Blue screen

[Fatboyjim]

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-06-26.01)

Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume3
Install Date: 08/09/2008 22:15:56
System Uptime: 24/07/2009 10:16:33 (9 hours ago)

Motherboard: Dell Inc. | | 0RY007
Processor: Intel(R) Core(TM)2 CPU 4300 @ 1.80GHz | Socket 775 | 1800/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 288 GiB total, 170.04 GiB free.
D: is FIXED (NTFS) - 10 GiB total, 3.341 GiB free.
E: is CDROM (UDF)
G: is Removable
H: is Removable
I: is Removable
J: is Removable

==== Disabled Device Manager Items =============

Class GUID: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Description: Nokia Windows Portable Device Driver
Device ID: ROOT\WPD\0000
Manufacturer: Nokia
Name: Nokia 6500s-1
PNP Device ID: ROOT\WPD\0000
Service: WUDFRd

==== System Restore Points ===================

RP414: 23/07/2009 00:31:37 - Installed
RP415: 23/07/2009 00:32:33 - Removed QuickTime
RP416: 23/07/2009 08:58:38 - Installed QuickTime
RP417: 23/07/2009 18:59:42 - Removed Java(TM) 6 Update 7
RP418: 24/07/2009 10:21:00 - Windows Update
RP419: 24/07/2009 11:16:17 - Removed Adobe Reader 9.1.2.
RP420: 24/07/2009 11:20:35 - Removed Microsoft Silverlight
RP421: 24/07/2009 11:23:47 - Removed Safari
RP422: 24/07/2009 11:27:25 - Removed QuickTime
RP423: 24/07/2009 11:43:48 - Installed
RP424: 24/07/2009 11:45:48 - Removed MSN Toolbar
RP425: 24/07/2009 11:50:31 - Removed Spelling Dictionaries Support For Adobe Reader 9.
RP426: 24/07/2009 11:52:37 - Installed
RP427: 24/07/2009 11:52:54 - Installed
RP428: 24/07/2009 12:13:59 - Installed
RP429: 24/07/2009 12:14:14 - Installed
RP430: 24/07/2009 12:20:27 - Installed
RP431: 24/07/2009 12:21:33 - Installed
RP432: 24/07/2009 12:39:13 - Removed QuickTime

==== Installed Programs ======================

Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
AGEIA PhysX v7.11.13
Amazing Adventures: The Lost Tomb Demo
Apple Mobile Device Support
Apple Software Update
Belkin 54g USB Network Adapter
Bonjour
Call of Duty(R) - World at War(TM) 1.1 Patch
Choice Guard
Dell Color Printer 725
Dell Resource CD
Digital Line Detect
FlashLynx Video Download Software
Folding@home-x86
Google Toolbar for Internet Explorer
Google Update Helper
Google Updater
GoToAssist 8.0.0.514
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Intel(R) PRO Network Connections 12.1.11.0
iTunes
Java(TM) 6 Update 13
Junk Mail filter update
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office Live Add-in 1.4
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Search Enhancement Pack
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2005 Redistributable
MobileMe Control Panel
Mozilla Firefox (3.5.1)
MSVCRT
MSXML 4.0 SP2 (KB954430)
NVIDIA Drivers
OpenAL
PC Connectivity Solution
Peggle Deluxe Demo
Realtek High Definition Audio Driver
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Express Labeler
Roxio Update Manager
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB969679)
Security Update for Microsoft Office Excel 2007 (KB969682)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office Word 2007 (KB969604)
Sky Broadband
Sonic Activation Module
Steam
Team Fortress 2
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Windows Driver Package - Nokia (WUDFRd) WPD (06/01/2007 6.84.33.0)
Windows Driver Package - Nokia Modem (02/15/2007 3.1)
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker Beta
Windows Live OneCare safety scanner
Windows Live Photo Gallery
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
Windows Media Player Firefox Plugin
Zuma Deluxe Demo

==== Event Viewer Messages From Past Week ========

24/07/2009 11:18:35, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
24/07/2009 11:18:35, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
24/07/2009 11:18:33, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
24/07/2009 10:18:34, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
24/07/2009 10:18:34, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error 2147749155 (0x80040D23).
24/07/2009 10:17:33, Error: EventLog [6008] - The previous system shutdown at 01:27:35 on 24/07/2009 was unexpected.
23/07/2009 15:24:09, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
23/07/2009 15:13:52, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the PEVSystemStart service to connect.
23/07/2009 15:13:50, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
23/07/2009 11:32:41, Error: EventLog [6008] - The previous system shutdown at 11:30:48 on 23/07/2009 was unexpected.
23/07/2009 08:50:44, Error: Microsoft-Windows-PrintSpooler [6161] - The document Microsoft Word - JRCV.doc, owned by James, failed to print on printer Dell Color Printer 725. Try to print the document again, or restart the print spooler. Data type: LEMF. Size of the spool file in bytes: 935504. Number of bytes printed: 0. Total number of pages in the document: 3. Number of pages printed: 0. Client computer: \\JAMES. Win32 error code returned by the print processor: 0. The operation completed successfully.
23/07/2009 08:48:47, Error: EventLog [6008] - The previous system shutdown at 08:46:57 on 23/07/2009 was unexpected.
22/07/2009 11:35:49, Error: EventLog [6008] - The previous system shutdown at 11:34:11 on 22/07/2009 was unexpected.
22/07/2009 11:24:11, Error: EventLog [6008] - The previous system shutdown at 11:22:16 on 22/07/2009 was unexpected.
22/07/2009 00:05:18, Error: Service Control Manager [7001] - The Remote Access Connection Manager service depends on the Secure Socket Tunneling Protocol Service service which failed to start because of the following error: The service has not been started.
22/07/2009 00:03:42, Error: EventLog [6008] - The previous system shutdown at 00:01:52 on 22/07/2009 was unexpected.
21/07/2009 23:56:05, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
21/07/2009 23:56:03, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
21/07/2009 23:55:27, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
21/07/2009 23:55:27, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
21/07/2009 23:55:22, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
21/07/2009 23:55:16, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC NetBIOS netbt nsiproxy PSched RasAcd rdbss Smb spldr tdx Wanarpv6
21/07/2009 23:55:16, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
21/07/2009 23:55:16, Error: Service Control Manager [7001] - The WebDav Client Redirector Driver service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
21/07/2009 23:55:16, Error: Service Control Manager [7001] - The WebClient service depends on the WebDav Client Redirector Driver service which failed to start because of the following error: The dependency service or group failed to start.
21/07/2009 23:55:16, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
21/07/2009 23:55:16, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
21/07/2009 23:55:16, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
21/07/2009 23:55:16, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
21/07/2009 23:55:16, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service service which failed to start because of the following error: A device attached to the system is not functioning.
21/07/2009 23:55:16, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
21/07/2009 23:55:16, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
21/07/2009 23:55:16, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
21/07/2009 23:55:16, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
21/07/2009 23:55:16, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
21/07/2009 23:55:16, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
21/07/2009 23:55:12, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
21/07/2009 23:54:00, Error: Microsoft-Windows-TerminalServices-LocalSessionManager [1048] - Terminal Service start failed. The relevant status code was This service cannot be started in Safe Mode .
21/07/2009 23:54:00, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service TermService with arguments "" in order to run the server: {F9A874B6-F8A8-4D73-B5A8-AB610816828B}
21/07/2009 23:53:59, Error: EventLog [6008] - The previous system shutdown at 23:51:57 on 21/07/2009 was unexpected.
21/07/2009 11:26:15, Error: Service Control Manager [7023] - The Secure Socket Tunneling Protocol Service service terminated with the following error: The RPC server is unavailable.
21/07/2009 11:26:15, Error: Service Control Manager [7001] - The Remote Access Connection Manager service depends on the Secure Socket Tunneling Protocol Service service which failed to start because of the following error: The RPC server is unavailable.
21/07/2009 11:25:03, Error: Microsoft-Windows-TaskScheduler [412] - Task Scheduler service failed to launch tasks triggered by computer startup. Additional Data: Error Value: 2147549183. User Action: restart task scheduler service.
21/07/2009 11:24:54, Error: EventLog [6008] - The previous system shutdown at 11:23:25 on 21/07/2009 was unexpected.
21/07/2009 10:56:30, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Apple Mobile Device service, but this action failed with the following error: An instance of the service is already running.
21/07/2009 10:56:30, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
21/07/2009 10:55:31, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

==== End Of File ===========================

[Blade81]

Well congrats, it appears your system is all clean Are you still noticing any problems? If not, it's time to secure your system to prevent against further intrusions.


THESE STEPS ARE VERY IMPORTANT

Let's reset system restore
Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs changing those files. This is the only way to clean these files: You will lose all previous restore points which are likely to be infected. Please note you need Administrator Access to do clean the restore points.

A To disable the System Restore feature:

1. Click on the Start button.
2. Hover over the Computer option, right click on it and then click Properties.
3. On the left hand side, click Advanced Settings.
4. If asked to permit the action, click on Allow.
5. Click on the System Protection tab.
6. Uncheck any checkboxes listed for your hard drives.
7. Press OK.


B. Reboot.

C Turn ON System Restore.
Follow the steps like you did when disabling system restore but on step 6. check any checkboxes listed for your hard drives.


Now lets uninstall ComboFix:

• Click START then RUN
• Now type fatboy /u in the runbox and click OK

UPDATING WINDOWS AND INTERNET EXPLORER

IMPORTANT: You Need to Update Windows and Internet Explorer to protect your computer from the malware that is around on the Internet. Please go to the windows update site to get the critical updates.

If you are running Microsoft Office, or any portion thereof, go to the Microsoft's Office Update site and make sure you have at least all the critical updates installed (Free) Microsoft Office Update.

Make your Internet Explorer more secure

This can be done by following these simple instructions:
From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.
Change the Download signed ActiveX controls to Prompt
Change the Download unsigned ActiveX controls to Disable
Change the Initialize and script ActiveX controls not marked as safe to Disable
Change the Installation of desktop items to Prompt
Change the Launching programs and files in an IFRAME to Prompt
Change the Navigate sub-frames across different domains to Prompt
When all these settings have been made, click on the OK button.
If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.



The following are recommended third party programs that are designed to keep your computer clean. A link as well as a brief description is included with each item.

• Download Adaware
  Adaware is a free program. It scans for known spyware on your computer. These scans should be run at least once every two weeks. For more information, see this tutorial
  The program is available for download here
• Download Spybot
  Spybot is a scanner like adaware. It scans for spyware and other malicious programs. It is important to have both Adaware and Spybot on your computer because each program provides unique detection and pretection measures. Spybot has preventitive tools that stop programs from even installing on your computer.
  To see how to set this up as well as more spybot features, see here
  Spybot can be downloaded at this location
• hosts file:
  
  • Every version of windows has a hosts file as part of them.
  • In a very basic sense, they are used to locate webpages.
  • We can customize a hosts file so that it blocks certain webpages.
  • However, it can slow down certain computers.
  • This is why using a hosts file is optional!!
  
  Download it here. Make sure you read the instructions on how to install the hosts file. There is a good tutorial here
  If you decide to download the hosts file, the slowdown problems can usually be avoided by following these steps:
  
  2. Click the start button (at the lower left hand corner of your screen)
  3. Click run
  4. In the dialog box, type services.msc
  5. hit enter, then locate dns client
  6. Highlight it, then double-click it.
  7. On the dropdown box, change the setting from automatic to manual.
  8. Click ok
  
  
• Get Anti Virus Software and keep it updated - Most AVs will update automatically, but if not I would recommend making updating the AV the first job every time the PC is connected to the internet. An AV that is using defs that are seven days old is not going to be much protection. If you do not update your anti virus software then it will not be able to catch any of the new variants that may come out. Good free antivirus programs are:
  Antivir
  Avast!

Just a final reminder for you. I am trying to stress these two points.
UPDATE UPDATE UPDATE!!! Make sure you do this about every 1-2 weeks.
Make sure all of your security programs are up to date.
Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.


Once again, please post and tell me how things are going with your system... problems etc.

Have a great day,
Blade

[Fatboyjim]

No I am not noticing any problems now, they disappeared earlier when I made the first comment that it seemed better. I had a high proportion of websites not opening, redirected searches, adverts linked from webpages.

Thanks I will do the updating etc shortly and let you know if all is fine with them .

[Blade81]

You're welcome

Shall wait for your status update.

[Fatboyjim]

it says cannot find fatboy or fatboy.exe when i type that command into run

[Blade81]

it says cannot find fatboy or fatboy.exe when i type that command into run

Hi,

Do you still have ComboFix.exe renamed to fatboy.exe at this location:
c:\users\James\Desktop

If not, then uninstall won't be successful. Please ensure that you have file there and then attempt uninstall again.

[Fatboyjim]

Yes I still see it there, I will try again shortly.

[Blade81]

Hi,

Ok. Let me know if the command still fails and we'll try other trick then.

[Blade81]

Since this issue appears to be resolved ... this Topic has been closed. Glad I could help.

Note:If it has been four days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.

If it has been less than four days since your last response and you need the thread re-opened, please send me or MOD a private message (pm). A valid, working link to the closed topic is required.