Good morning
I hope you are able to assist. I recently appeared to get a virus from a website or file download. This resulted in popups to appear to the cpvfeed domain when some web links were clicked in Chrome\IE\Firefox. I also got adverts for flash HD player sometimes but from non adobe.com domains.
Some friends suggested reverting to a previous restore point from a few days earlier and this seems to have removed these symptoms. However, I am concerned that there could be some files and\or root kits lurking on the machine still, especially as this virus seemed quite old and I had up-to-date microsoft forefront protection running.
I have followed the "4-Step Viruses/Spyware/Malware Removal Preliminary Instructions" and post the results below. Please note that running dds.com the first time appeared to trigger a BSOD in the mbr.sys driver. I reran DDS after the reboot and those logs are below.
Thanks in advance for your help.
MBAM log
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
Database version: v2013.05.05.05
Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 8.0.7601.17514
brookj :: NGT07NT1 [administrator]
05/05/2013 19:01:31
mbam-log-2013-05-05 (19-01-31).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 328524
Time elapsed: 16 minute(s), 58 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
DDS.txt
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 10.21.2
Run by brookj at 8:43:14 on 2013-05-06
Microsoft Windows 7 Enterprise 6.1.7601.1.1252.1.1033.18.3493.2023 [GMT 1:00]
.
AV: Microsoft Forefront Endpoint Protection *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Forefront Endpoint Protection *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\GNU\GnuPG\dirmngr.exe
C:\ProgramData\MobileBrServ\mbbservice.exe
C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
C:\Program Files\Dell\Dell WWAN\WMCore\mini_WMCore.exe
C:\Windows\system32\CCM\CcmExec.exe
C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\msiexec.exe
c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Microsoft Application Virtualization Client\sftdcc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\conhost.exe
C:\Windows\system32\PING.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files\Intel\Bluetooth\BleServicesCtrl.exe
C:\Windows\System32\rundll32.exe
C:\Windows\WindowsMobile\wmdcBase.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
C:\Windows\System32\spool\drivers\w32x86\3\E_FATI9LA.EXE
C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
C:\Users\brookj\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\salesforce.com\Salesforce for Outlook\SfdcMsOl.exe
C:\Users\brookj\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Intel\Bluetooth\devmonsrv.exe
C:\Program Files\Intel\Bluetooth\mediasrv.exe
C:\Program Files\Intel\Bluetooth\obexsrv.exe
C:\Windows\system32\wbem\WmiApSrv.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Intel\Bluetooth\BTPlayerCtrl.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k apphost
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k iissvcs
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://myplace.bbs-group.com/
uSearch Bar = hxxp://www.google.co.uk
uDefault_Page_URL = hxxps://myplace.bbs-group.com/
mWinlogon: Userinit = c:\windows\system32\userinit.exe,"c:\program files\microsoft application virtualization client\sftdcc.exe"
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - c:\program files\microsoft lync\OCHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office14\GROOVEEX.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: LastPass Vault: {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - c:\users\brookj\appdata\roaming\lastpass\LPToolbar.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - c:\users\brookj\appdata\roaming\lastpass\LPToolbar.dll
uRun: [OfficeSyncProcess] "c:\program files\microsoft office\office14\MSOSYNC.EXE"
uRun: [MobileDocuments] c:\program files\common files\apple\internet services\ubd.exe
uRun: [EPSON Stylus Photo R1800] c:\windows\system32\spool\drivers\w32x86\3\e_fati9la.exe /fu "c:\windows\temp\E_S5261.tmp" /EF "HKCU"
uRun: [DocFetcher-Daemon] c:\program files\docfetcher\docfetcher-daemon-win.exe
uRun: [iCloudServices] c:\program files\common files\apple\internet services\iCloudServices.exe
uRun: [ApplePhotoStreams] c:\program files\common files\apple\internet services\ApplePhotoStreams.exe
uRun: [Spotify Web Helper] "c:\users\brookj\appdata\roaming\spotify\data\SpotifyWebHelper.exe"
uRun: [GoogleChromeAutoLaunch_E087D22222A027E6E46153B768D9EB31] "c:\program files\google\chrome\application\chrome.exe" --no-startup-window
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [Communicator] "c:\program files\microsoft lync\communicator.exe" /fromrunkey
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [NUSB3MON] "c:\program files\nec electronics\usb 3.0 host controller driver\application\nusb3mon.exe"
mRun: [SoftGridTray] "c:\program files\microsoft application virtualization client\SFTTray.exe" /autostart
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [BLEServicesCtrl] c:\program files\intel\bluetooth\BleServicesCtrl.exe
mRun: [BTMTrayAgent] rundll32.exe "c:\program files\intel\bluetooth\btmshell.dll",TrayApp
mRun: [Windows Mobile-based device management] c:\windows\windowsmobile\wmdcBase.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\users\brookj\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\brookj\appdata\roaming\dropbox\bin\Dropbox.exe
StartupFolder: c:\users\brookj\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office14\ONENOTEM.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\SALESF~1.LNK -
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-System: HideLogonScripts = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableInstallerDetection = dword:0
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableSecureUIAPaths = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: legalnoticecaption = IT IS AN OFFENSE TO CONTINUE WITHOUT PROPER AUTHORISATION
mPolicies-System: legalnoticetext = This system is for the use of authorized users only. Individuals using this computer system without authority, or in excess of their authority, are subject to having all of their activities on this system monitored and recorded by system personnel. Furthermore, the activities of authorized users may also be monitored and anyone using this system expressly consents to such monitoring and is advised that if such monitoring reveals possible evidence of criminal activity, system personnel may provide the evidence of such monitoring to law enforcement officials.
Security protections may be utilized on this system to protect certain interests that are important to the organisation. For example, passwords, access cards, encryption or biometric access controls provide security for the benefit of the organisation. These protections are not provided for your benefit or privacy and may be modified or eliminated at the organisations' discretion.
mPolicies-Windows\System: UserPolicyMode = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office14\EXCEL.EXE/3000
IE: LastPass - c:\users\brookj\appdata\locallow\lastpass\context.html?cmd=lastpass
IE: LastPass Fill Forms - c:\users\brookj\appdata\locallow\lastpass\context.html?cmd=fillforms
IE: Se&nd to OneNote - c:\progra~1\micros~1\office14\ONBttnIE.dll/105
IE: Send to Bluetooth - c:\program files\intel\bluetooth\btSendToObject.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - c:\program files\microsoft lync\OCHelper.dll
IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - c:\users\brookj\appdata\roaming\lastpass\LPToolbar.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.5.0.cab
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{2466C29C-6035-4B00-98A2-3E6273875720} : DHCPNameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{D04601B1-5EE5-40A6-A169-6DDD7DB8973F} : DHCPNameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{E9FF7A43-327B-4DD0-BAE4-16D82B0EB33A} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{E9FF7A43-327B-4DD0-BAE4-16D82B0EB33A}\0727F68796D6F6 : DHCPNameServer = 194.72.6.57 158.43.128.72
TCP: Interfaces\{E9FF7A43-327B-4DD0-BAE4-16D82B0EB33A}\65F6461666F6E656D4F62696C65675966496D2536464548333 : DHCPNameServer = 192.168.0.1 192.168.0.1
TCP: Interfaces\{E9FF7A43-327B-4DD0-BAE4-16D82B0EB33A}\E45445D2C4F4E40343 : DHCPNameServer = 8.8.8.8 8.8.4.4
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: igfxcui - igfxdev.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office14\GROOVEEX.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\26.0.1410.64\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\brookj\appdata\roaming\mozilla\firefox\profiles\70j7ar04.default\
FF - prefs.js: browser.startup.homepage - chrome://ubufox/locale/ubufox.properties
FF - plugin: c:\progra~1\micros~1\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~1\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google updater\2.4.1970.7372\npCIDetect14.dll
FF - plugin: c:\program files\google\update\1.3.21.135\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npMeetingJoinPluginOC.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_7_700_169.dll
FF - ExtSQL: 2013-04-17 16:03; pricepeep@getpricepeep.com; c:\users\brookj\appdata\roaming\mozilla\firefox\profiles\70j7ar04.default\extensions\pricepeep@getpricepeep.com.xpi
FF - ExtSQL: 2013-05-02 12:01; {445C745E-1EC1-4CC4-84DB-1082701AB3D7}; c:\users\brookj\appdata\roaming\mozilla\firefox\profiles\70j7ar04.default\extensions\{445C745E-1EC1-4CC4-84DB-1082701AB3D7}
.
============= SERVICES / DRIVERS ===============
.
R0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\drivers\stdcfltn.sys [2012-7-12 17648]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 165648]
R2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files\intel\bluetooth\devmonsrv.exe [2012-6-18 1095616]
R2 Bluetooth Media Service;Bluetooth Media Service;c:\program files\intel\bluetooth\mediasrv.exe [2012-6-18 1333184]
R2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files\intel\bluetooth\obexsrv.exe [2012-6-18 1124288]
R2 DirMngr;DirMngr;c:\program files\gnu\gnupg\dirmngr.exe [2011-3-2 224256]
R2 Mobile Broadband HL Service;Mobile Broadband HL Service;c:\programdata\mobilebrserv\mbbService.exe [2011-8-12 227680]
R2 sftlist;Application Virtualization Client;c:\program files\microsoft application virtualization client\sftlist.exe [2010-12-27 508264]
R2 TeamViewer7;TeamViewer 7;c:\program files\teamviewer\version7\TeamViewer_Service.exe [2012-8-7 2673064]
R2 WMCoreService;Mobile Broadband Service;c:\program files\dell\dell wwan\wmcore\mini_wmcore.exe servicemode --> c:\program files\dell\dell wwan\wmcore\mini_WMCore.exe servicemode [?]
R3 Acceler;Accelerometer Service;c:\windows\system32\drivers\Accelern.sys [2012-7-12 43888]
R3 btmaudio;Intel Bluetooth Audio Service;c:\windows\system32\drivers\btmaud.sys [2012-5-21 65024]
R3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\drivers\btmaux.sys [2012-5-21 90624]
R3 btmhsf;btmhsf;c:\windows\system32\drivers\btmhsf.sys [2012-6-9 613376]
R3 iBtFltCoex;iBtFltCoex;c:\windows\system32\drivers\iBtFltCoex.sys [2012-7-9 48128]
R3 MEI;Intel(R) Management Engine Interface;c:\windows\system32\drivers\HECI.sys [2012-2-15 41088]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2011-4-18 43392]
R3 NETwNs32;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\drivers\Netwsn00.sys [2012-4-18 10339840]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2011-4-27 65024]
R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2011-4-27 208944]
R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys [2010-3-22 59904]
R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys [2010-3-22 139648]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2011-6-10 394856]
R3 Sftfs;Sftfs;c:\windows\system32\drivers\Sftfswin7.sys [2010-12-27 578408]
R3 Sftplay;Sftplay;c:\windows\system32\drivers\Sftplaywin7.sys [2010-12-27 194408]
R3 Sftredir;Sftredir;c:\windows\system32\drivers\Sftredirwin7.sys [2010-12-27 21864]
R3 Sftvol;Sftvol;c:\windows\system32\drivers\Sftvolwin7.sys [2010-12-27 19304]
R3 sftvsa;Application Virtualization Service Agent;c:\program files\microsoft application virtualization client\sftvsa.exe [2010-12-27 219496]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2012-7-9 104912]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-2-28 161384]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 bpenum;Intel(R) Centrino(R) WiMAX Enumerator;c:\windows\system32\drivers\bpenum.sys [2010-10-25 60416]
S3 cpudrv;cpudrv;c:\program files\systemrequirementslab\cpudrv.sys [2011-6-2 11336]
S3 d554gps;Dell Wireless HSPA Mini-Card GPS Port;c:\windows\system32\drivers\d554gps.sys [2012-2-15 88104]
S3 d554scard;Dell Wireless HSPA Mini-Card USIM Port;c:\windows\system32\drivers\d554scard.sys [2012-2-15 53800]
S3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2011-4-12 62464]
S3 ecnssndis; Mobile Broadband Driver;c:\windows\system32\drivers\wwanuss.sys [2012-2-15 23592]
S3 ecnssndisfltr; Mobile Broadband Driver Filter;c:\windows\system32\drivers\wwanussf.sys [2012-2-15 25640]
S3 Mbm3CBus;Dell Wireless 5530 HSPA Mini-Card Device (WDM);c:\windows\system32\drivers\Mbm3CBus.sys [2012-2-15 364104]
S3 Mbm3DevMt;Dell Wireless HSPA Mini-Card Device Management Driver (WDM);c:\windows\system32\drivers\Mbm3DevMt.sys [2012-2-15 402504]
S3 Mbm3mdfl;Dell Wireless HSPA Mini-Card Modem Filter;c:\windows\system32\drivers\Mbm3mdfl.sys [2012-2-15 14920]
S3 Mbm3Mdm;Dell Wireless HSPA Mini-Card Modem Driver;c:\windows\system32\drivers\Mbm3Mdm.sys [2012-2-15 419528]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992]
S3 Synth3dVsc;Microsoft Virtual 3D Video Transport Driver;c:\windows\system32\drivers\Synth3dVsc.sys [2011-4-12 77184]
S3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2011-4-12 25600]
S3 tihub3;TI USB3 Hub Service;c:\windows\system32\drivers\tihub3.sys [2012-2-15 107840]
S3 tixhci;TI XHCI Service;c:\windows\system32\drivers\tixhci.sys [2012-2-15 320832]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2010-11-20 52224]
S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
S3 tsusbhub;Remote Deskotop USB Hub;c:\windows\system32\drivers\tsusbhub.sys [2011-4-12 112640]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2012-7-18 1343400]
S3 WwanUsbServ;Mobile Broadband Driver;c:\windows\system32\drivers\WwanUsbMp.sys [2012-2-15 242216]
.
=============== Created Last 30 ================
.
2013-05-05 18:00:29 -------- d-----w- c:\users\brookj\appdata\roaming\Malwarebytes
2013-05-05 18:00:13 -------- d-----w- c:\programdata\Malwarebytes
2013-05-05 18:00:11 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-05-05 18:00:11 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-05-05 15:43:54 6906960 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{e89256c4-157b-46ac-8cad-9f6e801a298e}\mpengine.dll
2013-05-03 00:54:24 -------- d-----w- c:\windows\Standalone System Sweeper
2013-05-02 11:00:51 -------- d-----w- c:\program files\OApps
2013-05-02 10:57:57 -------- d-----w- c:\users\brookj\appdata\local\Amazon
2013-05-02 10:57:44 -------- d-----w- c:\program files\Amazon
2013-04-29 14:00:58 -------- d-----w- c:\users\brookj\appdata\roaming\HMRC
2013-04-29 13:59:11 -------- d-----w- c:\program files\HMRC
2013-04-19 13:38:05 -------- d-----w- c:\program files\HashiCorp
2013-04-19 12:44:56 -------- d-----w- C:\cygwin
2013-04-18 09:46:49 -------- d-----w- c:\program files\Prezi Desktop 4
2013-04-17 14:50:30 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-04-16 14:48:07 188176 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys
2013-04-16 14:47:54 94480 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys
2013-04-16 14:26:55 -------- d-----w- c:\users\brookj\appdata\roaming\qBittorrent
2013-04-16 14:26:55 -------- d-----w- c:\users\brookj\appdata\local\qBittorrent
2013-04-16 14:26:17 -------- d-----w- c:\program files\qBittorrent
2013-04-16 14:22:53 -------- d-----w- c:\users\brookj\appdata\roaming\BitTorrent
2013-04-16 14:14:54 -------- d-----w- c:\users\brookj\appdata\roaming\uTorrent
2013-04-15 08:28:27 2347008 ----a-w- c:\windows\system32\win32k.sys
2013-04-15 08:28:09 38912 ----a-w- c:\windows\system32\csrsrv.dll
2013-04-15 08:28:08 3968856 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-04-15 08:28:07 69632 ----a-w- c:\windows\system32\smss.exe
2013-04-15 08:28:07 3913560 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-04-15 08:27:41 36864 ----a-w- c:\windows\system32\tsgqec.dll
2013-04-15 08:27:41 131584 ----a-w- c:\windows\system32\aaclient.dll
2013-04-15 08:27:36 3217408 ----a-w- c:\windows\system32\mstscax.dll
2013-04-12 11:32:06 115984 ----a-w- c:\windows\system32\drivers\VBoxNetFlt.sys
2013-04-12 11:32:04 174864 ----a-w- c:\windows\system32\VBoxNetFltNobj.dll
2013-04-10 17:16:08 -------- d-----w- c:\users\brookj\appdata\local\PasswordSafe
2013-04-10 10:53:07 -------- d-----r- c:\program files\Skype
.
==================== Find3M ====================
.
2013-05-02 15:28:50 238872 ------w- c:\windows\system32\MpSigStub.exe
2013-04-15 08:52:27 691592 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-04-15 08:52:26 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-03-15 18:30:06 104720 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys
2013-03-08 22:30:32 861088 ----a-w- c:\windows\system32\npdeployJava1.dll
2013-03-08 22:30:32 782240 ----a-w- c:\windows\system32\deployJava1.dll
2013-02-11 14:35:54 269824 ----a-w- c:\windows\system32\ssleay32.dll
2013-02-11 14:35:54 269824 ----a-w- c:\windows\system32\libssl32.dll
2013-02-11 14:35:40 1178624 ----a-w- c:\windows\system32\libeay32.dll
2011-08-31 14:16:50 155936 ----a-w- c:\program files\sdelete.exe
.
============= FINISH: 8:44:37.50 ===============
Attach.txt
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Enterprise
Boot Device: \Device\HarddiskVolume1
Install Date: 12/07/2012 16:04:33
System Uptime: 06/05/2013 08:38:28 (0 hours ago)
.
Motherboard: Dell Inc. | | 0CXHNM
Processor: Intel(R) Core(TM) i3-2350M CPU @ 2.30GHz | CPU 1 | 2300/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 466 GiB total, 143.9 GiB free.
D: is CDROM ()
E: is Removable
H: is NetworkDisk (NTFS) - 2040 GiB total, 131.389 GiB free.
S: is NetworkDisk (NTFS) - 137 GiB total, 93.837 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP146: 02/05/2013 17:04:03 - Restore Operation
RP147: 02/05/2013 17:16:53 - Windows Update
.
==== Installed Programs ======================
.
32 Bit HP CIO Components Installer
7-Zip 9.20
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.6)
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Black Duck Protex Client Tools
Bonjour
Cisco WebEx Meetings
Configuration Manager Client
Coverity Analysis 6.5.1
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Dell Touchpad
Dell Wireless HSPA Mini-Card Drivers
DocFetcher
Dropbox
EPSON Printer Software
FileZilla Client 3.6.0.2
get_iplayer 4.5
GnuWin32: Gawk-3.1.6-1
Google Chrome
Google Update Helper
Google Updater
Gpg4win (2.1.0)
HashTab 3.0.0
I-Clickr
iCloud
inSSIDer
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology
IsoBuster 3.0
iTunes
Java 7 Update 21
Java Auto Updater
Java DB 10.6.2.1
Java SE Development Kit 7 Update 15
Java SE Development Kit 7 Update 5
Java(TM) 6 Update 33
Java(TM) SE Development Kit 6 Update 33
JavaFX 2.1.1
JavaFX 2.1.1 SDK
JBidwatcher 2.5
JPEG-EXIF_autorotate
KDiff3 (remove only)
LastPass (uninstall only)
LinuxLive USB Creator
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft .NET Framework 4.5
Microsoft Antimalware
Microsoft Application Error Reporting
Microsoft Application Virtualization Desktop Client
Microsoft Forefront Endpoint Protection
Microsoft Forefront Endpoint Protection 2010 Server Management
Microsoft Lync 2010
Microsoft Lync 2010, MUI
Microsoft Office 2010 Deployment Kit for App-V
Microsoft Office 2010 Primary Interop Assemblies
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (Dutch) 2010
Microsoft Office Access MUI (English) 2010
Microsoft Office Access MUI (Finnish) 2010
Microsoft Office Access MUI (French) 2010
Microsoft Office Access MUI (German) 2010
Microsoft Office Access MUI (Norwegian (Bokmål)) 2010
Microsoft Office Access MUI (Swedish) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (Dutch) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Excel MUI (Finnish) 2010
Microsoft Office Excel MUI (French) 2010
Microsoft Office Excel MUI (German) 2010
Microsoft Office Excel MUI (Norwegian (Bokmål)) 2010
Microsoft Office Excel MUI (Swedish) 2010
Microsoft Office Groove MUI (Dutch) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office Groove MUI (Finnish) 2010
Microsoft Office Groove MUI (French) 2010
Microsoft Office Groove MUI (German) 2010
Microsoft Office Groove MUI (Norwegian (Bokmål)) 2010
Microsoft Office Groove MUI (Swedish) 2010
Microsoft Office InfoPath MUI (Dutch) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office InfoPath MUI (Finnish) 2010
Microsoft Office InfoPath MUI (French) 2010
Microsoft Office InfoPath MUI (German) 2010
Microsoft Office InfoPath MUI (Norwegian (Bokmål)) 2010
Microsoft Office InfoPath MUI (Swedish) 2010
Microsoft Office Live Meeting 2007
Microsoft Office OneNote MUI (Dutch) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office OneNote MUI (Finnish) 2010
Microsoft Office OneNote MUI (French) 2010
Microsoft Office OneNote MUI (German) 2010
Microsoft Office OneNote MUI (Norwegian (Bokmål)) 2010
Microsoft Office OneNote MUI (Swedish) 2010
Microsoft Office Outlook MUI (Dutch) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office Outlook MUI (Finnish) 2010
Microsoft Office Outlook MUI (French) 2010
Microsoft Office Outlook MUI (German) 2010
Microsoft Office Outlook MUI (Norwegian (Bokmål)) 2010
Microsoft Office Outlook MUI (Swedish) 2010
Microsoft Office PowerPoint MUI (Dutch) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office PowerPoint MUI (Finnish) 2010
Microsoft Office PowerPoint MUI (French) 2010
Microsoft Office PowerPoint MUI (German) 2010
Microsoft Office PowerPoint MUI (Norwegian (Bokmål)) 2010
Microsoft Office PowerPoint MUI (Swedish) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (Arabic) 2010
Microsoft Office Proof (Dutch) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (Finnish) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (German) 2010
Microsoft Office Proof (Italian) 2010
Microsoft Office Proof (Norwegian (Bokmål)) 2010
Microsoft Office Proof (Norwegian (Nynorsk)) 2010
Microsoft Office Proof (Russian) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proof (Swedish) 2010
Microsoft Office Proofing (Dutch) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Proofing (Finnish) 2010
Microsoft Office Proofing (French) 2010
Microsoft Office Proofing (German) 2010
Microsoft Office Proofing (Norwegian (Bokmål)) 2010
Microsoft Office Proofing (Swedish) 2010
Microsoft Office Publisher MUI (Dutch) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Publisher MUI (Finnish) 2010
Microsoft Office Publisher MUI (French) 2010
Microsoft Office Publisher MUI (German) 2010
Microsoft Office Publisher MUI (Norwegian (Bokmål)) 2010
Microsoft Office Publisher MUI (Swedish) 2010
Microsoft Office Shared MUI (Dutch) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared MUI (Finnish) 2010
Microsoft Office Shared MUI (French) 2010
Microsoft Office Shared MUI (German) 2010
Microsoft Office Shared MUI (Norwegian (Bokmål)) 2010
Microsoft Office Shared MUI (Swedish) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (Dutch) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Office Word MUI (Finnish) 2010
Microsoft Office Word MUI (French) 2010
Microsoft Office Word MUI (German) 2010
Microsoft Office Word MUI (Norwegian (Bokmål)) 2010
Microsoft Office Word MUI (Swedish) 2010
Microsoft Security Client
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
Mobile Broadband HL Service
Mozilla Firefox 20.0.1 (x86 en-GB)
Mozilla Maintenance Service
Mozilla Thunderbird 17.0.5 (x86 en-GB)
NEC Electronics USB 3.0 Host Controller Driver
Notepad++
OpenSSL 1.0.1e Light (32-bit)
OpenVPN 2.2.2
Oracle VM VirtualBox 4.2.12
Prezi Desktop
PuTTY version 0.62
Python 2.7 setuptools-0.6c11
Python 2.7.3
qBittorrent 3.0.9
QuickTime
Ruby 1.9.3-p392
Salesforce for Outlook
Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2687422) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2760406) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553260) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589322) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft Visio Viewer 2010 (KB2598287) 32-Bit Edition
Skype™ 6.3
Soto Platform vP4.2.5 (remove only)
Spotify
System Requirements Lab for Intel
TeamViewer 7
TimeSnapper Classic 2.0.1.1
TortoiseSVN 1.7.6.22632 (32 bit)
TreeSize Free V2.7
TrueCrypt
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2687277) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition
Vagrant
VLC media player 2.0.5
XPS Annotator 1.22
.
==== Event Viewer Messages From Past Week ========
.
30/04/2013 12:33:32, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
30/04/2013 10:04:03, Error: Microsoft-Windows-GroupPolicy [1054] - The processing of Group Policy failed. Windows could not obtain the name of a domain controller. This could be caused by a name resolution failure. Verify your Domain Name System (DNS) is configured and working correctly.
29/04/2013 08:52:19, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.149.800.0 Update Source: Microsoft Update Server Update Stage: Install Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9402.0 Error code: 0x80240017 Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
29/04/2013 08:51:03, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.149.768.0 Update Source: Internal Definition Update Server Update Stage: Install Source Path: http://wsus.bbs.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9402.0 Error code: 0x80240016 Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
29/04/2013 08:51:03, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.149.768.0 Update Source: Internal Definition Update Server Update Stage: Install Source Path: http://wsus.bbs.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9402.0 Error code: 0x80240016 Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
29/04/2013 08:51:03, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.149.768.0 Update Source: Internal Definition Update Server Update Stage: Download Source Path: http://wsus.bbs.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9402.0 Error code: 0x80240016 Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
06/05/2013 08:40:04, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {24FF4FDC-1D9F-4195-8C79-0DA39248FF48} and APPID {B292921D-AF50-400C-9B75-0C57A7F29BA1} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
06/05/2013 08:38:59, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000d1 (0xb3fc40b0, 0x000000ff, 0x00000000, 0x9b341a34). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 050613-26707-01.
05/05/2013 16:44:02, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.149.1230.0 Update Source: Internal Definition Update Server Update Stage: Install Source Path: http://wsus.bbs.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9402.0 Error code: 0x80240016 Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
05/05/2013 16:44:02, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.149.1230.0 Update Source: Internal Definition Update Server Update Stage: Install Source Path: http://wsus.bbs.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9402.0 Error code: 0x80240016 Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
05/05/2013 16:44:02, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.149.1230.0 Update Source: Internal Definition Update Server Update Stage: Download Source Path: http://wsus.bbs.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9402.0 Error code: 0x80240016 Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
04/05/2013 15:28:30, Error: Microsoft-Windows-GroupPolicy [1129] - The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.
04/05/2013 13:17:29, Error: Microsoft-Windows-GroupPolicy [1030] - The processing of Group Policy failed. Windows attempted to retrieve new Group Policy settings for this user or computer. Look in the details tab for error code and description. Windows will automatically retry this operation at the next refresh cycle. Computers joined to the domain must have proper name resolution and network connectivity to a domain controller for discovery of new Group Policy objects and settings. An event will be logged when Group Policy is successful.
04/05/2013 13:17:19, Error: NETLOGON [5719] - This computer was not able to set up a secure session with a domain controller in domain EN due to the following: There are currently no logon servers available to service the logon request. This may lead to authentication problems. Make sure that this computer is connected to the network. If the problem persists, please contact your domain administrator. ADDITIONAL INFO If this computer is a domain controller for the specified domain, it sets up the secure session to the primary domain controller emulator in the specified domain. Otherwise, this computer sets up the secure session to any domain controller in the specified domain.
04/05/2013 13:16:59, Error: Microsoft-Windows-GroupPolicy [1055] - The processing of Group Policy failed. Windows could not resolve the computer name. This could be caused by one of more of the following: a) Name Resolution failure on the current domain controller. b) Active Directory Replication Latency (an account created on another domain controller has not replicated to the current domain controller).
04/05/2013 13:16:53, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the lmhosts service.
02/05/2013 17:15:52, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {EE1BD859-AACD-48FE-A9B6-9358DC21ADAE} and APPID {AD65A69D-3831-40D7-9629-9B0B50A93843} to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
02/05/2013 17:12:00, Error: Microsoft-Windows-GroupPolicy [1058] - The processing of Group Policy failed. Windows attempted to read the file \\de.group.intl\sysvol\de.group.intl\Policies\{EA424525-635E-4F92-908D-B6DFB02489BE}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following: a) Name Resolution/Network Connectivity to the current domain controller. b) File Replication Service Latency (a file created on another domain controller has not replicated to the current domain controller). c) The Distributed File System (DFS) client has been disabled.
02/05/2013 17:12:00, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {1CCB96F4-B8AD-4B43-9688-B273F58E0910} and APPID {AD65A69D-3831-40D7-9629-9B0B50A93843} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
02/05/2013 17:10:55, Error: Microsoft Antimalware [2004] - Microsoft Antimalware has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures. Signatures Attempted: Current Error Code: 0x80070002 Error description: The system cannot find the file specified. Signature version: 0.0.0.0;0.0.0.0 Engine version: 0.0.0.0
02/05/2013 17:01:44, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
01/05/2013 19:58:18, Error: Microsoft-Windows-GroupPolicy [1006] - The processing of Group Policy failed. Windows could not authenticate to the Active Directory service on a domain controller. (LDAP Bind function call failed). Look in the details tab for error code and description.
01/05/2013 19:57:30, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.
.
==== End Of File ===========================
I hope you are able to assist. I recently appeared to get a virus from a website or file download. This resulted in popups to appear to the cpvfeed domain when some web links were clicked in Chrome\IE\Firefox. I also got adverts for flash HD player sometimes but from non adobe.com domains.
Some friends suggested reverting to a previous restore point from a few days earlier and this seems to have removed these symptoms. However, I am concerned that there could be some files and\or root kits lurking on the machine still, especially as this virus seemed quite old and I had up-to-date microsoft forefront protection running.
I have followed the "4-Step Viruses/Spyware/Malware Removal Preliminary Instructions" and post the results below. Please note that running dds.com the first time appeared to trigger a BSOD in the mbr.sys driver. I reran DDS after the reboot and those logs are below.
Thanks in advance for your help.
MBAM log
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
Database version: v2013.05.05.05
Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 8.0.7601.17514
brookj :: NGT07NT1 [administrator]
05/05/2013 19:01:31
mbam-log-2013-05-05 (19-01-31).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 328524
Time elapsed: 16 minute(s), 58 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
DDS.txt
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 10.21.2
Run by brookj at 8:43:14 on 2013-05-06
Microsoft Windows 7 Enterprise 6.1.7601.1.1252.1.1033.18.3493.2023 [GMT 1:00]
.
AV: Microsoft Forefront Endpoint Protection *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Forefront Endpoint Protection *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\GNU\GnuPG\dirmngr.exe
C:\ProgramData\MobileBrServ\mbbservice.exe
C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
C:\Program Files\Dell\Dell WWAN\WMCore\mini_WMCore.exe
C:\Windows\system32\CCM\CcmExec.exe
C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\msiexec.exe
c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Microsoft Application Virtualization Client\sftdcc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\conhost.exe
C:\Windows\system32\PING.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files\Intel\Bluetooth\BleServicesCtrl.exe
C:\Windows\System32\rundll32.exe
C:\Windows\WindowsMobile\wmdcBase.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
C:\Windows\System32\spool\drivers\w32x86\3\E_FATI9LA.EXE
C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
C:\Users\brookj\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\salesforce.com\Salesforce for Outlook\SfdcMsOl.exe
C:\Users\brookj\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Intel\Bluetooth\devmonsrv.exe
C:\Program Files\Intel\Bluetooth\mediasrv.exe
C:\Program Files\Intel\Bluetooth\obexsrv.exe
C:\Windows\system32\wbem\WmiApSrv.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Intel\Bluetooth\BTPlayerCtrl.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k apphost
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k iissvcs
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://myplace.bbs-group.com/
uSearch Bar = hxxp://www.google.co.uk
uDefault_Page_URL = hxxps://myplace.bbs-group.com/
mWinlogon: Userinit = c:\windows\system32\userinit.exe,"c:\program files\microsoft application virtualization client\sftdcc.exe"
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - c:\program files\microsoft lync\OCHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office14\GROOVEEX.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: LastPass Vault: {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - c:\users\brookj\appdata\roaming\lastpass\LPToolbar.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - c:\users\brookj\appdata\roaming\lastpass\LPToolbar.dll
uRun: [OfficeSyncProcess] "c:\program files\microsoft office\office14\MSOSYNC.EXE"
uRun: [MobileDocuments] c:\program files\common files\apple\internet services\ubd.exe
uRun: [EPSON Stylus Photo R1800] c:\windows\system32\spool\drivers\w32x86\3\e_fati9la.exe /fu "c:\windows\temp\E_S5261.tmp" /EF "HKCU"
uRun: [DocFetcher-Daemon] c:\program files\docfetcher\docfetcher-daemon-win.exe
uRun: [iCloudServices] c:\program files\common files\apple\internet services\iCloudServices.exe
uRun: [ApplePhotoStreams] c:\program files\common files\apple\internet services\ApplePhotoStreams.exe
uRun: [Spotify Web Helper] "c:\users\brookj\appdata\roaming\spotify\data\SpotifyWebHelper.exe"
uRun: [GoogleChromeAutoLaunch_E087D22222A027E6E46153B768D9EB31] "c:\program files\google\chrome\application\chrome.exe" --no-startup-window
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [Communicator] "c:\program files\microsoft lync\communicator.exe" /fromrunkey
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [NUSB3MON] "c:\program files\nec electronics\usb 3.0 host controller driver\application\nusb3mon.exe"
mRun: [SoftGridTray] "c:\program files\microsoft application virtualization client\SFTTray.exe" /autostart
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [BLEServicesCtrl] c:\program files\intel\bluetooth\BleServicesCtrl.exe
mRun: [BTMTrayAgent] rundll32.exe "c:\program files\intel\bluetooth\btmshell.dll",TrayApp
mRun: [Windows Mobile-based device management] c:\windows\windowsmobile\wmdcBase.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\users\brookj\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\brookj\appdata\roaming\dropbox\bin\Dropbox.exe
StartupFolder: c:\users\brookj\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office14\ONENOTEM.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\SALESF~1.LNK -
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-System: HideLogonScripts = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableInstallerDetection = dword:0
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableSecureUIAPaths = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: legalnoticecaption = IT IS AN OFFENSE TO CONTINUE WITHOUT PROPER AUTHORISATION
mPolicies-System: legalnoticetext = This system is for the use of authorized users only. Individuals using this computer system without authority, or in excess of their authority, are subject to having all of their activities on this system monitored and recorded by system personnel. Furthermore, the activities of authorized users may also be monitored and anyone using this system expressly consents to such monitoring and is advised that if such monitoring reveals possible evidence of criminal activity, system personnel may provide the evidence of such monitoring to law enforcement officials.
Security protections may be utilized on this system to protect certain interests that are important to the organisation. For example, passwords, access cards, encryption or biometric access controls provide security for the benefit of the organisation. These protections are not provided for your benefit or privacy and may be modified or eliminated at the organisations' discretion.
mPolicies-Windows\System: UserPolicyMode = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office14\EXCEL.EXE/3000
IE: LastPass - c:\users\brookj\appdata\locallow\lastpass\context.html?cmd=lastpass
IE: LastPass Fill Forms - c:\users\brookj\appdata\locallow\lastpass\context.html?cmd=fillforms
IE: Se&nd to OneNote - c:\progra~1\micros~1\office14\ONBttnIE.dll/105
IE: Send to Bluetooth - c:\program files\intel\bluetooth\btSendToObject.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - c:\program files\microsoft lync\OCHelper.dll
IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - c:\users\brookj\appdata\roaming\lastpass\LPToolbar.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.5.0.cab
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{2466C29C-6035-4B00-98A2-3E6273875720} : DHCPNameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{D04601B1-5EE5-40A6-A169-6DDD7DB8973F} : DHCPNameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{E9FF7A43-327B-4DD0-BAE4-16D82B0EB33A} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{E9FF7A43-327B-4DD0-BAE4-16D82B0EB33A}\0727F68796D6F6 : DHCPNameServer = 194.72.6.57 158.43.128.72
TCP: Interfaces\{E9FF7A43-327B-4DD0-BAE4-16D82B0EB33A}\65F6461666F6E656D4F62696C65675966496D2536464548333 : DHCPNameServer = 192.168.0.1 192.168.0.1
TCP: Interfaces\{E9FF7A43-327B-4DD0-BAE4-16D82B0EB33A}\E45445D2C4F4E40343 : DHCPNameServer = 8.8.8.8 8.8.4.4
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: igfxcui - igfxdev.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office14\GROOVEEX.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\26.0.1410.64\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\brookj\appdata\roaming\mozilla\firefox\profiles\70j7ar04.default\
FF - prefs.js: browser.startup.homepage - chrome://ubufox/locale/ubufox.properties
FF - plugin: c:\progra~1\micros~1\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~1\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google updater\2.4.1970.7372\npCIDetect14.dll
FF - plugin: c:\program files\google\update\1.3.21.135\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npMeetingJoinPluginOC.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_7_700_169.dll
FF - ExtSQL: 2013-04-17 16:03; pricepeep@getpricepeep.com; c:\users\brookj\appdata\roaming\mozilla\firefox\profiles\70j7ar04.default\extensions\pricepeep@getpricepeep.com.xpi
FF - ExtSQL: 2013-05-02 12:01; {445C745E-1EC1-4CC4-84DB-1082701AB3D7}; c:\users\brookj\appdata\roaming\mozilla\firefox\profiles\70j7ar04.default\extensions\{445C745E-1EC1-4CC4-84DB-1082701AB3D7}
.
============= SERVICES / DRIVERS ===============
.
R0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\drivers\stdcfltn.sys [2012-7-12 17648]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 165648]
R2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files\intel\bluetooth\devmonsrv.exe [2012-6-18 1095616]
R2 Bluetooth Media Service;Bluetooth Media Service;c:\program files\intel\bluetooth\mediasrv.exe [2012-6-18 1333184]
R2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files\intel\bluetooth\obexsrv.exe [2012-6-18 1124288]
R2 DirMngr;DirMngr;c:\program files\gnu\gnupg\dirmngr.exe [2011-3-2 224256]
R2 Mobile Broadband HL Service;Mobile Broadband HL Service;c:\programdata\mobilebrserv\mbbService.exe [2011-8-12 227680]
R2 sftlist;Application Virtualization Client;c:\program files\microsoft application virtualization client\sftlist.exe [2010-12-27 508264]
R2 TeamViewer7;TeamViewer 7;c:\program files\teamviewer\version7\TeamViewer_Service.exe [2012-8-7 2673064]
R2 WMCoreService;Mobile Broadband Service;c:\program files\dell\dell wwan\wmcore\mini_wmcore.exe servicemode --> c:\program files\dell\dell wwan\wmcore\mini_WMCore.exe servicemode [?]
R3 Acceler;Accelerometer Service;c:\windows\system32\drivers\Accelern.sys [2012-7-12 43888]
R3 btmaudio;Intel Bluetooth Audio Service;c:\windows\system32\drivers\btmaud.sys [2012-5-21 65024]
R3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\drivers\btmaux.sys [2012-5-21 90624]
R3 btmhsf;btmhsf;c:\windows\system32\drivers\btmhsf.sys [2012-6-9 613376]
R3 iBtFltCoex;iBtFltCoex;c:\windows\system32\drivers\iBtFltCoex.sys [2012-7-9 48128]
R3 MEI;Intel(R) Management Engine Interface;c:\windows\system32\drivers\HECI.sys [2012-2-15 41088]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2011-4-18 43392]
R3 NETwNs32;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\drivers\Netwsn00.sys [2012-4-18 10339840]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2011-4-27 65024]
R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2011-4-27 208944]
R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys [2010-3-22 59904]
R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys [2010-3-22 139648]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2011-6-10 394856]
R3 Sftfs;Sftfs;c:\windows\system32\drivers\Sftfswin7.sys [2010-12-27 578408]
R3 Sftplay;Sftplay;c:\windows\system32\drivers\Sftplaywin7.sys [2010-12-27 194408]
R3 Sftredir;Sftredir;c:\windows\system32\drivers\Sftredirwin7.sys [2010-12-27 21864]
R3 Sftvol;Sftvol;c:\windows\system32\drivers\Sftvolwin7.sys [2010-12-27 19304]
R3 sftvsa;Application Virtualization Service Agent;c:\program files\microsoft application virtualization client\sftvsa.exe [2010-12-27 219496]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2012-7-9 104912]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-2-28 161384]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 bpenum;Intel(R) Centrino(R) WiMAX Enumerator;c:\windows\system32\drivers\bpenum.sys [2010-10-25 60416]
S3 cpudrv;cpudrv;c:\program files\systemrequirementslab\cpudrv.sys [2011-6-2 11336]
S3 d554gps;Dell Wireless HSPA Mini-Card GPS Port;c:\windows\system32\drivers\d554gps.sys [2012-2-15 88104]
S3 d554scard;Dell Wireless HSPA Mini-Card USIM Port;c:\windows\system32\drivers\d554scard.sys [2012-2-15 53800]
S3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2011-4-12 62464]
S3 ecnssndis; Mobile Broadband Driver;c:\windows\system32\drivers\wwanuss.sys [2012-2-15 23592]
S3 ecnssndisfltr; Mobile Broadband Driver Filter;c:\windows\system32\drivers\wwanussf.sys [2012-2-15 25640]
S3 Mbm3CBus;Dell Wireless 5530 HSPA Mini-Card Device (WDM);c:\windows\system32\drivers\Mbm3CBus.sys [2012-2-15 364104]
S3 Mbm3DevMt;Dell Wireless HSPA Mini-Card Device Management Driver (WDM);c:\windows\system32\drivers\Mbm3DevMt.sys [2012-2-15 402504]
S3 Mbm3mdfl;Dell Wireless HSPA Mini-Card Modem Filter;c:\windows\system32\drivers\Mbm3mdfl.sys [2012-2-15 14920]
S3 Mbm3Mdm;Dell Wireless HSPA Mini-Card Modem Driver;c:\windows\system32\drivers\Mbm3Mdm.sys [2012-2-15 419528]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992]
S3 Synth3dVsc;Microsoft Virtual 3D Video Transport Driver;c:\windows\system32\drivers\Synth3dVsc.sys [2011-4-12 77184]
S3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2011-4-12 25600]
S3 tihub3;TI USB3 Hub Service;c:\windows\system32\drivers\tihub3.sys [2012-2-15 107840]
S3 tixhci;TI XHCI Service;c:\windows\system32\drivers\tixhci.sys [2012-2-15 320832]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2010-11-20 52224]
S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
S3 tsusbhub;Remote Deskotop USB Hub;c:\windows\system32\drivers\tsusbhub.sys [2011-4-12 112640]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2012-7-18 1343400]
S3 WwanUsbServ;Mobile Broadband Driver;c:\windows\system32\drivers\WwanUsbMp.sys [2012-2-15 242216]
.
=============== Created Last 30 ================
.
2013-05-05 18:00:29 -------- d-----w- c:\users\brookj\appdata\roaming\Malwarebytes
2013-05-05 18:00:13 -------- d-----w- c:\programdata\Malwarebytes
2013-05-05 18:00:11 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-05-05 18:00:11 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-05-05 15:43:54 6906960 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{e89256c4-157b-46ac-8cad-9f6e801a298e}\mpengine.dll
2013-05-03 00:54:24 -------- d-----w- c:\windows\Standalone System Sweeper
2013-05-02 11:00:51 -------- d-----w- c:\program files\OApps
2013-05-02 10:57:57 -------- d-----w- c:\users\brookj\appdata\local\Amazon
2013-05-02 10:57:44 -------- d-----w- c:\program files\Amazon
2013-04-29 14:00:58 -------- d-----w- c:\users\brookj\appdata\roaming\HMRC
2013-04-29 13:59:11 -------- d-----w- c:\program files\HMRC
2013-04-19 13:38:05 -------- d-----w- c:\program files\HashiCorp
2013-04-19 12:44:56 -------- d-----w- C:\cygwin
2013-04-18 09:46:49 -------- d-----w- c:\program files\Prezi Desktop 4
2013-04-17 14:50:30 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-04-16 14:48:07 188176 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys
2013-04-16 14:47:54 94480 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys
2013-04-16 14:26:55 -------- d-----w- c:\users\brookj\appdata\roaming\qBittorrent
2013-04-16 14:26:55 -------- d-----w- c:\users\brookj\appdata\local\qBittorrent
2013-04-16 14:26:17 -------- d-----w- c:\program files\qBittorrent
2013-04-16 14:22:53 -------- d-----w- c:\users\brookj\appdata\roaming\BitTorrent
2013-04-16 14:14:54 -------- d-----w- c:\users\brookj\appdata\roaming\uTorrent
2013-04-15 08:28:27 2347008 ----a-w- c:\windows\system32\win32k.sys
2013-04-15 08:28:09 38912 ----a-w- c:\windows\system32\csrsrv.dll
2013-04-15 08:28:08 3968856 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-04-15 08:28:07 69632 ----a-w- c:\windows\system32\smss.exe
2013-04-15 08:28:07 3913560 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-04-15 08:27:41 36864 ----a-w- c:\windows\system32\tsgqec.dll
2013-04-15 08:27:41 131584 ----a-w- c:\windows\system32\aaclient.dll
2013-04-15 08:27:36 3217408 ----a-w- c:\windows\system32\mstscax.dll
2013-04-12 11:32:06 115984 ----a-w- c:\windows\system32\drivers\VBoxNetFlt.sys
2013-04-12 11:32:04 174864 ----a-w- c:\windows\system32\VBoxNetFltNobj.dll
2013-04-10 17:16:08 -------- d-----w- c:\users\brookj\appdata\local\PasswordSafe
2013-04-10 10:53:07 -------- d-----r- c:\program files\Skype
.
==================== Find3M ====================
.
2013-05-02 15:28:50 238872 ------w- c:\windows\system32\MpSigStub.exe
2013-04-15 08:52:27 691592 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-04-15 08:52:26 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-03-15 18:30:06 104720 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys
2013-03-08 22:30:32 861088 ----a-w- c:\windows\system32\npdeployJava1.dll
2013-03-08 22:30:32 782240 ----a-w- c:\windows\system32\deployJava1.dll
2013-02-11 14:35:54 269824 ----a-w- c:\windows\system32\ssleay32.dll
2013-02-11 14:35:54 269824 ----a-w- c:\windows\system32\libssl32.dll
2013-02-11 14:35:40 1178624 ----a-w- c:\windows\system32\libeay32.dll
2011-08-31 14:16:50 155936 ----a-w- c:\program files\sdelete.exe
.
============= FINISH: 8:44:37.50 ===============
Attach.txt
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Enterprise
Boot Device: \Device\HarddiskVolume1
Install Date: 12/07/2012 16:04:33
System Uptime: 06/05/2013 08:38:28 (0 hours ago)
.
Motherboard: Dell Inc. | | 0CXHNM
Processor: Intel(R) Core(TM) i3-2350M CPU @ 2.30GHz | CPU 1 | 2300/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 466 GiB total, 143.9 GiB free.
D: is CDROM ()
E: is Removable
H: is NetworkDisk (NTFS) - 2040 GiB total, 131.389 GiB free.
S: is NetworkDisk (NTFS) - 137 GiB total, 93.837 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP146: 02/05/2013 17:04:03 - Restore Operation
RP147: 02/05/2013 17:16:53 - Windows Update
.
==== Installed Programs ======================
.
32 Bit HP CIO Components Installer
7-Zip 9.20
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.6)
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Black Duck Protex Client Tools
Bonjour
Cisco WebEx Meetings
Configuration Manager Client
Coverity Analysis 6.5.1
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Dell Touchpad
Dell Wireless HSPA Mini-Card Drivers
DocFetcher
Dropbox
EPSON Printer Software
FileZilla Client 3.6.0.2
get_iplayer 4.5
GnuWin32: Gawk-3.1.6-1
Google Chrome
Google Update Helper
Google Updater
Gpg4win (2.1.0)
HashTab 3.0.0
I-Clickr
iCloud
inSSIDer
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology
IsoBuster 3.0
iTunes
Java 7 Update 21
Java Auto Updater
Java DB 10.6.2.1
Java SE Development Kit 7 Update 15
Java SE Development Kit 7 Update 5
Java(TM) 6 Update 33
Java(TM) SE Development Kit 6 Update 33
JavaFX 2.1.1
JavaFX 2.1.1 SDK
JBidwatcher 2.5
JPEG-EXIF_autorotate
KDiff3 (remove only)
LastPass (uninstall only)
LinuxLive USB Creator
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft .NET Framework 4.5
Microsoft Antimalware
Microsoft Application Error Reporting
Microsoft Application Virtualization Desktop Client
Microsoft Forefront Endpoint Protection
Microsoft Forefront Endpoint Protection 2010 Server Management
Microsoft Lync 2010
Microsoft Lync 2010, MUI
Microsoft Office 2010 Deployment Kit for App-V
Microsoft Office 2010 Primary Interop Assemblies
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (Dutch) 2010
Microsoft Office Access MUI (English) 2010
Microsoft Office Access MUI (Finnish) 2010
Microsoft Office Access MUI (French) 2010
Microsoft Office Access MUI (German) 2010
Microsoft Office Access MUI (Norwegian (Bokmål)) 2010
Microsoft Office Access MUI (Swedish) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (Dutch) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Excel MUI (Finnish) 2010
Microsoft Office Excel MUI (French) 2010
Microsoft Office Excel MUI (German) 2010
Microsoft Office Excel MUI (Norwegian (Bokmål)) 2010
Microsoft Office Excel MUI (Swedish) 2010
Microsoft Office Groove MUI (Dutch) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office Groove MUI (Finnish) 2010
Microsoft Office Groove MUI (French) 2010
Microsoft Office Groove MUI (German) 2010
Microsoft Office Groove MUI (Norwegian (Bokmål)) 2010
Microsoft Office Groove MUI (Swedish) 2010
Microsoft Office InfoPath MUI (Dutch) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office InfoPath MUI (Finnish) 2010
Microsoft Office InfoPath MUI (French) 2010
Microsoft Office InfoPath MUI (German) 2010
Microsoft Office InfoPath MUI (Norwegian (Bokmål)) 2010
Microsoft Office InfoPath MUI (Swedish) 2010
Microsoft Office Live Meeting 2007
Microsoft Office OneNote MUI (Dutch) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office OneNote MUI (Finnish) 2010
Microsoft Office OneNote MUI (French) 2010
Microsoft Office OneNote MUI (German) 2010
Microsoft Office OneNote MUI (Norwegian (Bokmål)) 2010
Microsoft Office OneNote MUI (Swedish) 2010
Microsoft Office Outlook MUI (Dutch) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office Outlook MUI (Finnish) 2010
Microsoft Office Outlook MUI (French) 2010
Microsoft Office Outlook MUI (German) 2010
Microsoft Office Outlook MUI (Norwegian (Bokmål)) 2010
Microsoft Office Outlook MUI (Swedish) 2010
Microsoft Office PowerPoint MUI (Dutch) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office PowerPoint MUI (Finnish) 2010
Microsoft Office PowerPoint MUI (French) 2010
Microsoft Office PowerPoint MUI (German) 2010
Microsoft Office PowerPoint MUI (Norwegian (Bokmål)) 2010
Microsoft Office PowerPoint MUI (Swedish) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (Arabic) 2010
Microsoft Office Proof (Dutch) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (Finnish) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (German) 2010
Microsoft Office Proof (Italian) 2010
Microsoft Office Proof (Norwegian (Bokmål)) 2010
Microsoft Office Proof (Norwegian (Nynorsk)) 2010
Microsoft Office Proof (Russian) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proof (Swedish) 2010
Microsoft Office Proofing (Dutch) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Proofing (Finnish) 2010
Microsoft Office Proofing (French) 2010
Microsoft Office Proofing (German) 2010
Microsoft Office Proofing (Norwegian (Bokmål)) 2010
Microsoft Office Proofing (Swedish) 2010
Microsoft Office Publisher MUI (Dutch) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Publisher MUI (Finnish) 2010
Microsoft Office Publisher MUI (French) 2010
Microsoft Office Publisher MUI (German) 2010
Microsoft Office Publisher MUI (Norwegian (Bokmål)) 2010
Microsoft Office Publisher MUI (Swedish) 2010
Microsoft Office Shared MUI (Dutch) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared MUI (Finnish) 2010
Microsoft Office Shared MUI (French) 2010
Microsoft Office Shared MUI (German) 2010
Microsoft Office Shared MUI (Norwegian (Bokmål)) 2010
Microsoft Office Shared MUI (Swedish) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (Dutch) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Office Word MUI (Finnish) 2010
Microsoft Office Word MUI (French) 2010
Microsoft Office Word MUI (German) 2010
Microsoft Office Word MUI (Norwegian (Bokmål)) 2010
Microsoft Office Word MUI (Swedish) 2010
Microsoft Security Client
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
Mobile Broadband HL Service
Mozilla Firefox 20.0.1 (x86 en-GB)
Mozilla Maintenance Service
Mozilla Thunderbird 17.0.5 (x86 en-GB)
NEC Electronics USB 3.0 Host Controller Driver
Notepad++
OpenSSL 1.0.1e Light (32-bit)
OpenVPN 2.2.2
Oracle VM VirtualBox 4.2.12
Prezi Desktop
PuTTY version 0.62
Python 2.7 setuptools-0.6c11
Python 2.7.3
qBittorrent 3.0.9
QuickTime
Ruby 1.9.3-p392
Salesforce for Outlook
Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2687422) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2760406) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553260) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589322) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft Visio Viewer 2010 (KB2598287) 32-Bit Edition
Skype™ 6.3
Soto Platform vP4.2.5 (remove only)
Spotify
System Requirements Lab for Intel
TeamViewer 7
TimeSnapper Classic 2.0.1.1
TortoiseSVN 1.7.6.22632 (32 bit)
TreeSize Free V2.7
TrueCrypt
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2687277) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition
Vagrant
VLC media player 2.0.5
XPS Annotator 1.22
.
==== Event Viewer Messages From Past Week ========
.
30/04/2013 12:33:32, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
30/04/2013 10:04:03, Error: Microsoft-Windows-GroupPolicy [1054] - The processing of Group Policy failed. Windows could not obtain the name of a domain controller. This could be caused by a name resolution failure. Verify your Domain Name System (DNS) is configured and working correctly.
29/04/2013 08:52:19, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.149.800.0 Update Source: Microsoft Update Server Update Stage: Install Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9402.0 Error code: 0x80240017 Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
29/04/2013 08:51:03, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.149.768.0 Update Source: Internal Definition Update Server Update Stage: Install Source Path: http://wsus.bbs.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9402.0 Error code: 0x80240016 Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
29/04/2013 08:51:03, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.149.768.0 Update Source: Internal Definition Update Server Update Stage: Install Source Path: http://wsus.bbs.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9402.0 Error code: 0x80240016 Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
29/04/2013 08:51:03, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.149.768.0 Update Source: Internal Definition Update Server Update Stage: Download Source Path: http://wsus.bbs.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9402.0 Error code: 0x80240016 Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
06/05/2013 08:40:04, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {24FF4FDC-1D9F-4195-8C79-0DA39248FF48} and APPID {B292921D-AF50-400C-9B75-0C57A7F29BA1} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
06/05/2013 08:38:59, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000d1 (0xb3fc40b0, 0x000000ff, 0x00000000, 0x9b341a34). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 050613-26707-01.
05/05/2013 16:44:02, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.149.1230.0 Update Source: Internal Definition Update Server Update Stage: Install Source Path: http://wsus.bbs.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9402.0 Error code: 0x80240016 Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
05/05/2013 16:44:02, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.149.1230.0 Update Source: Internal Definition Update Server Update Stage: Install Source Path: http://wsus.bbs.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9402.0 Error code: 0x80240016 Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
05/05/2013 16:44:02, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.149.1230.0 Update Source: Internal Definition Update Server Update Stage: Download Source Path: http://wsus.bbs.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9402.0 Error code: 0x80240016 Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
04/05/2013 15:28:30, Error: Microsoft-Windows-GroupPolicy [1129] - The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.
04/05/2013 13:17:29, Error: Microsoft-Windows-GroupPolicy [1030] - The processing of Group Policy failed. Windows attempted to retrieve new Group Policy settings for this user or computer. Look in the details tab for error code and description. Windows will automatically retry this operation at the next refresh cycle. Computers joined to the domain must have proper name resolution and network connectivity to a domain controller for discovery of new Group Policy objects and settings. An event will be logged when Group Policy is successful.
04/05/2013 13:17:19, Error: NETLOGON [5719] - This computer was not able to set up a secure session with a domain controller in domain EN due to the following: There are currently no logon servers available to service the logon request. This may lead to authentication problems. Make sure that this computer is connected to the network. If the problem persists, please contact your domain administrator. ADDITIONAL INFO If this computer is a domain controller for the specified domain, it sets up the secure session to the primary domain controller emulator in the specified domain. Otherwise, this computer sets up the secure session to any domain controller in the specified domain.
04/05/2013 13:16:59, Error: Microsoft-Windows-GroupPolicy [1055] - The processing of Group Policy failed. Windows could not resolve the computer name. This could be caused by one of more of the following: a) Name Resolution failure on the current domain controller. b) Active Directory Replication Latency (an account created on another domain controller has not replicated to the current domain controller).
04/05/2013 13:16:53, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the lmhosts service.
02/05/2013 17:15:52, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {EE1BD859-AACD-48FE-A9B6-9358DC21ADAE} and APPID {AD65A69D-3831-40D7-9629-9B0B50A93843} to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
02/05/2013 17:12:00, Error: Microsoft-Windows-GroupPolicy [1058] - The processing of Group Policy failed. Windows attempted to read the file \\de.group.intl\sysvol\de.group.intl\Policies\{EA424525-635E-4F92-908D-B6DFB02489BE}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following: a) Name Resolution/Network Connectivity to the current domain controller. b) File Replication Service Latency (a file created on another domain controller has not replicated to the current domain controller). c) The Distributed File System (DFS) client has been disabled.
02/05/2013 17:12:00, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {1CCB96F4-B8AD-4B43-9688-B273F58E0910} and APPID {AD65A69D-3831-40D7-9629-9B0B50A93843} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
02/05/2013 17:10:55, Error: Microsoft Antimalware [2004] - Microsoft Antimalware has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures. Signatures Attempted: Current Error Code: 0x80070002 Error description: The system cannot find the file specified. Signature version: 0.0.0.0;0.0.0.0 Engine version: 0.0.0.0
02/05/2013 17:01:44, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
01/05/2013 19:58:18, Error: Microsoft-Windows-GroupPolicy [1006] - The processing of Group Policy failed. Windows could not authenticate to the Active Directory service on a domain controller. (LDAP Bind function call failed). Look in the details tab for error code and description.
01/05/2013 19:57:30, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.
.
==== End Of File ===========================