Tom Clindaniel
Posts: 25 +0
Good afternoon,
Your forum was very helpful a year ago when I got infected and I am now back with another issue. MSE continually detects a threat called Win32/Hoicfh.A but cannot clear it once and for all. I have also ran MAM and it detects a file threat called "C:\msr5.exe" but after a reboot that same file shows up again. I sure could use your help and expertise again...please ! My logs are pasted below for your use...
**********MAM LOG*************
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org
Database version: v2012.07.18.06
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Tom :: TOM-LAPTOP [administrator]
7/18/2012 11:09:27 AM
mbam-log-2012-07-18 (11-09-27).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 252739
Time elapsed: 6 minute(s), 31 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 1
C:\msr5.exe (Trojan.Lethic) -> Quarantined and deleted successfully.
(end)
**********GMER LOG***************
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-07-18 13:38:40
Windows 6.1.7601 Service Pack 1
Running: tikbv54r.exe
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x63 0xF4 0x71 0x76 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x63 0xF4 0x71 0x76 ...
---- EOF - GMER 1.0.15 ----
**********DDS DDS LOG***************
.DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 10.5.1
Run by Tom at 13:39:40 on 2012-07-18
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2003.896 [GMT -4:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Jungle Disk Workgroup\JungleDiskWorkgroup.exe
C:\Windows\system32\lxdncoms.exe
c:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\sqlservr.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\Sun\Java\bin\javaw.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Windows\system32\conhost.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Windows\Sun\Java\bin\javaw.exe
C:\Windows\Sun\Java\bin\javaw.exe
C:\Windows\SysWOW64\{71.74.95.131}\4d8d0f4
C:\Windows\system32\wuauclt.exe
C:\Windows\Sun\Java\bin\javaw.exe
C:\Windows\Sun\Java\bin\javaw.exe
C:\Windows\Sun\Java\bin\javaw.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.cnn.com/
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Virtual Storage Mount Notification: {5ff49fe8-b332-4cb9-b102-fb6951629e55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
uRun: [null-4d8d0ec] C:\Windows\Sun\Java\bin\javaw.exe -jar C:\Windows\config\systemprofile\AppData\Local\Google\Update\Manifest\Initial\2bcb978e3a0
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [4d8d0ec] C:\Windows\Sun\Java\bin\javaw.exe -jar C:\Windows\config\systemprofile\AppData\Local\Google\Update\Manifest\Initial\2bcb978e3a33
mRun: [Intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe startup
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab
DPF: {983A9C21-8207-4B58-BBB8-0EBC3D7C5505} - hxxps://my-remote.johnsoncontrols.com/https/jwimkns9.na.jci.com/dwa8W.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://my.ohiohealth.com/dana-cached/sc/JuniperSetupClient.cab
TCP: DhcpNameServer = 10.0.0.1
TCP: Interfaces\{F3792406-77F2-4AA7-BC9A-7273B3D1CF73} : DhcpNameServer = 10.0.0.1
TCP: Interfaces\{F3792406-77F2-4AA7-BC9A-7273B3D1CF73}\0516E6562716 : DhcpNameServer = 208.67.222.222 208.67.220.220
TCP: Interfaces\{F3792406-77F2-4AA7-BC9A-7273B3D1CF73}\14E64627F69646455647865627 : DhcpNameServer = 192.168.3.254
TCP: Interfaces\{F3792406-77F2-4AA7-BC9A-7273B3D1CF73}\241637479616E6C4B4E4 : DhcpNameServer = 10.0.0.1
TCP: Interfaces\{F3792406-77F2-4AA7-BC9A-7273B3D1CF73}\245736B637 : DhcpNameServer = 192.168.1.1 209.18.47.61 209.18.47.62
TCP: Interfaces\{F3792406-77F2-4AA7-BC9A-7273B3D1CF73}\261637479616E6D6E636 : DhcpNameServer = 10.0.0.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll
STS: Virtual Storage Mount Notification: {5ff49fe8-b332-4cb9-b102-fb6951629e55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Virtual Storage Mount Notification: {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll
BHO-X64: Virtual Storage Mount Notification - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
BHO-X64: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: SmartSelect - No File
TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
mRun-x64: [Intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe startup
mRun-x64: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun-x64: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun-x64: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
mRun-x64: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
mRun-x64: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
mRun-x64: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
IE-X64: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe
SSODL-X64: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll
STS-X64: Virtual Storage Mount Notification: {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R1 cbfs3;cbfs3;\??\C:\Windows\system32\drivers\cbfs3.sys --> C:\Windows\system32\drivers\cbfs3.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]
R2 JungleDiskWorkgroupService;JungleDiskWorkgroupService;C:\Program Files\Jungle Disk Workgroup\JungleDiskWorkgroup.exe [2011-5-17 9769800]
R2 lxdn_device;lxdn_device;C:\Windows\system32\lxdncoms.exe -service --> C:\Windows\system32\lxdncoms.exe -service [?]
R3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
R3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
R3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-1-16 136176]
S2 Sentinel64;Sentinel64;C:\Windows\system32\Drivers\Sentinel64.sys --> C:\Windows\system32\Drivers\Sentinel64.sys [?]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-5-5 250056]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-1-16 136176]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696]
S3 SNTUSB64;SafeNet USB SuperPro/UltraPro/HardwareKey;C:\Windows\system32\DRIVERS\SNTUSB64.SYS --> C:\Windows\system32\DRIVERS\SNTUSB64.SYS [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam64.sys --> C:\Windows\system32\DRIVERS\wdcsam64.sys [?]
S3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files (x86)\Microsoft SQL Server\100\Shared\sqladhlp.exe [2010-4-3 44896]
.
=============== Created Last 30 ================
.
2012-07-18 16:19:41607260----a-w-C:\Users\Tom\dds.scr
2012-07-18 15:22:100----a-w-C:\msr5.exe
2012-07-18 15:18:2669000----a-w-C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{07B6D11E-59BA-44CF-9559-855F44A72C67}\offreg.dll
2012-07-18 12:15:30--------d-----w-C:\Program Files\Enigma Software Group
2012-07-18 12:13:45--------d-----w-C:\Windows\F896D02690164122B9BD957FF092FFE9.TMP
2012-07-18 12:13:33--------d-----w-C:\Program Files (x86)\Common Files\Wise Installation Wizard
2012-07-18 12:01:279133488----a-w-C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{07B6D11E-59BA-44CF-9559-855F44A72C67}\mpengine.dll
2012-07-18 10:56:579133488----a-w-C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-07-18 01:46:52--------d-----w-C:\Users\Tom\AppData\Local\Temp
2012-07-18 01:10:27--------d-----w-C:\Users\Tom\AppData\Local\LogMeIn Rescue Applet
2012-07-18 00:40:37--------d-----w-C:\Users\Tom\AppData\Roaming\SpeedyPC Software
2012-07-18 00:40:37--------d-----w-C:\Users\Tom\AppData\Roaming\DriverCure
2012-07-18 00:40:09--------d-----w-C:\ProgramData\SpeedyPC Software
2012-07-16 14:28:193148800----a-w-C:\Windows\System32\win32k.sys
2012-07-16 13:37:03210944----a-w-C:\Windows\System32\drivers\rdpwd.sys
2012-07-16 13:35:58451072----a-w-C:\Program Files\Internet Explorer\ieproxy.dll
2012-07-16 13:34:59225280----a-w-C:\Windows\SysWow64\schannel.dll
2012-07-16 13:34:5895600----a-w-C:\Windows\System32\drivers\ksecdd.sys
2012-07-16 13:34:5596768----a-w-C:\Windows\SysWow64\sspicli.dll
2012-07-16 13:34:5522016----a-w-C:\Windows\SysWow64\secur32.dll
2012-07-16 13:32:189216----a-w-C:\Windows\System32\rdrmemptylst.exe
2012-07-16 13:32:1877312----a-w-C:\Windows\System32\rdpwsx.dll
2012-07-16 13:32:18149504----a-w-C:\Windows\System32\rdpcorekmts.dll
2012-07-16 13:32:021462272----a-w-C:\Windows\System32\crypt32.dll
2012-07-16 13:32:011158656----a-w-C:\Windows\SysWow64\crypt32.dll
2012-07-16 13:32:00184320----a-w-C:\Windows\System32\cryptsvc.dll
2012-07-16 13:32:00140288----a-w-C:\Windows\SysWow64\cryptsvc.dll
2012-07-16 13:32:00140288----a-w-C:\Windows\System32\cryptnet.dll
2012-07-16 13:32:00103936----a-w-C:\Windows\SysWow64\cryptnet.dll
2012-07-16 11:14:18--------d-----w-C:\Program Files (x86)\Oracle
2012-07-15 14:00:3154784----a-w-C:\Windows\System32\lsassr.exe
2012-07-12 12:26:509226440----a-w-C:\Windows\SysWow64\FlashPlayerInstaller.exe
2012-07-04 19:06:41--------d--h--w-C:\Windows\SysWow64\{71.74.95.131}
2012-07-04 16:56:30927800------w-C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{1ACA8E6C-DD25-4663-BBFF-C5297E44762B}\gapaengine.dll
2012-06-19 10:12:152622464----a-w-C:\Windows\System32\wucltux.dll
2012-06-19 10:11:5799840----a-w-C:\Windows\System32\wudriver.dll
2012-06-19 10:11:1936864----a-w-C:\Windows\System32\wuapp.exe
2012-06-19 10:11:19186752----a-w-C:\Windows\System32\wuwebv.dll
.
==================== Find3M ====================
.
2012-07-12 12:27:4770344----a-w-C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-12 12:27:47426184----a-w-C:\Windows\SysWow64\FlashPlayerApp.exe
2012-07-06 02:06:30772544----a-w-C:\Windows\SysWow64\npDeployJava1.dll
2012-07-06 02:06:20687544----a-w-C:\Windows\SysWow64\deployJava1.dll
2012-07-04 19:06:339520---ha-w-C:\Windows\SysWow64\vaultcps.dll
2012-07-03 17:46:4424904----a-w-C:\Windows\System32\drivers\mbam.sys
2012-06-06 06:06:162004480----a-w-C:\Windows\System32\msxml6.dll
2012-06-06 06:06:161881600----a-w-C:\Windows\System32\msxml3.dll
2012-06-06 06:02:541133568----a-w-C:\Windows\System32\cdosys.dll
2012-06-06 05:05:521390080----a-w-C:\Windows\SysWow64\msxml6.dll
2012-06-06 05:05:521236992----a-w-C:\Windows\SysWow64\msxml3.dll
2012-06-06 05:03:06805376----a-w-C:\Windows\SysWow64\cdosys.dll
2012-06-02 05:50:10458704----a-w-C:\Windows\System32\drivers\cng.sys
2012-06-02 05:48:16151920----a-w-C:\Windows\System32\drivers\ksecpkg.sys
2012-06-02 05:45:31340992----a-w-C:\Windows\System32\schannel.dll
2012-06-02 05:44:21307200----a-w-C:\Windows\System32\ncrypt.dll
2012-06-02 04:39:10219136----a-w-C:\Windows\SysWow64\ncrypt.dll
2012-05-31 16:25:12279656------w-C:\Windows\System32\MpSigStub.exe
2012-05-15 04:01:311188864----a-w-C:\Windows\System32\wininet.dll
2012-05-15 03:03:54981504----a-w-C:\Windows\SysWow64\wininet.dll
2012-05-05 11:45:11955848----a-w-C:\Windows\System32\npDeployJava1.dll
2012-05-05 11:45:11839112----a-w-C:\Windows\System32\deployJava1.dll
2012-05-04 11:06:225559664----a-w-C:\Windows\System32\ntoskrnl.exe
2012-05-04 10:03:533968368----a-w-C:\Windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03:503913072----a-w-C:\Windows\SysWow64\ntoskrnl.exe
2012-04-20 03:45:411638912----a-w-C:\Windows\System32\mshtml.tlb
2012-04-20 03:16:441638912----a-w-C:\Windows\SysWow64\mshtml.tlb
.
============= FINISH: 13:40:18.02 ===============
**********DDS ATTACH LOG***************
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 9/22/2010 6:31:53 PM
System Uptime: 7/18/2012 11:17:54 AM (2 hours ago)
.
Motherboard: Dell Inc. | | 0D695C
Processor: Intel(R) Celeron(R) CPU 900 @ 2.20GHz | Microprocessor | 2194/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 149 GiB total, 87.346 GiB free.
D: is CDROM ()
J: is Removable
K: is Removable
L: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Cisco Systems VPN Adapter for 64-bit Windows
Device ID: ROOT\NET\0000
Manufacturer: Cisco Systems
Name: Cisco Systems VPN Adapter for 64-bit Windows
PNP Device ID: ROOT\NET\0000
Service: CVirtA
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: Sentinel64
Device ID: ROOT\LEGACY_SENTINEL64\0000
Manufacturer:
Name: Sentinel64
PNP Device ID: ROOT\LEGACY_SENTINEL64\0000
Service: Sentinel64
.
==== System Restore Points ===================
.
RP170: 7/8/2012 12:43:54 PM - Windows Update
RP171: 7/12/2012 8:38:02 AM - Windows Update
RP172: 7/15/2012 10:55:26 AM - Windows Update
RP173: 7/16/2012 7:11:32 AM - Installed Java(TM) 7 Update 5
RP174: 7/16/2012 7:13:32 AM - Removed JavaFX 2.1.0
RP175: 7/16/2012 7:14:02 AM - Installed JavaFX 2.1.1
RP176: 7/16/2012 9:37:51 AM - Windows Update
RP177: 7/17/2012 9:15:07 PM - SpeedyPC Pro Backup
RP178: 7/17/2012 9:43:21 PM - SpeedyPC Pro Backup
RP179: 7/18/2012 8:14:16 AM - Installed SpyHunter
RP180: 7/18/2012 10:46:54 AM - Removed SpyHunter
RP181: 7/18/2012 10:50:20 AM - Removed Aspect Viewer
RP182: 7/18/2012 10:53:28 AM - Removed MP3 Rocket Toolbar.
RP183: 7/18/2012 10:54:05 AM - Removed Realtime Landscaping Architect 2 Trial
RP184: 7/18/2012 10:56:56 AM - Removed NBPro.
RP185: 7/18/2012 10:59:27 AM - Removed Sentinel System Driver Installer 7.5.0
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
Adobe Acrobat 9 Pro - English, Français, Deutsch
Adobe After Effects CS4 Third Party Content
Adobe AIR
Adobe Anchor Service CS4
Adobe Bridge CS4
Adobe CMaps CS4
Adobe Creative Suite 4 Master Collection
Adobe CSI CS4
Adobe Default Language CS4
Adobe Dreamweaver CS4
Adobe Encore CS4 Codecs
Adobe ExtendScript Toolkit CS4
Adobe Flash Player 11 ActiveX
Adobe Media Encoder CS4 Exporter
Adobe Media Encoder CS4 Importer
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Premiere Pro CS4 Third Party Content
Adobe Reader X (10.1.1)
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe Shockwave Player 11.6
Adobe Soundbooth CS4 Codecs
Adobe Type Support CS4
Adobe Update Manager CS4
Adobe XMP Panels CS4
Apple Application Support
Apple Software Update
BlackBerry Device Software Updater
CoffeeCup Free DHTML Menu Builder
Connect
Customer License Upgrade Utility
ESET Online Scanner v3
FileZilla Client 3.5.0
GDR 1617 for SQL Server 2008 R2 (KB2494088)
GO Contact Sync
Google Calendar Sync
Google Chrome
Google Earth
Google Talk Plugin
Google Update Helper
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946040)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946308)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946344)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947540)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947789)
HP Officejet 7500 E910 Help
HP Update
I.R.I.S. OCR
Intuit SiteBuilder
Java Auto Updater
Java(TM) 6 Update 16
Java(TM) 7 Update 5
JavaFX 2.1.1
Juniper Networks Host Checker
Juniper Networks Network Connect 6.5.0
Juniper Networks Setup Client
kuler
Malwarebytes Anti-Malware version 1.62.0.1300
Marketsplash Shortcuts
Metasys CCT 5.1.0.4400
Microsoft Application Error Reporting
Microsoft Default Manager
Microsoft Office 2007 Primary Interop Assemblies
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Report Viewer Redistributable 2008 (KB971119)
Microsoft Report Viewer Redistributable 2008 SP1
Microsoft Silverlight
Microsoft SQL Server 2008 R2
Microsoft SQL Server 2008 R2 Policies
Microsoft SQL Server 2008 R2 RsFx Driver
Microsoft SQL Server 2008 R2 Setup (English)
Microsoft SQL Server 2008 Setup Support Files
Microsoft SQL Server Browser
Microsoft SQL Server Compact 3.5 SP2 ENU
Microsoft SQL Server Compact 3.5 SP2 Query Tools ENU
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual J# 2.0 Redistributable Package
Microsoft Visual Studio 2005 Tools for Office Runtime
Microsoft Visual Studio Tools for Applications 2.0 - ENU
Microsoft XML Parser
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
Photoshop Camera Raw
PokerStars
QuickTime
RICOH Media Driver ver.2.07.01.01
RICOH R5C83x/84x Media Driver Ver.3.53.02
Roblox
Safari
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft Office 2007 suites (KB2596666) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2596786) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition
SQL Server 2008 R2 Common Files
SQL Server 2008 R2 Database Engine Services
SQL Server 2008 R2 Database Engine Shared
SQL Server 2008 R2 Management Studio
Sql Server Customer Experience Improvement Program
Suite Shared Configuration CS4
swMSM
Unity Web Player
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687310) 32-Bit Edition
Web Studio 5.0
WinRAR 4.00 (32-bit)
.
==== Event Viewer Messages From Past Week ========
.
7/18/2012 8:10:16 AM, Error: Service Control Manager [7031] - The Microsoft Antimalware Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 15000 milliseconds: Restart the service.
7/18/2012 8:02:16 AM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?lin...:Java/CVE-2012-0507.D!ldr&threatid=2147655409 Name: Exploit:Java/CVE-2012-0507.D!ldr ID: 2147655409 Severity: Severe Category: Exploit Path: containerfile:_C:\Users\Tom\Downloads\FX4.0.zip;file:_C:\Users\Tom\Downloads\FX4.0.zip->LP-FXTSPDEM/dist/3.6.31/nre-config-linux-x86.dist->lib/editions/j2se-headless/rt.jar->sun/security/provider/PolicyFile.class;file:_C:\Users\Tom\Downloads\FX4.0.zip->LP-FXTSPDEM/dist/3.6.31/nre-config-win-x64.dist->lib/editions/j2se-headless/rt.jar->sun/security/provider/PolicyFile.class Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: Unknown Action: Quarantine Action Status: No additional actions required Error Code: 0x80070021 Error description: The process cannot access the file because another process has locked a portion of the file. Signature Version: AV: 1.131.96.0, AS: 1.131.96.0, NIS: 11.159.0.0 Engine Version: AM: 1.1.8601.0, NIS: 2.0.8001.0
7/18/2012 11:18:34 AM, Error: Service Control Manager [7023] - The Windows Defender service terminated with the following error: The specified module could not be found.
7/18/2012 11:18:19 AM, Error: Service Control Manager [7000] - The Sentinel64 service failed to start due to the following error: The system cannot find the device specified.
7/18/2012 11:18:08 AM, Error: Microsoft-Windows-Kernel-Processor-Power [35] - Performance power management features on processor 0 in group 0 are disabled due to a firmware problem. Check with the computer manufacturer for updated firmware.
7/18/2012 10:46:15 AM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?lin...Downloader:Win32/Hoicfh.A&threatid=2147645627 Name: TrojanDownloader:Win32/Hoicfh.A ID: 2147645627 Severity: Severe Category: Trojan Downloader Path: containerfile:_C:\Users\Tom\AppData\Local\Temp\IXP000.TMP\compressed.exe;file:_C:\Users\Tom\AppData\Local\Temp\IXP000.TMP\compressed.exe->(UPX) Detection Origin: Local machine Detection Type: Concrete Detection Source: Real-Time Protection User: NT AUTHORITY\SYSTEM Process Name: C:\msr5.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x80070002 Error description: The system cannot find the file specified. Signature Version: AV: 1.131.132.0, AS: 1.131.132.0, NIS: 11.159.0.0 Engine Version: AM: 1.1.8601.0, NIS: 2.0.8001.0
7/17/2012 9:54:54 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
7/17/2012 8:29:15 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?lin...Downloader:Win32/Hoicfh.A&threatid=2147645627 Name: TrojanDownloader:Win32/Hoicfh.A ID: 2147645627 Severity: Severe Category: Trojan Downloader Path: containerfile:_C:\Users\Tom\AppData\Local\Temp\IXP000.TMP\compressed.exe;file:_C:\Users\Tom\AppData\Local\Temp\IXP000.TMP\compressed.exe->(UPX) Detection Origin: Local machine Detection Type: Concrete Detection Source: Real-Time Protection User: NT AUTHORITY\SYSTEM Process Name: C:\msr5.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x80070002 Error description: The system cannot find the file specified. Signature Version: AV: 1.131.96.0, AS: 1.131.96.0, NIS: 11.159.0.0 Engine Version: AM: 1.1.8601.0, NIS: 2.0.8001.0
7/17/2012 7:11:24 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?lin...Downloader:Win32/Hoicfh.A&threatid=2147645627 Name: TrojanDownloader:Win32/Hoicfh.A ID: 2147645627 Severity: Severe Category: Trojan Downloader Path: containerfile:_C:\Users\Tom\AppData\Local\Temp\IXP000.TMP\compressed.exe;file:_C:\Users\Tom\AppData\Local\Temp\IXP000.TMP\compressed.exe->(UPX) Detection Origin: Local machine Detection Type: Concrete Detection Source: Real-Time Protection User: NT AUTHORITY\SYSTEM Process Name: C:\msr5.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x80070002 Error description: The system cannot find the file specified. Signature Version: AV: 1.131.53.0, AS: 1.131.53.0, NIS: 11.159.0.0 Engine Version: AM: 1.1.8601.0, NIS: 2.0.8001.0
7/17/2012 6:01:44 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
7/17/2012 6:01:37 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
7/17/2012 6:01:37 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
7/17/2012 6:01:34 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
7/17/2012 6:01:26 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
7/17/2012 6:01:21 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD cbfs3 DfsC discache MpFilter NetBIOS NetBT nsiproxy Psched rdbss spldr sptd tdx vwififlt Wanarpv6 WfpLwf ws2ifsl
7/17/2012 6:01:21 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service TermService with arguments "" in order to run the server: {F9A874B6-F8A8-4D73-B5A8-AB610816828B}
7/17/2012 6:01:20 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
7/17/2012 6:01:20 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
7/17/2012 6:01:20 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
7/17/2012 6:01:20 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
7/17/2012 6:01:20 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
7/17/2012 6:01:20 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
7/17/2012 6:01:20 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
7/17/2012 6:01:20 PM, Error: Service Control Manager [7001] - The Network Connections service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
7/17/2012 6:01:20 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
7/17/2012 6:01:20 PM, Error: Service Control Manager [7001] - The HomeGroup Listener service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
7/17/2012 6:01:20 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
7/17/2012 6:01:20 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
7/17/2012 6:01:20 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
7/17/2012 6:00:57 PM, Error: sptd [4] - Driver detected an internal error in its data structures for .
7/17/2012 4:25:54 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the lmhosts service.
7/17/2012 4:25:54 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the hidserv service.
7/17/2012 10:28:29 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?lin...:Java/CVE-2012-0507.D!ldr&threatid=2147655409 Name: Exploit:Java/CVE-2012-0507.D!ldr ID: 2147655409 Severity: Severe Category: Exploit Path: containerfile:_C:\Users\Tom\Downloads\FX4.0.zip;file:_C:\Users\Tom\Downloads\FX4.0.zip->LP-FXTSPDEM/dist/3.6.31/nre-config-linux-x86.dist->lib/editions/j2se-headless/rt.jar->sun/security/provider/PolicyFile.class;file:_C:\Users\Tom\Downloads\FX4.0.zip->LP-FXTSPDEM/dist/3.6.31/nre-config-win-x64.dist->lib/editions/j2se-headless/rt.jar->sun/security/provider/PolicyFile.class Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: Unknown Action: Quarantine Action Status: No additional actions required Error Code: 0x80070021 Error description: The process cannot access the file because another process has locked a portion of the file. Signature Version: AV: 1.131.96.0, AS: 1.131.96.0, NIS: 11.159.0.0 Engine Version: AM: 1.1.8601.0, NIS: 2.0.8001.0
7/17/2012 10:12:32 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the wlidsvc service.
7/17/2012 10:12:32 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
7/16/2012 9:56:30 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Windows Defender - KB915597 (Definition 1.129.1589.0).
7/16/2012 9:00:51 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.129.1723.0 Update Source: Microsoft Update Server Update Stage: Install Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8502.0 Error code: 0x8024001e Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
7/16/2012 6:55:29 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.
7/16/2012 6:53:53 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.
7/16/2012 10:14:09 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Wlansvc service.
7/14/2012 9:39:46 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the RasMan service.
7/13/2012 3:31:06 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the SQL Server (MSSQLSERVER) service to connect.
7/13/2012 3:31:06 PM, Error: Service Control Manager [7000] - The SQL Server (MSSQLSERVER) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
7/13/2012 12:49:47 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service gupdate with arguments "/comsvc" in order to run the server: {4EB61BAC-A3B6-4760-9581-655041EF4D69}
7/13/2012 12:49:45 AM, Error: Service Control Manager [7000] - The Google Update Service (gupdate) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
7/13/2012 12:49:43 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Google Update Service (gupdate) service to connect.
7/13/2012 12:45:04 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the LanmanServer service.
7/11/2012 10:43:16 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the dsNcService service.
.
==== End Of File ===========================
Your forum was very helpful a year ago when I got infected and I am now back with another issue. MSE continually detects a threat called Win32/Hoicfh.A but cannot clear it once and for all. I have also ran MAM and it detects a file threat called "C:\msr5.exe" but after a reboot that same file shows up again. I sure could use your help and expertise again...please ! My logs are pasted below for your use...
**********MAM LOG*************
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org
Database version: v2012.07.18.06
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Tom :: TOM-LAPTOP [administrator]
7/18/2012 11:09:27 AM
mbam-log-2012-07-18 (11-09-27).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 252739
Time elapsed: 6 minute(s), 31 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 1
C:\msr5.exe (Trojan.Lethic) -> Quarantined and deleted successfully.
(end)
**********GMER LOG***************
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-07-18 13:38:40
Windows 6.1.7601 Service Pack 1
Running: tikbv54r.exe
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x63 0xF4 0x71 0x76 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x63 0xF4 0x71 0x76 ...
---- EOF - GMER 1.0.15 ----
**********DDS DDS LOG***************
.DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 10.5.1
Run by Tom at 13:39:40 on 2012-07-18
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2003.896 [GMT -4:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Jungle Disk Workgroup\JungleDiskWorkgroup.exe
C:\Windows\system32\lxdncoms.exe
c:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\sqlservr.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\Sun\Java\bin\javaw.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Windows\system32\conhost.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Windows\Sun\Java\bin\javaw.exe
C:\Windows\Sun\Java\bin\javaw.exe
C:\Windows\SysWOW64\{71.74.95.131}\4d8d0f4
C:\Windows\system32\wuauclt.exe
C:\Windows\Sun\Java\bin\javaw.exe
C:\Windows\Sun\Java\bin\javaw.exe
C:\Windows\Sun\Java\bin\javaw.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.cnn.com/
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Virtual Storage Mount Notification: {5ff49fe8-b332-4cb9-b102-fb6951629e55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
uRun: [null-4d8d0ec] C:\Windows\Sun\Java\bin\javaw.exe -jar C:\Windows\config\systemprofile\AppData\Local\Google\Update\Manifest\Initial\2bcb978e3a0
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [4d8d0ec] C:\Windows\Sun\Java\bin\javaw.exe -jar C:\Windows\config\systemprofile\AppData\Local\Google\Update\Manifest\Initial\2bcb978e3a33
mRun: [Intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe startup
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab
DPF: {983A9C21-8207-4B58-BBB8-0EBC3D7C5505} - hxxps://my-remote.johnsoncontrols.com/https/jwimkns9.na.jci.com/dwa8W.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://my.ohiohealth.com/dana-cached/sc/JuniperSetupClient.cab
TCP: DhcpNameServer = 10.0.0.1
TCP: Interfaces\{F3792406-77F2-4AA7-BC9A-7273B3D1CF73} : DhcpNameServer = 10.0.0.1
TCP: Interfaces\{F3792406-77F2-4AA7-BC9A-7273B3D1CF73}\0516E6562716 : DhcpNameServer = 208.67.222.222 208.67.220.220
TCP: Interfaces\{F3792406-77F2-4AA7-BC9A-7273B3D1CF73}\14E64627F69646455647865627 : DhcpNameServer = 192.168.3.254
TCP: Interfaces\{F3792406-77F2-4AA7-BC9A-7273B3D1CF73}\241637479616E6C4B4E4 : DhcpNameServer = 10.0.0.1
TCP: Interfaces\{F3792406-77F2-4AA7-BC9A-7273B3D1CF73}\245736B637 : DhcpNameServer = 192.168.1.1 209.18.47.61 209.18.47.62
TCP: Interfaces\{F3792406-77F2-4AA7-BC9A-7273B3D1CF73}\261637479616E6D6E636 : DhcpNameServer = 10.0.0.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll
STS: Virtual Storage Mount Notification: {5ff49fe8-b332-4cb9-b102-fb6951629e55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Virtual Storage Mount Notification: {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll
BHO-X64: Virtual Storage Mount Notification - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
BHO-X64: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: SmartSelect - No File
TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
mRun-x64: [Intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe startup
mRun-x64: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun-x64: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun-x64: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
mRun-x64: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
mRun-x64: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
mRun-x64: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
IE-X64: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe
SSODL-X64: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll
STS-X64: Virtual Storage Mount Notification: {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R1 cbfs3;cbfs3;\??\C:\Windows\system32\drivers\cbfs3.sys --> C:\Windows\system32\drivers\cbfs3.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]
R2 JungleDiskWorkgroupService;JungleDiskWorkgroupService;C:\Program Files\Jungle Disk Workgroup\JungleDiskWorkgroup.exe [2011-5-17 9769800]
R2 lxdn_device;lxdn_device;C:\Windows\system32\lxdncoms.exe -service --> C:\Windows\system32\lxdncoms.exe -service [?]
R3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
R3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
R3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-1-16 136176]
S2 Sentinel64;Sentinel64;C:\Windows\system32\Drivers\Sentinel64.sys --> C:\Windows\system32\Drivers\Sentinel64.sys [?]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-5-5 250056]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-1-16 136176]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696]
S3 SNTUSB64;SafeNet USB SuperPro/UltraPro/HardwareKey;C:\Windows\system32\DRIVERS\SNTUSB64.SYS --> C:\Windows\system32\DRIVERS\SNTUSB64.SYS [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam64.sys --> C:\Windows\system32\DRIVERS\wdcsam64.sys [?]
S3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files (x86)\Microsoft SQL Server\100\Shared\sqladhlp.exe [2010-4-3 44896]
.
=============== Created Last 30 ================
.
2012-07-18 16:19:41607260----a-w-C:\Users\Tom\dds.scr
2012-07-18 15:22:100----a-w-C:\msr5.exe
2012-07-18 15:18:2669000----a-w-C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{07B6D11E-59BA-44CF-9559-855F44A72C67}\offreg.dll
2012-07-18 12:15:30--------d-----w-C:\Program Files\Enigma Software Group
2012-07-18 12:13:45--------d-----w-C:\Windows\F896D02690164122B9BD957FF092FFE9.TMP
2012-07-18 12:13:33--------d-----w-C:\Program Files (x86)\Common Files\Wise Installation Wizard
2012-07-18 12:01:279133488----a-w-C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{07B6D11E-59BA-44CF-9559-855F44A72C67}\mpengine.dll
2012-07-18 10:56:579133488----a-w-C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-07-18 01:46:52--------d-----w-C:\Users\Tom\AppData\Local\Temp
2012-07-18 01:10:27--------d-----w-C:\Users\Tom\AppData\Local\LogMeIn Rescue Applet
2012-07-18 00:40:37--------d-----w-C:\Users\Tom\AppData\Roaming\SpeedyPC Software
2012-07-18 00:40:37--------d-----w-C:\Users\Tom\AppData\Roaming\DriverCure
2012-07-18 00:40:09--------d-----w-C:\ProgramData\SpeedyPC Software
2012-07-16 14:28:193148800----a-w-C:\Windows\System32\win32k.sys
2012-07-16 13:37:03210944----a-w-C:\Windows\System32\drivers\rdpwd.sys
2012-07-16 13:35:58451072----a-w-C:\Program Files\Internet Explorer\ieproxy.dll
2012-07-16 13:34:59225280----a-w-C:\Windows\SysWow64\schannel.dll
2012-07-16 13:34:5895600----a-w-C:\Windows\System32\drivers\ksecdd.sys
2012-07-16 13:34:5596768----a-w-C:\Windows\SysWow64\sspicli.dll
2012-07-16 13:34:5522016----a-w-C:\Windows\SysWow64\secur32.dll
2012-07-16 13:32:189216----a-w-C:\Windows\System32\rdrmemptylst.exe
2012-07-16 13:32:1877312----a-w-C:\Windows\System32\rdpwsx.dll
2012-07-16 13:32:18149504----a-w-C:\Windows\System32\rdpcorekmts.dll
2012-07-16 13:32:021462272----a-w-C:\Windows\System32\crypt32.dll
2012-07-16 13:32:011158656----a-w-C:\Windows\SysWow64\crypt32.dll
2012-07-16 13:32:00184320----a-w-C:\Windows\System32\cryptsvc.dll
2012-07-16 13:32:00140288----a-w-C:\Windows\SysWow64\cryptsvc.dll
2012-07-16 13:32:00140288----a-w-C:\Windows\System32\cryptnet.dll
2012-07-16 13:32:00103936----a-w-C:\Windows\SysWow64\cryptnet.dll
2012-07-16 11:14:18--------d-----w-C:\Program Files (x86)\Oracle
2012-07-15 14:00:3154784----a-w-C:\Windows\System32\lsassr.exe
2012-07-12 12:26:509226440----a-w-C:\Windows\SysWow64\FlashPlayerInstaller.exe
2012-07-04 19:06:41--------d--h--w-C:\Windows\SysWow64\{71.74.95.131}
2012-07-04 16:56:30927800------w-C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{1ACA8E6C-DD25-4663-BBFF-C5297E44762B}\gapaengine.dll
2012-06-19 10:12:152622464----a-w-C:\Windows\System32\wucltux.dll
2012-06-19 10:11:5799840----a-w-C:\Windows\System32\wudriver.dll
2012-06-19 10:11:1936864----a-w-C:\Windows\System32\wuapp.exe
2012-06-19 10:11:19186752----a-w-C:\Windows\System32\wuwebv.dll
.
==================== Find3M ====================
.
2012-07-12 12:27:4770344----a-w-C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-12 12:27:47426184----a-w-C:\Windows\SysWow64\FlashPlayerApp.exe
2012-07-06 02:06:30772544----a-w-C:\Windows\SysWow64\npDeployJava1.dll
2012-07-06 02:06:20687544----a-w-C:\Windows\SysWow64\deployJava1.dll
2012-07-04 19:06:339520---ha-w-C:\Windows\SysWow64\vaultcps.dll
2012-07-03 17:46:4424904----a-w-C:\Windows\System32\drivers\mbam.sys
2012-06-06 06:06:162004480----a-w-C:\Windows\System32\msxml6.dll
2012-06-06 06:06:161881600----a-w-C:\Windows\System32\msxml3.dll
2012-06-06 06:02:541133568----a-w-C:\Windows\System32\cdosys.dll
2012-06-06 05:05:521390080----a-w-C:\Windows\SysWow64\msxml6.dll
2012-06-06 05:05:521236992----a-w-C:\Windows\SysWow64\msxml3.dll
2012-06-06 05:03:06805376----a-w-C:\Windows\SysWow64\cdosys.dll
2012-06-02 05:50:10458704----a-w-C:\Windows\System32\drivers\cng.sys
2012-06-02 05:48:16151920----a-w-C:\Windows\System32\drivers\ksecpkg.sys
2012-06-02 05:45:31340992----a-w-C:\Windows\System32\schannel.dll
2012-06-02 05:44:21307200----a-w-C:\Windows\System32\ncrypt.dll
2012-06-02 04:39:10219136----a-w-C:\Windows\SysWow64\ncrypt.dll
2012-05-31 16:25:12279656------w-C:\Windows\System32\MpSigStub.exe
2012-05-15 04:01:311188864----a-w-C:\Windows\System32\wininet.dll
2012-05-15 03:03:54981504----a-w-C:\Windows\SysWow64\wininet.dll
2012-05-05 11:45:11955848----a-w-C:\Windows\System32\npDeployJava1.dll
2012-05-05 11:45:11839112----a-w-C:\Windows\System32\deployJava1.dll
2012-05-04 11:06:225559664----a-w-C:\Windows\System32\ntoskrnl.exe
2012-05-04 10:03:533968368----a-w-C:\Windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03:503913072----a-w-C:\Windows\SysWow64\ntoskrnl.exe
2012-04-20 03:45:411638912----a-w-C:\Windows\System32\mshtml.tlb
2012-04-20 03:16:441638912----a-w-C:\Windows\SysWow64\mshtml.tlb
.
============= FINISH: 13:40:18.02 ===============
**********DDS ATTACH LOG***************
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 9/22/2010 6:31:53 PM
System Uptime: 7/18/2012 11:17:54 AM (2 hours ago)
.
Motherboard: Dell Inc. | | 0D695C
Processor: Intel(R) Celeron(R) CPU 900 @ 2.20GHz | Microprocessor | 2194/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 149 GiB total, 87.346 GiB free.
D: is CDROM ()
J: is Removable
K: is Removable
L: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Cisco Systems VPN Adapter for 64-bit Windows
Device ID: ROOT\NET\0000
Manufacturer: Cisco Systems
Name: Cisco Systems VPN Adapter for 64-bit Windows
PNP Device ID: ROOT\NET\0000
Service: CVirtA
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: Sentinel64
Device ID: ROOT\LEGACY_SENTINEL64\0000
Manufacturer:
Name: Sentinel64
PNP Device ID: ROOT\LEGACY_SENTINEL64\0000
Service: Sentinel64
.
==== System Restore Points ===================
.
RP170: 7/8/2012 12:43:54 PM - Windows Update
RP171: 7/12/2012 8:38:02 AM - Windows Update
RP172: 7/15/2012 10:55:26 AM - Windows Update
RP173: 7/16/2012 7:11:32 AM - Installed Java(TM) 7 Update 5
RP174: 7/16/2012 7:13:32 AM - Removed JavaFX 2.1.0
RP175: 7/16/2012 7:14:02 AM - Installed JavaFX 2.1.1
RP176: 7/16/2012 9:37:51 AM - Windows Update
RP177: 7/17/2012 9:15:07 PM - SpeedyPC Pro Backup
RP178: 7/17/2012 9:43:21 PM - SpeedyPC Pro Backup
RP179: 7/18/2012 8:14:16 AM - Installed SpyHunter
RP180: 7/18/2012 10:46:54 AM - Removed SpyHunter
RP181: 7/18/2012 10:50:20 AM - Removed Aspect Viewer
RP182: 7/18/2012 10:53:28 AM - Removed MP3 Rocket Toolbar.
RP183: 7/18/2012 10:54:05 AM - Removed Realtime Landscaping Architect 2 Trial
RP184: 7/18/2012 10:56:56 AM - Removed NBPro.
RP185: 7/18/2012 10:59:27 AM - Removed Sentinel System Driver Installer 7.5.0
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
Adobe Acrobat 9 Pro - English, Français, Deutsch
Adobe After Effects CS4 Third Party Content
Adobe AIR
Adobe Anchor Service CS4
Adobe Bridge CS4
Adobe CMaps CS4
Adobe Creative Suite 4 Master Collection
Adobe CSI CS4
Adobe Default Language CS4
Adobe Dreamweaver CS4
Adobe Encore CS4 Codecs
Adobe ExtendScript Toolkit CS4
Adobe Flash Player 11 ActiveX
Adobe Media Encoder CS4 Exporter
Adobe Media Encoder CS4 Importer
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Premiere Pro CS4 Third Party Content
Adobe Reader X (10.1.1)
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe Shockwave Player 11.6
Adobe Soundbooth CS4 Codecs
Adobe Type Support CS4
Adobe Update Manager CS4
Adobe XMP Panels CS4
Apple Application Support
Apple Software Update
BlackBerry Device Software Updater
CoffeeCup Free DHTML Menu Builder
Connect
Customer License Upgrade Utility
ESET Online Scanner v3
FileZilla Client 3.5.0
GDR 1617 for SQL Server 2008 R2 (KB2494088)
GO Contact Sync
Google Calendar Sync
Google Chrome
Google Earth
Google Talk Plugin
Google Update Helper
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946040)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946308)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946344)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947540)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947789)
HP Officejet 7500 E910 Help
HP Update
I.R.I.S. OCR
Intuit SiteBuilder
Java Auto Updater
Java(TM) 6 Update 16
Java(TM) 7 Update 5
JavaFX 2.1.1
Juniper Networks Host Checker
Juniper Networks Network Connect 6.5.0
Juniper Networks Setup Client
kuler
Malwarebytes Anti-Malware version 1.62.0.1300
Marketsplash Shortcuts
Metasys CCT 5.1.0.4400
Microsoft Application Error Reporting
Microsoft Default Manager
Microsoft Office 2007 Primary Interop Assemblies
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Report Viewer Redistributable 2008 (KB971119)
Microsoft Report Viewer Redistributable 2008 SP1
Microsoft Silverlight
Microsoft SQL Server 2008 R2
Microsoft SQL Server 2008 R2 Policies
Microsoft SQL Server 2008 R2 RsFx Driver
Microsoft SQL Server 2008 R2 Setup (English)
Microsoft SQL Server 2008 Setup Support Files
Microsoft SQL Server Browser
Microsoft SQL Server Compact 3.5 SP2 ENU
Microsoft SQL Server Compact 3.5 SP2 Query Tools ENU
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual J# 2.0 Redistributable Package
Microsoft Visual Studio 2005 Tools for Office Runtime
Microsoft Visual Studio Tools for Applications 2.0 - ENU
Microsoft XML Parser
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
Photoshop Camera Raw
PokerStars
QuickTime
RICOH Media Driver ver.2.07.01.01
RICOH R5C83x/84x Media Driver Ver.3.53.02
Roblox
Safari
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft Office 2007 suites (KB2596666) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2596786) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition
SQL Server 2008 R2 Common Files
SQL Server 2008 R2 Database Engine Services
SQL Server 2008 R2 Database Engine Shared
SQL Server 2008 R2 Management Studio
Sql Server Customer Experience Improvement Program
Suite Shared Configuration CS4
swMSM
Unity Web Player
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687310) 32-Bit Edition
Web Studio 5.0
WinRAR 4.00 (32-bit)
.
==== Event Viewer Messages From Past Week ========
.
7/18/2012 8:10:16 AM, Error: Service Control Manager [7031] - The Microsoft Antimalware Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 15000 milliseconds: Restart the service.
7/18/2012 8:02:16 AM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?lin...:Java/CVE-2012-0507.D!ldr&threatid=2147655409 Name: Exploit:Java/CVE-2012-0507.D!ldr ID: 2147655409 Severity: Severe Category: Exploit Path: containerfile:_C:\Users\Tom\Downloads\FX4.0.zip;file:_C:\Users\Tom\Downloads\FX4.0.zip->LP-FXTSPDEM/dist/3.6.31/nre-config-linux-x86.dist->lib/editions/j2se-headless/rt.jar->sun/security/provider/PolicyFile.class;file:_C:\Users\Tom\Downloads\FX4.0.zip->LP-FXTSPDEM/dist/3.6.31/nre-config-win-x64.dist->lib/editions/j2se-headless/rt.jar->sun/security/provider/PolicyFile.class Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: Unknown Action: Quarantine Action Status: No additional actions required Error Code: 0x80070021 Error description: The process cannot access the file because another process has locked a portion of the file. Signature Version: AV: 1.131.96.0, AS: 1.131.96.0, NIS: 11.159.0.0 Engine Version: AM: 1.1.8601.0, NIS: 2.0.8001.0
7/18/2012 11:18:34 AM, Error: Service Control Manager [7023] - The Windows Defender service terminated with the following error: The specified module could not be found.
7/18/2012 11:18:19 AM, Error: Service Control Manager [7000] - The Sentinel64 service failed to start due to the following error: The system cannot find the device specified.
7/18/2012 11:18:08 AM, Error: Microsoft-Windows-Kernel-Processor-Power [35] - Performance power management features on processor 0 in group 0 are disabled due to a firmware problem. Check with the computer manufacturer for updated firmware.
7/18/2012 10:46:15 AM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?lin...Downloader:Win32/Hoicfh.A&threatid=2147645627 Name: TrojanDownloader:Win32/Hoicfh.A ID: 2147645627 Severity: Severe Category: Trojan Downloader Path: containerfile:_C:\Users\Tom\AppData\Local\Temp\IXP000.TMP\compressed.exe;file:_C:\Users\Tom\AppData\Local\Temp\IXP000.TMP\compressed.exe->(UPX) Detection Origin: Local machine Detection Type: Concrete Detection Source: Real-Time Protection User: NT AUTHORITY\SYSTEM Process Name: C:\msr5.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x80070002 Error description: The system cannot find the file specified. Signature Version: AV: 1.131.132.0, AS: 1.131.132.0, NIS: 11.159.0.0 Engine Version: AM: 1.1.8601.0, NIS: 2.0.8001.0
7/17/2012 9:54:54 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
7/17/2012 8:29:15 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?lin...Downloader:Win32/Hoicfh.A&threatid=2147645627 Name: TrojanDownloader:Win32/Hoicfh.A ID: 2147645627 Severity: Severe Category: Trojan Downloader Path: containerfile:_C:\Users\Tom\AppData\Local\Temp\IXP000.TMP\compressed.exe;file:_C:\Users\Tom\AppData\Local\Temp\IXP000.TMP\compressed.exe->(UPX) Detection Origin: Local machine Detection Type: Concrete Detection Source: Real-Time Protection User: NT AUTHORITY\SYSTEM Process Name: C:\msr5.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x80070002 Error description: The system cannot find the file specified. Signature Version: AV: 1.131.96.0, AS: 1.131.96.0, NIS: 11.159.0.0 Engine Version: AM: 1.1.8601.0, NIS: 2.0.8001.0
7/17/2012 7:11:24 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?lin...Downloader:Win32/Hoicfh.A&threatid=2147645627 Name: TrojanDownloader:Win32/Hoicfh.A ID: 2147645627 Severity: Severe Category: Trojan Downloader Path: containerfile:_C:\Users\Tom\AppData\Local\Temp\IXP000.TMP\compressed.exe;file:_C:\Users\Tom\AppData\Local\Temp\IXP000.TMP\compressed.exe->(UPX) Detection Origin: Local machine Detection Type: Concrete Detection Source: Real-Time Protection User: NT AUTHORITY\SYSTEM Process Name: C:\msr5.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x80070002 Error description: The system cannot find the file specified. Signature Version: AV: 1.131.53.0, AS: 1.131.53.0, NIS: 11.159.0.0 Engine Version: AM: 1.1.8601.0, NIS: 2.0.8001.0
7/17/2012 6:01:44 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
7/17/2012 6:01:37 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
7/17/2012 6:01:37 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
7/17/2012 6:01:34 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
7/17/2012 6:01:26 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
7/17/2012 6:01:21 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD cbfs3 DfsC discache MpFilter NetBIOS NetBT nsiproxy Psched rdbss spldr sptd tdx vwififlt Wanarpv6 WfpLwf ws2ifsl
7/17/2012 6:01:21 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service TermService with arguments "" in order to run the server: {F9A874B6-F8A8-4D73-B5A8-AB610816828B}
7/17/2012 6:01:20 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
7/17/2012 6:01:20 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
7/17/2012 6:01:20 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
7/17/2012 6:01:20 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
7/17/2012 6:01:20 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
7/17/2012 6:01:20 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
7/17/2012 6:01:20 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
7/17/2012 6:01:20 PM, Error: Service Control Manager [7001] - The Network Connections service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
7/17/2012 6:01:20 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
7/17/2012 6:01:20 PM, Error: Service Control Manager [7001] - The HomeGroup Listener service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
7/17/2012 6:01:20 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
7/17/2012 6:01:20 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
7/17/2012 6:01:20 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
7/17/2012 6:00:57 PM, Error: sptd [4] - Driver detected an internal error in its data structures for .
7/17/2012 4:25:54 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the lmhosts service.
7/17/2012 4:25:54 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the hidserv service.
7/17/2012 10:28:29 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?lin...:Java/CVE-2012-0507.D!ldr&threatid=2147655409 Name: Exploit:Java/CVE-2012-0507.D!ldr ID: 2147655409 Severity: Severe Category: Exploit Path: containerfile:_C:\Users\Tom\Downloads\FX4.0.zip;file:_C:\Users\Tom\Downloads\FX4.0.zip->LP-FXTSPDEM/dist/3.6.31/nre-config-linux-x86.dist->lib/editions/j2se-headless/rt.jar->sun/security/provider/PolicyFile.class;file:_C:\Users\Tom\Downloads\FX4.0.zip->LP-FXTSPDEM/dist/3.6.31/nre-config-win-x64.dist->lib/editions/j2se-headless/rt.jar->sun/security/provider/PolicyFile.class Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: Unknown Action: Quarantine Action Status: No additional actions required Error Code: 0x80070021 Error description: The process cannot access the file because another process has locked a portion of the file. Signature Version: AV: 1.131.96.0, AS: 1.131.96.0, NIS: 11.159.0.0 Engine Version: AM: 1.1.8601.0, NIS: 2.0.8001.0
7/17/2012 10:12:32 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the wlidsvc service.
7/17/2012 10:12:32 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
7/16/2012 9:56:30 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Windows Defender - KB915597 (Definition 1.129.1589.0).
7/16/2012 9:00:51 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.129.1723.0 Update Source: Microsoft Update Server Update Stage: Install Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8502.0 Error code: 0x8024001e Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
7/16/2012 6:55:29 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.
7/16/2012 6:53:53 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.
7/16/2012 10:14:09 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Wlansvc service.
7/14/2012 9:39:46 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the RasMan service.
7/13/2012 3:31:06 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the SQL Server (MSSQLSERVER) service to connect.
7/13/2012 3:31:06 PM, Error: Service Control Manager [7000] - The SQL Server (MSSQLSERVER) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
7/13/2012 12:49:47 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service gupdate with arguments "/comsvc" in order to run the server: {4EB61BAC-A3B6-4760-9581-655041EF4D69}
7/13/2012 12:49:45 AM, Error: Service Control Manager [7000] - The Google Update Service (gupdate) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
7/13/2012 12:49:43 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Google Update Service (gupdate) service to connect.
7/13/2012 12:45:04 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the LanmanServer service.
7/11/2012 10:43:16 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the dsNcService service.
.
==== End Of File ===========================