CanHazTrojanz?
Posts: 106 +0
Hello, I just got infected badly yesterday 8/31/12.
I use my PC for work I do online for my own web publishing business and SEO or copywriting clients. I wound up getting infected with a rogue scanner. All of a sudden various windows open up warning of an infection, computer reboots itself. When it rebooted, I found a black background with my icons "ghosted" as they were hidden. I ran Malwarebytes immediately, which found 2 Trojans but that didn't answer all my problems by a long shot.
Before finding the "5 steps" recommended here at techspot, I was following an online tutorial given by Broni to another user:
https://www.techspot.com/community/topics/system-check-virus.178301/
I didn't take all the recommendations since I found malware that the other user didn't have, so I've posted all my findings below the "5 steps" information.
The two steps I did extra if you will:
Running Esage Lab's "Bootkit Remover"
Trying to run aswMBR.exe, but that didn't run.
Running MBRcheck.exe as Broni suggested.
I've pasted the results beneath the output of steps 2, 3 and 4 as recommended in the 5-step prepatory thread.
I did not do anything else but run my "Vipre" antivirus, but all that found was 180 tracking cookies and removed 108 of them, not sure why it didn't catch the virus as it has active protection.
I've marked the files according to the steps, and use ##============## to differentiate the diagnostic results. The extra two files are below the information of the initial diagnostic.
Your help would be MUCH appreciated as I have a large family and work more than full time from home for clients, I'm really at a loss right now.
##==========================================##
Step 2: Malwarebytes Log
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org
Database version: v2012.08.30.02
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
IdHusseys :: IDHUSSEYS-PC [administrator]
8/31/2012 4:35:33 PM
mbam-log-2012-08-31 (16-35-33).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 225886
Time elapsed: 14 minute(s), 17 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 2
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
##=============================================##
Step 3: GMER Log
No Results Found - But here I messed up! It DID find about 6 or 7 files (mostly under "Documents and Settings" folder if I recall correctly, but I can't open that file, access denied).
I thought I hit "Save" but accidentally hit "Scan" and it ran a second time...found nothing. I ran it again just in case, it found nothing.
So I noticed on the GMER site they mention the "catchme.exe" script, I downloaded and opened that. Here are its results:
detected NTDLL code modification:
ZwEnumerateKey 0 != 47, ZwQueryKey 0 != 19, ZwOpenKey 0 != 15, ZwClose 0 != 12, ZwEnumerateValueKey 0 != 16, ZwQueryValueKey 0 != 20, ZwOpenFile 0 != 48, ZwQueryDirectoryFile 0 != 50, ZwQuerySystemInformation 0 != 51Initialization error
##=============================================##
Step 4: DDS Log (first "DDS.txt" then "Attach.txt" files):
.
DDS (Ver_2011-08-26.01) - NTFSAMD64 MINIMAL
Internet Explorer: 9.0.8112.16421
Run by IdHusseys at 20:05:38 on 2012-09-01
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2812.2034 [GMT -6:00]
.
AV: GFI Software VIPRE *Enabled/Updated* {E0D97DD4-42BA-B3F2-A5A7-22E9ACE81FC7}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: GFI Software VIPRE *Enabled/Updated* {5BB89C30-6480-BC7C-9F17-199BD76F557A}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files (x86)\GFI Software\VIPRE\SBPIMSvc.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Program Files (x86)\GFI Software\VIPRE\SBAMSvc.exe
C:\Program Files (x86)\GFI Software\VIPRE\SBAMTray.exe
C:\Windows\system32\REGSVR32.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: LastPass Vault: {95d9ecf5-2a4d-4550-be49-70d42f71296e} - C:\Program Files (x86)\LastPass\LPToolbar.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [MP3 Skype Recorder] C:\Program Files (x86)\MP3 Skype Recorder\MP3 Skype Recorder.exe
uRun: [Google Update] "C:\Users\IdHusseys\AppData\Local\Google\Update\GoogleUpdate.exe" /c
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [SBAMTray] "C:\Program Files (x86)\GFI Software\VIPRE\SBAMTray.exe"
StartupFolder: C:\Users\IDHUSS~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\IdHusseys\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\IDHUSS~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000
IE: LastPass - file://C:\Users\IdHusseys\AppData\LocalLow\LastPass\context.html?cmd=lastpass
IE: LastPass Fill Forms - file://C:\Users\IdHusseys\AppData\LocalLow\LastPass\context.html?cmd=fillforms
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_06-windows-i586.cab
DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} - hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx
DPF: {CAFEEFAC-0017-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_06-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_06-windows-i586.cab
TCP: DhcpNameServer = 24.116.2.50 24.116.2.34
TCP: Interfaces\{7523F849-46AC-423E-B1D1-4B910EF80C38} : DhcpNameServer = 24.116.2.50 24.116.2.34
TCP: Interfaces\{CF0CB9F8-FA84-4B47-A1C1-735CF549A63D} : DhcpNameServer = 24.116.2.50 24.116.2.34
TCP: Interfaces\{CF0CB9F8-FA84-4B47-A1C1-735CF549A63D}\1627279637534376 : DhcpNameServer = 24.116.2.50 24.116.2.34
TCP: Interfaces\{CF0CB9F8-FA84-4B47-A1C1-735CF549A63D}\C696E6B6379737 : DhcpNameServer = 24.116.2.50 24.116.2.34
TCP: Interfaces\{CF0CB9F8-FA84-4B47-A1C1-735CF549A63D}\D41627961602845737375697 : DhcpNameServer = 192.168.0.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\MP3 Skype Recorder\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} -
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: LastPass Vault: {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar.dll
BHO-X64: LastPass Vault - No File
BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
TB-X64: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll
TB-X64: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun-x64: [(Default)]
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [SBAMTray] "C:\Program Files (x86)\GFI Software\VIPRE\SBAMTray.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\IdHusseys\AppData\Roaming\Mozilla\Firefox\Profiles\d1hd1tuj.default\
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&q=
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre1.6.0_22\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Users\IdHusseys\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: C:\Users\IdHusseys\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
.
============= SERVICES / DRIVERS ===============
.
R2 SBAMSvc;VIPRE Antivirus;C:\Program Files (x86)\GFI Software\VIPRE\SBAMSvc.exe [2012-8-29 3677000]
R2 SBPIMSvc;SB Recovery Service;C:\Program Files (x86)\GFI Software\VIPRE\SBPIMSvc.exe [2012-8-29 175496]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]
S1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
S2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-7-27 63960]
S2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe [2009-12-21 89600]
S2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 sbapifs;sbapifs;C:\Windows\system32\DRIVERS\sbapifs.sys --> C:\Windows\system32\DRIVERS\sbapifs.sys [?]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;"C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe" --> C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-23 113120]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]
S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S3 sbwtis;sbwtis;C:\Windows\system32\DRIVERS\sbwtis.sys --> C:\Windows\system32\DRIVERS\sbwtis.sys [?]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-09-01 12:26:05--------d-----w-C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-09-01 07:27:256851408----a-w-C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{75EE6CA2-C53E-4E4F-BADA-3E07FA354116}\mpengine.dll
2012-09-01 00:19:4693----a-w-C:\Users\IdHusseys\AppData\Roaming\netstat.bat
2012-08-29 23:41:4847496----a-w-C:\Windows\SysWow64\sbbd.exe
2012-08-27 01:25:591034216----a-w-C:\Windows\System32\npDeployJava1.dll
2012-08-26 19:26:3286816----a-w-C:\Windows\System32\drivers\sbwtis.sys
2012-08-24 05:34:2614790243----a-w-C:\Program Files (x86)\SERPAttacks_Video.exe
2012-08-24 05:22:58--------d-----w-C:\Program Files (x86)\Market Samurai
2012-08-24 03:32:13135933721----a-w-C:\Program Files (x86)\Apache_OpenOffice_incubating_3.4.1_Win_x86_install_en-US.exe
2012-08-22 09:05:0673416----a-w-C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-22 09:05:06696520----a-w-C:\Windows\SysWow64\FlashPlayerApp.exe
2012-08-22 08:08:40--------d-----w-C:\lynx_w32
2012-08-20 22:28:45--------d--h--w-C:\Users\IdHusseys\AppData\Local\ElevatedDiagnostics
2012-08-15 18:28:52503808----a-w-C:\Windows\System32\srcore.dll
2012-08-15 18:28:5043008----a-w-C:\Windows\SysWow64\srclient.dll
2012-08-15 18:28:39751104----a-w-C:\Windows\System32\win32spl.dll
2012-08-15 18:28:37559104----a-w-C:\Windows\System32\spoolsv.exe
2012-08-15 18:28:37492032----a-w-C:\Windows\SysWow64\win32spl.dll
2012-08-15 18:28:3667072----a-w-C:\Windows\splwow64.exe
2012-08-15 18:28:3259392----a-w-C:\Windows\System32\browcli.dll
2012-08-15 18:28:32136704----a-w-C:\Windows\System32\browser.dll
2012-08-15 18:28:3141984----a-w-C:\Windows\SysWow64\browcli.dll
2012-08-15 18:28:243148800----a-w-C:\Windows\System32\win32k.sys
2012-08-15 18:28:22956928----a-w-C:\Windows\System32\localspl.dll
2012-08-14 22:24:0515428440----a-w-C:\Program Files (x86)\AdobeAIRInstaller.exe
2012-08-14 21:49:12--------d--h--w-C:\Users\IdHusseys\AppData\Local\{136E17CE-9D8C-4576-B5FB-9FD9476CEE7D}
2012-08-13 19:53:47--------d--h--w-C:\Users\IdHusseys\AppData\Local\{22CFA543-8BC0-487D-B925-78E6564E6786}
2012-08-11 21:18:14--------d--h--w-C:\Users\IdHusseys\AppData\Roaming\Microsys
2012-08-11 21:17:46--------d-----w-C:\Program Files\Microsys
2012-08-09 21:04:46--------d--h--w-C:\Users\IdHusseys\temp
2012-08-09 20:55:1911264----a-w-C:\Windows\SysWow64\SPORDER.DLL
.
==================== Find3M ====================
.
2012-08-29 23:41:4847496----a-w-C:\Windows\System32\sbbd.exe
2012-08-28 03:34:13916456----a-w-C:\Windows\System32\deployJava1.dll
2012-08-24 09:02:52821736----a-w-C:\Windows\SysWow64\npdeployJava1.dll
2012-08-24 09:02:52746984----a-w-C:\Windows\SysWow64\deployJava1.dll
2012-08-01 20:36:5482872----a-w-C:\Windows\System32\drivers\sbapifs.sys
2012-06-29 03:56:342312704----a-w-C:\Windows\System32\jscript9.dll
2012-06-29 03:49:111392128----a-w-C:\Windows\System32\wininet.dll
2012-06-29 03:48:071494528----a-w-C:\Windows\System32\inetcpl.cpl
2012-06-29 03:43:49173056----a-w-C:\Windows\System32\ieUnatt.exe
2012-06-29 03:39:482382848----a-w-C:\Windows\System32\mshtml.tlb
2012-06-29 00:16:581800704----a-w-C:\Windows\SysWow64\jscript9.dll
2012-06-29 00:09:011129472----a-w-C:\Windows\SysWow64\wininet.dll
2012-06-29 00:08:591427968----a-w-C:\Windows\SysWow64\inetcpl.cpl
2012-06-29 00:04:43142848----a-w-C:\Windows\SysWow64\ieUnatt.exe
2012-06-29 00:00:452382848----a-w-C:\Windows\SysWow64\mshtml.tlb
2012-06-16 01:05:0260304----a-w-C:\Users\IdHusseys\g2mdlhlpx.exe
2012-06-06 06:06:162004480----a-w-C:\Windows\System32\msxml6.dll
2012-06-06 06:06:161881600----a-w-C:\Windows\System32\msxml3.dll
2012-06-06 06:02:541133568----a-w-C:\Windows\System32\cdosys.dll
2012-06-06 05:05:521390080----a-w-C:\Windows\SysWow64\msxml6.dll
2012-06-06 05:05:521236992----a-w-C:\Windows\SysWow64\msxml3.dll
2012-06-06 05:03:06805376----a-w-C:\Windows\SysWow64\cdosys.dll
.
============= FINISH: 20:13:01.63 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 4/10/2010 2:35:09 PM
System Uptime: 9/1/2012 5:57:48 PM (3 hours ago)
.
Motherboard: Hewlett-Packard | | 363F
Processor: AMD Athlon(tm) II Dual-Core M320 | Socket S1G3 | 2094/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 219 GiB total, 150.054 GiB free.
D: is FIXED (NTFS) - 14 GiB total, 2.236 GiB free.
E: is FIXED (FAT32) - 0 GiB total, 0.092 GiB free.
F: is CDROM ()
G: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: Security Processor Loader Driver
Device ID: ROOT\LEGACY_SPLDR\0000
Manufacturer:
Name: Security Processor Loader Driver
PNP Device ID: ROOT\LEGACY_SPLDR\0000
Service: spldr
.
==== System Restore Points ===================
.
RP360: 8/28/2012 12:42:21 AM - Removed Java 7 Update 6 (64-bit)
RP361: 8/28/2012 12:49:20 AM - Installed Java 7 Update 6
RP362: 8/29/2012 10:32:06 PM - Installed Proxy Multiply
RP363: 8/30/2012 1:30:49 PM - Removed Proxy Multiply
RP364: 8/31/2012 5:36:32 PM - Windows Update
RP365: 8/31/2012 7:32:13 PM - Configured Power2Go
RP366: 8/31/2012 7:34:47 PM - Configured PowerDirector
RP367: 8/31/2012 7:44:01 PM - Removed Fresh Proxy Scraper.
RP368: 8/31/2012 7:45:03 PM - Removed iTunes
RP369: 8/31/2012 7:45:58 PM - Removed Microsoft Silverlight
RP370: 8/31/2012 7:46:38 PM - Removed muvee Reveal
RP371: 8/31/2012 7:51:35 PM - Removed iTunes
.
==== Installed Programs ======================
.
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.4)
Adobe Shockwave Player
Adobe Shockwave Player 11.6
Amazon Kindle
AMD USB Filter Driver
Apple Application Support
Apple Software Update
Atheros Driver Installation Program
AVS Audio Converter 7
AVS Audio Editor 7.1
AVS Audio Recorder version 4.0
AVS Cover Editor 2.0.1.3
AVS Disc Creator 5
AVS Document Converter 2.1.2
AVS DVD Copy version 4.1.2
AVS Screen Capture version 2.0.1
AVS Update Manager 1.0
AVS Video Converter 8
AVS Video Editor 6
AVS Video Recorder 2.4
AVS Video ReMaker 4.0.8.140
AVS4YOU Software Navigator 1.4
BacklinkTopia
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Compatibility Pack for the 2007 Office system
CurationSoft
D3DX10
Directory Submitter 1.0.29
Dropbox
FileZilla Client 3.5.3
FreeMind
GFX Video Writer
GFX Writer
GIMP 2.6.11
Google Chrome
GoToMeeting 5.2.0.952
Hewlett-Packard ACLM.NET v1.1.0.0
HMA! Pro VPN 2.6.9
HP Customer Experience Enhancements
HP Product Detection
HP Update
HP User Guides 0148
HP Wireless Assistant
IDT Audio
Image Crusher
Jigs@w Puzzle Promo Creator 2.1
Junk Mail filter update
jZip
LastPass (uninstall only)
LightScribe System Software
Magic Article Rewriter
Magic Article Submitter
Magic Rank Tracker version 2.7
Magic Tokens Database 2.0
Malwarebytes Anti-Malware version 1.62.0.1300
Market Samurai
MarketMeSuite
Mesh Runtime
Messenger Companion
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server Compact 3.5 SP1 English
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft WSE 3.0
Mozilla Firefox 14.0.1 (x86 en-US)
Mozilla Maintenance Service
MP3 Skype Recorder
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NP Checker
OpenOffice.org 3.4.1
PAD SubmitWorker 1.2
PDF2EXE 3.0
PressBot
QuickTime
Realtek 8136 8168 8169 Ethernet Driver
Realtek USB 2.0 Card Reader
Recovery Manager
RSSBot
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
SEO PowerSuite
SERPAttacks
SERPAttacks Video Tutorial
Skype™ 5.8
swMSM
The 5 Bucks a Day Action Enforcer
Tracker
Unity Web Player
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
VideoBot
VIPRE Antivirus
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Xenu's Link Sleuth
XMind
.
==== Event Viewer Messages From Past Week ========
.
9/1/2012 7:05:53 AM, Error: Service Control Manager [7043] - The Windows Update service did not shut down properly after receiving a preshutdown control.
9/1/2012 5:58:31 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
9/1/2012 5:58:30 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
9/1/2012 5:58:28 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
9/1/2012 5:58:25 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
9/1/2012 5:58:25 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
9/1/2012 5:58:22 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
9/1/2012 5:58:16 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
9/1/2012 5:58:10 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC discache NetBIOS NetBT nsiproxy Psched rdbss spldr tdx vwififlt Wanarpv6 WfpLwf
9/1/2012 5:58:05 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
9/1/2012 5:58:05 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
9/1/2012 5:58:05 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
9/1/2012 5:58:05 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
9/1/2012 5:58:05 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
9/1/2012 5:58:05 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
9/1/2012 5:58:05 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
9/1/2012 5:58:05 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
9/1/2012 5:58:05 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
9/1/2012 5:58:05 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
9/1/2012 5:02:50 PM, Error: Microsoft-Windows-WMPNSS-Service [14346] - A new media server was not initialized because RegisterRunningDevice() encountered error '0x80070005'. Restart your computer, and then restart the WMPNetworkSvc service.
9/1/2012 5:01:24 PM, Error: atikmdag [52236] - CPLIB :: General - Invalid Parameter
9/1/2012 4:58:55 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
9/1/2012 3:49:31 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
9/1/2012 3:42:23 PM, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\system32\athihvs.dll Error Code: 21
9/1/2012 3:42:07 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache spldr Wanarpv6
8/31/2012 8:02:43 PM, Error: Service Control Manager [7001] - The MBAMService service depends on the MBAMProtector service which failed to start because of the following error: The system cannot find the file specified.
8/31/2012 8:02:43 PM, Error: Service Control Manager [7000] - The MBAMProtector service failed to start due to the following error: The system cannot find the file specified.
8/31/2012 6:21:12 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
8/31/2012 6:06:51 PM, Error: Microsoft-Windows-Directory-Services-SAM [12291] - SAM failed to start the TCP/IP or SPX/IPX listening thread
8/31/2012 6:05:48 PM, Error: Service Control Manager [7023] - The Peer Name Resolution Protocol service terminated with the following error: Access is denied.
8/31/2012 6:05:48 PM, Error: Service Control Manager [7001] - The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error: Access is denied.
8/31/2012 6:05:48 PM, Error: Microsoft-Windows-PNRPSvc [102] - The Peer Name Resolution Protocol cloud did not start because the creation of the default identity failed with error code: 0x80070005.
8/28/2012 6:38:05 PM, Error: ACPI [13] - : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly.
.
==== End Of File ===========================
I use my PC for work I do online for my own web publishing business and SEO or copywriting clients. I wound up getting infected with a rogue scanner. All of a sudden various windows open up warning of an infection, computer reboots itself. When it rebooted, I found a black background with my icons "ghosted" as they were hidden. I ran Malwarebytes immediately, which found 2 Trojans but that didn't answer all my problems by a long shot.
Before finding the "5 steps" recommended here at techspot, I was following an online tutorial given by Broni to another user:
https://www.techspot.com/community/topics/system-check-virus.178301/
I didn't take all the recommendations since I found malware that the other user didn't have, so I've posted all my findings below the "5 steps" information.
The two steps I did extra if you will:
Running Esage Lab's "Bootkit Remover"
Trying to run aswMBR.exe, but that didn't run.
Running MBRcheck.exe as Broni suggested.
I've pasted the results beneath the output of steps 2, 3 and 4 as recommended in the 5-step prepatory thread.
I did not do anything else but run my "Vipre" antivirus, but all that found was 180 tracking cookies and removed 108 of them, not sure why it didn't catch the virus as it has active protection.
I've marked the files according to the steps, and use ##============## to differentiate the diagnostic results. The extra two files are below the information of the initial diagnostic.
Your help would be MUCH appreciated as I have a large family and work more than full time from home for clients, I'm really at a loss right now.
##==========================================##
Step 2: Malwarebytes Log
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org
Database version: v2012.08.30.02
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
IdHusseys :: IDHUSSEYS-PC [administrator]
8/31/2012 4:35:33 PM
mbam-log-2012-08-31 (16-35-33).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 225886
Time elapsed: 14 minute(s), 17 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 2
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
##=============================================##
Step 3: GMER Log
No Results Found - But here I messed up! It DID find about 6 or 7 files (mostly under "Documents and Settings" folder if I recall correctly, but I can't open that file, access denied).
I thought I hit "Save" but accidentally hit "Scan" and it ran a second time...found nothing. I ran it again just in case, it found nothing.
So I noticed on the GMER site they mention the "catchme.exe" script, I downloaded and opened that. Here are its results:
detected NTDLL code modification:
ZwEnumerateKey 0 != 47, ZwQueryKey 0 != 19, ZwOpenKey 0 != 15, ZwClose 0 != 12, ZwEnumerateValueKey 0 != 16, ZwQueryValueKey 0 != 20, ZwOpenFile 0 != 48, ZwQueryDirectoryFile 0 != 50, ZwQuerySystemInformation 0 != 51Initialization error
##=============================================##
Step 4: DDS Log (first "DDS.txt" then "Attach.txt" files):
.
DDS (Ver_2011-08-26.01) - NTFSAMD64 MINIMAL
Internet Explorer: 9.0.8112.16421
Run by IdHusseys at 20:05:38 on 2012-09-01
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2812.2034 [GMT -6:00]
.
AV: GFI Software VIPRE *Enabled/Updated* {E0D97DD4-42BA-B3F2-A5A7-22E9ACE81FC7}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: GFI Software VIPRE *Enabled/Updated* {5BB89C30-6480-BC7C-9F17-199BD76F557A}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files (x86)\GFI Software\VIPRE\SBPIMSvc.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Program Files (x86)\GFI Software\VIPRE\SBAMSvc.exe
C:\Program Files (x86)\GFI Software\VIPRE\SBAMTray.exe
C:\Windows\system32\REGSVR32.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: LastPass Vault: {95d9ecf5-2a4d-4550-be49-70d42f71296e} - C:\Program Files (x86)\LastPass\LPToolbar.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [MP3 Skype Recorder] C:\Program Files (x86)\MP3 Skype Recorder\MP3 Skype Recorder.exe
uRun: [Google Update] "C:\Users\IdHusseys\AppData\Local\Google\Update\GoogleUpdate.exe" /c
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [SBAMTray] "C:\Program Files (x86)\GFI Software\VIPRE\SBAMTray.exe"
StartupFolder: C:\Users\IDHUSS~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\IdHusseys\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\IDHUSS~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000
IE: LastPass - file://C:\Users\IdHusseys\AppData\LocalLow\LastPass\context.html?cmd=lastpass
IE: LastPass Fill Forms - file://C:\Users\IdHusseys\AppData\LocalLow\LastPass\context.html?cmd=fillforms
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_06-windows-i586.cab
DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} - hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx
DPF: {CAFEEFAC-0017-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_06-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_06-windows-i586.cab
TCP: DhcpNameServer = 24.116.2.50 24.116.2.34
TCP: Interfaces\{7523F849-46AC-423E-B1D1-4B910EF80C38} : DhcpNameServer = 24.116.2.50 24.116.2.34
TCP: Interfaces\{CF0CB9F8-FA84-4B47-A1C1-735CF549A63D} : DhcpNameServer = 24.116.2.50 24.116.2.34
TCP: Interfaces\{CF0CB9F8-FA84-4B47-A1C1-735CF549A63D}\1627279637534376 : DhcpNameServer = 24.116.2.50 24.116.2.34
TCP: Interfaces\{CF0CB9F8-FA84-4B47-A1C1-735CF549A63D}\C696E6B6379737 : DhcpNameServer = 24.116.2.50 24.116.2.34
TCP: Interfaces\{CF0CB9F8-FA84-4B47-A1C1-735CF549A63D}\D41627961602845737375697 : DhcpNameServer = 192.168.0.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\MP3 Skype Recorder\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} -
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: LastPass Vault: {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar.dll
BHO-X64: LastPass Vault - No File
BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
TB-X64: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll
TB-X64: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun-x64: [(Default)]
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [SBAMTray] "C:\Program Files (x86)\GFI Software\VIPRE\SBAMTray.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\IdHusseys\AppData\Roaming\Mozilla\Firefox\Profiles\d1hd1tuj.default\
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&q=
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre1.6.0_22\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Users\IdHusseys\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: C:\Users\IdHusseys\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
.
============= SERVICES / DRIVERS ===============
.
R2 SBAMSvc;VIPRE Antivirus;C:\Program Files (x86)\GFI Software\VIPRE\SBAMSvc.exe [2012-8-29 3677000]
R2 SBPIMSvc;SB Recovery Service;C:\Program Files (x86)\GFI Software\VIPRE\SBPIMSvc.exe [2012-8-29 175496]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]
S1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
S2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-7-27 63960]
S2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe [2009-12-21 89600]
S2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 sbapifs;sbapifs;C:\Windows\system32\DRIVERS\sbapifs.sys --> C:\Windows\system32\DRIVERS\sbapifs.sys [?]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;"C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe" --> C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-23 113120]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]
S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S3 sbwtis;sbwtis;C:\Windows\system32\DRIVERS\sbwtis.sys --> C:\Windows\system32\DRIVERS\sbwtis.sys [?]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-09-01 12:26:05--------d-----w-C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-09-01 07:27:256851408----a-w-C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{75EE6CA2-C53E-4E4F-BADA-3E07FA354116}\mpengine.dll
2012-09-01 00:19:4693----a-w-C:\Users\IdHusseys\AppData\Roaming\netstat.bat
2012-08-29 23:41:4847496----a-w-C:\Windows\SysWow64\sbbd.exe
2012-08-27 01:25:591034216----a-w-C:\Windows\System32\npDeployJava1.dll
2012-08-26 19:26:3286816----a-w-C:\Windows\System32\drivers\sbwtis.sys
2012-08-24 05:34:2614790243----a-w-C:\Program Files (x86)\SERPAttacks_Video.exe
2012-08-24 05:22:58--------d-----w-C:\Program Files (x86)\Market Samurai
2012-08-24 03:32:13135933721----a-w-C:\Program Files (x86)\Apache_OpenOffice_incubating_3.4.1_Win_x86_install_en-US.exe
2012-08-22 09:05:0673416----a-w-C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-22 09:05:06696520----a-w-C:\Windows\SysWow64\FlashPlayerApp.exe
2012-08-22 08:08:40--------d-----w-C:\lynx_w32
2012-08-20 22:28:45--------d--h--w-C:\Users\IdHusseys\AppData\Local\ElevatedDiagnostics
2012-08-15 18:28:52503808----a-w-C:\Windows\System32\srcore.dll
2012-08-15 18:28:5043008----a-w-C:\Windows\SysWow64\srclient.dll
2012-08-15 18:28:39751104----a-w-C:\Windows\System32\win32spl.dll
2012-08-15 18:28:37559104----a-w-C:\Windows\System32\spoolsv.exe
2012-08-15 18:28:37492032----a-w-C:\Windows\SysWow64\win32spl.dll
2012-08-15 18:28:3667072----a-w-C:\Windows\splwow64.exe
2012-08-15 18:28:3259392----a-w-C:\Windows\System32\browcli.dll
2012-08-15 18:28:32136704----a-w-C:\Windows\System32\browser.dll
2012-08-15 18:28:3141984----a-w-C:\Windows\SysWow64\browcli.dll
2012-08-15 18:28:243148800----a-w-C:\Windows\System32\win32k.sys
2012-08-15 18:28:22956928----a-w-C:\Windows\System32\localspl.dll
2012-08-14 22:24:0515428440----a-w-C:\Program Files (x86)\AdobeAIRInstaller.exe
2012-08-14 21:49:12--------d--h--w-C:\Users\IdHusseys\AppData\Local\{136E17CE-9D8C-4576-B5FB-9FD9476CEE7D}
2012-08-13 19:53:47--------d--h--w-C:\Users\IdHusseys\AppData\Local\{22CFA543-8BC0-487D-B925-78E6564E6786}
2012-08-11 21:18:14--------d--h--w-C:\Users\IdHusseys\AppData\Roaming\Microsys
2012-08-11 21:17:46--------d-----w-C:\Program Files\Microsys
2012-08-09 21:04:46--------d--h--w-C:\Users\IdHusseys\temp
2012-08-09 20:55:1911264----a-w-C:\Windows\SysWow64\SPORDER.DLL
.
==================== Find3M ====================
.
2012-08-29 23:41:4847496----a-w-C:\Windows\System32\sbbd.exe
2012-08-28 03:34:13916456----a-w-C:\Windows\System32\deployJava1.dll
2012-08-24 09:02:52821736----a-w-C:\Windows\SysWow64\npdeployJava1.dll
2012-08-24 09:02:52746984----a-w-C:\Windows\SysWow64\deployJava1.dll
2012-08-01 20:36:5482872----a-w-C:\Windows\System32\drivers\sbapifs.sys
2012-06-29 03:56:342312704----a-w-C:\Windows\System32\jscript9.dll
2012-06-29 03:49:111392128----a-w-C:\Windows\System32\wininet.dll
2012-06-29 03:48:071494528----a-w-C:\Windows\System32\inetcpl.cpl
2012-06-29 03:43:49173056----a-w-C:\Windows\System32\ieUnatt.exe
2012-06-29 03:39:482382848----a-w-C:\Windows\System32\mshtml.tlb
2012-06-29 00:16:581800704----a-w-C:\Windows\SysWow64\jscript9.dll
2012-06-29 00:09:011129472----a-w-C:\Windows\SysWow64\wininet.dll
2012-06-29 00:08:591427968----a-w-C:\Windows\SysWow64\inetcpl.cpl
2012-06-29 00:04:43142848----a-w-C:\Windows\SysWow64\ieUnatt.exe
2012-06-29 00:00:452382848----a-w-C:\Windows\SysWow64\mshtml.tlb
2012-06-16 01:05:0260304----a-w-C:\Users\IdHusseys\g2mdlhlpx.exe
2012-06-06 06:06:162004480----a-w-C:\Windows\System32\msxml6.dll
2012-06-06 06:06:161881600----a-w-C:\Windows\System32\msxml3.dll
2012-06-06 06:02:541133568----a-w-C:\Windows\System32\cdosys.dll
2012-06-06 05:05:521390080----a-w-C:\Windows\SysWow64\msxml6.dll
2012-06-06 05:05:521236992----a-w-C:\Windows\SysWow64\msxml3.dll
2012-06-06 05:03:06805376----a-w-C:\Windows\SysWow64\cdosys.dll
.
============= FINISH: 20:13:01.63 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 4/10/2010 2:35:09 PM
System Uptime: 9/1/2012 5:57:48 PM (3 hours ago)
.
Motherboard: Hewlett-Packard | | 363F
Processor: AMD Athlon(tm) II Dual-Core M320 | Socket S1G3 | 2094/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 219 GiB total, 150.054 GiB free.
D: is FIXED (NTFS) - 14 GiB total, 2.236 GiB free.
E: is FIXED (FAT32) - 0 GiB total, 0.092 GiB free.
F: is CDROM ()
G: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: Security Processor Loader Driver
Device ID: ROOT\LEGACY_SPLDR\0000
Manufacturer:
Name: Security Processor Loader Driver
PNP Device ID: ROOT\LEGACY_SPLDR\0000
Service: spldr
.
==== System Restore Points ===================
.
RP360: 8/28/2012 12:42:21 AM - Removed Java 7 Update 6 (64-bit)
RP361: 8/28/2012 12:49:20 AM - Installed Java 7 Update 6
RP362: 8/29/2012 10:32:06 PM - Installed Proxy Multiply
RP363: 8/30/2012 1:30:49 PM - Removed Proxy Multiply
RP364: 8/31/2012 5:36:32 PM - Windows Update
RP365: 8/31/2012 7:32:13 PM - Configured Power2Go
RP366: 8/31/2012 7:34:47 PM - Configured PowerDirector
RP367: 8/31/2012 7:44:01 PM - Removed Fresh Proxy Scraper.
RP368: 8/31/2012 7:45:03 PM - Removed iTunes
RP369: 8/31/2012 7:45:58 PM - Removed Microsoft Silverlight
RP370: 8/31/2012 7:46:38 PM - Removed muvee Reveal
RP371: 8/31/2012 7:51:35 PM - Removed iTunes
.
==== Installed Programs ======================
.
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.4)
Adobe Shockwave Player
Adobe Shockwave Player 11.6
Amazon Kindle
AMD USB Filter Driver
Apple Application Support
Apple Software Update
Atheros Driver Installation Program
AVS Audio Converter 7
AVS Audio Editor 7.1
AVS Audio Recorder version 4.0
AVS Cover Editor 2.0.1.3
AVS Disc Creator 5
AVS Document Converter 2.1.2
AVS DVD Copy version 4.1.2
AVS Screen Capture version 2.0.1
AVS Update Manager 1.0
AVS Video Converter 8
AVS Video Editor 6
AVS Video Recorder 2.4
AVS Video ReMaker 4.0.8.140
AVS4YOU Software Navigator 1.4
BacklinkTopia
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Compatibility Pack for the 2007 Office system
CurationSoft
D3DX10
Directory Submitter 1.0.29
Dropbox
FileZilla Client 3.5.3
FreeMind
GFX Video Writer
GFX Writer
GIMP 2.6.11
Google Chrome
GoToMeeting 5.2.0.952
Hewlett-Packard ACLM.NET v1.1.0.0
HMA! Pro VPN 2.6.9
HP Customer Experience Enhancements
HP Product Detection
HP Update
HP User Guides 0148
HP Wireless Assistant
IDT Audio
Image Crusher
Jigs@w Puzzle Promo Creator 2.1
Junk Mail filter update
jZip
LastPass (uninstall only)
LightScribe System Software
Magic Article Rewriter
Magic Article Submitter
Magic Rank Tracker version 2.7
Magic Tokens Database 2.0
Malwarebytes Anti-Malware version 1.62.0.1300
Market Samurai
MarketMeSuite
Mesh Runtime
Messenger Companion
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server Compact 3.5 SP1 English
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft WSE 3.0
Mozilla Firefox 14.0.1 (x86 en-US)
Mozilla Maintenance Service
MP3 Skype Recorder
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NP Checker
OpenOffice.org 3.4.1
PAD SubmitWorker 1.2
PDF2EXE 3.0
PressBot
QuickTime
Realtek 8136 8168 8169 Ethernet Driver
Realtek USB 2.0 Card Reader
Recovery Manager
RSSBot
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
SEO PowerSuite
SERPAttacks
SERPAttacks Video Tutorial
Skype™ 5.8
swMSM
The 5 Bucks a Day Action Enforcer
Tracker
Unity Web Player
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
VideoBot
VIPRE Antivirus
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Xenu's Link Sleuth
XMind
.
==== Event Viewer Messages From Past Week ========
.
9/1/2012 7:05:53 AM, Error: Service Control Manager [7043] - The Windows Update service did not shut down properly after receiving a preshutdown control.
9/1/2012 5:58:31 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
9/1/2012 5:58:30 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
9/1/2012 5:58:28 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
9/1/2012 5:58:25 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
9/1/2012 5:58:25 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
9/1/2012 5:58:22 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
9/1/2012 5:58:16 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
9/1/2012 5:58:10 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC discache NetBIOS NetBT nsiproxy Psched rdbss spldr tdx vwififlt Wanarpv6 WfpLwf
9/1/2012 5:58:05 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
9/1/2012 5:58:05 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
9/1/2012 5:58:05 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
9/1/2012 5:58:05 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
9/1/2012 5:58:05 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
9/1/2012 5:58:05 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
9/1/2012 5:58:05 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
9/1/2012 5:58:05 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
9/1/2012 5:58:05 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
9/1/2012 5:58:05 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
9/1/2012 5:02:50 PM, Error: Microsoft-Windows-WMPNSS-Service [14346] - A new media server was not initialized because RegisterRunningDevice() encountered error '0x80070005'. Restart your computer, and then restart the WMPNetworkSvc service.
9/1/2012 5:01:24 PM, Error: atikmdag [52236] - CPLIB :: General - Invalid Parameter
9/1/2012 4:58:55 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
9/1/2012 3:49:31 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
9/1/2012 3:42:23 PM, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\system32\athihvs.dll Error Code: 21
9/1/2012 3:42:07 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache spldr Wanarpv6
8/31/2012 8:02:43 PM, Error: Service Control Manager [7001] - The MBAMService service depends on the MBAMProtector service which failed to start because of the following error: The system cannot find the file specified.
8/31/2012 8:02:43 PM, Error: Service Control Manager [7000] - The MBAMProtector service failed to start due to the following error: The system cannot find the file specified.
8/31/2012 6:21:12 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
8/31/2012 6:06:51 PM, Error: Microsoft-Windows-Directory-Services-SAM [12291] - SAM failed to start the TCP/IP or SPX/IPX listening thread
8/31/2012 6:05:48 PM, Error: Service Control Manager [7023] - The Peer Name Resolution Protocol service terminated with the following error: Access is denied.
8/31/2012 6:05:48 PM, Error: Service Control Manager [7001] - The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error: Access is denied.
8/31/2012 6:05:48 PM, Error: Microsoft-Windows-PNRPSvc [102] - The Peer Name Resolution Protocol cloud did not start because the creation of the default identity failed with error code: 0x80070005.
8/28/2012 6:38:05 PM, Error: ACPI [13] - : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly.
.
==== End Of File ===========================