Inactive Malware stopping Windows Updates!

[MazanSM]

Hey friends. I am sorry I dont really have any specific details about what is happening, but here is what I think. One of our users had a Fake Antivirus problem, so I ran MalwareBytes and it found around 400 infected files! Which I removed. Everything seemed good.

He then began complaining about Windows updates. They download, install, reboot, and say Reverting, Failed. I worked on this for 3 hours today thinking about Windows etc...

I then remembered the MalWare and think it still may be an issue.

Is there anything you can do to help me with this situation please??

Thanks so much for any help that can be provided, I really appreciate it.

Thanks again!

- S

 

[Jay Pfoutz]

Hi!

Information about malware removal forum

• From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by a malware removal helper.
• Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
• If you have already asked for help somewhere, please post the link to the topic you were helped.
• We try our best to reply quickly, but for any reason we do not reply in two days, please reply to this topic with the word BUMP!
• Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close, and your computer is declared clean.

Please review the 5-Step removal instructions and post the logs back here for my review.

 

[MazanSM]

Thanks so much for the reply!

Here are the log files.

MalwareBytes:

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org
Database version: v2012.08.06.12
Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
fredr :: TM1012 [administrator]
8/6/2012 4:52:40 PM
mbam-log-2012-08-06 (16-52-40).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 255248
Time elapsed: 16 minute(s), 53 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)

GMER:

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2012-08-06 17:18:03
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 ST925041 rev.0002
Running: qu4ud658.exe; Driver: C:\Users\FredR\AppData\Local\Temp\pfldipog.sys

---- Disk sectors - GMER 1.0.15 ----
Disk \Device\Harddisk0\DR0 sector 00: rootkit-like behavior
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\tdx \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\tdx \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
---- EOF - GMER 1.0.15 ----

 

[MazanSM]

DDS.txt

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_33
Run by fredr at 17:18:39 on 2012-08-06
Microsoft® Windows Vista™ Business 6.0.6002.2.1252.1.1033.18.3535.1928 [GMT -4:00]
.
AV: Symantec Endpoint Protection *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Symantec Endpoint Protection *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Symantec Endpoint Protection *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Sophos\SafeGuard Enterprise\Client\SGNAuthServicen.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\atashost.exe
C:\Windows\system32\BEDevCtl.exe
C:\Windows\system32\BEFCSvcn.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe
c:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Windows\system32\SGN_MasterServicen.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\Program Files\UltraVNC\WinVNC.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\UltraVNC\WinVNC.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Sophos\SafeGuard Enterprise\Client\SGNMaster.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Bryan Equipment Sales\BES Support Application\BES Support Application.exe
C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Windows\system32\igfxext.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Windows\winsxs\x86_microsoft-windows-I..etexplorer-optional_31bf3856ad364e35_9.1.8112.16421_none_58a99749ebaa0de6\iexplore.exe
C:\Windows\winsxs\x86_microsoft-windows-I..etexplorer-optional_31bf3856ad364e35_9.1.8112.16421_none_58a99749ebaa0de6\iexplore.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\wuauclt.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Windows\winsxs\x86_microsoft-windows-I..etexplorer-optional_31bf3856ad364e35_9.1.8112.16421_none_58a99749ebaa0de6\iexplore.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/?ilc=1
uSearch Bar = Preserve
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Playfin: {d30bc29f-19f6-40b3-a91f-d4707048ade6} - c:\program files\playfin_1t\bar\1.bin\1tbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: MapsGalaxy: {364ea597-e728-4ce4-bb4a-ed846ef47970} - c:\program files\mapsgalaxy_39\bar\1.bin\39bar.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB: {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No File
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [DellControlPoint] "c:\program files\dell\dell controlpoint\Dell.ControlPoint.exe"
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [SGNMasterApplication] c:\program files\sophos\safeguard enterprise\client\SGNMaster.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\bessup~1.lnk - c:\windows\installer\{c8c580d7-ea83-45e5-9f4b-89e3466812b8}\_CC0A4E5930FC4E7D8FFDEDEA7606DDDE.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\dellco~1.lnk - c:\program files\dell\dell controlpoint\system manager\DCPSysMgr.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\sqlser~1.lnk - c:\program files\microsoft sql server\80\tools\binn\scm.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office11\REFIEBAR.DLL
DPF: {16F67783-7E72-4C39-99C4-4780A8335484} - hxxp://www.syncmyride.com/Own/Modules/UploadDownload/applets/sync.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.1 71.89.148.129 71.89.132.13
TCP: Interfaces\{14312104-AC27-49E2-8A92-02E5E20B1103} : DhcpNameServer = 192.168.1.1 71.89.148.129 71.89.132.13
TCP: Interfaces\{CBA228D1-C88A-4AB2-B2F4-7D06F3621BE0} : NameServer = 10.1.1.5 10.1.1.15
TCP: Interfaces\{F8BAB74F-C6E3-4B46-815C-909F5E4156DE} : DhcpNameServer = 192.168.1.1 71.89.139.1 71.89.132.13
Notify: igfxcui - igfxdev.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\fredr\appdata\roaming\mozilla\firefox\profiles\8zhofijn.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.autoDisableScopes - 14
.
FF - user.js: extensions.autoDisableScopes - 14
.
.
============= SERVICES / DRIVERS ===============
.
R0 BE_FLTI;be_flti;c:\windows\system32\drivers\be_fltim.sys [2010-10-15 50944]
R0 BeFlt;BeFlt;c:\windows\system32\drivers\BEFLT.SYS [2010-10-15 97536]
R0 CEAES2M;CEAES2M;c:\windows\system32\drivers\cegaes2m.sys [2010-10-15 63232]
R0 CEAESM;CEAESM;c:\windows\system32\drivers\cegaesm.sys [2010-10-15 62720]
R0 CEDES3M;CEDES3M;c:\windows\system32\drivers\cedes3m.sys [2010-10-14 20224]
R0 CEDESM;CEDESM;c:\windows\system32\drivers\cedesm.sys [2010-10-14 19712]
R0 CEEIDEM;CEEIDEM;c:\windows\system32\drivers\ceeidem.sys [2010-10-14 16128]
R0 CEHMACM;CEHMACM;c:\windows\system32\drivers\cehmacm.sys [2010-10-14 25344]
R0 CEIDEM;CEIDEM;c:\windows\system32\drivers\ceidem.sys [2010-10-14 17664]
R0 CERNDM;CERNDM;c:\windows\system32\drivers\cerndm.sys [2010-10-14 15616]
R0 CESHAM;CESHAM;c:\windows\system32\drivers\cesham.sys [2010-10-14 24832]
R0 SGSTDRVM;SGMKeyStore Driver;c:\windows\system32\drivers\SGStDrvm.sys [2010-10-14 51968]
R2 atashost;WebEx Service Host for Support Center;c:\windows\system32\atashost.exe [2011-2-4 119608]
R2 BEDevCtl;SafeGuard(R) Device Encryption Controller;c:\windows\system32\BEDevCtl.exe [2010-10-15 905216]
R2 BEFCSvcn;SafeGuard(R) Kernel Feature Client;c:\windows\system32\BEFCSvcn.exe [2010-10-15 20480]
R2 buttonsvc32;Dell ControlPoint Button Service;c:\program files\dell\dell controlpoint\DCPButtonSvc.exe [2008-12-29 320800]
R2 dcpsysmgrsvc;Dell ControlPoint System Manager;c:\program files\dell\dell controlpoint\system manager\DCPSysMgrSvc.exe [2009-4-9 447264]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 MotoHelper;MotoHelper Service;c:\program files\motorola\motohelper\MotoHelperService.exe [2011-4-26 223088]
R2 SGN_BEService;SafeGuard(R) Base Encryption Service;c:\windows\system32\SGN_MasterServicen.exe [2010-10-15 49152]
R2 SGN_LogSystem;SafeGuard(R) Log Service;c:\windows\system32\SGN_MasterServicen.exe [2010-10-15 49152]
R2 SGN_Sem;SafeGuard(R) System Event Manager;c:\windows\system32\SGN_MasterServicen.exe [2010-10-15 49152]
R2 SGNAuthService;SGNAuthService;c:\program files\sophos\safeguard enterprise\client\SGNAuthServicen.exe [2010-10-15 647168]
R2 Symantec AntiVirus;Symantec Endpoint Protection;c:\program files\symantec\symantec endpoint protection\Rtvscan.exe [2011-4-28 1839888]
R2 uvnc_service;uvnc_service;c:\program files\ultravnc\winvnc.exe [2009-8-21 1589704]
R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y6032.sys [2009-8-18 224384]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-5-31 106656]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-8-21 112128]
R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2008-6-26 3662848]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-1-6 136176]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-3 250056]
S3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\drivers\motfilt.sys [2009-1-29 6016]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2009-8-25 23888]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-1-6 136176]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2011-4-4 20480]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2009-1-29 8320]
S3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\drivers\Motousbnet.sys [2010-4-1 23424]
S3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\drivers\motusbdevice.sys [2010-1-25 9472]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2010-4-3 44896]
S4 RsFx0150;RsFx0150 Driver;c:\windows\system32\drivers\RsFx0150.sys [2010-4-3 240608]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\microsoft sql server\mssql10_50.sqlexpress\mssql\binn\SQLAGENT.EXE [2010-4-3 367456]
.
=============== Created Last 30 ================
.
2012-08-06 16:47:23 2047488 ----a-w- c:\windows\system32\win32k.sys
2012-08-06 15:28:04 -------- d-----w- c:\users\fredr\appdata\local\ElevatedDiagnostics
2012-08-06 15:15:56 -------- d-----w- c:\users\fredr\appdata\local\join.me
2012-08-06 14:59:34 -------- d-----w- c:\windows\system32\catroot2
2012-08-06 14:44:55 476976 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-08-06 13:12:50 -------- d-----w- c:\windows\pss
2012-07-27 13:49:47 -------- d-----w- c:\users\fredr\appdata\roaming\Malwarebytes
2012-07-27 13:49:37 -------- d-----w- c:\programdata\Malwarebytes
2012-07-27 13:49:36 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-27 13:49:36 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-07-10 20:01:36 708608 ----a-w- c:\program files\common files\system\ado\msado15.dll
2012-07-10 20:01:34 1401856 ----a-w- c:\windows\system32\msxml6.dll
2012-07-10 20:01:34 1248768 ----a-w- c:\windows\system32\msxml3.dll
2012-07-09 01:09:06 -------- d-----w- c:\program files\MapsGalaxy_39
.
==================== Find3M ====================
.
2012-08-06 14:44:34 472880 ----a-w- c:\windows\system32\deployJava1.dll
2012-08-03 11:51:12 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-03 11:51:12 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-28 02:37:58 167936 ----a-w- c:\windows\system32\drivers\wpshelper.sys
2012-06-02 22:12:32 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:12:13 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 19:19:42 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 19:12:20 33792 ----a-w- c:\windows\system32\wuapp.exe
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.0.6002 Disk: ST925041 rev.0002 -> Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
c:\windows\system32\drivers\iaStor.sys Intel Corporation Intel Matrix Storage Manager driver
1 ntkrnlpa!IofCallDriver[0x82044936] -> \Device\Harddisk0\DR0[0x8663E030]
3 CLASSPNP[0x8BBAA8B3] -> ntkrnlpa!IofCallDriver[0x82044936] -> \Device\Ide\IAAStorageDevice-0[0x85936028]
kernel: MBR read successfully
_asm { CLI ; JMP 0x64; }
user != kernel MBR !!!
.
============= FINISH: 17:20:03.95 ===============

 

[MazanSM]

Attach.txt


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista™ Business
Boot Device: \Device\HarddiskVolume2
Install Date: 8/18/2009 12:06:21 PM
System Uptime: 8/6/2012 1:06:33 PM (4 hours ago)
.
Motherboard: Dell Inc. | | 0W612R
Processor: Intel(R) Core(TM)2 Duo CPU T9550 @ 2.66GHz | Microprocessor | 2668/266mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 233 GiB total, 142.817 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description: Broadcom USH
Device ID: USB\VID_0A5C&PID_5800&MI_00\6&66DE6C9&0&0000
Manufacturer:
Name: Broadcom USH
PNP Device ID: USB\VID_0A5C&PID_5800&MI_00\6&66DE6C9&0&0000
Service:
.
==== System Restore Points ===================
.
RP1119: 7/19/2012 7:27:58 AM - Windows Update
RP1120: 7/20/2012 12:10:10 PM - Windows Update
RP1121: 7/23/2012 8:51:40 AM - Windows Update
RP1122: 7/23/2012 10:10:24 PM - Scheduled Checkpoint
RP1123: 7/24/2012 3:00:14 AM - Windows Update
RP1124: 7/24/2012 6:33:21 PM - Scheduled Checkpoint
RP1125: 7/24/2012 8:23:57 PM - Windows Update
RP1126: 7/25/2012 5:40:43 AM - Windows Update
RP1127: 7/25/2012 8:08:45 PM - Scheduled Checkpoint
RP1128: 7/26/2012 7:24:54 AM - Windows Update
RP1129: 7/26/2012 9:16:03 PM - Windows Update
RP1130: 7/27/2012 8:14:33 AM - Windows Update
RP1131: 7/27/2012 9:28:17 AM - Windows Update
RP1132: 7/27/2012 11:31:09 AM - Removed WeatherBug
RP1133: 7/27/2012 11:43:05 AM - Windows Update
RP1134: 7/28/2012 9:29:47 AM - Windows Update
RP1135: 7/29/2012 12:00:03 AM - Scheduled Checkpoint
RP1136: 7/29/2012 3:00:13 AM - Windows Update
RP1137: 7/30/2012 1:53:45 PM - Installed Motorola Mobile Drivers Installation 4.7.1
RP1138: 7/30/2012 8:38:09 PM - Windows Update
RP1139: 7/31/2012 11:27:48 AM - Windows Update
RP1140: 7/31/2012 1:04:06 PM - Windows Update
RP1141: 8/1/2012 7:39:30 AM - Windows Update
RP1142: 8/2/2012 7:50:42 AM - Windows Update
RP1143: 8/3/2012 7:19:27 AM - Windows Update
RP1144: 8/5/2012 8:24:20 AM - Windows Update
RP1145: 8/6/2012 9:11:28 AM - Windows Modules Installer
RP1146: 8/6/2012 10:42:38 AM - Installed Java(TM) 6 Update 33
RP1147: 8/6/2012 12:29:00 PM - Installed Microsoft Fix it 50123
RP1148: 8/6/2012 12:40:41 PM - Installed Microsoft Fix it 50123
RP1149: 8/6/2012 12:46:48 PM - Windows Update
RP1150: 8/6/2012 1:03:30 PM - Windows Update
.
==== Installed Programs ======================
.
32 Bit HP CIO Components Installer
5700_Help
Acrobat.com
Adobe Flash Player 11 ActiveX
Adobe Reader 9.5.1
BES Planning Advantage
BES Support Application
BPD_Scan
BPDSoftware
BPDSoftware_Ini
BufferChm
Compatibility Pack for the 2007 Office system
Dell ControlPoint System Manager
Dell Resource CD
Dell Touchpad
Destination Component
DeviceDiscovery
DeviceManagementQFolder
DocProc
DocProcQFolder
eSupportQFolder
Fax
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
GoToMeeting 5.1.0.880
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Imaging Device Functions 8.0
HP OCR Software 8.0
HP Officejet All-In-One Series
HP Photosmart Essential
HP Product Assistant
HP Solution Center 8.0
HP Update
HPProductAssistant
Intel PROSet Wireless
Intel(R) Graphics Media Accelerator Driver
Intel(R) Network Connections Drivers
Intel(R) PROSet/Wireless WiFi Software
Intel(R) TV Wizard
Intel® Matrix Storage Manager
J5700
Java Auto Updater
Java(TM) 6 Update 33
Java(TM) 6 Update 5
join.me
LanFax Client
LiveUpdate 3.3 (Symantec Corporation)
Malwarebytes Anti-Malware version 1.62.0.1300
mediaCAT
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Office File Validation Add-In
Microsoft Office Professional Edition 2003
Microsoft Silverlight
Microsoft SQL Server 2005 Backward compatibility
Microsoft SQL Server 2008 R2
Microsoft SQL Server 2008 R2 Native Client
Microsoft SQL Server 2008 R2 RsFx Driver
Microsoft SQL Server 2008 R2 Setup (English)
Microsoft SQL Server 2008 Setup Support Files
Microsoft SQL Server Browser
Microsoft SQL Server Native Client
Microsoft SQL Server VSS Writer
Microsoft Visual C++ 2005 Redistributable
MotoHelper 2.0.51 Driver 5.1.0
MotoHelper MergeModules
Motorola Mobile Drivers Installation 5.1.0
Mozilla Firefox 5.0 (x86 en-US)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
OGA Notifier 2.0.0048.0
Playfin
PowerDVD DX
ProductContext
Roxio Activation Module
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Drag-to-Disc
Roxio Express Labeler 3
Roxio Update Manager
Scan
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
SolutionCenter
Sonic CinePlayer Decoder Pack
Sophos SafeGuard 5.50.8 Client
Sophos SafeGuard 5.50.8 Client Configuration
Sophos SafeGuard Preinstall 5.50.8
SQL Server 2008 R2 Common Files
SQL Server 2008 R2 Database Engine Services
SQL Server 2008 R2 Database Engine Shared
Sql Server Customer Experience Improvement Program
Status
Symantec Endpoint Protection
Toolbox
Tour de Force
Tour de Force Platinum Client - 4.2.035
TrayApp
UltraVNC 1.0.6.5
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
WebEx
WebReg
.
==== Event Viewer Messages From Past Week ========
.
8/6/2012 9:36:15 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service sdrsvc with arguments "" in order to run the server: {47135EEA-06B6-4452-8787-4A187C64A47E}
8/6/2012 8:25:37 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80071aa7: Update for Windows Vista (KB2677070).
8/6/2012 8:25:37 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80071aa7: Security Update for Windows Vista (KB2719985).
8/6/2012 8:25:37 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80071aa7: Security Update for Windows Vista (KB2718523).
8/6/2012 8:25:37 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80071aa7: Security Update for Windows Vista (KB2698365).
8/6/2012 8:25:37 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80071aa7: Security Update for Windows Vista (KB2691442).
8/6/2012 8:25:37 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80071aa7: Security Update for Windows Vista (KB2685939).
8/6/2012 8:25:37 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80071aa7: Security Update for Microsoft .NET Framework 2.0 SP2 on Windows Vista SP2 and Windows Server 2008 SP2 x86 (KB2686833).
8/6/2012 8:25:37 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80071aa7: Security Update for Microsoft .NET Framework 2.0 SP2 on Windows Vista SP2 and Windows Server 2008 SP2 x86 (KB2656374).
8/6/2012 8:22:41 AM, Error: Service Control Manager [7022] - The KtmRm for Distributed Transaction Coordinator service hung on starting.
8/6/2012 8:19:21 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_for_KB2719985_client~31bf3856ad364e35~x86~~6.0.1.0 () into Resolved(Resolved) state
8/6/2012 8:19:21 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_for_KB2719985_client_2~31bf3856ad364e35~x86~~6.0.1.0 () into Resolved(Resolved) state
8/6/2012 8:19:21 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_for_KB2718523_client~31bf3856ad364e35~x86~~6.0.1.2 () into Absent(Absent) state
8/6/2012 8:19:21 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_for_KB2718523_client_2~31bf3856ad364e35~x86~~6.0.1.2 () into Absent(Absent) state
8/6/2012 8:19:21 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_for_KB2698365_client~31bf3856ad364e35~x86~~6.0.1.2 () into Resolved(Resolved) state
8/6/2012 8:19:21 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_for_KB2698365_client_2~31bf3856ad364e35~x86~~6.0.1.2 () into Resolved(Resolved) state
8/6/2012 8:19:21 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_for_KB2691442_client~31bf3856ad364e35~x86~~6.0.1.2 () into Resolved(Resolved) state
8/6/2012 8:19:21 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_for_KB2691442_client_2~31bf3856ad364e35~x86~~6.0.1.2 () into Resolved(Resolved) state
8/6/2012 8:19:21 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_for_KB2686833_client~31bf3856ad364e35~x86~~6.0.1.0 () into Resolved(Resolved) state
8/6/2012 8:19:21 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_for_KB2686833_client_2~31bf3856ad364e35~x86~~6.0.1.0 () into Resolved(Resolved) state
8/6/2012 8:19:21 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_for_KB2685939_client~31bf3856ad364e35~x86~~6.0.1.1 () into Resolved(Resolved) state
8/6/2012 8:19:21 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_for_KB2685939_client_2~31bf3856ad364e35~x86~~6.0.1.1 () into Resolved(Resolved) state
8/6/2012 8:19:21 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1 () into Resolved(Resolved) state
8/6/2012 8:19:21 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_for_KB2677070_client~31bf3856ad364e35~x86~~6.0.1.1 () into Resolved(Resolved) state
8/6/2012 8:19:21 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_for_KB2677070_client_2~31bf3856ad364e35~x86~~6.0.1.1 () into Resolved(Resolved) state
8/6/2012 8:19:21 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_for_KB2656374_client~31bf3856ad364e35~x86~~6.0.2.0 () into Resolved(Resolved) state
8/6/2012 8:19:21 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_for_KB2656374_client_2~31bf3856ad364e35~x86~~6.0.2.0 () into Resolved(Resolved) state
8/6/2012 8:19:21 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_9_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1 () into Resolved(Resolved) state
8/6/2012 8:19:21 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_7_for_KB2686833~31bf3856ad364e35~x86~~6.0.1.0 () into Resolved(Resolved) state
8/6/2012 8:19:21 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_7_for_KB2656374~31bf3856ad364e35~x86~~6.0.2.0 () into Resolved(Resolved) state
8/6/2012 8:19:21 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_5_for_KB2698365~31bf3856ad364e35~x86~~6.0.1.2 () into Resolved(Resolved) state
8/6/2012 8:19:21 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_4_for_KB2698365~31bf3856ad364e35~x86~~6.0.1.2 () into Resolved(Resolved) state
8/6/2012 8:19:21 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_3_for_KB2698365~31bf3856ad364e35~x86~~6.0.1.2 () into Resolved(Resolved) state
8/6/2012 8:19:21 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_2_for_KB2698365~31bf3856ad364e35~x86~~6.0.1.2 () into Resolved(Resolved) state
8/6/2012 8:19:21 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_2_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1 () into Resolved(Resolved) state
8/6/2012 8:19:21 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_1_for_KB2719985~31bf3856ad364e35~x86~~6.0.1.0 () into Resolved(Resolved) state
8/6/2012 8:19:21 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_1_for_KB2718523~31bf3856ad364e35~x86~~6.0.1.2 () into Absent(Absent) state
8/6/2012 8:19:21 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_1_for_KB2698365~31bf3856ad364e35~x86~~6.0.1.2 () into Resolved(Resolved) state
8/6/2012 8:19:21 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_1_for_KB2691442~31bf3856ad364e35~x86~~6.0.1.2 () into Resolved(Resolved) state
8/6/2012 8:19:21 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_1_for_KB2686833~31bf3856ad364e35~x86~~6.0.1.0 () into Resolved(Resolved) state
8/6/2012 8:19:21 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_1_for_KB2685939~31bf3856ad364e35~x86~~6.0.1.1 () into Resolved(Resolved) state
8/6/2012 8:19:21 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_1_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1 () into Resolved(Resolved) state
8/6/2012 8:19:21 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_1_for_KB2656374~31bf3856ad364e35~x86~~6.0.2.0 () into Resolved(Resolved) state
8/6/2012 8:19:12 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_for_KB2691442~31bf3856ad364e35~x86~~6.0.1.2 () into Resolved(Resolved) state
8/6/2012 8:19:02 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_for_KB2686833~31bf3856ad364e35~x86~~6.0.1.0 () into Resolved(Resolved) state
8/6/2012 8:18:47 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_for_KB2718523~31bf3856ad364e35~x86~~6.0.1.2 () into Absent(Absent) state
8/6/2012 8:18:29 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_for_KB2719985~31bf3856ad364e35~x86~~6.0.1.0 () into Resolved(Resolved) state
8/6/2012 8:18:29 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_for_KB2698365~31bf3856ad364e35~x86~~6.0.1.2 () into Resolved(Resolved) state
8/6/2012 8:18:29 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_for_KB2656374~31bf3856ad364e35~x86~~6.0.2.0 () into Resolved(Resolved) state
8/6/2012 8:18:28 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_for_KB2685939~31bf3856ad364e35~x86~~6.0.1.1 () into Resolved(Resolved) state
8/6/2012 11:53:53 AM, Error: Microsoft-Windows-TerminalServices-RemoteConnectionManager [1067] - The terminal server cannot register 'TERMSRV' Service Principal Name to be used for server authentication. The following error occured: The specified domain either does not exist or could not be contacted. .
8/6/2012 10:18:30 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: eeCtrl SPBBCDrv spldr SRTSP SRTSPX SYMTDI Wanarpv6
8/6/2012 10:18:30 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
8/6/2012 10:18:09 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
8/6/2012 10:18:02 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
8/6/2012 10:17:42 AM, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\System32\IWMSSvc.dll Error Code: 21
8/6/2012 10:17:35 AM, Error: Microsoft-Windows-TerminalServices-LocalSessionManager [1048] - Terminal Service start failed. The relevant status code was This service cannot be started in Safe Mode .
8/6/2012 10:17:35 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service TermService with arguments "" in order to run the server: {F9A874B6-F8A8-4D73-B5A8-AB610816828B}
8/6/2012 10:01:13 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wcncsvc with arguments "" in order to run the server: {375FF000-DD27-11D9-8F9C-0002B3988E81}
8/6/2012 10:01:13 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F}
8/6/2012 10:01:13 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
8/6/2012 1:16:21 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80071aa7: Security Update for Windows Vista (KB2655992).
8/6/2012 1:16:21 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80071aa7: Cumulative Security Update for Internet Explorer 9 for Windows Vista (KB2719177).
8/6/2012 1:12:32 PM, Error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{CBA228D1-C88A-4AB2-B2F4-7D06F3621BE0} because another computer on the network has the same name. The server could not start.
8/6/2012 1:10:54 PM, Error: Microsoft-Windows-GroupPolicy [1129] - The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.
8/6/2012 1:10:32 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_for_KB2719177~31bf3856ad364e35~x86~~9.1.1.0 () into Absent(Absent) state
8/6/2012 1:10:32 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_for_KB2719177_RTM~31bf3856ad364e35~x86~~9.1.1.0 () into Absent(Absent) state
8/6/2012 1:10:32 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_for_KB2655992~31bf3856ad364e35~x86~~6.0.1.2 () into Staged(Staged) state
8/6/2012 1:10:32 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_for_KB2655992_client~31bf3856ad364e35~x86~~6.0.1.2 () into Staged(Staged) state
8/6/2012 1:10:32 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_for_KB2655992_client_2~31bf3856ad364e35~x86~~6.0.1.2 () into Staged(Staged) state
8/6/2012 1:10:32 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_6_for_KB975467~31bf3856ad364e35~x86~~6.0.1.0 () into Installed(Installed) state
8/6/2012 1:10:32 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_6_for_KB968389~31bf3856ad364e35~x86~~6.0.1.3 () into Installed(Installed) state
8/6/2012 1:10:32 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_5_for_KB975467~31bf3856ad364e35~x86~~6.0.1.0 () into Installed(Installed) state
8/6/2012 1:10:32 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_5_for_KB968389~31bf3856ad364e35~x86~~6.0.1.3 () into Installed(Installed) state
8/6/2012 1:10:32 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_2_for_KB2655992~31bf3856ad364e35~x86~~6.0.1.2 () into Staged(Staged) state
8/6/2012 1:10:32 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_2_for_KB2585542~31bf3856ad364e35~x86~~6.0.1.2 () into Installed(Installed) state
8/6/2012 1:10:32 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_1_for_KB2719177~31bf3856ad364e35~x86~~9.1.1.0 () into Absent(Absent) state
8/6/2012 1:10:32 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_1_for_KB2655992~31bf3856ad364e35~x86~~6.0.1.2 () into Staged(Staged) state
8/6/2012 1:10:32 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_1_for_KB2585542~31bf3856ad364e35~x86~~6.0.1.2 () into Installed(Installed) state
8/6/2012 1:09:51 PM, Error: Service Control Manager [7022] - The HP CUE DeviceDiscovery Service service hung on starting.
8/6/2012 1:08:29 PM, Error: NETLOGON [5719] - This computer was not able to set up a secure session with a domain controller in domain BRYAN_SERVER_2 due to the following: There are currently no logon servers available to service the logon request. This may lead to authentication problems. Make sure that this computer is connected to the network. If the problem persists, please contact your domain administrator. ADDITIONAL INFO If this computer is a domain controller for the specified domain, it sets up the secure session to the primary domain controller emulator in the specified domain. Otherwise, this computer sets up the secure session to any domain controller in the specified domain.
8/6/2012 1:05:17 PM, Error: Service Control Manager [7023] - The Windows Modules Installer service terminated with the following error: The file cannot be opened transactionally, because its identity depends on the outcome of an unresolved transaction.
8/2/2012 4:59:52 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v4.0.30319_X86 service to connect.
7/31/2012 9:07:30 PM, Error: iaStor [9] - The device, \Device\Ide\iaStor0, did not respond within the timeout period.
7/31/2012 1:10:50 PM, Error: Microsoft-Windows-GroupPolicy [1055] - The processing of Group Policy failed. Windows could not resolve the computer name. This could be caused by one of more of the following: a) Name Resolution failure on the current domain controller. b) Active Directory Replication Latency (an account created on another domain controller has not replicated to the current domain controller).
7/30/2012 8:32:07 AM, Error: Microsoft-Windows-GroupPolicy [1058] - The processing of Group Policy failed. Windows attempted to read the file \\bryan.local\sysvol\bryan.local\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following: a) Name Resolution/Network Connectivity to the current domain controller. b) File Replication Service Latency (a file created on another domain controller has not replicated to the current domain controller). c) The Distributed File System (DFS) client has been disabled.
7/30/2012 11:29:04 AM, Error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{14312104-AC27-49E2-8A92-02E5E20B1103} because another computer on the network has the same name. The server could not start.
7/30/2012 11:29:04 AM, Error: netbt [4321] - The name "TM1012 :20" could not be registered on the interface with IP address 0.0.0.0. The computer with the IP address 192.168.1.105 did not allow the name to be claimed by this computer.
7/30/2012 1:36:46 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.105 for the Network Card with network address 0024E8BC98D1 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
.
==== End Of File ===========================

 

[Jay Pfoutz]

ComboFix

Please download ComboFix

by sUBs
From BleepingComputer.com

Please save the file to your Desktop, but rename it first to svchost.exe

Important information about ComboFix

Before the download:

• Please copy and paste these instructions to Notepad and save to your Desktop, or print them - for easier access.
• It is important to rename ComboFix before the download.
• Please do not rename ComboFix to other names, but only the one indicated.

After the download:

• Close any open browsers.
• Very Important: Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Please visit here if you don't know how.
• WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
• Please do not attempt to re-connect your machine back to the Internet until ComboFix has completely finished.
• If there is no Internet connection after running ComboFix, then restart your computer to restore back your connection.

Running ComboFix:

• Double click on svchost.exe & follow the prompts.
• It will attempt to install the Recovery Console:

• When ComboFix finishes, it will produce a report for you.
• Please post the "C:\Combo-Fix.txt" in your next reply.

Troubleshooting ComboFix

Safe Mode:

If you still cannot get ComboFix to run, try booting into Safe Mode, and run it there.

(To boot into Safe Mode, tap F8 after BIOS, and just before the Windows
logo appears. A list of options will appear, select "Safe Mode.")

Re-downloading:

If this doesn't work either, try the same method (above method), but try to download it again, except name
ComboFix.exe to iexplore.exe, explorer.exe, or winlogon.exe.

Malware is known for blocking all "user" processes, except for its whitelist of system important processes such as iexplore.exe, explorer.exe, winlogon.exe.

 

[Jay Pfoutz]

Hello. Are you still with us?

Your thread has been marked as "Inactive" because of your lack of reply. Please let us know how your computer is running, or if you want to continue in this topic.

Thanks.

 

[MazanSM]

hey! Very sorry! Thanks for the follow up. This is for one of our out of town managers. It has been a little time to get connected with him again. Running Combo Fix right now.
Thanks!

 

[MazanSM]

Here is the ComboFix.
Let me know what's next.
Thanks again for all of your help!

ComboFix 12-08-10.02 - fredr 08/13/2012 9:39.1.2 - x86
Microsoft® Windows Vista™ Business 6.0.6002.2.1252.1.1033.18.3535.2020 [GMT -4:00]
Running from: c:\users\FredR\Desktop\ComboFix.exe
AV: Symantec Endpoint Protection *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Symantec Endpoint Protection *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Symantec Endpoint Protection *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\ntuser.dat
c:\programdata\Roaming
c:\programdata\Roaming\Intel\Wireless\Settings\Settings.ini
c:\users\FredR\AppData\Local\assembly\tmp
c:\users\FredR\Documents\~WRL2522.tmp
c:\users\FredR\Documents\ShopToWin
c:\users\FredR\g2mdlhlpx.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-07-13 to 2012-08-13 )))))))))))))))))))))))))))))))
.
.
2012-08-13 13:49 . 2012-08-13 13:49 -------- d-----w- c:\users\besAdmin\AppData\Local\temp
2012-08-13 13:49 . 2012-08-13 13:49 -------- d-----w- c:\users\admin\AppData\Local\temp
2012-08-06 16:47 . 2012-06-13 13:40 2047488 ----a-w- c:\windows\system32\win32k.sys
2012-08-06 15:28 . 2012-08-06 15:28 -------- d-----w- c:\users\FredR\AppData\Local\ElevatedDiagnostics
2012-08-06 15:15 . 2012-08-06 15:15 -------- d-----w- c:\users\FredR\AppData\Local\join.me
2012-08-06 14:59 . 2012-08-06 16:46 -------- d-----w- c:\windows\system32\catroot2
2012-08-06 14:44 . 2012-08-06 14:44 476976 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-08-06 14:25 . 2012-08-06 14:25 -------- d-----w- c:\users\besAdmin\AppData\Roaming\Malwarebytes
2012-08-06 13:40 . 2012-08-06 14:19 -------- d-----w- c:\users\besAdmin\AppData\Local\Deployment
2012-08-06 13:40 . 2012-08-06 13:40 -------- d-----w- c:\users\besAdmin\AppData\Local\Apps
2012-07-27 13:49 . 2012-07-27 13:49 -------- d-----w- c:\users\FredR\AppData\Roaming\Malwarebytes
2012-07-27 13:49 . 2012-07-27 13:49 -------- d-----w- c:\programdata\Malwarebytes
2012-07-27 13:49 . 2012-07-27 13:49 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-07-27 13:49 . 2012-07-03 17:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-06 14:44 . 2010-04-19 11:33 472880 ----a-w- c:\windows\system32\deployJava1.dll
2012-08-03 11:51 . 2012-04-03 12:11 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-03 11:51 . 2011-05-18 01:48 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-05 16:47 . 2012-07-10 20:01 1401856 ----a-w- c:\windows\system32\msxml6.dll
2012-06-05 16:47 . 2012-07-10 20:01 1248768 ----a-w- c:\windows\system32\msxml3.dll
2012-06-02 22:19 . 2012-06-25 00:30 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-25 00:30 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-25 00:30 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-25 00:30 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2012-06-25 00:30 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:12 . 2012-06-25 00:30 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:12 . 2012-06-25 00:30 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 19:19 . 2012-06-25 00:30 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 19:12 . 2012-06-25 00:30 33792 ----a-w- c:\windows\system32\wuapp.exe
2011-06-16 04:17 . 2011-06-29 20:57 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SgnIconOvln1]
@="{93c136f0-91dc-4456-a586-98f72aff8d89}"
[HKEY_CLASSES_ROOT\CLSID\{93c136f0-91dc-4456-a586-98f72aff8d89}]
2010-10-15 20:03 303104 ----a-w- c:\windows\System32\sgn_beshellextn.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SgnIconOvln2]
@="{93c136f0-91dc-4457-a586-98f72aff8d89}"
[HKEY_CLASSES_ROOT\CLSID\{93c136f0-91dc-4457-a586-98f72aff8d89}]
2010-10-15 20:03 303104 ----a-w- c:\windows\System32\sgn_beshellextn.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SgnIconOvln3]
@="{93c136f0-91dc-4458-a586-98f72aff8d89}"
[HKEY_CLASSES_ROOT\CLSID\{93c136f0-91dc-4458-a586-98f72aff8d89}]
2010-10-15 20:03 303104 ----a-w- c:\windows\System32\sgn_beshellextn.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-01-16 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-01-16 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-01-16 150552]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-02-11 186904]
"DellControlPoint"="c:\program files\Dell\Dell ControlPoint\Dell.ControlPoint.exe" [2009-03-19 667648]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-12-21 200704]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-04-02 128232]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2011-04-28 115624]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-11 49152]
"SGNMasterApplication"="c:\program files\Sophos\SafeGuard Enterprise\Client\SGNMaster.exe" [2010-10-15 94208]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
BES Support Application.lnk - c:\windows\Installer\{C8C580D7-EA83-45E5-9F4B-89E3466812B8}\_CC0A4E5930FC4E7D8FFDEDEA7606DDDE.exe [2010-9-16 45056]
Dell ControlPoint System Manager.lnk - c:\program files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe [2009-4-9 1094944]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]
SQL Server.lnk - c:\program files\Microsoft SQL Server\80\Tools\Binn\scm.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SGNAuthService]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 11:51]
.
2012-08-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-06 19:23]
.
2012-08-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-06 19:23]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/?ilc=1
TCP: DhcpNameServer = 192.168.1.1 71.89.148.129 71.89.132.13
TCP: Interfaces\{CBA228D1-C88A-4AB2-B2F4-7D06F3621BE0}: NameServer = 10.1.1.5 10.1.1.15
DPF: {16F67783-7E72-4C39-99C4-4780A8335484} - hxxp://www.syncmyride.com/Own/Modules/UploadDownload/applets/sync.cab
FF - ProfilePath -
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
SafeBoot-Symantec Antvirus
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-08-13 09:51
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.0.6002 Disk: ST925041 rev.0002 -> Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
.
device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user != kernel MBR !!!
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\vsdatant]
"ImagePath"="a"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2012-08-13 09:58:00
ComboFix-quarantined-files.txt 2012-08-13 13:57
.
Pre-Run: 154,631,770,112 bytes free
Post-Run: 156,694,728,704 bytes free
.
- - End Of File - - AE89C1D51B96A1C32B64D27643E6C651

 

[Jay Pfoutz]

Thanks for getting back.

Kaspersky Security Scan (KSS)

The Kaspersky Security Scan is a scanning only tool, that searches for active infections such as rootkits, trojans, viruses, etc.

Please download the Kaspersky Security Scan from Kaspersky's Official Link and save it to your Desktop.

• Double-click on the downloaded item. It will quickly download the latest version of KSS and then launch the installer. Please navigate through the installer.
• After it finishes install, it will place an icon on your Desktop and launch itself.
• In the Kaspersky Security Scan interface, choose full scan at the bottom:
  
  
• Once it finishes, it will show the report. Click on the Details button, and it will launch a HTML page.
• You have two options - either A. Upload the HTML report here, file located at { C:/ProgramData/Kaspersky%20Lab/KSS2/DataRoot/HtmlReport/index.html } (Copy and paste the file path into the Address box in the Upload window), or B. Copy and paste all of the results in your next reply.

 

[MazanSM]

Got it, thanks a lot for your help. I will have to get in touch with the user, as he it an out of town manager for us. I will post back ASAP though.

Thanks again!

 

[Jay Pfoutz]

Okay. Will wait here.

 

[Jay Pfoutz]

Hello. Are you still with us?

Your thread has been marked as "Inactive" because of your lack of reply. Please let us know how your computer is running, or if you want to continue in this topic.

Thanks.

 

[MazanSM]

Hey. Sorry I was out of town. So I downloaded this tool, but it wont run. I installed it but when I try to run the program it doesnt open. Sometimes it says not responding and it said a message from Kaspersky "Failed to open program: Send or Dont Send". What do you think I should do now?

Thanks a lot. - Sorry this case is slow moving sometimes. I just want these silly windows updates to work!

 

[Jay Pfoutz]

That's okay. We shall continue.

New log from ComboFix

We would like to see a ☆new log☆ from ComboFix. Please find the ComboFix icon on your Desktop, and double-click on it. Once it finishes running, post the new log.

 

[Jay Pfoutz]

Any chance to keep up here?

 

[Jay Pfoutz]

Your thread has been marked as "Inactive" because of your lack of reply. Please let us know how your computer is running, or if you want to continue in this topic.

Thanks.