Jump to content

neoraido

Members
 View Profile  See their activity

  • Posts

    2

  • Joined

  • Last visited

 Content Type 

Posts posted by neoraido

    Help With Alureon-K Rootkit

    in Resolved Malware Removal Logs

    Posted

    Hello and thank you very much for getting back to me. I am very sorry that it has taken so long for me to reply, but I must have screwed up the "e-mail me" setting or something.

    Unfortunately, this weekend is going to be very hectic for me, but I will run the additional scan and post it as soon as I can. Thank you for your patience and assistance.

    Help With Alureon-K Rootkit

    in Resolved Malware Removal Logs

    Posted

    Hello,

    I have a PC that is running Windows Vista that is infected with a Alureon-K rootkit on it that I have been unable to remove. I would appreciate any help you can give.

    DDS

    ---------------------

    .

    DDS (Ver_2011-08-26.01) - NTFSx86

    Internet Explorer: 7.0.6001.18000

    Run by user at 23:45:52 on 2012-03-16

    Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3062.1806 [GMT -4:00]

    .

    AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

    SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    .

    ============== Running Processes ===============

    .

    C:\Windows\system32\wininit.exe

    C:\Windows\system32\lsm.exe

    C:\Windows\system32\svchost.exe -k DcomLaunch

    C:\Windows\system32\svchost.exe -k rpcss

    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

    C:\Windows\system32\svchost.exe -k netsvcs

    C:\Windows\system32\SLsvc.exe

    C:\Windows\system32\svchost.exe -k LocalService

    C:\Windows\system32\svchost.exe -k NetworkService

    C:\Program Files\AVAST Software\Avast\AvastSvc.exe

    C:\Windows\System32\spoolsv.exe

    c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

    C:\Program Files\Common Files\LightScribe\LSSrvc.exe

    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

    C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe

    C:\Program Files\CyberLink\Shared Files\RichVideo.exe

    C:\Windows\system32\svchost.exe -k imgsvc

    C:\Windows\System32\svchost.exe -k WerSvcGroup

    C:\Windows\system32\SearchIndexer.exe

    C:\Windows\system32\DRIVERS\xaudio.exe

    C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

    C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe

    c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe

    C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

    C:\Windows\system32\Dwm.exe

    C:\Windows\system32\taskeng.exe

    C:\Windows\Explorer.EXE

    C:\Program Files\Apoint2K\Apoint.exe

    C:\Program Files\HP\QuickPlay\QPService.exe

    C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe

    C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe

    C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe

    C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

    c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe

    C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe

    C:\WINDOWS\System32\igfxtray.exe

    C:\WINDOWS\System32\hkcmd.exe

    C:\WINDOWS\System32\igfxpers.exe

    C:\Program Files\AVAST Software\Avast\AvastUI.exe

    C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

    C:\Program Files\Windows Sidebar\sidebar.exe

    C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe

    C:\Windows\system32\wbem\wmiprvse.exe

    C:\Windows\system32\igfxsrvc.exe

    C:\Program Files\Apoint2K\ApMsgFwd.exe

    C:\Program Files\Apoint2K\Apntex.exe

    C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe

    C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

    C:\Windows\system32\WUDFHost.exe

    C:\Windows\system32\SearchProtocolHost.exe

    C:\Windows\system32\SearchFilterHost.exe

    C:\Windows\system32\DllHost.exe

    C:\Windows\system32\DllHost.exe

    C:\Windows\system32\wbem\wmiprvse.exe

    .

    ============== Pseudo HJT Report ===============

    .

    uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop

    mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop

    BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

    BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

    BHO: NCO 2.0 IE BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\common files\symantec shared\coshared\browser\2.0\coIEPlg.dll

    BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\progra~1\common~1\symant~1\ids\IPSBHO.dll

    BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_02\bin\ssv.dll

    BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll

    BHO: HP Print Clips: {ffffffff-ff12-44c5-91ec-068e3aa1b2d7} - c:\program files\hp\smart web printing\hpswp_framework.dll

    TB: Show Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\common files\symantec shared\coshared\browser\2.0\CoIEPlg.dll

    TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll

    uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun

    uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden

    mRun: [Apoint] c:\program files\apoint2k\Apoint.exe

    mRun: [iAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe

    mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"

    mRun: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start

    mRun: [OnScreenDisplay] c:\program files\hewlett-packard\hp quicktouch\HPKBDAPP.exe

    mRun: [uCam_Menu] "c:\program files\cyberlink\youcam\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\youcam" update "software\cyberlink\youcam\1.0"

    mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"

    mRun: [isCfgWiz] "c:\program files\common files\symantec shared\opc\{c86ea115-facd-4aa8-bfa2-398c677d0936}\SYMCUW.exe" -G:{77CCBE0B-A541-49a9-883E-14F8337EC861} -T:Config -REBOOT

    mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe

    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"

    mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe

    mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe

    mRun: [WAWifiMessage] c:\program files\hewlett-packard\hp wireless assistant\WiFiMsg.exe

    mRun: [sunJavaUpdateSched] "c:\program files\java\jre1.6.0_02\bin\jusched.exe"

    mRun: [igfxTray] c:\windows\system32\igfxtray.exe

    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

    mRun: [Persistence] c:\windows\system32\igfxpers.exe

    mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui

    mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

    IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000

    IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_02\bin\ssv.dll

    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll

    IE: {58ECB495-38F0-49cb-A538-10282ABF65E7} - {A93C41D8-01F8-4F8B-B14C-DE20B117E636} - c:\program files\hp\smart web printing\hpswp_extensions.dll

    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL

    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab

    DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab

    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab

    Notify: igfxcui - igfxdev.dll

    mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"

    .

    ============= SERVICES / DRIVERS ===============

    .

    R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-3-16 612184]

    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-3-16 337880]

    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-3-16 20696]

    R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-3-16 57688]

    R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-3-16 44768]

    R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\common files\symantec shared\ccSvcHst.exe [2007-8-25 149864]

    R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-3-16 652360]

    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-3-16 20464]

    R3 Symantec Core LC;Symantec Core LC;c:\progra~1\common~1\symant~1\ccpd-lc\symlcsvc.exe [2008-2-23 1245064]

    S3 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\symantec\defini~1\symcdata\ipsdefs\20070823.002\IDSvix86.sys [2008-2-23 180272]

    .

    =============== Created Last 30 ================

    .

    2012-03-16 17:23:17 -------- d-----w- c:\users\user\appdata\local\temp

    2012-03-16 17:22:31 -------- d-sh--w- C:\$RECYCLE.BIN

    2012-03-16 15:15:41 -------- d-----w- c:\users\user\appdata\roaming\Malwarebytes

    2012-03-16 15:15:33 -------- d-----w- c:\programdata\Malwarebytes

    2012-03-16 15:15:32 20464 ----a-w- c:\windows\system32\drivers\mbam.sys

    2012-03-16 15:15:32 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

    2012-03-16 14:21:43 -------- d-----w- C:\TDSSKiller_Quarantine

    2012-03-16 13:47:51 98816 ----a-w- c:\windows\sed.exe

    2012-03-16 13:47:51 518144 ----a-w- c:\windows\SWREG.exe

    2012-03-16 13:47:51 256000 ----a-w- c:\windows\PEV.exe

    2012-03-16 13:47:51 208896 ----a-w- c:\windows\MBR.exe

    2012-03-16 07:54:10 80896 ----a-w- c:\windows\system32\MSNP.ax

    2012-03-16 07:54:10 57856 ----a-w- c:\windows\system32\MSDvbNP.ax

    2012-03-16 07:54:03 293376 ----a-w- c:\windows\system32\psisdecd.dll

    2012-03-16 07:54:01 217088 ----a-w- c:\windows\system32\psisrndr.ax

    2012-03-16 07:43:02 454656 ----a-w- c:\program files\common files\system\msadc\msadce.dll

    2012-03-16 07:24:08 97800 ----a-w- c:\windows\system32\infocardapi.dll

    2012-03-16 07:24:06 105016 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll

    2012-03-16 07:24:03 622080 ----a-w- c:\windows\system32\icardagt.exe

    2012-03-16 07:24:03 37384 ----a-w- c:\windows\system32\infocardcpl.cpl

    2012-03-16 07:24:02 43544 ----a-w- c:\windows\system32\PresentationHostProxy.dll

    2012-03-16 07:24:02 11264 ----a-w- c:\windows\system32\icardres.dll

    2012-03-16 07:23:57 781344 ----a-w- c:\windows\system32\PresentationNative_v0300.dll

    2012-03-16 07:23:49 326160 ----a-w- c:\windows\system32\PresentationHost.exe

    2012-03-16 07:15:53 96760 ----a-w- c:\windows\system32\dfshim.dll

    2012-03-16 07:15:47 282112 ----a-w- c:\windows\system32\mscoree.dll

    2012-03-16 07:15:46 41984 ----a-w- c:\windows\system32\netfxperf.dll

    2012-03-16 07:15:28 158720 ----a-w- c:\windows\system32\mscorier.dll

    2012-03-16 07:15:18 83968 ----a-w- c:\windows\system32\mscories.dll

    2012-03-16 07:11:28 24064 ----a-w- c:\windows\system32\nshhttp.dll

    2012-03-16 07:11:22 411136 ----a-w- c:\windows\system32\drivers\http.sys

    2012-03-16 07:11:21 31232 ----a-w- c:\windows\system32\httpapi.dll

    2012-03-16 07:07:25 -------- d-----w- c:\program files\MSXML 4.0

    2012-03-16 06:52:28 67072 ----a-w- c:\windows\system32\asycfilt.dll

    2012-03-16 06:52:26 71680 ----a-w- c:\windows\system32\atl.dll

    2012-03-16 06:52:19 1399296 ----a-w- c:\windows\system32\msxml6.dll

    2012-03-16 06:52:15 501760 ----a-w- c:\windows\system32\usp10.dll

    2012-03-16 06:52:13 66048 ----a-w- c:\program files\windows mail\wabmig.exe

    2012-03-16 06:52:13 515584 ----a-w- c:\program files\windows mail\wab.exe

    2012-03-16 06:52:12 33280 ----a-w- c:\program files\windows mail\wabfind.dll

    2012-03-16 06:52:03 72704 ----a-w- c:\windows\system32\fontsub.dll

    2012-03-16 06:52:03 34304 ----a-w- c:\windows\system32\atmlib.dll

    2012-03-16 06:52:03 292864 ----a-w- c:\windows\system32\atmfd.dll

    2012-03-16 06:52:03 10240 ----a-w- c:\windows\system32\dciman32.dll

    2012-03-16 06:52:00 361984 ----a-w- c:\windows\system32\IPSECSVC.DLL

    2012-03-16 06:51:55 409600 ----a-w- c:\windows\system32\odbc32.dll

    2012-03-16 06:51:54 708608 ----a-w- c:\program files\common files\system\ado\msado15.dll

    2012-03-16 06:51:54 253952 ----a-w- c:\program files\common files\system\ado\msadox.dll

    2012-03-16 06:51:53 57344 ----a-w- c:\program files\common files\system\msadc\msadcs.dll

    2012-03-16 06:51:53 241664 ----a-w- c:\program files\common files\system\ado\msadomd.dll

    2012-03-16 06:51:53 180224 ----a-w- c:\program files\common files\system\msadc\msadco.dll

    2012-03-16 06:51:48 241152 ----a-w- c:\windows\system32\PortableDeviceApi.dll

    2012-03-16 06:48:56 1136640 ----a-w- c:\windows\system32\mfc42.dll

    2012-03-16 06:47:55 160256 ----a-w- c:\windows\system32\wkssvc.dll

    2012-03-16 06:47:47 1315840 ----a-w- c:\windows\system32\ole32.dll

    2012-03-16 06:47:46 339968 ----a-w- c:\program files\windows nt\accessories\wordpad.exe

    2012-03-16 06:47:39 296960 ----a-w- c:\windows\system32\gdi32.dll

    2012-03-16 06:47:31 126464 ----a-w- c:\windows\system32\spoolsv.exe

    2012-03-16 06:47:27 562176 ----a-w- c:\windows\system32\msdtcprx.dll

    2012-03-16 06:47:27 38912 ----a-w- c:\windows\system32\xolehlp.dll

    2012-03-16 06:47:21 1257472 ----a-w- c:\windows\system32\msxml3.dll

    2012-03-16 06:47:15 157184 ----a-w- c:\windows\system32\t2embed.dll

    2012-03-16 06:47:05 10926592 ----a-w- c:\program files\movie maker\MOVIEMK.dll

    2012-03-16 06:47:03 150016 ----a-w- c:\program files\movie maker\MOVIEMK.exe

    2012-03-16 06:46:51 273408 ----a-w- c:\windows\system32\drivers\afd.sys

    2012-03-16 06:46:47 269312 ----a-w- c:\windows\system32\es.dll

    2012-03-16 06:46:43 1169408 ----a-w- c:\windows\system32\sdclt.exe

    2012-03-16 06:46:35 303616 ----a-w- c:\windows\system32\wmpeffects.dll

    2012-03-16 06:46:32 766464 ----a-w- c:\program files\common files\microsoft shared\vgx\VGX.dll

    2012-03-16 06:46:29 146432 ----a-w- c:\windows\system32\drivers\srv2.sys

    2012-03-16 06:46:28 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys

    2012-03-16 06:46:08 714240 ----a-w- c:\windows\system32\timedate.cpl

    2012-03-16 06:45:55 430080 ----a-w- c:\windows\system32\vbscript.dll

    2012-03-16 06:45:47 317952 ----a-w- c:\windows\system32\MP4SDECD.DLL

    2012-03-16 06:45:31 2730536 ----a-w- c:\programdata\microsoft\windows defender\definition updates\backup\mpengine.dll

    2012-03-16 06:45:07 6552120 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{dfb61f07-218b-4339-b0ff-4cf41a39024b}\mpengine.dll

    2012-03-16 06:44:59 237072 ------w- c:\windows\system32\MpSigStub.exe

    2012-03-16 06:44:30 636928 ----a-w- c:\windows\system32\localspl.dll

    2012-03-16 06:44:21 113664 ----a-w- c:\windows\system32\drivers\rmcast.sys

    2012-03-16 06:44:18 954752 ----a-w- c:\windows\system32\mfc40.dll

    2012-03-16 06:44:17 954288 ----a-w- c:\windows\system32\mfc40u.dll

    2012-03-16 06:44:10 36352 ----a-w- c:\windows\system32\rtutils.dll

    2012-03-16 06:44:01 2927104 ----a-w- c:\windows\explorer.exe

    2012-03-16 06:43:50 28672 ----a-w- c:\windows\system32\Apphlpdm.dll

    2012-03-16 06:43:49 1695744 ----a-w- c:\windows\system32\gameux.dll

    2012-03-16 06:43:46 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll

    2012-03-16 06:43:41 171520 ----a-w- c:\windows\system32\wintrust.dll

    2012-03-16 06:43:34 499712 ----a-w- c:\windows\system32\kerberos.dll

    2012-03-16 06:43:33 175104 ----a-w- c:\windows\system32\wdigest.dll

    2012-03-16 06:43:32 1256448 ----a-w- c:\windows\system32\lsasrv.dll

    2012-03-16 06:43:31 72704 ----a-w- c:\windows\system32\secur32.dll

    2012-03-16 06:43:31 439896 ----a-w- c:\windows\system32\drivers\ksecdd.sys

    2012-03-16 06:43:30 9728 ----a-w- c:\windows\system32\lsass.exe

    2012-03-16 06:42:51 12240896 ----a-w- c:\windows\system32\NlsLexicons0007.dll

    2012-03-16 06:42:47 2644480 ----a-w- c:\windows\system32\NlsLexicons0009.dll

    2012-03-16 06:42:24 801280 ----a-w- c:\windows\system32\NaturalLanguage6.dll

    2012-03-16 06:38:58 25088 ----a-w- c:\windows\system32\drivers\tunnel.sys

    2012-03-16 06:37:48 313344 ----a-w- c:\windows\system32\wmpdxm.dll

    2012-03-16 06:37:43 43520 ----a-w- c:\windows\system32\msdxm.tlb

    2012-03-16 06:37:43 18432 ----a-w- c:\windows\system32\amcompat.tlb

    2012-03-16 06:36:20 523776 ----a-w- c:\windows\system32\RMActivate_isv.exe

    2012-03-16 06:36:20 511488 ----a-w- c:\windows\system32\RMActivate.exe

    2012-03-16 06:36:19 472576 ----a-w- c:\windows\system32\secproc_isv.dll

    2012-03-16 06:36:19 472064 ----a-w- c:\windows\system32\secproc.dll

    2012-03-16 06:36:19 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe

    2012-03-16 06:36:19 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe

    2012-03-16 06:36:17 329216 ----a-w- c:\windows\system32\msdrm.dll

    2012-03-16 06:36:17 151040 ----a-w- c:\windows\system32\secproc_ssp_isv.dll

    2012-03-16 06:36:17 151040 ----a-w- c:\windows\system32\secproc_ssp.dll

    2012-03-16 06:35:40 898952 ----a-w- c:\windows\system32\drivers\tcpip.sys

    2012-03-16 06:35:34 135168 ----a-w- c:\windows\system32\wshom.ocx

    2012-03-16 06:35:33 90112 ----a-w- c:\windows\system32\wshext.dll

    2012-03-16 06:35:33 155648 ----a-w- c:\windows\system32\wscript.exe

    2012-03-16 06:35:33 135168 ----a-w- c:\windows\system32\cscript.exe

    2012-03-16 06:35:32 180224 ----a-w- c:\windows\system32\scrobj.dll

    2012-03-16 06:35:32 172032 ----a-w- c:\windows\system32\scrrun.dll

    2012-03-16 06:34:30 1645568 ----a-w- c:\windows\system32\connect.dll

    2012-03-16 06:34:22 996352 ----a-w- c:\windows\system32\WMNetMgr.dll

    2012-03-16 06:34:22 94720 ----a-w- c:\windows\system32\logagent.exe

    2012-03-16 06:34:17 2067456 ----a-w- c:\windows\system32\mstscax.dll

    2012-03-16 06:34:16 677888 ----a-w- c:\windows\system32\mstsc.exe

    2012-03-16 06:34:10 49152 ----a-w- c:\windows\system32\csrsrv.dll

    2012-03-16 06:34:10 375808 ----a-w- c:\windows\system32\winsrv.dll

    2012-03-16 06:34:08 61440 ----a-w- c:\windows\system32\msasn1.dll

    2012-03-16 06:34:02 784896 ----a-w- c:\windows\system32\rpcrt4.dll

    2012-03-16 06:31:21 -------- d-----w- c:\users\user\appdata\local\Hewlett-Packard

    2012-03-16 05:53:33 -------- d-----w- c:\programdata\LightScribe

    2012-03-16 05:51:39 310784 ----a-w- c:\windows\system32\unregmp2.exe

    2012-03-16 05:51:39 1418752 ----a-w- c:\program files\windows media player\setup_wm.exe

    2012-03-16 05:51:36 7680 ----a-w- c:\windows\system32\spwmp.dll

    2012-03-16 05:51:36 168960 ----a-w- c:\program files\windows media player\wmplayer.exe

    2012-03-16 05:51:35 4096 ----a-w- c:\windows\system32\msdxm.ocx

    2012-03-16 05:51:35 4096 ----a-w- c:\windows\system32\dxmasf.dll

    2012-03-16 05:51:35 107520 ----a-w- c:\program files\windows media player\wmpshare.exe

    2012-03-16 05:51:35 107520 ----a-w- c:\program files\windows media player\wmpconfig.exe

    2012-03-16 05:51:33 8147456 ----a-w- c:\windows\system32\wmploc.DLL

    2012-03-16 05:51:11 276992 ----a-w- c:\windows\system32\schannel.dll

    2012-03-16 05:50:22 98304 ----a-w- c:\windows\system32\cabview.dll

    2012-03-16 05:46:22 -------- d-----w- c:\programdata\Spybot - Search & Destroy

    2012-03-16 05:46:22 -------- d-----w- c:\program files\Spybot - Search & Destroy

    2012-03-16 05:44:44 612184 ----a-w- c:\windows\system32\drivers\aswSnx.sys

    2012-03-16 05:44:43 57688 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

    2012-03-16 05:44:03 41184 ----a-w- c:\windows\avastSS.scr

    2012-03-16 05:43:36 -------- d-----w- c:\programdata\AVAST Software

    2012-03-16 05:43:36 -------- d-----w- c:\program files\AVAST Software

    2012-03-16 05:40:21 2421760 ----a-w- c:\windows\system32\wucltux.dll

    2012-03-16 05:40:11 87552 ----a-w- c:\windows\system32\wudriver.dll

    2012-03-16 05:40:06 33792 ----a-w- c:\windows\system32\wuapp.exe

    2012-03-16 05:40:06 171608 ----a-w- c:\windows\system32\wuwebv.dll

    2012-03-16 04:24:25 -------- d-----w- c:\users\user\appdata\roaming\Symantec

    2012-03-16 04:24:21 -------- d-----w- c:\users\user\appdata\local\QuickPlay

    2012-03-16 04:20:55 -------- d-----w- c:\programdata\Electronic Arts

    2012-03-16 04:20:51 -------- d-----w- c:\users\user\appdata\local\Downloaded Installations

    2012-03-16 04:16:00 -------- d-----w- c:\users\user\appdata\local\VirtualStore

    2012-03-16 04:08:07 -------- d-sh--we C:\Documents and Settings

    .

    ==================== Find3M ====================

    .

    .

    ============= FINISH: 23:46:32.17 ===============

    Attach.txt

    --------------------------------

    .

    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

    IF REQUESTED, ZIP IT UP & ATTACH IT

    .

    DDS (Ver_2011-08-26.01)

    .

    Microsoft® Windows Vista™ Home Premium

    Boot Device: \Device\HarddiskVolume1

    Install Date: 6/23/2008 5:31:27 AM

    System Uptime: 3/16/2012 11:08:03 PM (0 hours ago)

    .

    Motherboard: Wistron | | 30CD

    Processor: Intel® Core2 Duo CPU T5550 @ 1.83GHz | U2E1 | 1833/667mhz

    .

    ==== Disk Partitions =========================

    .

    C: is FIXED (NTFS) - 221 GiB total, 186.112 GiB free.

    D: is FIXED (NTFS) - 12 GiB total, 1.784 GiB free.

    E: is CDROM ()

    F: is Removable

    .

    ==== Disabled Device Manager Items =============

    .

    ==== System Restore Points ===================

    .

    RP7: 3/16/2012 12:21:54 AM - First_User_Boot

    RP8: 3/16/2012 1:39:58 AM - Windows Update

    RP9: 3/16/2012 1:43:25 AM - avast! Free Antivirus Setup

    RP10: 3/16/2012 2:43:45 AM - Windows Update

    RP11: 3/16/2012 3:00:33 AM - Windows Update

    RP12: 3/16/2012 10:22:05 AM - Windows Update

    .

    ==== Installed Programs ======================

    .

    Activation Assistant for the 2007 Microsoft Office suites

    Adobe Flash Player ActiveX

    Adobe Reader 8.1.0

    Adobe Shockwave Player

    AIM 6

    AppCore

    avast! Free Antivirus

    Cards_Calendar_OrderGift_DoMorePlugout

    ccCommon

    Compatibility Pack for the 2007 Office system

    Component Framework

    Conexant HD Audio

    CyberLink YouCam

    DVD Suite

    EA Link

    Hauppauge MCE XP/Vista Software Encoder (2.0.25149)

    HDAUDIO Soft Data Fax Modem with SmartCP

    Hewlett-Packard Active Check

    Hewlett-Packard Asset Agent for Health Check

    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

    HP Active Support Library

    HP Customer Experience Enhancements

    HP Doc Viewer

    HP Easy Setup - Frontend

    HP Help and Support

    HP Photosmart Essential 2.5

    HP Quick Launch Buttons 6.30 E1

    HP QuickPlay 3.6

    HP QuickTouch 1.00 C4

    HP Smart Web Printing

    HP Total Care Advisor

    HP Update

    HP User Guides 0090

    HP Wireless Assistant

    HPNetworkAssistant

    HPPhotoSmartDiscLabel_PaperLabel

    HPPhotoSmartDiscLabel_PrintOnDisc

    HPPhotoSmartDiscLabel_Tattoo

    HPPhotoSmartDiscLabelContent1

    hpphotosmartdisclabelplugin

    HPPhotoSmartPhotobookHolidayPack1

    HPPhotoSmartPhotobookModernPack1

    HPPhotoSmartPhotobookPlayfulPack1

    HPPhotoSmartPhotobookScrapbookPack1

    HPPhotoSmartPhotobookWebPack1

    Intel® Graphics Media Accelerator Driver

    Java 6 Update 2

    LabelPrint

    LightScribe System Software 1.10.13.1

    LiveUpdate (Symantec Corporation)

    Malwarebytes Anti-Malware version 1.60.1.1000

    Marvell Miniport Driver

    Microsoft .NET Framework 3.5 SP1

    Microsoft Office Excel MUI (English) 2007

    Microsoft Office Home and Student 2007

    Microsoft Office OneNote MUI (English) 2007

    Microsoft Office PowerPoint MUI (English) 2007

    Microsoft Office PowerPoint Viewer 2007 (English)

    Microsoft Office Proof (English) 2007

    Microsoft Office Proof (French) 2007

    Microsoft Office Proof (Spanish) 2007

    Microsoft Office Proofing (English) 2007

    Microsoft Office Shared MUI (English) 2007

    Microsoft Office Shared Setup Metadata MUI (English) 2007

    Microsoft Office Word MUI (English) 2007

    Microsoft Visual C++ 2005 Redistributable

    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

    Microsoft Works

    MSXML 4.0 SP2 (KB954430)

    MSXML 4.0 SP2 (KB973688)

    muvee autoProducer 6.1

    My HP Games

    NetWaiting

    Norton AntiVirus

    Norton AntiVirus Help

    Norton Confidential Core

    Norton Internet Security

    Norton Internet Security (Symantec Corporation)

    Norton Protection Center

    Power2Go

    PowerDirector

    PSSWCORE

    QuickPlay SlingPlayer 0.4.6

    Recuva

    RICOH R5C83x/84x Flash Media Controller Driver Ver.3.52.02

    Slingbox Flash Tour

    SlingPlayer

    SPBBC 32bit

    Spybot - Search & Destroy

    Symantec Real Time Storage Protection Component

    SymNet

    The Sims™ Life Stories

    Touch Pad Driver

    Update for Office 2007 (KB934528)

    VideoToolkit01

    Viewpoint Media Player

    WeatherBug Gadget

    .

    ==== Event Viewer Messages From Past Week ========

    .

    3/16/2012 2:29:10 AM, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

    3/16/2012 1:40:55 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-zh-tw-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state

    3/16/2012 1:40:55 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-zh-hk-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state

    3/16/2012 1:40:55 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-zh-cn-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state

    3/16/2012 1:40:55 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-uk-ua-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state

    3/16/2012 1:40:55 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-tr-tr-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state

    3/16/2012 1:40:55 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-th-th-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state

    3/16/2012 1:40:55 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-sv-se-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state

    3/16/2012 1:40:55 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-sr-latn-cs-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state

    3/16/2012 1:40:55 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-sl-si-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state

    3/16/2012 1:40:55 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-sk-sk-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state

    3/16/2012 1:40:55 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-ru-ru-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state

    3/16/2012 1:40:55 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-ro-ro-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state

    3/16/2012 1:40:55 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-pt-pt-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state

    3/16/2012 1:40:55 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-pt-br-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state

    3/16/2012 1:40:55 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-ps-ps-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state

    3/16/2012 1:40:55 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-pl-pl-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state

    3/16/2012 1:40:55 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-nl-nl-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state

    3/16/2012 1:40:55 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-Neutral from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Staged(Staged) state

    3/16/2012 1:40:55 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-nb-no-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state

    3/16/2012 1:40:55 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-lv-lv-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state

    3/16/2012 1:40:55 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-lt-lt-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state

    3/16/2012 1:40:55 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-ko-kr-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state

    3/16/2012 1:40:55 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-ja-jp-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state

    3/16/2012 1:40:55 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-it-it-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state

    3/16/2012 1:40:55 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-hu-hu-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state

    3/16/2012 1:40:55 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-hr-hr-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state

    3/16/2012 1:40:55 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-he-il-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state

    3/16/2012 1:40:55 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-fr-fr-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state

    3/16/2012 1:40:55 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-fi-fi-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state

    3/16/2012 1:40:55 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-et-ee-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state

    3/16/2012 1:40:55 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-es-es-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state

    3/16/2012 1:40:55 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-en-us-LP from package WUClient-SelfUpdate-Aux-Package-en-us-MiniLP(Feature Pack) into Staged(Staged) state

    3/16/2012 1:40:55 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-en-us-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Staged(Staged) state

    3/16/2012 1:40:55 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-el-gr-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state

    3/16/2012 1:40:55 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-de-de-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state

    3/16/2012 1:40:55 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-da-dk-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state

    3/16/2012 1:40:55 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-cs-cz-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state

    3/16/2012 1:40:55 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-bg-bg-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state

    3/16/2012 1:40:55 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-ar-sa-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state

    3/16/2012 1:40:55 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update AuxResourcesLP from package WindowsUpdateClient-SelfUpdate-Aux-Package(Language Pack) into Staged(Staged) state

    3/16/2012 1:40:55 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update AuxComp from package WindowsUpdateClient-SelfUpdate-Aux-Package(Update) into Staged(Staged) state

    3/16/2012 1:40:55 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update Aux from package WindowsUpdateClient-SelfUpdate-Aux-AuxComp-Package_en-US(Language Pack) into Staged(Staged) state

    3/16/2012 1:40:55 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update Aux from package WindowsUpdateClient-SelfUpdate-Aux-AuxComp-Package(Update) into Staged(Staged) state

    3/16/2012 1:40:55 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package WUClient-SelfUpdate-Aux-Package-en-us-MiniLP (Feature Pack) into Install Requested(Install Requested) state

    3/16/2012 1:40:55 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package WindowsUpdateClient-SelfUpdate-Aux-Package (Update) into Install Requested(Install Requested) state

    3/16/2012 1:40:55 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package WindowsUpdateClient-SelfUpdate-Aux-Package (Language Pack) into Install Requested(Install Requested) state

    3/16/2012 1:40:55 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package WindowsUpdateClient-SelfUpdate-Aux-AuxComp-Package_en-US (Language Pack) into Install Requested(Install Requested) state

    3/16/2012 1:40:55 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package WindowsUpdateClient-SelfUpdate-Aux-AuxComp-Package (Update) into Install Requested(Install Requested) state

    3/16/2012 1:40:55 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KBWUClient-SelfUpdate-Aux (Feature Pack) into Install Requested(Install Requested) state

    .

    ==== End Of File ===========================

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.