Solved Both browsers redirecting, blue screens at various intervals - do I have a virus?

[khartley]

My system seems to be in a downward spiral. (Windows 7 Ultimate 32 bit) I'm getting increasingly frequent BSODs - the other day they were talking about a memory error, but since I followed some instructions regarding hibernation sometimes causing this I turned that off, and now the BSODs have changed to "IRQL_Not_Less_or_Equal." Along with this my IE and Firefox destinations are being redirected - sometimes when following search result links, and sometimes when I just type in a URL. (Good old Firefox at least does it on a separate tab)

I've run MBRCheck - here are the results below. What should I do next?

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows 7
Windows Information: (build 7600), 32-bit
Base Board Manufacturer: ASUSTeK Computer INC.
BIOS Manufacturer: American Megatrends Inc.
System Manufacturer: System manufacturer
System Product Name: System Product Name
Logical Drives Mask: 0x0000001d

Kernel Drivers (total 158):
0x82A0A000 \SystemRoot\system32\ntkrnlpa.exe
0x82E1A000 \SystemRoot\system32\halmacpi.dll
0x86872000 \SystemRoot\system32\kdcom.dll
0x83001000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x83079000 \SystemRoot\system32\PSHED.dll
0x8308A000 \SystemRoot\system32\BOOTVID.dll
0x83092000 \SystemRoot\system32\CLFS.SYS
0x830D4000 \SystemRoot\system32\CI.dll
0x8317F000 \SystemRoot\system32\drivers\Wdf01000.sys
0x831F0000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x83212000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x8325A000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
0x83263000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x8326B000 \SystemRoot\system32\DRIVERS\pci.sys
0x83295000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x832A0000 \SystemRoot\System32\drivers\partmgr.sys
0x832B1000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x832C1000 \SystemRoot\System32\drivers\volmgrx.sys
0x8330C000 \SystemRoot\system32\DRIVERS\pciide.sys
0x83313000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x83321000 \SystemRoot\System32\drivers\mountmgr.sys
0x83337000 \SystemRoot\system32\DRIVERS\atapi.sys
0x83340000 \SystemRoot\system32\DRIVERS\ataport.SYS
0x83363000 \SystemRoot\system32\DRIVERS\amdxata.sys
0x8336C000 \SystemRoot\system32\drivers\fltmgr.sys
0x833A0000 \SystemRoot\system32\drivers\fileinfo.sys
0x8B808000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8B937000 \SystemRoot\System32\Drivers\msrpc.sys
0x8B962000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8B975000 \SystemRoot\System32\Drivers\cng.sys
0x8B9D2000 \SystemRoot\System32\drivers\pcw.sys
0x8B9E0000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x8BA1E000 \SystemRoot\system32\drivers\ndis.sys
0x8BAD5000 \SystemRoot\system32\drivers\NETIO.SYS
0x8BB13000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x8BC01000 \SystemRoot\System32\drivers\tcpip.sys
0x8BD4A000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8BD7B000 \SystemRoot\system32\DRIVERS\vmstorfl.sys
0x8BD84000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x8BDC3000 \SystemRoot\System32\Drivers\spldr.sys
0x8BDCB000 \SystemRoot\System32\drivers\rdyboost.sys
0x8BB38000 \SystemRoot\System32\Drivers\mup.sys
0x8BDF8000 \SystemRoot\System32\drivers\hwpolicy.sys
0x8BB48000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x8BB7A000 \SystemRoot\system32\DRIVERS\disk.sys
0x8BB8B000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x833B1000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8BBE2000 \SystemRoot\System32\Drivers\Null.SYS
0x8BBE9000 \SystemRoot\System32\Drivers\Beep.SYS
0x8BBF0000 \SystemRoot\System32\drivers\vga.sys
0x833D0000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8BA00000 \SystemRoot\System32\drivers\watchdog.sys
0x8BA0D000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8BA15000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8B9E9000 \SystemRoot\system32\drivers\rdprefmp.sys
0x8B9F1000 \SystemRoot\System32\Drivers\Msfs.SYS
0x833F1000 \SystemRoot\System32\Drivers\Npfs.SYS
0x90620000 \SystemRoot\system32\DRIVERS\tdx.sys
0x90637000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x90642000 \SystemRoot\system32\drivers\afd.sys
0x9069C000 \SystemRoot\System32\DRIVERS\netbt.sys
0x906CE000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x906D5000 \SystemRoot\system32\DRIVERS\pacer.sys
0x906F4000 \SystemRoot\system32\DRIVERS\netbios.sys
0x90702000 \SystemRoot\system32\DRIVERS\serial.sys
0x9071C000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x9072F000 \SystemRoot\system32\DRIVERS\termdd.sys
0x9073F000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x90780000 \SystemRoot\system32\drivers\nsiproxy.sys
0x9078A000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x90794000 \SystemRoot\System32\drivers\discache.sys
0x9141F000 \SystemRoot\system32\drivers\csc.sys
0x91483000 \SystemRoot\System32\Drivers\dfsc.sys
0x9149B000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x914A9000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x914CA000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x99C0D000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x9A68B000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
0x9A68D000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x9A744000 \SystemRoot\System32\drivers\dxgmms1.sys
0x9A77D000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x9A788000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x9A7D3000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x914DC000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x9A7E2000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x9A7E8000 \SystemRoot\system32\DRIVERS\L1E62x86.sys
0x914FB000 \SystemRoot\system32\DRIVERS\1394ohci.sys
0x99C00000 \SystemRoot\system32\DRIVERS\fdc.sys
0x99C0B000 \SystemRoot\system32\DRIVERS\ASACPI.sys
0x91527000 \SystemRoot\system32\DRIVERS\serenum.sys
0x91531000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x9153E000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x91550000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x91568000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x91573000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x91595000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x915AD000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x915C4000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x915DB000 \SystemRoot\system32\DRIVERS\rdpbus.sys
0x915E5000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x915F2000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x9A7F7000 \SystemRoot\system32\DRIVERS\swenum.sys
0x907A0000 \SystemRoot\system32\DRIVERS\ks.sys
0x91400000 \SystemRoot\system32\DRIVERS\umbus.sys
0x91E19000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x91E5D000 \SystemRoot\system32\DRIVERS\flpydisk.sys
0x91E67000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x91E78000 \SystemRoot\system32\drivers\HdAudio.sys
0x91EC8000 \SystemRoot\system32\drivers\portcls.sys
0x91EF7000 \SystemRoot\system32\drivers\drmk.sys
0x91F10000 \SystemRoot\System32\Drivers\crashdmp.sys
0x91F1D000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x91F28000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x91F31000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x9B3B0000 \SystemRoot\System32\win32k.sys
0x91F42000 \SystemRoot\System32\drivers\Dxapi.sys
0x91F4C000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x91F63000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x8D2D4000 \SystemRoot\system32\DRIVERS\monitor.sys
0x8D2DF000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x8D2EA000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x8D2FD000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x8D304000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x8D310000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x9B210000 \SystemRoot\System32\TSDDD.dll
0x9B220000 \SystemRoot\System32\ATMFD.DLL
0x8D31B000 \SystemRoot\system32\drivers\luafv.sys
0x9B290000 \SystemRoot\System32\cdd.dll
0x8D336000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x8D346000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x8D359000 \SystemRoot\system32\drivers\HTTP.sys
0x8D3DE000 \SystemRoot\system32\DRIVERS\bowser.sys
0x8CC00000 \SystemRoot\System32\drivers\mpsdrv.sys
0x8CC12000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x91F65000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x91FA0000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0xA0A2D000 \SystemRoot\system32\drivers\peauth.sys
0xA0AC4000 \SystemRoot\System32\Drivers\secdrv.SYS
0xA0ACE000 \SystemRoot\System32\DRIVERS\srvnet.sys
0xA0AEF000 \SystemRoot\System32\drivers\tcpipreg.sys
0xA0AFC000 \SystemRoot\System32\DRIVERS\srv2.sys
0xA0B4B000 \SystemRoot\System32\DRIVERS\srv.sys
0xA0BA1000 \SystemRoot\System32\drivers\rdpdr.sys
0xA0BC6000 \SystemRoot\system32\drivers\tdtcp.sys
0xA0BD0000 \SystemRoot\System32\DRIVERS\tssecsrv.sys
0x91FBB000 \SystemRoot\System32\Drivers\RDPWD.SYS
0xBCE75000 \SystemRoot\system32\DRIVERS\asyncmac.sys
0xBCE7E000 \SystemRoot\system32\drivers\usbaudio.sys
0x8CC35000 \SystemRoot\system32\DRIVERS\lvuvc.sys
0x76E70000 \Windows\System32\ntdll.dll
0x47F70000 \Windows\System32\smss.exe
0x770B0000 \Windows\System32\apisetschema.dll
0x00450000 \Windows\System32\autochk.exe
0x77010000 \Windows\System32\oleaut32.dll
0x76FE0000 \Windows\System32\imagehlp.dll
0x76E20000 \Windows\System32\gdi32.dll
0x76D40000 \Windows\System32\kernel32.dll
0x76D00000 \Windows\System32\ws2_32.dll

Processes (total 69):
0 System Idle Process
4 System
260 C:\Windows\System32\smss.exe
348 csrss.exe
404 C:\Windows\System32\wininit.exe
416 csrss.exe
456 C:\Windows\System32\services.exe
480 C:\Windows\System32\lsass.exe
488 C:\Windows\System32\lsm.exe
604 C:\Windows\System32\svchost.exe
668 C:\Windows\System32\nvvsvc.exe
724 C:\Windows\System32\svchost.exe
748 C:\Windows\System32\winlogon.exe
836 C:\Windows\System32\svchost.exe
896 C:\Windows\System32\svchost.exe
988 C:\Windows\System32\svchost.exe
1100 C:\Windows\System32\svchost.exe
1220 C:\Windows\System32\svchost.exe
1340 C:\Windows\System32\svchost.exe
1456 C:\Windows\System32\spoolsv.exe
1484 C:\Windows\System32\svchost.exe
1600 C:\Windows\System32\svchost.exe
1660 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1700 C:\Windows\System32\atashost.exe
1724 C:\Program Files\Bonjour\mDNSResponder.exe
1760 C:\Windows\System32\svchost.exe
1892 C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
1976 C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe
2024 C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
332 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
2244 C:\Windows\System32\svchost.exe
2432 C:\Users\karen.MASTERBEAT\AppData\Roaming\SonicWALL\VirtualAssist\VASAC.exe
2492 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
3036 C:\Windows\System32\nvvsvc.exe
3068 C:\Windows\System32\svchost.exe
3544 C:\Windows\System32\dwm.exe
3572 C:\Windows\explorer.exe
3600 C:\Windows\System32\taskhost.exe
2532 C:\Program Files\Pitney Bowes\PC Meter Connect\mailstationAssistant.exe
2660 C:\Program Files\MSN Toolbar\Platform\4.0.0401.0\mswinext.exe
2736 C:\Program Files\iTunes\iTunesHelper.exe
2752 C:\Program Files\Common Files\Java\Java Update\jusched.exe
2924 C:\Program Files\E.W.E.-Software\Befree4iPhone\befree4iphone.exe
2936 C:\Users\karen.MASTERBEAT\AppData\Local\Google\Update\GoogleUpdate.exe
2900 C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
3020 C:\Windows\System32\spool\drivers\w32x86\3\E_FATIGMA.EXE
2984 C:\Users\karen.MASTERBEAT\AppData\Local\Citrix\GoToAssist Express Expert\274\g2ax_start.exe
3044 C:\Program Files\McAfee Security Scan\3.0.199\SSScheduler.exe
3092 C:\Program Files\Intuit\IDN\Common\TinyWeb\TINY.EXE
276 C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
2628 C:\Program Files\Intuit\QuickBooks 2011\QBW32.EXE
3148 C:\Program Files\Trillian\trillian.exe
2388 C:\Program Files\iPod\bin\iPodService.exe
536 C:\Users\karen.MASTERBEAT\AppData\Local\Citrix\GoToAssist Express Expert\274\g2ax_comm_expert.exe
3844 C:\Users\karen.MASTERBEAT\AppData\Local\Citrix\GoToAssist Express Expert\274\g2ax_user_expert.exe
4784 C:\Windows\System32\msiexec.exe
4504 WmiPrvSE.exe
4736 C:\Program Files\Intuit\QuickBooks 2011\QBHelp.exe
5844 C:\Windows\System32\SearchIndexer.exe
1616 C:\Windows\System32\audiodg.exe
3864 C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
4824 C:\Program Files\Mozilla Firefox\firefox.exe
5052 C:\Program Files\Mozilla Firefox\plugin-container.exe
5048 C:\Windows\System32\SearchProtocolHost.exe
5676 C:\Windows\System32\SearchFilterHost.exe
4440 WmiPrvSE.exe
6016 C:\Users\karen.MASTERBEAT\Desktop\MBRCheck.exe
2824 C:\Windows\System32\conhost.exe
5924 C:\Windows\System32\dllhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`06500000 (NTFS)
\\.\D: --> \\.\PhysicalDrive1 at offset 0x00000000`007e0000 (NTFS)

PhysicalDrive0 Model Number: WDCWD5000AADS-00S9B0, Rev: 01.00A01
PhysicalDrive1 Model Number: ST3500418AS, Rev: CC34

Size Device Name MBR Status
--------------------------------------------
465 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79
465 GB \\.\PhysicalDrive1 Unknown MBR code
SHA1: 639AC5CDF8A5CF3245975932C6A4215450A7B98F


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!

 

[Bobbye]

Welcome to TechSpot! I'll help you sort out the malware.

But tell me- why did you think you needed to run the MBR check on your own? You end up with a log you know know how to handle! I'm going to hold off taking any action based on that scan until I have more information.

Let's back up and see if we can find the cause of the redirects:

Please follow the steps in the Preliminary Virus and Malware Removal thread HERE.

When you have finished, leave the logs for review in your next reply .
NOTE: Logs must be pasted in the replies. Attached logs will not be reviewed.

Important
Please do not use any other cleaning programs or scans while I'm helping you, unless I direct you to. Do not use a Registry cleaner or make any changes in the Registry.

There is no way to tell if the BSODs are related to malware at this point.

 

[khartley]

Sorry, I kind of jumped the gun on that in a panic yesterday. I took a step back and read through the warnings on the site about following the steps, etc. - since this was the first thing that I ran (I now know better!), and I see that you often ask for the log in your discussions, I thought I'd display the results. Here are the results from the eight steps...

Malwarebytes' log:
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6465

Windows 6.1.7600
Internet Explorer 9.0.8112.16421

4/28/2011 10:55:49 AM
mbam-log-2011-04-28 (10-55-49).txt

Scan type: Quick scan
Objects scanned: 176529
Time elapsed: 4 minute(s), 11 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

----------------------------
The GMER log was completely empty.
----------------------------
DDS.txt:
.
DDS (Ver_11-03-05.01) - NTFSx86
Run by karen at 13:03:21.41 on Thu 04/28/2011
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_24
Microsoft Windows 7 Ultimate N 6.1.7600.0.1252.1.1033.18.3327.1959 [GMT -7:00]
.
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\svchost.exe -k Akamai
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\atashost.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
C:\Program Files\Pitney Bowes\PC Meter Connect\mailstationAssistant.exe
C:\Program Files\MSN Toolbar\Platform\4.0.0401.0\mswinext.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\E.W.E.-Software\Befree4iPhone\befree4iphone.exe
C:\Users\karen.MASTERBEAT\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Users\karen.MASTERBEAT\AppData\Local\Citrix\GoToAssist Express Expert\274\g2ax_start.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files\McAfee Security Scan\3.0.199\SSScheduler.exe
C:\Users\karen.MASTERBEAT\AppData\Local\Citrix\GoToAssist Express Expert\274\g2ax_comm_expert.exe
C:\Program Files\Intuit\IDN\Common\TinyWeb\TINY.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\iTunes\iTunes.exe
C:\Users\karen.MASTERBEAT\AppData\Local\Citrix\GoToAssist Express Expert\274\g2ax_user_expert.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\Intuit\QuickBooks 2011\QBW32.EXE
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\conhost.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Intuit\QuickBooks 2011\QBHelp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\taskhost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\karen.MASTERBEAT\Desktop\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = https://www.masterbeat.com/
uDefault_Page_URL = hxxp://companyweb
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~4\office14\GROOVEEX.DLL
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - c:\program files\search toolbar\SearchToolbar.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~4\office14\URLREDIR.DLL
BHO: MSN Toolbar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\4.0.0401.0\npwinext.dll
BHO: Trillian Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Trillian Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - c:\program files\search toolbar\SearchToolbar.dll
TB: MSN Toolbar: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\4.0.0401.0\npwinext.dll
uRun: [BeFree4iPhone] "c:\program files\e.w.e.-software\befree4iphone\befree4iphone.exe" /min
uRun: [Google Update] "c:\users\karen.masterbeat\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [EPSONB8161D (WorkForce 840)] c:\windows\system32\spool\drivers\w32x86\3\e_fatigma.exe /fu "c:\windows\temp\E_S6EA6.tmp" /EF "HKCU"
uRun: [EPSON WorkForce 840 Series] c:\windows\system32\spool\drivers\w32x86\3\e_fatigma.exe /fu "c:\windows\temp\E_S3EFF.tmp" /EF "HKCU"
uRun: [GoToAssist Express Expert] "c:\users\karen.masterbeat\appdata\local\citrix\gotoassist express expert\274\g2ax_start.exe" "/Trigger RunAtLogon"
mRun: [LWS] c:\program files\logitech\lws\webcam software\LWS.exe -hide
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin
mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [PC Meter Connect] c:\program files\pitney bowes\pc meter connect\mailstationAssistant.exe minimize
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [MSN Toolbar] "c:\program files\msn toolbar\platform\4.0.0401.0\mswinext.exe"
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [Intuit SyncManager] c:\program files\common files\intuit\sync\IntuitSyncManager.exe startup
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
StartupFolder: c:\users\karen~1.mas\appdata\roaming\micros~1\windows\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\ereg\eReg.exe
StartupFolder: c:\users\karen~1.mas\appdata\roaming\micros~1\windows\startm~1\programs\startup\trillian.lnk - c:\program files\trillian\trillian.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\intuit~1.lnk - c:\program files\common files\intuit\dataprotect\IntuitDataProtect.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\3.0.199\SSScheduler.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\osr_ti~1.lnk - c:\program files\intuit\idn\common\tinyweb\TINY.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickb~2.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickb~1.lnk - c:\program files\intuit\quickbooks 2011\QBW32.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickb~1\exchan~1.lnk - c:\program files\common files\intuit\quickbooks\qbwebconnector\QBWebConnector.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: RunStartupScriptSync = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office14\EXCEL.EXE/3000
IE: Edit with Altova X&MLSpy - c:\program files\altova\xmlspy2011\spy.htm
IE: Se&nd to OneNote - c:\progra~1\micros~4\office14\ONBttnIE.dll/105
IE: {2222EF56-F49E-4d07-A14E-8D2B08766958} - c:\program files\altova\xmlspy2011\spy.htm
IE: {76c5fb99-dd0a-4186-9e75-65d1bf3da283} - c:\program files\amazon\add to wish list ie extension\run.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
Trusted Zone: sonicwall.com\assist.va
DPF: {5554DCB0-700B-498D-9B58-4E40E5814405} - hxxp://192.168.4.29/Reports/Reserved.ReportViewerWebControl.axd?ReportSession=jgvsxjz1wfuik445foplgjmh&Culture=1033&CultureOverrides=False&UICulture=9&UICultureOverrides=False&ReportStack=1&ControlID=80a7fe8ea3464330bb2af776356e4931&OpType=PrintCab&Arch=X86
DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} - hxxps://transfers.ds.microsoft.com/FTM/TransferSource/grTransferCtrl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://ipswitch.webex.com/client/T27LC/support/ieatgpc1.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100
TCP: {C0D322A8-43B7-4D25-A624-E1B403197FFD} = 192.168.1.20,8.8.8.8
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: intu-help-qb4 - {ACE22922-D07C-4860-B51B-8CF472FEC2CB} - c:\program files\intuit\quickbooks 2011\HelpAsyncPluggableProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~4\office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\karen~1.mas\appdata\roaming\mozilla\firefox\profiles\c3qmbyz8.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.masterbeat.com/#home/
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=ZUGO&form=ZGAADF&q=
FF - plugin: c:\progra~1\micros~4\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~4\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\users\karen.masterbeat\appdata\local\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Charles Autoconfiguration: {3e9a3920-1b27-11da-8cd6-0800200c9a66} - %profile%\extensions\{3e9a3920-1b27-11da-8cd6-0800200c9a66}
FF - Ext: Trillian Toolbar: toolbar@ask.com - %profile%\extensions\toolbar@ask.com
FF - Ext: Search Toolbar: searchtoolbar@zugo.com - %profile%\extensions\searchtoolbar@zugo.com
.
============= SERVICES / DRIVERS ===============
.
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2009-7-13 20992]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2011-4-28 136360]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2011-4-28 269480]
R2 atashost;WebEx Service Host for Support Center;c:\windows\system32\atashost.exe [2011-2-24 119608]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-4-28 61960]
R2 QBVSS;QBIDPService;c:\program files\common files\intuit\dataprotect\QBIDPService.exe [2010-12-2 1251840]
R2 UMVPFSrv;UMVPFSrv;c:\program files\common files\logishrd\lvmvfm\UMVPFSrv.exe [2011-3-31 428640]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 sw_va_service;Virtual Assist;c:\users\karen.masterbeat\appdata\roaming\sonicwall\virtualassist\VASAC.exe [2011-3-31 1611648]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 DM150Drv;DM150Drv;c:\windows\system32\drivers\DM150Drv.sys [2010-7-30 20600]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\3.0.199\McCHSvc.exe [2011-2-23 237008]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2010-3-25 30969208]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-9-23 1343400]
S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\drivers\WSDPrint.sys [2009-7-13 17920]
S3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\drivers\WSDScan.sys [2009-7-13 20480]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\microsoft visual studio 8\common7\ide\remote debugger\x86\msvsmon.exe [2007-2-22 2808664]
.
=============== Created Last 30 ================
.
2011-04-28 17:51:11 -------- d-----w- c:\users\karen~1.mas\appdata\roaming\Malwarebytes
2011-04-28 17:51:06 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-28 17:51:05 -------- d-----w- c:\progra~2\Malwarebytes
2011-04-28 17:51:02 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-28 17:51:02 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-04-28 17:33:31 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-04-28 17:33:31 -------- d-----w- c:\program files\Avira
2011-04-28 17:33:31 -------- d-----w- c:\progra~2\Avira
2011-04-28 00:51:55 -------- d-----w- c:\program files\GetMore
2011-04-28 00:51:52 -------- d-----w- c:\program files\Help
2011-04-28 00:16:40 801792 ----a-w- c:\windows\system32\FntCache.dll
2011-04-28 00:16:40 739840 ----a-w- c:\windows\system32\d2d1.dll
2011-04-28 00:16:40 728448 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2011-04-28 00:16:40 442880 ----a-w- c:\windows\system32\XpsPrint.dll
2011-04-28 00:16:40 283648 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-04-28 00:16:40 219008 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2011-04-28 00:16:40 218624 ----a-w- c:\windows\system32\d3d10_1core.dll
2011-04-28 00:16:40 161792 ----a-w- c:\windows\system32\d3d10_1.dll
2011-04-28 00:16:40 1495040 ----a-w- c:\windows\system32\ExplorerFrame.dll
2011-04-28 00:16:40 135168 ----a-w- c:\windows\system32\XpsRasterService.dll
2011-04-28 00:16:40 1170944 ----a-w- c:\windows\system32\d3d10warp.dll
2011-04-28 00:16:40 107520 ----a-w- c:\windows\system32\cdd.dll
2011-04-28 00:16:40 1074176 ----a-w- c:\windows\system32\DWrite.dll
2011-04-27 23:46:28 -------- d-----w- c:\progra~2\McAfee Security Scan
2011-04-27 23:46:14 -------- d-----w- c:\program files\McAfee Security Scan
2011-04-27 16:23:21 -------- d-----w- C:\Log
2011-04-22 22:28:24 -------- d-----w- c:\users\karen~1.mas\appdata\roaming\dBpoweramp
2011-04-21 23:12:24 -------- d-----w- c:\users\karen~1.mas\appdata\roaming\Mael
2011-04-21 22:35:49 -------- d-----w- c:\program files\HxD
2011-04-20 23:23:02 -------- d-----w- c:\users\karen~1.mas\appdata\roaming\AccurateRip
2011-04-20 23:13:16 3835624 ----a-w- c:\windows\system32\SpoonUninstall.exe
2011-04-14 10:39:02 103864 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll
2011-04-14 10:39:02 103864 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
2011-04-06 17:58:16 -------- d-----w- c:\users\karen~1.mas\appdata\roaming\webex
2011-04-04 19:34:59 110968 ----a-w- c:\users\karen.masterbeat\g2ax_expert_downloadhelper_win32_x86.exe
2011-04-04 19:34:59 -------- d-----w- c:\users\karen~1.mas\appdata\local\Citrix
2011-04-01 05:11:10 4333280 ----a-w- c:\windows\system32\drivers\lvuvc.sys
2011-04-01 05:10:46 539232 ----a-w- c:\windows\system32\LVUI2RC.dll
2011-04-01 05:10:24 543328 ----a-w- c:\windows\system32\LVUI2.dll
2011-04-01 05:09:48 291424 ----a-w- c:\windows\system32\drivers\lvrs.sys
2011-04-01 05:08:56 195168 ----a-w- c:\windows\system32\lvci13251014.dll
2011-04-01 05:08:36 301664 ----a-w- c:\windows\system32\lvcodec2.dll
2011-04-01 05:07:02 10877272 ----a-w- c:\windows\system32\LogiDPP.dll
2011-04-01 05:07:02 102744 ----a-w- c:\windows\system32\LogiDPPApp.exe
2011-04-01 05:06:56 331608 ----a-w- c:\windows\system32\DevManagerCore.dll
2011-04-01 04:56:20 39318 ----a-w- c:\windows\system32\Repository.reg
2011-03-31 17:18:22 -------- d-----w- c:\users\karen~1.mas\appdata\roaming\SonicWALL
.
==================== Find3M ====================
.
2011-03-04 09:09:48 621568 ----a-r- c:\windows\system32\XmlSpyLib.dll
2011-02-24 21:46:19 201528 ----a-w- c:\windows\system32\atsckernel.exe
2011-02-24 21:46:19 119608 ----a-w- c:\windows\system32\atashost.exe
2011-02-18 23:36:58 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
2011-02-03 04:40:23 472808 ----a-w- c:\windows\system32\deployJava1.dll
.
============= FINISH: 13:04:04.89 ===============

 

[khartley]

And here is Attach.txt:
---------------
h..
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft Windows 7 Ultimate N
Boot Device: \Device\HarddiskVolume1
Install Date: 9/23/2010 2:38:29 PM
System Uptime: 4/28/2011 12:53:20 PM (1 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | P5QC
Processor: Intel(R) Core(TM)2 CPU X6800 @ 2.93GHz | LGA 775 | 2936/266mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 466 GiB total, 342.901 GiB free.
D: is FIXED (NTFS) - 466 GiB total, 165.623 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description: iPhone
Device ID: USB\VID_05AC&PID_1297&MI_00\0
Manufacturer:
Name: iPhone
PNP Device ID: USB\VID_05AC&PID_1297&MI_00\0
Service:
.
==== System Restore Points ===================
.
RP54: 4/13/2011 7:29:23 PM - Scheduled Checkpoint
RP56: 4/27/2011 12:00:05 AM - Scheduled Checkpoint
RP57: 4/27/2011 9:42:54 AM - Installed Java(TM) 6 Update 24
RP58: 4/27/2011 5:15:46 PM - Windows Modules Installer
RP59: 4/27/2011 5:23:22 PM - Installed TortoiseSVN 1.6.15.21042 (32 bit)
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Community Help
Adobe Creative Suite 5 Web Premium
Adobe Flash Builder 4
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Media Player
Adobe Photoshop CS5
Adobe Reader 9.4.4
Akamai NetSession Interface
Altova MissionKit® 2011 rel. 2 sp1 for Enterprise Software Architects
Amazon Add to Wish List IE Extension 1.0
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Ask Toolbar
Avira AntiVir Personal - Free Antivirus
Befree4iPhone
Bonjour
CameraHelperMsi
Charles
Crystal Reports 2008 SP2
Crystal Reports Basic for Visual Studio 2008
dBpoweramp DSP Effects
dBpoweramp FLAC Codec
dBpoweramp Music Converter
Definition update for Microsoft Office 2010 (KB982726)
EPSON WorkForce 840 Series Printer Uninstall
erLT
FileZilla Client 3.4.0
foobar2000 v1.1.1
FreeRIP v3.5
Google Chrome
GoToAssist Expert 1.5.0.274
GoToMeeting 4.5.0.457
Hotfix for Microsoft Visual Studio 2008 Professional Edition - ENU (KB971091)
Hotfix for Microsoft Visual Studio 2008 Professional Edition - ENU (KB973674)
HxD Hex Editor version 1.7.7.0
ImageMagick 6.6.1-5 Q16 (2010-05-01)
iTunes
Java Auto Updater
Java(TM) 6 Update 24
Logitech Webcam Software
LWS Facebook
LWS Gallery
LWS Help_main
LWS Launcher
LWS Motion Detection
LWS Pictures And Video
LWS Twitter
LWS Video Mask Maker
LWS VideoEffects
LWS Webcam Software
LWS WLM Plugin
LWS YouTube Plugin
Malwarebytes' Anti-Malware
Masterbeat Downloader
McAfee Security Scan Plus
Microsoft .NET Compact Framework 2.0 SP2
Microsoft .NET Compact Framework 3.5
Microsoft .NET Framework 4 Client Profile
Microsoft Default Manager
Microsoft Device Emulator version 3.0 - ENU
Microsoft Document Explorer 2008
Microsoft Office 2003 Web Components
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)
Microsoft Office Visual Web Developer 2007
Microsoft Office Visual Web Developer MUI (English) 2007
Microsoft Office Word MUI (English) 2010
Microsoft Search Enhancement Pack
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Backward compatibility
Microsoft SQL Server 2005 Books Online (English)
Microsoft SQL Server 2005 Tools
Microsoft SQL Server Compact 3.5 Design Tools ENU
Microsoft SQL Server Compact 3.5 ENU
Microsoft SQL Server Compact 3.5 for Devices ENU
Microsoft SQL Server Database Publishing Wizard 1.2
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft UI Engine
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual Studio 2005 Premier Partner Edition - ENU
Microsoft Visual Studio 2005 Premier Partner Edition - ENU Service Pack 1 (KB926601)
Microsoft Visual Studio 2005 Tools for Office Runtime
Microsoft Visual Studio 2008 Professional Edition - ENU
Microsoft Visual Studio Web Authoring Component
Microsoft Windows SDK for Visual Studio 2008 .NET Framework Tools
Microsoft Windows SDK for Visual Studio 2008 SDK Reference Assemblies and IntelliSense
Microsoft Windows SDK for Visual Studio 2008 Tools
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
MobileMe Control Panel
Mozilla Firefox (3.6.16)
MSN Toolbar
MSN Toolbar Platform
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
NVIDIA Display Control Panel
NVIDIA Drivers
PC Meter Connect
PDF Settings CS5
Pixel Ruler
PVSonyDll
QB Connection Diagnostic Tool
QBWebConnector
QuickBooks
QuickBooks Pro 2011
QuickBooks SDK 10.0
QuickTime
Search Toolbar
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB982312)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Service Pack 3 for SQL Server Tools and Workstation Components 2005 ENU (KB955706)
Sonos Desktop Controller
SQLXML4
TextPad 5
TicketBench Enterprise 6.20
TortoiseSVN 1.6.15.21042 (32 bit)
Trillian
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2010 (KB2202188)
Update for Microsoft Outlook Social Connector (KB983403)
Update for Microsoft Visual Studio 2005 Premier Partner Edition - ENU (KB932232)
Update for Microsoft Visual Studio 2008 Professional Edition - ENU (KB972221)
VC Runtimes MSI
Visual Studio 2005 Tools for Office Second Edition Runtime
Visual Studio Tools for the Office system 3.0 Runtime
WebEx
Windows Driver Package - Boca Systems Inc. Printer (10/01/2010 2.0.2.0)
Windows Driver Package - Pitney Bowes (DM150Drv) USB (07/04/2010 2.0.1.5)
Windows Live ID Sign-in Assistant
Windows Live Sync
Windows Mobile 5.0 SDK R2 for Pocket PC
Windows Mobile 5.0 SDK R2 for Smartphone
Windows Small Business Server 2008 ClientAgent
WinRAR archiver
XML Notepad 2007
.
==== Event Viewer Messages From Past Week ========
.
4/28/2011 9:38:58 AM, Error: Microsoft-Windows-DistributedCOM [10009] - DCOM was unable to communicate with the computer SQL using any of the configured protocols.
4/28/2011 9:33:18 AM, Error: NETLOGON [5719] - This computer was not able to set up a secure session with a domain controller in domain MASTERBEAT due to the following: There are currently no logon servers available to service the logon request. This may lead to authentication problems. Make sure that this computer is connected to the network. If the problem persists, please contact your domain administrator. ADDITIONAL INFO If this computer is a domain controller for the specified domain, it sets up the secure session to the primary domain controller emulator in the specified domain. Otherwise, this computer sets up the secure session to any domain controller in the specified domain.
4/28/2011 9:15:20 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Winmgmt service.
4/28/2011 9:15:20 AM, Error: Microsoft-Windows-GroupPolicy [1065] - The processing of Group Policy failed. Windows could not evaluate the Windows Management Instrumentation (WMI) filter for the Group Policy object CN={26F9055B-DE95-47B1-A258-8AF8E9AEA3F2},CN=POLICIES,CN=SYSTEM,DC=MASTERBEAT,DC=LOCAL. This could be caused by RSOP being disabled or Windows Management Instrumentation (WMI) service being disabled, stopped, or other WMI errors. Make sure the WMI service is started and the startup type is set to automatic. New Group Policy objects or settings will not process until this event has been resolved.
4/28/2011 7:59:39 AM, Error: Microsoft-Windows-GroupPolicy [1065] - The processing of Group Policy failed. Windows could not evaluate the Windows Management Instrumentation (WMI) filter for the Group Policy object CN={9145BF83-F7E0-4438-9BA7-F228776F59E5},CN=POLICIES,CN=SYSTEM,DC=MASTERBEAT,DC=LOCAL. This could be caused by RSOP being disabled or Windows Management Instrumentation (WMI) service being disabled, stopped, or other WMI errors. Make sure the WMI service is started and the startup type is set to automatic. New Group Policy objects or settings will not process until this event has been resolved.
4/28/2011 12:54:07 PM, Error: Microsoft-Windows-DNS-Client [1012] - There was an error while attempting to read the local hosts file.
4/28/2011 12:54:04 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x00000016, 0x00000002, 0x00000000, 0x82a4ba5b). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 042811-42869-01.
4/28/2011 11:31:34 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x00000001, 0x00000002, 0x00000000, 0x82a72f95). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 042811-42354-01.
4/28/2011 11:25:27 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x00000001, 0x00000002, 0x00000000, 0x82a87f95). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 042811-41387-01.
4/28/2011 11:16:31 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x00000001, 0x00000002, 0x00000000, 0x82aa0f95). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 042811-44850-01.
4/28/2011 10:42:56 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000a0 (0x00000001, 0x00000006, 0x86356430, 0x00000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 042811-50965-01.
4/28/2011 10:37:14 AM, Error: Service Control Manager [7034] - The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).
4/27/2011 9:38:12 AM, Error: Service Control Manager [7034] - The QBIDPService service terminated unexpectedly. It has done this 1 time(s).
4/27/2011 9:30:52 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000a0 (0x00000001, 0x00000006, 0x863563d8, 0x00000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 042711-43649-01.
4/27/2011 9:26:32 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the iPod Service service to connect.
4/27/2011 9:26:32 AM, Error: Service Control Manager [7000] - The iPod Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
4/27/2011 9:26:32 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service iPod Service with arguments "" in order to run the server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE}
4/27/2011 9:24:54 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000007e (0xc0000005, 0x82ad42f1, 0x9362bb50, 0x9362b730). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 042711-27892-01.
4/27/2011 9:17:59 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SessionEnv service.
4/27/2011 9:17:29 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Schedule service.
4/27/2011 9:16:59 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MMCSS service.
4/27/2011 9:16:29 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the CertPropSvc service.
4/27/2011 9:15:59 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the BITS service.
4/27/2011 6:43:46 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.
4/27/2011 6:43:46 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Computer Browser service, but this action failed with the following error: An instance of the service is already running.
4/27/2011 6:42:46 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Server service, but this action failed with the following error: An instance of the service is already running.
4/27/2011 6:41:46 PM, Error: Service Control Manager [7034] - The Application Information service terminated unexpectedly. It has done this 1 time(s).
4/27/2011 6:41:46 PM, Error: Service Control Manager [7031] - The Windows Update service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
4/27/2011 6:41:46 PM, Error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
4/27/2011 6:41:46 PM, Error: Service Control Manager [7031] - The User Profile Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
4/27/2011 6:41:46 PM, Error: Service Control Manager [7031] - The Themes service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
4/27/2011 6:41:46 PM, Error: Service Control Manager [7031] - The Task Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
4/27/2011 6:41:46 PM, Error: Service Control Manager [7031] - The System Event Notification Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
4/27/2011 6:41:46 PM, Error: Service Control Manager [7031] - The Shell Hardware Detection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
4/27/2011 6:41:46 PM, Error: Service Control Manager [7031] - The Server service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
4/27/2011 6:41:46 PM, Error: Service Control Manager [7031] - The Remote Desktop Configuration service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
4/27/2011 6:41:46 PM, Error: Service Control Manager [7031] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
4/27/2011 6:41:46 PM, Error: Service Control Manager [7031] - The IP Helper service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
4/27/2011 6:41:46 PM, Error: Service Control Manager [7031] - The Computer Browser service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
4/27/2011 6:41:46 PM, Error: Service Control Manager [7031] - The Certificate Propagation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
4/27/2011 6:41:46 PM, Error: Service Control Manager [7031] - The Background Intelligent Transfer Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
4/27/2011 6:39:16 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AeLookupSvc service.
4/27/2011 6:39:16 PM, Error: Service Control Manager [7000] - The Application Experience service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
4/27/2011 5:44:42 PM, Error: Service Control Manager [7022] - The Windows Font Cache Service service hung on starting.
4/27/2011 5:39:24 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x0417001c, 0x00000002, 0x00000000, 0x82a3ca5b). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 042711-39873-01.
4/27/2011 5:32:01 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x040d001c, 0x00000002, 0x00000000, 0x82a89a5b). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 042711-41933-01.
4/27/2011 5:27:03 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000a0 (0x00000001, 0x00000006, 0x86356250, 0x00000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 042711-36161-01.
4/27/2011 4:36:34 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Multimedia Class Scheduler service, but this action failed with the following error: An instance of the service is already running.
4/27/2011 4:34:34 PM, Error: Service Control Manager [7031] - The Application Experience service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
4/27/2011 4:28:40 PM, Error: Microsoft-Windows-DistributedCOM [10009] - DCOM was unable to communicate with the computer SERVER-TESTING using any of the configured protocols.
4/27/2011 2:18:50 PM, Error: Microsoft-Windows-DistributedCOM [10009] - DCOM was unable to communicate with the computer SERVER-SQL using any of the configured protocols.
4/27/2011 10:02:22 AM, Error: Schannel [36887] - The following fatal alert was received: 40.
4/26/2011 9:38:51 AM, Error: Service Control Manager [7000] - The Multimedia Class Scheduler service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
4/26/2011 9:38:21 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the LanmanServer service.
4/26/2011 4:30:17 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
4/26/2011 4:21:55 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
4/26/2011 4:14:29 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F}
4/26/2011 4:14:29 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
4/26/2011 4:14:21 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
4/26/2011 4:14:18 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
4/26/2011 4:14:11 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
4/26/2011 4:13:59 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache spldr Wanarpv6
4/26/2011 4:13:59 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service TermService with arguments "" in order to run the server: {F9A874B6-F8A8-4D73-B5A8-AB610816828B}
4/26/2011 4:04:58 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000a0 (0x00000001, 0x00000006, 0x85337020, 0x00000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 042611-44007-01.
4/26/2011 3:58:43 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
4/26/2011 3:57:06 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
4/26/2011 3:57:06 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
4/26/2011 3:56:42 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD CSC DfsC discache NetBIOS NetBT nsiproxy Psched rdbss spldr tdx Wanarpv6 WfpLwf
4/26/2011 3:56:41 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0xb7000a6c, 0x00000002, 0x00000001, 0x82a85f9c). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 042611-28376-01.
4/26/2011 3:56:39 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
4/26/2011 3:56:39 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
4/26/2011 3:56:39 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
4/26/2011 3:56:39 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
4/26/2011 3:56:39 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
4/26/2011 3:56:39 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
4/26/2011 3:56:39 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
4/26/2011 3:56:39 PM, Error: Service Control Manager [7001] - The Netlogon service depends on the Workstation service which failed to start because of the following error: The dependency service or group failed to start.
4/26/2011 3:56:39 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
4/26/2011 3:56:39 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
4/26/2011 3:56:39 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
4/26/2011 3:48:41 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000a0 (0x00000001, 0x00000006, 0x8533b020, 0x00000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 042611-47408-01.
4/26/2011 2:56:10 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
4/26/2011 2:54:50 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000a0 (0x00000001, 0x00000006, 0x8533a3b0, 0x00000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 042611-32183-01.
4/26/2011 10:16:12 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000007e (0xc0000005, 0x82abb2f1, 0xae80fb50, 0xae80f730). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 042611-46831-01.
4/26/2011 10:11:52 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x040d0077, 0x00000002, 0x00000001, 0x82ac4784). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 042611-32463-01.
4/25/2011 8:27:17 AM, Error: Microsoft-Windows-TerminalServices-Printers [1111] - Driver HP Photosmart C7200 series fax required for printer HP Photosmart C7200 series fax is unknown. Contact the administrator to install the driver before you log in again.
4/25/2011 5:35:30 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000007e (0xc0000005, 0x82b042f1, 0x97e3fb50, 0x97e3f730). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 042511-30420-01.
4/25/2011 5:26:16 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000a0 (0x00000001, 0x00000006, 0x85f5a450, 0x00000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 042511-44444-01.
.
==== End Of File ===========================

 

[Bobbye]

Just between the two of us, I will be suggesting that you take everything shown here off of the Startup menu:
StartupFolder: c:\programs\sta rtup\logite~1.lnk - c:\program files\logitech\ereg\eReg.exe
StartupFolder: c:\programs\sta rtup\trillian.lnk - c:\program files\trillian\trillian.exe
StartupFolder: c:\program files\common files\intuit\dataprotect\IntuitDataProtect.exe
StartupFolder: c:\program files\mcafee security scan\3.0.199\SSScheduler.exe
StartupFolder:c:\program files\intuit\idn\common\tinyweb\TINY.EXE
StartupFolder: c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe
StartupFolder: c:\program files\intuit\quickbooks 2011\QBW32.EXE
StartupFolder: c:\program files\common files\intuit\quickbooks\qbwebconnector
None of these programs need to start on boot and run n the background, using system resources!
==============================
You also have 2 antivirus programs running. Please uninstall one of them:
Avast: Avast Removal
McAfee:McAfee Removal
Please reboot when through.
==================================
Run Eset NOD32 Online AntiVirus scan HEREhttp://www.eset.eu/online-scanner

1. Tick the box next to YES, I accept the Terms of Use.
2. Click Start
3. When asked, allow the Active X control to install
4. Disable your current Antivirus software. You can usually do this with its Notification Tray icon near the clock.
5. Click Start
6. Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is checked
7. Click Scan
8. Wait for the scan to finish
9. Click on "Copy to Clipboard"> (you won't see the 'clipboard')
10. Click anywhere in the post where you want the logs to go, the do Ctrl V. The log will be sent from the clipboard and pasted in the post.
11. Re-enable your Antivirus software.
    NOTE: If you forget to copy to the clipboard you can find the log here:
    C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.

=========================================
Please note: If you have Combofix on the desktop already, please uninstall it. The download the current version and do the scan:
Uninstall ComboFix

• Click START> then RUN
• Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.

Download Combofix from HERE or HEREhttp://www.forospyware.com/sUBs/ComboFix.exe and save to the desktop

• Double click combofix.exe & follow the prompts.
• ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.
  **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
• Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
• Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
  
  
• .Click on Yes, to continue scanning for malware
• .If Combofix asks you to update the program, allow
• .Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
• .Close any open browsers.
• .Double click combofix.exe
  
  & follow the prompts to run.
• When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..

Re-enable your Antivirus software.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

 

[khartley]

Thanks, Bobbye -

I've removed the items you mentioned from startup, as well as one of my antivirus programs. When I ran Eset NOD32, it found one threat - I can't paste in the exact working, because the next step caused my computer to blue screen again before I'd completed my post, and the file that you mention that should containg the Eset log does not exist - that being said, the threat that it found was "win32/toolbar.zugo."

When I tried to run Combofix, it caused the system to blue screen. I can't seem to run it - every time, same result.

 

[Bobbye]

You never did tell me why you ran the MBR scan, but there are some other entries that need to be removed as well as tryig to fic a drive. So we'll try that and see if the system will become more stable:

Bootkit Remover:
Download bootkitremover.rar and save to your desktop.

1. Extract the remover.exe file from the RAR using a program capable of extracing RAR compressed files. (Use 7-Zip if you don't have an extraction program, )
2. Double-click on the remover.exe file to run the program.
   NOTE: The tool should be run from a command line with Administrator privileges.
3. Scanning should be completed quickly
4. Paste the output in your next reply.

=====================================
When you finish the scan above, go ahead with the following:

• Open Notepad
• Copy and paste the text in the codebox into Notepad:

@ECHO OFF
START 
remover.exe fix  \\.\PhysicalDrive1  
EXIT

• Go FILE > SAVE AS and in the dropdown box select SAVE AS TYPE to ALL FILES
• Then in the FILE NAME box type fix.bat.
• Save fix.bat to your Desktop.
• Double clicking.Run fix.bat to run.
  You may see a black box appear; this is normal.
• Right click on the screen and click Select All.
• Press CTRL+C
• Open a Notepad and press CTRL+V
• Post the output back here.

When done, run remover.exe again and post its output.

Do NOT reboot computer!

 

[khartley]

I did mention that I ran the MBR scan when I first started reading threads in this forum that I came across in my search for people encountering a similar problem - I was seeing that it had been suggested for people to run - and I hadn't realized that there were instructions at the top of the forum for how best to approach the situation. I just stumbled into it, in my panic. There was no real rhyme or reason to my running it.

Here's the output from Bootkitremover:

Bootkit Remover
(c) 2009 eSage Lab
www.esagelab.com

Program version: 1.2.0.0
OS Version: Microsoft Windows 7 (build 7600), 32-bit

System volume is \\.\C:
\\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`06500000

Size Device Name MBR Status
--------------------------------------------
465 GB \\.\PhysicalDrive0 Controlled by rootkit!

Boot code on some of your physical disks is hidden by a rootkit.
To disinfect the master boot sector, use the following command:
remover.exe fix <device_name>
To inspect the boot code manually, dump the master boot sector:
remover.exe dump <device_name> [output_file]


Done;
Press any key to quit...
--------------------------------
And here's the output from fix.bat:

Bootkit Remover
(c) 2009 eSage Lab
www.esagelab.com

Program version: 1.2.0.0
OS Version: Microsoft Windows 7 (build 7600), 32-bit

System volume is \\.\C:
main(): CreateFile() ERROR 5
ERROR: Can't open volume device \\.\C:

Done;
Press any key to quit...
--------------------------------
And the output from running Bootkitremover again:

Bootkit Remover
(c) 2009 eSage Lab
www.esagelab.com

Program version: 1.2.0.0
OS Version: Microsoft Windows 7 (build 7600), 32-bit

System volume is \\.\C:
main(): CreateFile() ERROR 5
ERROR: Can't open volume device \\.\C:

Done;
Press any key to quit...

 

[Bobbye]

Please use the Bootkit remover again with the following input:

• Open Notepad
• Copy and paste the text in the codebox into Notepad:

@ECHO OFF
START 
remover.exe fix   \\.\PhysicalDrive0  
EXIT

• Go FILE > SAVE AS and in the dropdown box select SAVE AS TYPE to ALL FILES
• Then in the FILE NAME box type fix.bat.
• Save fix.bat to your Desktop.
• Double clicking.Run fix.bat to run.
  You may see a black box appear; this is normal.
• Right click on the screen and click Select All.
• Press CTRL+C
• Open a Notepad and press CTRL+V
• Post the output back here.

When done, run remover.exe again and post its output.

Do NOT reboot computer!

 

[khartley]

output of fix.bat:

Bootkit Remover
(c) 2009 eSage Lab
www.esagelab.com

Program version: 1.2.0.0
OS Version: Microsoft Windows 7 (build 7600), 32-bit

System volume is \\.\C:
main(): CreateFile() ERROR 5
ERROR: Can't open volume device \\.\C:

Done;
Press any key to quit...
--------------------------
output of remover.bat:

Bootkit Remover
(c) 2009 eSage Lab
www.esagelab.com

Program version: 1.2.0.0
OS Version: Microsoft Windows 7 (build 7600), 32-bit

System volume is \\.\C:
main(): CreateFile() ERROR 5
ERROR: Can't open volume device \\.\C:

Done;
Press any key to quit...

 

[Bobbye]

Okay, we're going to back up and pretend you didn't run the MBR check nor the Bootkit Remover. Your result and my result were not the same. The only information I need about that is for you to tell me what Drive D is.
==============================
It's very difficult to try and run scans on an unstable computer. We are going to have to get past this:

My system seems to be in a downward spiral. (Windows 7 Ultimate 32 bit) I'm getting increasingly frequent BSODs - the other day they were talking about a memory error, but since I followed some instructions regarding hibernation sometimes causing this I turned that off, and now the BSODs have changed to "IRQL_Not_Less_or_Equal."

Questions:
1. What did you do before ths downward spiral began?
Did you install a new program?
Did you update anything? What?
2. Disable Hibernation if you're using it. It has almost always been know to cause problems frequently. If you're using a laptop, let it Sleep when you close it. This willsave your work to the memory and hard drive, them let's it snooze. When you reopen the laptop, everything is right there like you left it.

• Click Start> choose Control Panel> Choose System & Security.
• Choose Power Options> Select 'Choose what closing the lid' does in the Left Pane
• There are 3 choices:
  [o]Do Nothing>> If you're plugged in, choose this
  [o]Hibernate>>
  [o]Shut down>> If you're running on batteries, choose this. If you're shutting down for the night, you should follow the logoff/shut down path.
• Click on 'Save Changes' .

I have never used Hibernate on my computers, desktop or laptop, Win 3.0>>>>>Win 7. That has served me well.

 

[khartley]

Thanks for your help, Bobbye! This is a desktop machine, not a laptop, and turning hibernate off was the first thing that I did when this started to happen. I'm not sure what kicked the whole problem off, since I install a lot of things both large and small on a pretty frequent basis in the course of development work. However, installing the full-blown version of Norton Internet Security seems to have solved (or at least is successfully avoiding) the problem, so things are now acting normal.

 

[Bobbye]

Do you still require help?

 

[khartley]

I think I'm OK for now - thanks!

 

[Bobbye]

Okay. Removing all of the tools we used and the files and folders they created

• Uninstall ComboFix and all Backups of the files it deleted
• Click START> then RUN
• Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
• Download OTCleanIt by OldTimer and save it to your Desktop.
• Double click OTCleanIt.exe.
• Click the CleanUp! button.
• If you are prompted to Reboot during the cleanup, select Yes.
• The tool will delete itself once it finishes.
  Note: If you receive a warning from your firewall or other security programs regarding OTC attempting to contact the internet, please allow it to do so.
  
  Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.
  
• You should now set a new Restore Point and remove the old restore points to prevent infection from any previous Restore Points.
• Click on Start> right click on Computer> Properties
• Select System Protection
• Click on the Create button (near bottom)
• Type a name for the Restore Point
• Click on Create again to save the restore point.
  
• Deleting all but the most recent System Protection point in Windows 7
• Click Start> Computer> right click the C Drive and choose Properties> enter.
• Click Disk Cleanup from there.
  
  
• Click Clean up system files
  This restarts Disk Cleanup to run in elevated mode.
• Click the More Options tab
  
  
• Click the Clean up under System Restore and Shadow Copies.
• Click OK.
• You will get a confirmation screen> Just click Delete.
• Click OK on the Disk Cleanup Screen.
• Click Delete Files on the Confirmation screen.

It will run the Disk Cleanup utility along with other selections if you have chosen any. (if you had a lot System Restore points, you will see a significant change in the free space in C drive)
Images courtesy lytebyte.

Empty the Recycle Bin

 

[Bobbye]

Reopening thread as problem has either continued or resurfaced.

It seems you have been busy since that thread: you said you had a 32bit OS, now it is 64bit! How did you do that?

 

[khartley]

Sorry, I should have clarified. 64 bit machine, but running 32 bit OS.

 

[Bobbye]

Okay- that helps. Please tell me what's going on now. You made a reference to Norton> what's with that?

 

[khartley]

Ah, well, I installed Norton Internet Security the other day - and that looks like it now finally has helped me to pinpoint and resolve the situation. I finally tracked down the problem to Rootkit.Win32.TDSS.tdl4, and successfully used TDSKiller to remove it. Now I can restart the system without blue screens, and the browsers aren't redirecting, all scans show clear, so I think it's finally been nailed. Sorry for the false alarm - it now looks like both threads can again be closed.

 

[Bobbye]

Here's some information you may benefit from reading: I haven't rechecked the links in a while, but most should still be good.

Rootkits
Definitions:
A rootkit is a collection of tools (programs) that enable administrator-level access to a computer or computer network. Typically, a hacker installs a rootkit on a computer after first obtaining user-level access, either by exploiting a known vulnerability or cracking a password. Once the rootkit is installed, it allows the attacker to mask intrusion and gain root or privileged access to the computer and, possibly, other machines on the network.

Wikipedia: Rootkit
http://en.wikipedia.org/wiki/Rootkit

What are user-mode vs. kernel-mode rootkits?
http://searchwindowssecurity.techtarget....69,00.html

Rootkits in the Wild: rootkit technology is sometimes found with spyware and/or trojans, backdoors and RATs (remote access tools).

Rootkits have been found on machines with Rbot and SDbot and keyloggers.
http://www.dslreports.com/forum/remark,14493487
http://www.dslreports.com/forum/remark,13680927

Presumably the rootkit is used to hide the trojans which can be used by the attacker to take total control of a machine while the keyloggers transmit information back to the attackers including passwords and data from the infected machine. An ugly situation at best. In cases like this I think the safest thing for a user to do is format and reinstall because there is no way to tell how severly the machine has been compromised and what dangers may lurk inside, even if the trojans and rootkit files are removed, if they can even be removed.

Here's an example where format and reinstall was advised on a severely compromised network computer:
http://spywarewarrior.com/viewtopic.php?t=16273