aaronb1232
Posts: 18 +0
Hey all,
For the last ~2 weeks now, every 5 days MSE comes up with something in its scan or pops up a message about a Java Trojan/Trojan Downloader found on the system. When I initially saw this, I did full scans with both MSE and MBAM almost daily, and didn't find anything. However, something would manage to crop up that was Java related.
Something to note: These infected files were always found in my Java AppData folder (C:\Users\Aaron\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\ random folders/files from here on...). I'm thinking they're linked together, but whenever I delete one, it seems to download itself back on. I haven't had any issues yet; my web browsers haven't been redirecting themselves, and I haven't gotten any spamming windows or anything like that; there's virtually no sign that anything's wrong other than the messages that my scanners are detecting them. However, as they're Trojans, they're obvious security concerns for me.
Here are the infected files and their locations that MSE detected over the past 2 weeks:
TrojanDownloader:Java/OpenConnection.KR
Found in: containerfile:C:\Users\Aaron\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57\458317b9-7212efc1
file:C:\Users\Aaron\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57\458317b9-7212efc1->RequiredJavaComponent.class
Exploit:Java/CVE-2010-0840.BF
Found in: containerfile:C:\Users\Aaron\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25\126cbbd9-54edaafd
containerfile:C:\Users\Aaron\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60\2107de3c-487ee999
file:C:\Users\Aaron\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25\126cbbd9-54edaafd->folder/Ump_45.class
file:C:\Users\Aaron\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60\2107de3c-487ee999->folder/Ump_45.class
Exploit:Java/CVE-2010-0840.BH
Found in: containerfile:C:\Users\Aaron\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0\49e03e00-34e2a4ca
containerfile:C:\Users\Aaron\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14\4a14144e-52409202
containerfile:C:\Users\Aaron\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7\2a769347-4eacf6c1
file:C:\Users\Aaron\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0\49e03e00-34e2a4ca->glass/boing.class
file:C:\Users\Aaron\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14\4a14144e-52409202->glass/boing.class
file:C:\Users\Aaron\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7\2a769347-4eacf6c1->glass/boing.class
Rogue:Win32/FakeSpypro
Found in: containerfile:C:\Users\Aaron\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18\455b1452-51f143bf
containerfile:C:\Users\Aaron\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48\37cf23b0-46089767
file:C:\Users\Aaron\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18\455b1452-51f143bf->[Obfuscator.JM]->(UPX)
file:C:\Users\Aaron\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48\37cf23b0-46089767->[Obfuscator.JM]->(UPX)
I did a full scan with MBAM today, and in the middle of it, MSE found another infected file. Here are the logs:
1. MBAM Quick Scan:
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Database version: 5966
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
3/5/2011 12:51:40 PM
mbam-log-2011-03-05 (12-51-40).txt
Scan type: Quick scan
Objects scanned: 169396
Time elapsed: 2 minute(s), 25 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
2. MBAM Full Scan run earlier today:
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Database version: 5964
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
3/5/2011 12:21:46 PM
mbam-log-2011-03-05 (12-21-46).txt
Scan type: Full scan (C:\|)
Objects scanned: 513568
Time elapsed: 1 hour(s), 28 minute(s), 3 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
3. GMER log:
GMER 1.0.15.15530 - http://www.gmer.net
Rootkit quick scan 2011-03-05 13:04:36
Windows 6.1.7600 Harddisk0\DR0 -> \Device\00000065 ST350032 rev.SD04
Running: n9jnvpgs.exe; Driver: C:\Users\Aaron\AppData\Local\Temp\aglcrpog.sys
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
---- EOF - GMER 1.0.15 ----
4. DDS log:
.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Aaron at 13:09:51.86 on Sat 03/05/2011
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_24
Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.3582.2444 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Program Files\Tablet\Pen\Pen_TouchService.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\svchost.exe -k Akamai
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k hpdevmgmt
c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\PnkBstrA.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Tablet\Pen\Pen_Tablet.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskhost.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Steam\Steam.exe
c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Tablet\Pen\Pen_Tablet.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\wbem\wmiprvse.exe
c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Users\Aaron\Downloads\dds.scr
C:\Windows\system32\conhost.exe
.
============== Pseudo HJT Report ===============
.
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Foxit Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Foxit Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
{555d4d79-4bd2-4094-a395-cfc534424a05}
uRun: [Steam] "c:\program files\steam\steam.exe" -silent
mRun: [ATICustomerCare] "c:\program files\ati\aticustomercare\ATICustomerCare.exe"
mRun: [PWRISOVM.EXE] c:\program files\poweriso\PWRISOVM.EXE
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
Trusted Zone: line6.net
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\aaron\appdata\roaming\mozilla\firefox\profiles\cwzufi5z.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.homestarrunner.com/
FF - prefs.js: network.proxy.type - 4
FF - plugin: c:\program files\foxit software\foxit reader\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
FF - plugin: c:\program files\tabletplugins\npwacom.dll
FF - plugin: c:\programdata\nexonus\ngm\npNxGameUS.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Firebug: firebug@software.joehewitt.com - %profile%\extensions\firebug@software.joehewitt.com
.
============= SERVICES / DRIVERS ===============
.
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-3-25 165264]
R1 MpKsl7a76086f;MpKsl7a76086f;c:\programdata\microsoft\microsoft antimalware\definition updates\{9365418c-ec8b-42c6-9aa8-f8f4be2dc150}\MpKsl7a76086f.sys [2011-3-5 28752]
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2009-7-13 20992]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-12-18 176128]
R2 TabletServicePen;TabletServicePen;c:\program files\tablet\pen\Pen_Tablet.exe [2010-11-17 4869488]
R2 TouchServicePen;Wacom Consumer Touch Service;c:\program files\tablet\pen\Pen_TouchService.exe [2010-11-17 416112]
R3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atikmdag.sys [2010-12-18 6650368]
R3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2010-12-18 231936]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2010-12-18 102416]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2010-3-25 43392]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2010-10-24 54144]
R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2010-11-11 206360]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 GPWADrv;Service for L6 GuitarPort Driver (WDM);c:\windows\system32\drivers\GPWADrv.sys [2010-3-9 571264]
S3 SaiKF622;SaiKF622;c:\windows\system32\drivers\SaiKF622.sys [2009-6-2 113664]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [2010-11-17 16240]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-11-18 1343400]
.
=============== Created Last 30 ================
.
2011-03-05 18:07:24 28752 ----a-w- c:\progra~2\microsoft\microsoft antimalware\definition updates\{9365418c-ec8b-42c6-9aa8-f8f4be2dc150}\MpKsl7a76086f.sys
2011-03-05 18:07:18 5943120 ----a-w- c:\progra~2\microsoft\microsoft antimalware\definition updates\{9365418c-ec8b-42c6-9aa8-f8f4be2dc150}\mpengine.dll
2011-03-04 14:58:44 -------- d-----w- c:\program files\Microsoft XNA
2011-03-04 14:51:23 -------- d-----w- c:\users\aaron\appdata\local\BIT.TRIP RUNNER
2011-03-01 06:08:28 -------- d-----w- C:\The Neverhood + patch (English)
2011-03-01 05:31:23 -------- d-----w- C:\Neverhood Win7 Color Fix
2011-03-01 05:30:18 -------- d-----w- c:\program files\DreamWorks Interactive
2011-02-28 01:42:26 -------- d-----w- c:\users\aaron\appdata\roaming\Malwarebytes
2011-02-28 01:42:21 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-02-28 01:42:20 -------- d-----w- c:\progra~2\Malwarebytes
2011-02-28 01:42:17 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-02-28 01:42:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-02-26 08:03:07 -------- d-----w- c:\program files\Savage XR
2011-02-23 06:41:38 276992 ----a-w- c:\windows\system32\wcncsvc.dll
2011-02-22 22:32:58 442880 ----a-w- c:\windows\system32\XpsPrint.dll
2011-02-22 22:32:57 288256 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-02-21 22:05:15 -------- d-----w- c:\progra~2\Nexon
2011-02-21 20:01:20 -------- d-----w- c:\program files\BandiMPEG1
2011-02-21 19:57:43 -------- d-----w- c:\progra~2\NexonUS
2011-02-21 19:57:32 -------- d-----w- c:\program files\Nexon
2011-02-21 19:11:13 -------- d-----w- c:\program files\Vindictus
2011-02-21 19:10:55 -------- d-----w- c:\users\aaron\appdata\local\PMB Files
2011-02-21 19:10:54 -------- d-----w- c:\progra~2\PMB Files
2011-02-21 19:10:49 -------- d-----w- c:\program files\Pando Networks
2011-02-15 18:02:30 -------- d-----w- c:\program files\MyDefrag v4.3.1
2011-02-15 02:06:09 -------- d-----w- c:\windows\system32\URTTEMP
2011-02-15 02:01:44 669184 ----a-w- c:\windows\system32\pbsvc.exe
2011-02-12 00:46:22 -------- d-----w- c:\windows\pss
2011-02-11 20:04:28 -------- d-----w- c:\progra~2\Nero
2011-02-11 19:59:27 -------- d-----w- c:\program files\Astonsoft
2011-02-11 00:00:03 289552 ----a-w- c:\windows\system32\temp.001
2011-02-11 00:00:03 28672 ----a-w- c:\windows\system32\temp.000
2011-02-11 00:00:03 -------- d-----w- c:\windows\MVUNINST
2011-02-11 00:00:03 -------- d-----w- c:\program files\Memorex exPressit Label Design Studio
2011-02-10 23:22:51 4277016 ----a-w- c:\progra~2\microsoft\ehome\packages\mceclientux\updateablemarkup-6\markup.dll
2011-02-10 17:19:00 -------- d-----w- c:\users\aaron\appdata\local\MicroVision Applications
2011-02-10 17:18:50 487424 ----a-w- c:\windows\system32\msvcp70.dll
2011-02-10 17:18:50 344064 ----a-w- c:\windows\system32\msvcr70.dll
2011-02-10 17:18:49 -------- d-----w- c:\program files\common files\SureThing Shared
2011-02-04 12:58:15 -------- d-----w- C:\UbuntuUSB
2011-02-04 12:38:07 4277016 ----a-w- c:\progra~2\microsoft\ehome\packages\mceclientux\updateablemarkup-7\markup.dll
2011-02-04 10:33:23 -------- d-----w- c:\program files\WinSCP
.
==================== Find3M ====================
.
2011-03-04 14:51:10 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2011-03-04 14:51:10 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2011-03-01 16:45:46 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-02-15 02:02:17 22328 ----a-w- c:\users\aaron\appdata\roaming\PnkBstrK.sys
2011-02-15 02:02:03 103736 ----a-w- c:\windows\system32\PnkBstrB.exe
2011-02-15 02:01:46 66872 ----a-w- c:\windows\system32\PnkBstrA.exe
2011-01-15 20:16:02 270904 ----a-w- c:\windows\system32\PnkBstrB.xtr
2011-01-15 20:11:14 215128 ----a-w- c:\windows\system32\PnkBstrB.ex0
2011-01-07 07:27:11 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-01-07 05:33:11 294400 ----a-w- c:\windows\system32\atmfd.dll
2011-01-05 05:37:33 428032 ----a-w- c:\windows\system32\vbscript.dll
2011-01-05 03:37:38 2329088 ----a-w- c:\windows\system32\win32k.sys
2010-12-21 05:38:24 73728 ----a-w- c:\windows\system32\wscsvc.dll
2010-12-21 05:38:24 51200 ----a-w- c:\windows\system32\wscapi.dll
2010-12-21 05:38:22 981504 ----a-w- c:\windows\system32\wininet.dll
2010-12-21 05:38:22 350720 ----a-w- c:\windows\system32\winhttp.dll
2010-12-21 05:38:21 204800 ----a-w- c:\windows\system32\WebClnt.dll
2010-12-21 05:38:19 204288 ----a-w- c:\windows\system32\upnp.dll
2010-12-21 05:38:16 14336 ----a-w- c:\windows\system32\slwga.dll
2010-12-21 05:36:17 1389568 ----a-w- c:\windows\system32\msxml6.dll
2010-12-21 05:36:16 1236992 ----a-w- c:\windows\system32\msxml3.dll
2010-12-21 05:34:12 80384 ----a-w- c:\windows\system32\davclnt.dll
2010-12-21 02:22:53 2434856 ----a-w- c:\windows\system32\pbsvc_bc2.exe
2010-12-18 05:29:40 44544 ----a-w- c:\windows\system32\licmgr10.dll
2010-12-18 05:29:31 541184 ----a-w- c:\windows\system32\kerberos.dll
2010-12-18 04:20:55 386048 ----a-w- c:\windows\system32\html.iec
2010-12-18 03:47:59 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2010-12-14 17:27:46 111960 ----a-w- c:\windows\dxsdkuninst.exe
2009-11-20 02:08:02 3749224 ----a-w- c:\program files\common files\adlmint_libFNP.dll
2009-11-20 02:08:02 2941288 ----a-w- c:\program files\common files\adlmint.dll
.
============= FINISH: 13:10:03.09 ===============
5. DDS Attach log:
!.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 11/17/2010 2:13:27 PM
System Uptime: 3/5/2011 1:05:47 PM (0 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | M2N-SLI DELUXE
Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 6400+ | Socket AM2 | 3214/200mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 466 GiB total, 255.457 GiB free.
D: is CDROM ()
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: NVIDIA nForce Networking Controller
Device ID: PCI\VEN_10DE&DEV_0373&SUBSYS_82391043&REV_A3\3&2411E6FE&1&48
Manufacturer: NVIDIA
Name: NVIDIA nForce Networking Controller #2
PNP Device ID: PCI\VEN_10DE&DEV_0373&SUBSYS_82391043&REV_A3\3&2411E6FE&1&48
Service: NVENETFD
.
==== System Restore Points ===================
.
RP211: 3/3/2011 3:16:35 PM - Windows Update
RP212: 3/4/2011 8:17:20 AM - Windows Update
RP213: 3/4/2011 9:58:30 AM - Installed Microsoft XNA Framework Redistributable 4.0
RP214: 3/5/2011 10:44:31 AM - Windows Update
.
==== Installed Programs ======================
.
µTorrent
32 Bit HP CIO Components Installer
Acrobat.com
Adobe After Effects CS4 Third Party Content
Adobe AIR
Adobe Anchor Service CS4
Adobe Bridge CS4
Adobe CMaps CS4
Adobe Color - Photoshop Specific CS4
Adobe Color EU Extra Settings CS4
Adobe Color JA Extra Settings CS4
Adobe Color NA Recommended Settings CS4
Adobe Color Video Profiles CS CS4
Adobe Creative Suite 4 Master Collection
Adobe CS4 American English Speech Analysis Models
Adobe CSI CS4
Adobe Default Language CS4
Adobe Device Central CS4
Adobe Dreamweaver CS4
Adobe Drive CS4
Adobe Dynamiclink Support
Adobe Encore CS4 Codecs
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS4
Adobe Flash CS4
Adobe Flash CS4 Extension - Flash Lite STI en
Adobe Flash CS4 STI-en
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Fonts All
Adobe Illustrator CS4
Adobe Linguistics CS4
Adobe Media Encoder CS4
Adobe Media Encoder CS4 Additional Exporter
Adobe Media Encoder CS4 Dolby
Adobe Media Encoder CS4 Exporter
Adobe Media Encoder CS4 Importer
Adobe Media Player
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Photoshop CS4
Adobe Photoshop CS4 Support
Adobe Premiere Pro CS4
Adobe Premiere Pro CS4 Functional Content
Adobe Premiere Pro CS4 Third Party Content
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe Shockwave Player 11.5
Adobe Soundbooth CS4 Codecs
Adobe Type Support CS4
Adobe Update Manager CS4
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS4
AdobeColorCommonSetCMYK
AdobeColorCommonSetRGB
Akamai NetSession Interface
Amazon MP3 Downloader 1.0.10
AMD Drag and Drop Transcoding
And Yet It Moves
Apple Application Support
Apple Software Update
ASIO4ALL
Ask Toolbar
Assassin's Creed II
ATI Catalyst Install Manager
ATI Catalyst Registration
Audacity 1.2.6
Autodesk Backburner 2011.0.0
Autodesk DirectConnect 2010 R1
Autodesk MatchMover 2011 32-bit
Autodesk Maya 2011 32-bit
Autodesk Maya 2011 English Documentation 32-bit
B.U.T.T.O.N.
Back to the Future: Ep 2 - Get Tannen!
Bamboo
Bandisoft MPEG-1 Decoder
Battlefield: Bad Company 2
BIT.TRIP RUNNER
Blender (remove only)
BufferChm
Burnout Paradise: The Ultimate Box
Call of Duty: Black Ops
Call of Duty: Black Ops - Multiplayer
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
ccc-core-static
ccc-utility
CCC Help English
Champions Online
Composite 2011
Connect
Counter-Strike: Source
Crysis 2 Demo
Crysis Warhead
Crysis Wars
Crystal Reports Basic for Visual Studio 2008
Destinations
Deus Ex: Game of the Year Edition
Deus Ex: Invisible War
DeviceDiscovery
DjVu Solo 3.1
Dystopia
FileZilla Client 3.3.5.1
FL Studio 9
Foxit Reader
Garry's Mod
GDR 4053 for SQL Server Database Services 2005 ENU (KB970892)
GDR 4053 for SQL Server Tools and Workstation Components 2005 ENU (KB970892)
Gish
GoldenEye: Source - HalfLife 2 Mod
GOMTV Streamer
GPBaseService2
Half-Life 2: Deathmatch
Hardcore
Heroes of Newerth
Hitman: Codename 47
Hotfix for Microsoft Visual Studio 2008 Professional Edition - ENU (KB971091)
Hotfix for Microsoft Visual Studio 2008 Professional Edition - ENU (KB973674)
HP Imaging Device Functions 14.0
HP Photosmart Plus B209a-m All-in-One Driver 14.0 Rel. 6
HP Solution Center 14.0
HPProductAssistant
IL Download Manager
Java Auto Updater
Java(TM) 6 Update 24
Jolly Rover
kuler
LAME v3.98.3 for Audacity
Lara Croft and the Guardian of Light
Left 4 Dead 2
Line 6 Uninstaller
Lost Horizon
Machinarium
Magicka - Demo
Malwarebytes' Anti-Malware
Memorex exPressit Label Design Studio
Microsoft .NET Compact Framework 2.0 SP2
Microsoft .NET Compact Framework 3.5
Microsoft .NET Framework 1.1
Microsoft .NET Framework 4 Client Profile
Microsoft Antimalware
Microsoft Device Emulator version 3.0 - ENU
Microsoft DirectX SDK (June 2010)
Microsoft Document Explorer 2008
Microsoft Games for Windows - LIVE
Microsoft Games for Windows - LIVE Redistributable
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)
Microsoft Office Visual Web Developer 2007
Microsoft Office Visual Web Developer MUI (English) 2007
Microsoft PowerPoint Viewer
Microsoft Security Client
Microsoft Security Essentials
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
Microsoft SQL Server 2005 Tools Express Edition
Microsoft SQL Server Compact 3.5 Design Tools ENU
Microsoft SQL Server Compact 3.5 ENU
Microsoft SQL Server Compact 3.5 for Devices ENU
Microsoft SQL Server Database Publishing Wizard 1.2
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft Visual Studio 2005 Tools for Office Runtime
Microsoft Visual Studio 2008 Professional Edition - ENU
Microsoft Visual Studio Web Authoring Component
Microsoft Windows SDK for Visual Studio 2008 .NET Framework Tools
Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
Microsoft Windows SDK for Visual Studio 2008 SDK Reference Assemblies and IntelliSense
Microsoft Windows SDK for Visual Studio 2008 Tools
Microsoft Windows SDK for Visual Studio 2008 Win32 Tools
Microsoft XNA Framework Redistributable 4.0
Mirror's Edge
Monday Night Combat
Mount and Blade: Warband
Mozilla Firefox (3.6.15)
MSDN Library for Visual Studio 2008 - ENU
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Mumble and Murmur
MyDefrag v4.3.1
Network
Nexon Game Manager
Notepad++
NVIDIA PhysX
On the Rain-Slick Precipice of Darkness, Episode One
On the Rain-Slick Precipice of Darkness, Episode Two
OpenAL
OpenOffice.org 3.2
Pando Media Booster
PDF Settings CS4
Photoshop Camera Raw
Pirates, Vikings, & Knights II
Pixel Bender Toolkit
PoiZone
Poker Night at the Inventory
Portal
PowerISO
Prince of Persia: The Two Thrones
Project S
PS_AIO_06_B209a-m_SW_Min
PunkBuster Services
Python 2.5.4
QuickTime
Recettear: An Item Shop's Tale
Revenge of the Titans HIB (remove only)
Savage: The Battle For Newerth (Version: 1.0RC3)
Sawer
Scan
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2289158)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Serious Sam HD: The Second Encounter
SolutionCenter
Star Wars Galactic Battlegrounds: Saga
Star Wars Jedi Knight: Dark Forces II
StarCraft II
Status
Steam
Suite Shared Configuration CS4
Super Meat Boy
Swords and Soldiers HD
Synergy
System Protocol One Demo
Team Fortress 2
The Ball
The Misadventures of P.B. Winterbottom
The Neverhood
Toolbox
TortoiseSVN 1.6.12.20536 (32 bit)
Toxic Biohazard
TrayApp
Unigine Heaven Benchmark v2.1
Update for 2007 Microsoft Office System (KB2284654)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Visual Studio 2008 Professional Edition - ENU (KB972221)
VC Runtimes MSI
Ventrilo Client
Vindictus
Vista Shortcut Manager
Visual Studio 2005 Tools for Office Second Edition Runtime
Visual Studio Tools for the Office system 3.0 Runtime
Viva Piñata
Viva Pinata
VLC media player 1.1.5
Warhammer® 40,000®: Dawn of War® II – Retribution™ Beta
Warhammer® 40,000™: Dawn of War® II
WebTablet IE Plugin
WebTablet Netscape Plugin
Winamp
Winamp Detector Plug-in
Windows Live ID Sign-in Assistant
Windows Mobile 5.0 SDK R2 for Pocket PC
Windows Mobile 5.0 SDK R2 for Smartphone
WinRAR archiver
WinSCP 4.2.9
WMV9/VC-1 Video Playback
YouTube Downloader 2.6.5
Zombie Panic Source
.
==== Event Viewer Messages From Past Week ========
.
3/5/2011 12:40:54 PM, Error: Service Control Manager [7031] - The Microsoft Antimalware Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 15000 milliseconds: Restart the service.
3/5/2011 1:01:41 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
3/5/2011 1:01:41 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
3/5/2011 1:01:40 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
3/5/2011 1:01:40 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
3/5/2011 1:01:40 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
3/5/2011 1:01:39 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
3/5/2011 1:01:34 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
3/5/2011 1:01:24 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD CSC DfsC discache MpFilter NetBIOS NetBT nsiproxy Psched rdbss SCDEmu spldr tdx Wanarpv6 WfpLwf
3/5/2011 1:01:24 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
3/5/2011 1:01:24 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
3/5/2011 1:01:24 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
3/5/2011 1:01:24 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
3/5/2011 1:01:24 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
3/5/2011 1:01:24 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
3/5/2011 1:01:24 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
3/5/2011 1:01:24 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
3/5/2011 1:01:24 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
3/5/2011 1:01:24 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
3/3/2011 2:01:52 PM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
3/3/2011 10:28:32 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR2.
3/1/2011 12:06:13 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.
2/28/2011 10:32:50 AM, Error: bowser [8003] - The master browser has received a server announcement from the computer DANI-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{3516BA6F-BE82-4218-9B69-D4D1160D25. The master browser is stopping or an election is being forced.
2/27/2011 10:11:19 PM, Error: Service Control Manager [7038] - The upnphost service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The security account manager (SAM) or local security authority (LSA) server was in the wrong state to perform the security operation. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
2/27/2011 10:11:19 PM, Error: Service Control Manager [7000] - The UPnP Device Host service failed to start due to the following error: The service did not start due to a logon failure.
2/27/2011 10:11:19 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1069" attempting to start the service upnphost with arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}
.
==== End Of File ===========================
Thanks much for any help. It's greatly appreciated.
For the last ~2 weeks now, every 5 days MSE comes up with something in its scan or pops up a message about a Java Trojan/Trojan Downloader found on the system. When I initially saw this, I did full scans with both MSE and MBAM almost daily, and didn't find anything. However, something would manage to crop up that was Java related.
Something to note: These infected files were always found in my Java AppData folder (C:\Users\Aaron\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\ random folders/files from here on...). I'm thinking they're linked together, but whenever I delete one, it seems to download itself back on. I haven't had any issues yet; my web browsers haven't been redirecting themselves, and I haven't gotten any spamming windows or anything like that; there's virtually no sign that anything's wrong other than the messages that my scanners are detecting them. However, as they're Trojans, they're obvious security concerns for me.
Here are the infected files and their locations that MSE detected over the past 2 weeks:
TrojanDownloader:Java/OpenConnection.KR
Found in: containerfile:C:\Users\Aaron\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57\458317b9-7212efc1
file:C:\Users\Aaron\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57\458317b9-7212efc1->RequiredJavaComponent.class
Exploit:Java/CVE-2010-0840.BF
Found in: containerfile:C:\Users\Aaron\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25\126cbbd9-54edaafd
containerfile:C:\Users\Aaron\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60\2107de3c-487ee999
file:C:\Users\Aaron\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25\126cbbd9-54edaafd->folder/Ump_45.class
file:C:\Users\Aaron\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60\2107de3c-487ee999->folder/Ump_45.class
Exploit:Java/CVE-2010-0840.BH
Found in: containerfile:C:\Users\Aaron\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0\49e03e00-34e2a4ca
containerfile:C:\Users\Aaron\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14\4a14144e-52409202
containerfile:C:\Users\Aaron\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7\2a769347-4eacf6c1
file:C:\Users\Aaron\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0\49e03e00-34e2a4ca->glass/boing.class
file:C:\Users\Aaron\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14\4a14144e-52409202->glass/boing.class
file:C:\Users\Aaron\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7\2a769347-4eacf6c1->glass/boing.class
Rogue:Win32/FakeSpypro
Found in: containerfile:C:\Users\Aaron\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18\455b1452-51f143bf
containerfile:C:\Users\Aaron\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48\37cf23b0-46089767
file:C:\Users\Aaron\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18\455b1452-51f143bf->[Obfuscator.JM]->(UPX)
file:C:\Users\Aaron\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48\37cf23b0-46089767->[Obfuscator.JM]->(UPX)
I did a full scan with MBAM today, and in the middle of it, MSE found another infected file. Here are the logs:
1. MBAM Quick Scan:
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Database version: 5966
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
3/5/2011 12:51:40 PM
mbam-log-2011-03-05 (12-51-40).txt
Scan type: Quick scan
Objects scanned: 169396
Time elapsed: 2 minute(s), 25 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
2. MBAM Full Scan run earlier today:
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Database version: 5964
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
3/5/2011 12:21:46 PM
mbam-log-2011-03-05 (12-21-46).txt
Scan type: Full scan (C:\|)
Objects scanned: 513568
Time elapsed: 1 hour(s), 28 minute(s), 3 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
3. GMER log:
GMER 1.0.15.15530 - http://www.gmer.net
Rootkit quick scan 2011-03-05 13:04:36
Windows 6.1.7600 Harddisk0\DR0 -> \Device\00000065 ST350032 rev.SD04
Running: n9jnvpgs.exe; Driver: C:\Users\Aaron\AppData\Local\Temp\aglcrpog.sys
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
---- EOF - GMER 1.0.15 ----
4. DDS log:
.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Aaron at 13:09:51.86 on Sat 03/05/2011
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_24
Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.3582.2444 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Program Files\Tablet\Pen\Pen_TouchService.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\svchost.exe -k Akamai
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k hpdevmgmt
c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\PnkBstrA.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Tablet\Pen\Pen_Tablet.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskhost.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Steam\Steam.exe
c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Tablet\Pen\Pen_Tablet.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\wbem\wmiprvse.exe
c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Users\Aaron\Downloads\dds.scr
C:\Windows\system32\conhost.exe
.
============== Pseudo HJT Report ===============
.
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Foxit Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Foxit Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
{555d4d79-4bd2-4094-a395-cfc534424a05}
uRun: [Steam] "c:\program files\steam\steam.exe" -silent
mRun: [ATICustomerCare] "c:\program files\ati\aticustomercare\ATICustomerCare.exe"
mRun: [PWRISOVM.EXE] c:\program files\poweriso\PWRISOVM.EXE
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
Trusted Zone: line6.net
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\aaron\appdata\roaming\mozilla\firefox\profiles\cwzufi5z.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.homestarrunner.com/
FF - prefs.js: network.proxy.type - 4
FF - plugin: c:\program files\foxit software\foxit reader\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
FF - plugin: c:\program files\tabletplugins\npwacom.dll
FF - plugin: c:\programdata\nexonus\ngm\npNxGameUS.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Firebug: firebug@software.joehewitt.com - %profile%\extensions\firebug@software.joehewitt.com
.
============= SERVICES / DRIVERS ===============
.
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-3-25 165264]
R1 MpKsl7a76086f;MpKsl7a76086f;c:\programdata\microsoft\microsoft antimalware\definition updates\{9365418c-ec8b-42c6-9aa8-f8f4be2dc150}\MpKsl7a76086f.sys [2011-3-5 28752]
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2009-7-13 20992]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-12-18 176128]
R2 TabletServicePen;TabletServicePen;c:\program files\tablet\pen\Pen_Tablet.exe [2010-11-17 4869488]
R2 TouchServicePen;Wacom Consumer Touch Service;c:\program files\tablet\pen\Pen_TouchService.exe [2010-11-17 416112]
R3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atikmdag.sys [2010-12-18 6650368]
R3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2010-12-18 231936]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2010-12-18 102416]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2010-3-25 43392]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2010-10-24 54144]
R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2010-11-11 206360]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 GPWADrv;Service for L6 GuitarPort Driver (WDM);c:\windows\system32\drivers\GPWADrv.sys [2010-3-9 571264]
S3 SaiKF622;SaiKF622;c:\windows\system32\drivers\SaiKF622.sys [2009-6-2 113664]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [2010-11-17 16240]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-11-18 1343400]
.
=============== Created Last 30 ================
.
2011-03-05 18:07:24 28752 ----a-w- c:\progra~2\microsoft\microsoft antimalware\definition updates\{9365418c-ec8b-42c6-9aa8-f8f4be2dc150}\MpKsl7a76086f.sys
2011-03-05 18:07:18 5943120 ----a-w- c:\progra~2\microsoft\microsoft antimalware\definition updates\{9365418c-ec8b-42c6-9aa8-f8f4be2dc150}\mpengine.dll
2011-03-04 14:58:44 -------- d-----w- c:\program files\Microsoft XNA
2011-03-04 14:51:23 -------- d-----w- c:\users\aaron\appdata\local\BIT.TRIP RUNNER
2011-03-01 06:08:28 -------- d-----w- C:\The Neverhood + patch (English)
2011-03-01 05:31:23 -------- d-----w- C:\Neverhood Win7 Color Fix
2011-03-01 05:30:18 -------- d-----w- c:\program files\DreamWorks Interactive
2011-02-28 01:42:26 -------- d-----w- c:\users\aaron\appdata\roaming\Malwarebytes
2011-02-28 01:42:21 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-02-28 01:42:20 -------- d-----w- c:\progra~2\Malwarebytes
2011-02-28 01:42:17 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-02-28 01:42:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-02-26 08:03:07 -------- d-----w- c:\program files\Savage XR
2011-02-23 06:41:38 276992 ----a-w- c:\windows\system32\wcncsvc.dll
2011-02-22 22:32:58 442880 ----a-w- c:\windows\system32\XpsPrint.dll
2011-02-22 22:32:57 288256 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-02-21 22:05:15 -------- d-----w- c:\progra~2\Nexon
2011-02-21 20:01:20 -------- d-----w- c:\program files\BandiMPEG1
2011-02-21 19:57:43 -------- d-----w- c:\progra~2\NexonUS
2011-02-21 19:57:32 -------- d-----w- c:\program files\Nexon
2011-02-21 19:11:13 -------- d-----w- c:\program files\Vindictus
2011-02-21 19:10:55 -------- d-----w- c:\users\aaron\appdata\local\PMB Files
2011-02-21 19:10:54 -------- d-----w- c:\progra~2\PMB Files
2011-02-21 19:10:49 -------- d-----w- c:\program files\Pando Networks
2011-02-15 18:02:30 -------- d-----w- c:\program files\MyDefrag v4.3.1
2011-02-15 02:06:09 -------- d-----w- c:\windows\system32\URTTEMP
2011-02-15 02:01:44 669184 ----a-w- c:\windows\system32\pbsvc.exe
2011-02-12 00:46:22 -------- d-----w- c:\windows\pss
2011-02-11 20:04:28 -------- d-----w- c:\progra~2\Nero
2011-02-11 19:59:27 -------- d-----w- c:\program files\Astonsoft
2011-02-11 00:00:03 289552 ----a-w- c:\windows\system32\temp.001
2011-02-11 00:00:03 28672 ----a-w- c:\windows\system32\temp.000
2011-02-11 00:00:03 -------- d-----w- c:\windows\MVUNINST
2011-02-11 00:00:03 -------- d-----w- c:\program files\Memorex exPressit Label Design Studio
2011-02-10 23:22:51 4277016 ----a-w- c:\progra~2\microsoft\ehome\packages\mceclientux\updateablemarkup-6\markup.dll
2011-02-10 17:19:00 -------- d-----w- c:\users\aaron\appdata\local\MicroVision Applications
2011-02-10 17:18:50 487424 ----a-w- c:\windows\system32\msvcp70.dll
2011-02-10 17:18:50 344064 ----a-w- c:\windows\system32\msvcr70.dll
2011-02-10 17:18:49 -------- d-----w- c:\program files\common files\SureThing Shared
2011-02-04 12:58:15 -------- d-----w- C:\UbuntuUSB
2011-02-04 12:38:07 4277016 ----a-w- c:\progra~2\microsoft\ehome\packages\mceclientux\updateablemarkup-7\markup.dll
2011-02-04 10:33:23 -------- d-----w- c:\program files\WinSCP
.
==================== Find3M ====================
.
2011-03-04 14:51:10 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2011-03-04 14:51:10 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2011-03-01 16:45:46 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-02-15 02:02:17 22328 ----a-w- c:\users\aaron\appdata\roaming\PnkBstrK.sys
2011-02-15 02:02:03 103736 ----a-w- c:\windows\system32\PnkBstrB.exe
2011-02-15 02:01:46 66872 ----a-w- c:\windows\system32\PnkBstrA.exe
2011-01-15 20:16:02 270904 ----a-w- c:\windows\system32\PnkBstrB.xtr
2011-01-15 20:11:14 215128 ----a-w- c:\windows\system32\PnkBstrB.ex0
2011-01-07 07:27:11 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-01-07 05:33:11 294400 ----a-w- c:\windows\system32\atmfd.dll
2011-01-05 05:37:33 428032 ----a-w- c:\windows\system32\vbscript.dll
2011-01-05 03:37:38 2329088 ----a-w- c:\windows\system32\win32k.sys
2010-12-21 05:38:24 73728 ----a-w- c:\windows\system32\wscsvc.dll
2010-12-21 05:38:24 51200 ----a-w- c:\windows\system32\wscapi.dll
2010-12-21 05:38:22 981504 ----a-w- c:\windows\system32\wininet.dll
2010-12-21 05:38:22 350720 ----a-w- c:\windows\system32\winhttp.dll
2010-12-21 05:38:21 204800 ----a-w- c:\windows\system32\WebClnt.dll
2010-12-21 05:38:19 204288 ----a-w- c:\windows\system32\upnp.dll
2010-12-21 05:38:16 14336 ----a-w- c:\windows\system32\slwga.dll
2010-12-21 05:36:17 1389568 ----a-w- c:\windows\system32\msxml6.dll
2010-12-21 05:36:16 1236992 ----a-w- c:\windows\system32\msxml3.dll
2010-12-21 05:34:12 80384 ----a-w- c:\windows\system32\davclnt.dll
2010-12-21 02:22:53 2434856 ----a-w- c:\windows\system32\pbsvc_bc2.exe
2010-12-18 05:29:40 44544 ----a-w- c:\windows\system32\licmgr10.dll
2010-12-18 05:29:31 541184 ----a-w- c:\windows\system32\kerberos.dll
2010-12-18 04:20:55 386048 ----a-w- c:\windows\system32\html.iec
2010-12-18 03:47:59 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2010-12-14 17:27:46 111960 ----a-w- c:\windows\dxsdkuninst.exe
2009-11-20 02:08:02 3749224 ----a-w- c:\program files\common files\adlmint_libFNP.dll
2009-11-20 02:08:02 2941288 ----a-w- c:\program files\common files\adlmint.dll
.
============= FINISH: 13:10:03.09 ===============
5. DDS Attach log:
!.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 11/17/2010 2:13:27 PM
System Uptime: 3/5/2011 1:05:47 PM (0 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | M2N-SLI DELUXE
Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 6400+ | Socket AM2 | 3214/200mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 466 GiB total, 255.457 GiB free.
D: is CDROM ()
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: NVIDIA nForce Networking Controller
Device ID: PCI\VEN_10DE&DEV_0373&SUBSYS_82391043&REV_A3\3&2411E6FE&1&48
Manufacturer: NVIDIA
Name: NVIDIA nForce Networking Controller #2
PNP Device ID: PCI\VEN_10DE&DEV_0373&SUBSYS_82391043&REV_A3\3&2411E6FE&1&48
Service: NVENETFD
.
==== System Restore Points ===================
.
RP211: 3/3/2011 3:16:35 PM - Windows Update
RP212: 3/4/2011 8:17:20 AM - Windows Update
RP213: 3/4/2011 9:58:30 AM - Installed Microsoft XNA Framework Redistributable 4.0
RP214: 3/5/2011 10:44:31 AM - Windows Update
.
==== Installed Programs ======================
.
µTorrent
32 Bit HP CIO Components Installer
Acrobat.com
Adobe After Effects CS4 Third Party Content
Adobe AIR
Adobe Anchor Service CS4
Adobe Bridge CS4
Adobe CMaps CS4
Adobe Color - Photoshop Specific CS4
Adobe Color EU Extra Settings CS4
Adobe Color JA Extra Settings CS4
Adobe Color NA Recommended Settings CS4
Adobe Color Video Profiles CS CS4
Adobe Creative Suite 4 Master Collection
Adobe CS4 American English Speech Analysis Models
Adobe CSI CS4
Adobe Default Language CS4
Adobe Device Central CS4
Adobe Dreamweaver CS4
Adobe Drive CS4
Adobe Dynamiclink Support
Adobe Encore CS4 Codecs
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS4
Adobe Flash CS4
Adobe Flash CS4 Extension - Flash Lite STI en
Adobe Flash CS4 STI-en
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Fonts All
Adobe Illustrator CS4
Adobe Linguistics CS4
Adobe Media Encoder CS4
Adobe Media Encoder CS4 Additional Exporter
Adobe Media Encoder CS4 Dolby
Adobe Media Encoder CS4 Exporter
Adobe Media Encoder CS4 Importer
Adobe Media Player
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Photoshop CS4
Adobe Photoshop CS4 Support
Adobe Premiere Pro CS4
Adobe Premiere Pro CS4 Functional Content
Adobe Premiere Pro CS4 Third Party Content
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe Shockwave Player 11.5
Adobe Soundbooth CS4 Codecs
Adobe Type Support CS4
Adobe Update Manager CS4
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS4
AdobeColorCommonSetCMYK
AdobeColorCommonSetRGB
Akamai NetSession Interface
Amazon MP3 Downloader 1.0.10
AMD Drag and Drop Transcoding
And Yet It Moves
Apple Application Support
Apple Software Update
ASIO4ALL
Ask Toolbar
Assassin's Creed II
ATI Catalyst Install Manager
ATI Catalyst Registration
Audacity 1.2.6
Autodesk Backburner 2011.0.0
Autodesk DirectConnect 2010 R1
Autodesk MatchMover 2011 32-bit
Autodesk Maya 2011 32-bit
Autodesk Maya 2011 English Documentation 32-bit
B.U.T.T.O.N.
Back to the Future: Ep 2 - Get Tannen!
Bamboo
Bandisoft MPEG-1 Decoder
Battlefield: Bad Company 2
BIT.TRIP RUNNER
Blender (remove only)
BufferChm
Burnout Paradise: The Ultimate Box
Call of Duty: Black Ops
Call of Duty: Black Ops - Multiplayer
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
ccc-core-static
ccc-utility
CCC Help English
Champions Online
Composite 2011
Connect
Counter-Strike: Source
Crysis 2 Demo
Crysis Warhead
Crysis Wars
Crystal Reports Basic for Visual Studio 2008
Destinations
Deus Ex: Game of the Year Edition
Deus Ex: Invisible War
DeviceDiscovery
DjVu Solo 3.1
Dystopia
FileZilla Client 3.3.5.1
FL Studio 9
Foxit Reader
Garry's Mod
GDR 4053 for SQL Server Database Services 2005 ENU (KB970892)
GDR 4053 for SQL Server Tools and Workstation Components 2005 ENU (KB970892)
Gish
GoldenEye: Source - HalfLife 2 Mod
GOMTV Streamer
GPBaseService2
Half-Life 2: Deathmatch
Hardcore
Heroes of Newerth
Hitman: Codename 47
Hotfix for Microsoft Visual Studio 2008 Professional Edition - ENU (KB971091)
Hotfix for Microsoft Visual Studio 2008 Professional Edition - ENU (KB973674)
HP Imaging Device Functions 14.0
HP Photosmart Plus B209a-m All-in-One Driver 14.0 Rel. 6
HP Solution Center 14.0
HPProductAssistant
IL Download Manager
Java Auto Updater
Java(TM) 6 Update 24
Jolly Rover
kuler
LAME v3.98.3 for Audacity
Lara Croft and the Guardian of Light
Left 4 Dead 2
Line 6 Uninstaller
Lost Horizon
Machinarium
Magicka - Demo
Malwarebytes' Anti-Malware
Memorex exPressit Label Design Studio
Microsoft .NET Compact Framework 2.0 SP2
Microsoft .NET Compact Framework 3.5
Microsoft .NET Framework 1.1
Microsoft .NET Framework 4 Client Profile
Microsoft Antimalware
Microsoft Device Emulator version 3.0 - ENU
Microsoft DirectX SDK (June 2010)
Microsoft Document Explorer 2008
Microsoft Games for Windows - LIVE
Microsoft Games for Windows - LIVE Redistributable
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)
Microsoft Office Visual Web Developer 2007
Microsoft Office Visual Web Developer MUI (English) 2007
Microsoft PowerPoint Viewer
Microsoft Security Client
Microsoft Security Essentials
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
Microsoft SQL Server 2005 Tools Express Edition
Microsoft SQL Server Compact 3.5 Design Tools ENU
Microsoft SQL Server Compact 3.5 ENU
Microsoft SQL Server Compact 3.5 for Devices ENU
Microsoft SQL Server Database Publishing Wizard 1.2
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft Visual Studio 2005 Tools for Office Runtime
Microsoft Visual Studio 2008 Professional Edition - ENU
Microsoft Visual Studio Web Authoring Component
Microsoft Windows SDK for Visual Studio 2008 .NET Framework Tools
Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
Microsoft Windows SDK for Visual Studio 2008 SDK Reference Assemblies and IntelliSense
Microsoft Windows SDK for Visual Studio 2008 Tools
Microsoft Windows SDK for Visual Studio 2008 Win32 Tools
Microsoft XNA Framework Redistributable 4.0
Mirror's Edge
Monday Night Combat
Mount and Blade: Warband
Mozilla Firefox (3.6.15)
MSDN Library for Visual Studio 2008 - ENU
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Mumble and Murmur
MyDefrag v4.3.1
Network
Nexon Game Manager
Notepad++
NVIDIA PhysX
On the Rain-Slick Precipice of Darkness, Episode One
On the Rain-Slick Precipice of Darkness, Episode Two
OpenAL
OpenOffice.org 3.2
Pando Media Booster
PDF Settings CS4
Photoshop Camera Raw
Pirates, Vikings, & Knights II
Pixel Bender Toolkit
PoiZone
Poker Night at the Inventory
Portal
PowerISO
Prince of Persia: The Two Thrones
Project S
PS_AIO_06_B209a-m_SW_Min
PunkBuster Services
Python 2.5.4
QuickTime
Recettear: An Item Shop's Tale
Revenge of the Titans HIB (remove only)
Savage: The Battle For Newerth (Version: 1.0RC3)
Sawer
Scan
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2289158)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Serious Sam HD: The Second Encounter
SolutionCenter
Star Wars Galactic Battlegrounds: Saga
Star Wars Jedi Knight: Dark Forces II
StarCraft II
Status
Steam
Suite Shared Configuration CS4
Super Meat Boy
Swords and Soldiers HD
Synergy
System Protocol One Demo
Team Fortress 2
The Ball
The Misadventures of P.B. Winterbottom
The Neverhood
Toolbox
TortoiseSVN 1.6.12.20536 (32 bit)
Toxic Biohazard
TrayApp
Unigine Heaven Benchmark v2.1
Update for 2007 Microsoft Office System (KB2284654)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Visual Studio 2008 Professional Edition - ENU (KB972221)
VC Runtimes MSI
Ventrilo Client
Vindictus
Vista Shortcut Manager
Visual Studio 2005 Tools for Office Second Edition Runtime
Visual Studio Tools for the Office system 3.0 Runtime
Viva Piñata
Viva Pinata
VLC media player 1.1.5
Warhammer® 40,000®: Dawn of War® II – Retribution™ Beta
Warhammer® 40,000™: Dawn of War® II
WebTablet IE Plugin
WebTablet Netscape Plugin
Winamp
Winamp Detector Plug-in
Windows Live ID Sign-in Assistant
Windows Mobile 5.0 SDK R2 for Pocket PC
Windows Mobile 5.0 SDK R2 for Smartphone
WinRAR archiver
WinSCP 4.2.9
WMV9/VC-1 Video Playback
YouTube Downloader 2.6.5
Zombie Panic Source
.
==== Event Viewer Messages From Past Week ========
.
3/5/2011 12:40:54 PM, Error: Service Control Manager [7031] - The Microsoft Antimalware Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 15000 milliseconds: Restart the service.
3/5/2011 1:01:41 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
3/5/2011 1:01:41 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
3/5/2011 1:01:40 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
3/5/2011 1:01:40 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
3/5/2011 1:01:40 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
3/5/2011 1:01:39 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
3/5/2011 1:01:34 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
3/5/2011 1:01:24 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD CSC DfsC discache MpFilter NetBIOS NetBT nsiproxy Psched rdbss SCDEmu spldr tdx Wanarpv6 WfpLwf
3/5/2011 1:01:24 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
3/5/2011 1:01:24 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
3/5/2011 1:01:24 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
3/5/2011 1:01:24 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
3/5/2011 1:01:24 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
3/5/2011 1:01:24 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
3/5/2011 1:01:24 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
3/5/2011 1:01:24 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
3/5/2011 1:01:24 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
3/5/2011 1:01:24 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
3/3/2011 2:01:52 PM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
3/3/2011 10:28:32 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR2.
3/1/2011 12:06:13 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.
2/28/2011 10:32:50 AM, Error: bowser [8003] - The master browser has received a server announcement from the computer DANI-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{3516BA6F-BE82-4218-9B69-D4D1160D25. The master browser is stopping or an election is being forced.
2/27/2011 10:11:19 PM, Error: Service Control Manager [7038] - The upnphost service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The security account manager (SAM) or local security authority (LSA) server was in the wrong state to perform the security operation. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
2/27/2011 10:11:19 PM, Error: Service Control Manager [7000] - The UPnP Device Host service failed to start due to the following error: The service did not start due to a logon failure.
2/27/2011 10:11:19 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1069" attempting to start the service upnphost with arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}
.
==== End Of File ===========================
Thanks much for any help. It's greatly appreciated.