anr2030
-
Posts
1 -
Joined
-
Last visited
This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.
Infected with Smart Fortress 2012
in Resolved Malware Removal Logs
Posted
Merged Post
I got infected yesterday with the Smart Fortress 2012 virus. I have taken the following steps already:
1) uninstalled the virus (using Add/Remove Programs).
2) ran MBAM and quarantined all the threats.
Please check my DDS.txt and Attach.txt file contents below:
*******************************************************************
DDS
*******************************************************************
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by Anirban at 21:01:12 on 2012-04-17
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3037.781 [GMT -5:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Application Updater\ApplicationUpdater.exe
C:\Program Files\AVS4YOU\AVSFirewall\AVSFirewallService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Microsoft\BingBar\SeaPort.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\TeamViewer\Version7\TeamViewer.exe
C:\Windows\Explorer.EXE
C:\Program Files\TeamViewer\Version7\tv_w32.exe
C:\Windows\system32\wbengine.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\ClamWin\bin\ClamTray.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Nikon\Nikon Message Center 2\NkMC2.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
C:\Program Files\AVS4YOU\AVSFirewall\AVSFirewall.exe
C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe
C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Users\Anirban\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
C:\Program Files\SugarSync\SugarSyncManager.exe
C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files\Internet Explorer\IELowutil.exe
C:\Program Files\Internet Explorer\iexplore.exe
\\?\C:\Windows\system32\wbem\WMIADAP.EXE
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\conhost.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://www.google.com
uStart Page = hxxp://www.google.com/
uDefault_Search_URL = hxxp://www.google.com/ie
uWindow Title = Internet Explorer, optimized for Bing and MSN
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: H - No File
uURLSearchHooks: YouTube Downloader Toolbar: {f3fee66e-e034-436a-86e4-9690573bee8a} - c:\program files\youtube downloader toolbar\ie\5.4\youtubedownloaderToolbarIE.dll
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn2\yt.dll
uURLSearchHooks: FCToolbarURLSearchHook Class: {3d68e927-6002-6bb4-7940-c297f1177192} - c:\program files\shopping4causes shopping plugin\Helper.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn2\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Shopping4Causes Shopping Plugin: {7c4155b9-efe5-2364-45e9-6679a6060ed5} - c:\program files\shopping4causes shopping plugin\Toolbar.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll"
BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: YouTube Downloader Toolbar: {f3fee66e-e034-436a-86e4-9690573bee8a} - c:\program files\youtube downloader toolbar\ie\5.4\youtubedownloaderToolbarIE.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn2\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn2\yt.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll"
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: YouTube Downloader Toolbar: {f3fee66e-e034-436a-86e4-9690573bee8a} - c:\program files\youtube downloader toolbar\ie\5.4\youtubedownloaderToolbarIE.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
TB: {724D43A0-0D85-11D4-9908-00400523E39A} - No File
uRun: [Google Update] "c:\users\anirban\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messen~1\YahooMessenger.exe" -quiet
uRun: [cdloader] "c:\users\anirban\appdata\roaming\mjusbsp\cdloader2.exe" MAGICJACK
uRun: [ChicaPasswordManager] c:\program files\chicalogic\chica password manager\stpass.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [MobileDocuments] c:\program files\common files\apple\internet services\ubd.exe
uRun: [sugarSync] "c:\program files\sugarsync\SugarSyncManager.exe" -startInTray -usedelay=true
uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil32_11_2_202_228_ActiveX.exe -update activex
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [ClamWin] "c:\program files\clamwin\bin\ClamTray.exe" --logon
mRun: [igfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [KeePass 2 PreLoad] "c:\program files\keepass password safe 2\KeePass.exe" --preload
mRun: [Nikon Message Center 2] c:\program files\nikon\nikon message center 2\NkMC2.exe -s
mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [LWS] c:\program files\logitech\lws\webcam software\LWS.exe -hide
mRun: [AVSFirewall] c:\program files\avs4you\avsfirewall\AVSFirewall.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [<NO NAME>]
mRun: [searchSettings] "c:\program files\common files\spigot\search settings\SearchSettings.exe"
StartupFolder: c:\users\anirban\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\audibl~1.lnk - c:\program files\audible\bin\AudibleDownloadHelper.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} - hxxp://www.anandabazar.com/wfplayer/tdserver.cab
DPF: {79D6214F-CFCE-480F-9901-27950E78F1E6} - hxxps://vpn.dhsgroup.com/MLWebCacheCleaner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {BEA7310D-06C4-4339-A784-DC3804819809} - hxxp://www.cvsphoto.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 209.55.24.10 209.55.27.13 8.8.8.8
TCP: Interfaces\{2B2BA879-5951-4705-936A-A976907A6EAD} : DhcpNameServer = 209.55.24.10 209.55.27.13 8.8.8.8
TCP: Interfaces\{2B2BA879-5951-4705-936A-A976907A6EAD}\25F49584F4D454 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{2B2BA879-5951-4705-936A-A976907A6EAD}\C696E6B6379737 : DhcpNameServer = 68.87.85.102 68.87.69.150
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
STS: Windows DreamScene: {e31004d1-a431-41b8-826f-e902f9d95c81} - %SystemRoot%\System32\DreamScene.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
.
============= SERVICES / DRIVERS ===============
.
R1 AVSRegMonDrv;AVSRegMonDrv;c:\program files\avs4you\avsfirewall\AVSRegMonDrv.sys [2012-3-21 17992]
R1 AVSTDIFilterDrv;AVSTDIFilterDrv;c:\program files\avs4you\avsfirewall\AVSTDIFilterDrv.sys [2012-3-21 24648]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 Application Updater;Application Updater;c:\program files\application updater\ApplicationUpdater.exe [2012-3-16 782744]
R2 AVSFirewallService;AVSFirewall Service;c:\program files\avs4you\avsfirewall\AVSFirewallService.exe [2012-3-21 80456]
R2 TeamViewer7;TeamViewer 7;c:\program files\teamviewer\version7\TeamViewer_Service.exe [2012-2-23 2886528]
R2 UMVPFSrv;UMVPFSrv;c:\program files\common files\logishrd\lvmvfm\UMVPFSrv.exe [2011-8-19 450848]
R3 AVSNDISIMMP;AVSNDISIMMP;c:\windows\system32\drivers\AVSNDISIMDriver.sys [2012-3-21 23624]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-8-20 189440]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-4 135664]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-9 253600]
S3 AVSNDISIM;AVSNDISIM Service;c:\windows\system32\drivers\AVSNDISIMDriver.sys [2012-3-21 23624]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-2-28 183560]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2010-12-27 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-23 1493352]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-2-4 135664]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-6-22 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-4-23 1343400]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
.
=============== Created Last 30 ================
.
2012-04-18 02:03:18 6582328 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{9510dca6-7f9e-4b00-9353-26258ca4f33c}\mpengine.dll
2012-04-18 02:00:31 56200 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{1fccac7c-7145-427b-ad78-cdec048c44e1}\offreg.dll
2012-04-18 01:59:21 6582328 ------w- c:\programdata\microsoft\windows defender\definition updates\{1fccac7c-7145-427b-ad78-cdec048c44e1}\mpengine.dll
2012-04-18 01:57:11 -------- d-----w- c:\users\anirban\appdata\local\tjnet
2012-04-16 02:42:14 -------- d-----w- c:\program files\Ad-Aware Antivirus
2012-04-16 02:40:33 -------- d-----w- c:\users\anirban\appdata\roaming\Ad-Aware Antivirus
2012-04-13 16:46:52 -------- d-----w- c:\users\anirban\appdata\roaming\Malwarebytes
2012-04-13 16:46:46 -------- d-----w- c:\programdata\Malwarebytes
2012-04-13 16:46:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-04-11 03:01:01 -------- d-----w- c:\users\anirban\CertDumps
2012-04-10 03:00:43 -------- d-----w- c:\users\anirban\appdata\local\SugarSync
2012-04-10 03:00:35 -------- d-----w- c:\program files\SugarSync
2012-04-10 02:46:48 -------- d-----w- c:\users\anirban\appdata\roaming\Dropbox
2012-04-09 12:30:47 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-04-09 01:48:37 -------- d-----w- c:\program files\YouTube Downloader Toolbar
2012-04-09 01:48:37 -------- d-----w- c:\program files\common files\Spigot
2012-04-09 01:48:37 -------- d-----w- c:\program files\Application Updater
2012-04-01 14:55:21 -------- d-----w- c:\program files\iPod
2012-04-01 14:55:20 -------- d-----w- c:\program files\iTunes
2012-03-22 19:12:12 4435968 ----a-w- c:\windows\system32\GPhotos.scr
2012-03-22 02:40:22 23624 ----a-w- c:\windows\system32\drivers\AVSNDISIMDriver.sys
2012-03-22 02:04:41 1003008 ----a-w- c:\windows\system32\libeay32.dll
2012-03-22 01:59:12 974848 ----a-w- c:\windows\system32\mfc70.dll
2012-03-22 01:59:12 487424 ----a-w- c:\windows\system32\msvcp70.dll
2012-03-22 01:59:11 344064 ----a-w- c:\windows\system32\msvcr70.dll
2012-03-20 03:43:04 -------- d-----w- c:\users\anirban\appdata\roaming\AVS4YOU
2012-03-20 03:42:15 11137024 ----a-w- c:\windows\system32\libmfxsw32.dll
2012-03-20 03:42:10 -------- d-----w- c:\program files\common files\AVSMedia
2012-03-20 03:42:06 1700352 ----a-w- c:\windows\system32\GdiPlus.dll
2012-03-20 03:42:05 -------- d-----w- c:\programdata\AVS4YOU
2012-03-20 03:42:05 -------- d-----w- c:\program files\AVS4YOU
2012-03-20 03:40:24 -------- d-----w- c:\program files\TeamViewer
.
==================== Find3M ====================
.
2012-04-09 12:30:47 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-23 14:18:36 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-02-17 05:34:22 826880 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-17 04:14:08 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:13:22 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-15 17:01:50 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll
2012-02-15 17:01:50 43520 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2012-02-10 05:38:43 1077248 ----a-w- c:\windows\system32\DWrite.dll
2012-02-03 03:54:27 2343424 ----a-w- c:\windows\system32\win32k.sys
2012-01-25 05:32:35 58880 ----a-w- c:\windows\system32\rdpwsx.dll
2012-01-25 05:32:34 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-01-25 05:27:51 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
.
============= FINISH: 21:05:35.66 ===============
**************************************************************************************
Attach.txt
**************************************************************************************
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume3
Install Date: 10/29/2009 7:38:05 AM
System Uptime: 4/17/2012 8:55:35 PM (1 hours ago)
.
Motherboard: Dell Inc. | | 0P301D
Processor: Intel® Core2 Duo CPU E7400 @ 2.80GHz | Socket 775 | 1593/266mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 288 GiB total, 79.247 GiB free.
D: is FIXED (NTFS) - 10 GiB total, 4.621 GiB free.
E: is CDROM ()
F: is FIXED (NTFS) - 1397 GiB total, 496.431 GiB free.
I: is FIXED (NTFS) - 298 GiB total, 88.695 GiB free.
J: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP776: 4/6/2012 9:58:40 AM - Windows Update
RP777: 4/10/2012 3:54:04 AM - Windows Update
RP778: 4/10/2012 10:00:26 PM - Installed CertDumps Q and A for Oracle 1Z0-515 Demo
RP779: 4/12/2012 3:00:14 AM - Windows Update
RP780: 4/13/2012 2:07:08 PM - Removed CertDumps Q and A for Oracle 1Z0-515 Demo
RP781: 4/13/2012 2:10:49 PM - Removed YouTube Downloader Toolbar v5.4.
RP782: 4/15/2012 9:26:02 PM - Removed YouTube Downloader Toolbar v5.4.
RP783: 4/17/2012 9:01:28 PM - Windows Update
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
7-Zip 4.65
Adobe AIR
Adobe Flash Player 10 Plugin
Adobe Flash Player 11 ActiveX
Adobe Reader 9.5.0
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Artisteer 2
Audible Download Manager
AudibleManager
AVS Audio Editor 7.1
AVS Audio Recorder version 4.0
AVS Cover Editor 2.0.1.3
AVS Disc Creator 5
AVS DVD Copy 4.1.2.283
AVS Firewall version 2.1
AVS Registry Cleaner version 2.1
AVS Screen Capture version 2.0.1
AVS Update Manager 1.0
AVS Video Converter 8
AVS Video Editor 6
AVS Video Recorder 2.4
AVS Video ReMaker 4.0.8.140
AVS4YOU Software Navigator 1.4
Bing Bar
Bing Rewards Client Installer
Bonjour
CameraHelperMsi
Canon Digital Camera Solution Disk 40-46 Software Starter Guide
CANON iMAGE GATEWAY Task for ZoomBrowser EX
Canon Internet Library for ZoomBrowser EX
Canon MOV Decoder
Canon MOV Encoder
Canon MovieEdit Task for ZoomBrowser EX
Canon Personal Printing Guide
Canon Utilities CameraWindow
Canon Utilities CameraWindow DC
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
Canon Utilities MyCamera
Canon Utilities MyCamera DC
Canon Utilities PhotoStitch
Canon Utilities RemoteCapture Task for ZoomBrowser EX
Canon Utilities ZoomBrowser EX
Canon ZoomBrowser EX Memory Card Utility
Cisco Connect
ClamWin Free Antivirus 0.96.1
Convert AVI to MP4 1.3
D3DX10
erLT
GoodSync
Google Chrome
Google Earth Plug-in
Google Talk Plugin
Google Toolbar for Internet Explorer
Google Update Helper
HandBrake 0.9.6
iCloud
InstaCodecs
Intel® Graphics Media Accelerator Driver
Intel® TV Wizard
Internet TV for Windows Media Center
iTunes
Java Auto Updater
Java 6 Update 26
Junk Mail filter update
KeePass Password Safe 2.14
Logitech Vid HD
Logitech Webcam Software
Logitech Webcam Software Driver Package
LWS Facebook
LWS Gallery
LWS Help_main
LWS Launcher
LWS Motion Detection
LWS Pictures And Video
LWS Twitter
LWS Video Mask Maker
LWS VideoEffects
LWS Webcam Software
LWS WLM Plugin
LWS YouTube Plugin
magicJack
MediaMonkey 3.2
Mesh Runtime
Messenger Companion
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Live Add-in 1.4
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Ultimate 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft UI Engine
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
MobileMe Control Panel
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
my Picturetown Uploader
Nikon File Uploader 2
Nikon Message Center 2
OGA Notifier 2.0.0048.0
Picasa 3
Picture Control Utility
PrimoPDF -- by Nitro PDF Software
QuickTime
Safari
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Shopping4Causes Shopping Plugin
Skype Toolbars
Skype™ 4.2
SmartSound Common Data
SmartSound Quicktracks 5
Spelling Dictionaries Support For Adobe Reader 9
SugarSync Manager
SyncBack
TeamViewer 7
uCeritify O1Z0-047 - Oracle Database SQL Expert
uCeritify O1Z0-147 - Oracle9i: Program with PL/SQL
uCeritify O1Z0-515 - Oracle Data Warehousing 11g Essentials
Unity Web Player
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2597970) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
ViewNX 2
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Center Add-in for Flash
Windows Media Encoder 9 Series
Yahoo! Messenger
Yahoo! Software Update
Yahoo! Toolbar
YouTube Downloader 3.5
YouTube Downloader Toolbar v5.4
.
==== Event Viewer Messages From Past Week ========
.
4/15/2012 9:22:52 PM, Error: Microsoft-Windows-DNS-Client [1012] - There was an error while attempting to read the local hosts file.
4/15/2012 9:22:50 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: luafv
4/15/2012 9:22:47 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
4/15/2012 9:22:47 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
4/15/2012 9:22:46 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
4/15/2012 9:18:22 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
4/15/2012 9:17:23 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
4/15/2012 9:17:22 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
4/15/2012 9:17:22 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
4/15/2012 9:17:22 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
4/15/2012 9:17:22 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
4/15/2012 9:17:21 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
4/15/2012 9:17:15 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
4/15/2012 9:17:05 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AVSRegMonDrv AVSTDIFilterDrv CSC DfsC discache luafv NetBIOS NetBT nsiproxy Psched rdbss spldr tdx vwififlt Wanarpv6 WfpLwf
4/15/2012 9:17:05 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
4/15/2012 9:17:05 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
4/15/2012 9:17:05 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
4/15/2012 9:17:05 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
4/15/2012 9:17:05 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
4/15/2012 9:17:05 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
4/15/2012 9:17:05 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
4/15/2012 9:17:05 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
4/15/2012 9:17:05 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
4/15/2012 9:17:05 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
4/15/2012 9:16:04 PM, Error: Service Control Manager [7038] - The netprofm service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The security account manager (SAM) or local security authority (LSA) server was in the wrong state to perform the security operation. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
4/15/2012 9:16:04 PM, Error: Service Control Manager [7000] - The Network List Service service failed to start due to the following error: The service did not start due to a logon failure.
4/15/2012 9:16:04 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1069" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
4/15/2012 10:28:28 PM, Error: Service Control Manager [7038] - The WinHttpAutoProxySvc service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The security account manager (SAM) or local security authority (LSA) server was in the wrong state to perform the security operation. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
4/15/2012 10:28:28 PM, Error: Service Control Manager [7000] - The WinHTTP Web Proxy Auto-Discovery Service service failed to start due to the following error: The service did not start due to a logon failure.
4/14/2012 6:07:12 AM, Error: Service Control Manager [7023] - The Sandrathesrv service terminated with the following error: The specified module could not be found.
4/14/2012 6:07:08 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000d1 (0x5f895838, 0x00000002, 0x00000000, 0x8e86819a). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 041412-30950-01.
4/13/2012 5:24:37 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F}
4/13/2012 5:24:37 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
4/13/2012 4:44:25 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}
4/13/2012 4:41:18 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AVSRegMonDrv discache luafv spldr Wanarpv6
4/13/2012 11:22:40 AM, Error: Microsoft-Windows-Directory-Services-SAM [12291] - SAM failed to start the TCP/IP or SPX/IPX listening thread
4/13/2012 11:18:51 AM, Error: Service Control Manager [7031] - The AVSFirewall Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
4/13/2012 11:18:31 AM, Error: Service Control Manager [7034] - The Windows Live ID Sign-in Assistant service terminated unexpectedly. It has done this 3 time(s).
4/13/2012 11:18:21 AM, Error: Service Control Manager [7031] - The Windows Live ID Sign-in Assistant service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
4/13/2012 11:18:12 AM, Error: Service Control Manager [7000] - The TeamViewer 7 service failed to start due to the following error: The pipe has been ended.
4/13/2012 11:18:10 AM, Error: Service Control Manager [7034] - The Yahoo! Updater service terminated unexpectedly. It has done this 1 time(s).
4/13/2012 11:18:10 AM, Error: Service Control Manager [7034] - The UMVPFSrv service terminated unexpectedly. It has done this 1 time(s).
4/13/2012 11:18:10 AM, Error: Service Control Manager [7034] - The SeaPort service terminated unexpectedly. It has done this 1 time(s).
4/13/2012 11:18:10 AM, Error: Service Control Manager [7034] - The iPod Service service terminated unexpectedly. It has done this 1 time(s).
4/13/2012 11:18:10 AM, Error: Service Control Manager [7034] - The Application Updater service terminated unexpectedly. It has done this 1 time(s).
4/13/2012 11:18:10 AM, Error: Service Control Manager [7031] - The Windows Live ID Sign-in Assistant service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
4/13/2012 11:18:10 AM, Error: Service Control Manager [7031] - The TeamViewer 7 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 2000 milliseconds: Restart the service.
4/13/2012 11:18:10 AM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
4/13/2012 11:02:42 AM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 5 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
4/13/2012 11:01:42 AM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 4 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
4/13/2012 11:01:37 AM, Error: Service Control Manager [7034] - The Windows Live ID Sign-in Assistant service terminated unexpectedly. It has done this 4 time(s).
4/13/2012 11:00:42 AM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 3 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
4/13/2012 11:00:08 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v4.0.30319_X86 service to connect.
4/13/2012 11:00:08 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Google Update Service (gupdate) service to connect.
4/13/2012 11:00:08 AM, Error: Service Control Manager [7000] - The Google Update Service (gupdate) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
4/13/2012 10:59:42 AM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
4/13/2012 10:58:51 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Live ID Sign-in Assistant service to connect.
4/13/2012 10:58:51 AM, Error: Service Control Manager [7000] - The Windows Live ID Sign-in Assistant service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
4/13/2012 10:58:48 AM, Error: Service Control Manager [7034] - The TeamViewer 7 service terminated unexpectedly. It has done this 3 time(s).
4/13/2012 10:58:45 AM, Error: Service Control Manager [7031] - The TeamViewer 7 service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 2000 milliseconds: Restart the service.
4/13/2012 10:58:45 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the AVSFirewall Service service to connect.
4/13/2012 10:58:45 AM, Error: Service Control Manager [7000] - The AVSFirewall Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
4/13/2012 10:58:42 AM, Error: Microsoft-Windows-DistributedCOM [10000] - Unable to start a DCOM Server: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}. The error: "5" Happened while starting this command: C:\Windows\system32\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
4/13/2012 10:58:04 AM, Error: Service Control Manager [7000] - The 3245 service failed to start due to the following error: The system cannot find the file specified.
4/11/2012 9:47:53 PM, Error: Application Popup [56] - Driver USB returned invalid ID for a child device (0).
.
==== End Of File ===========================
RogueKiller logs:
RogueKiller V7.3.2 [03/20/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com
Operating System: Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User: Anirban [Admin rights]
Mode: Scan -- Date: 04/17/2012 21:51:06
¤¤¤ Bad processes: 0 ¤¤¤
¤¤¤ Registry Entries: 5 ¤¤¤
[sUSP PATH] HKCU\[...]\Run : cdloader ("C:\Users\Anirban\AppData\Roaming\mjusbsp\cdloader2.exe" MAGICJACK) -> FOUND
[sUSP PATH] HKUS\S-1-5-21-471896891-1290605738-1470872022-1000[...]\Run : cdloader ("C:\Users\Anirban\AppData\Roaming\mjusbsp\cdloader2.exe" MAGICJACK) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver: [LOADED] ¤¤¤
¤¤¤ Infection : ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: WDC WD3200AAKS-75L9A0 ATA Device +++++
--- User ---
[MBR] 53d6b2f140a8eb4a0f6dd29d686e3281
[bSP] b7986a247bf948dd1ad3dc756b531f19 : Windows 7 MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 54 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 112640 | Size: 10240 Mo
2 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 21084160 | Size: 294949 Mo
User = LL1 ... OK!
User = LL2 ... OK!
+++++ PhysicalDrive1: WDC WD15EARS-00Z5B1 ATA Device +++++
--- User ---
[MBR] aaa32b0d3cd6ea00588f5a70f8242a55
[bSP] 15be58b075c7fd67c1901860f5918704 : Windows 7 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 1430797 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[1].txt >>
RKreport[1].txt