojan.Packed.191;;
    MysteryPIVegas-WT.exe;C:\Program Files (x86)\HP Games\Mystery P.I. - The Vegas Heist;Probably Trojan.Packed.191;;
    penguins-WT.exe;C:\Program Files (x86)\HP Games\Penguins!;Probably Trojan.Packed.191;;
    Polar-WT.exe;C:\Program Files (x86)\HP Games\Polar Bowler;Probably Trojan.Packed.191;;
    golf-WT.exe;C:\Program Files (x86)\HP Games\Polar Golfer;Probably Trojan.Packed.191;;
    GHScrabble-WT.exe;C:\Program Files (x86)\HP Games\Scrabble;Probably Trojan.Packed.191;;
    Slingo-WT.exe;C:\Program Files (x86)\HP Games\Slingo Deluxe;Probably Trojan.Packed.191;;
    THOS-WT.exe;C:\Program Files (x86)\HP Games\The Hidden Object Game Show;Probably Trojan.Packed.191;;
    Totem Tribe-WT.exe;C:\Program Files (x86)\HP Games\Totem Tribe;Probably Trojan.Packed.191;;
    Virtual Villagers - The Secret City-WT.exe;C:\Program Files (x86)\HP Games\Virtual Villagers - The Secret City;Probably Trojan.Packed.191;;
    Wheel Of Fortune-WT.exe;C:\Program Files (x86)\HP Games\Wheel of Fortune 2;Probably Trojan.Packed.191;;
    WorldOfGoo-WT.exe;C:\Program Files (x86)\HP Games\World of Goo;Probably Trojan.Packed.191;;
    Zuma-WT.exe;C:\Program Files (x86)\HP Games\Zuma Deluxe;Probably Trojan.Packed.191;;

    HijackThis results:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 8:55:20 PM, on 11/10/2009
    Platform: Unknown Windows (WinNT 6.01.3504)
    MSIE: Unable to get Internet Explorer version!
    Boot mode: Normal

    Running processes:
    C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
    C:\Program Files (x86)\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
    C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe
    C:\Windows\SysWOW64\compl.exe
    C:\Program Files (x86)\Cyberlink\PowerDVD9\PDVD9Serv.exe
    C:\Program Files (x86)\Cyberlink\Shared files\brs.exe
    C:\Program Files (x86)\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe
    c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
    c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Windows\SysWOW64\DllHost.exe
    C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cndt
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cndt
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cndt
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\16.7.2.11\coIEPlg.dll
    O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\16.7.2.11\IPSBHO.DLL
    O2 - BHO: Microsoft Live Search Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll
    O3 - Toolbar: Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll
    O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\16.7.2.11\coIEPlg.dll
    O4 - HKLM\..\Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
    O4 - HKLM\..\Run: [HP Remote Solution] %ProgramFiles%\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
    O4 - HKLM\..\Run: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
    O4 - HKLM\..\Run: [UpdatePRCShortCut] "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover "
    O4 - HKLM\..\Run: [compl.exe] C:\Windows\system32\compl.exe
    O4 - HKLM\..\Run: [RemoteControl9] "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe "
    O4 - HKLM\..\Run: [PDVD9LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe "
    O4 - HKLM\..\Run: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe
    O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
    O4 - HKCU\..\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files (x86)\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKCU\..\Run: [PCKitchenRegistryCleaner] C:\Users\Public\Heather\PC-Kitchen\RegistryCleaner\RegistryCleaner.exe -boot
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
    O4 - Global Startup: PictureMover.lnk = C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
    O13 - Gopher Prefix:
    O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files (x86)\Norton Internet Security\Engine\16.7.2.11\coIEPlg.dll
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
    O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
    O23 - Service: HP Easy Backup Button Service (HPBtnSrv) - Unknown owner - C:\Program Files (x86)\Hewlett-Packard\HP Easy Backup\HPBtnSrv.exe
    O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Norton Internet Security - Symantec Corporation - C:\Program Files (x86)\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

    --
    End of file - 8716 bytes
     
    MoonRabbit,
    #4
  6. 2009/11/11
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    broni,
    #5

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...