Jump to content

grey37

Members
  • Posts

    6
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Excellent! Yes, I think we can close out this thread. I got everything uninstalled just fine. Thank you so much for all your help, Kevin. I really appreciate it!
  2. Alright, I've updated Adobe and Java and uninstalled all the old versions of Java. Still no sign of the audio ads, and all the scans have been coming up clean. Is there anything else I should do to be sure its gone, or are we done?
  3. All processes killed ========== FILES ========== < ipconfig /flushdns /c > Windows IP Configuration Successfully flushed the DNS Resolver Cache. C:\Users\HP_Admin\Desktop\cmd.bat deleted successfully. C:\Users\HP_Admin\Desktop\cmd.txt deleted successfully. C:\$RECYCLE.BIN\S-1-5-21-4275314395-1686031173-2964223793-1005\$RBI8SDP.exe moved successfully. C:\Installation Files\CuteWriter.exe moved successfully. DllUnregisterServer procedure not found in C:\Users\Family User\AppData\Local\Temp\AskSLib.dll C:\Users\Family User\AppData\Local\Temp\AskSLib.dll moved successfully. C:\Users\HP_Admin\AppData\Local\Temp\is357113909\DeltaTB.exe moved successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Flash cache emptied: 41620 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Family User ->Temp folder emptied: 351738856 bytes ->Temporary Internet Files folder emptied: 9483626 bytes ->Java cache emptied: 22214389 bytes ->FireFox cache emptied: 453713053 bytes ->Flash cache emptied: 56500 bytes User: HP_Admin ->Temp folder emptied: 9437614 bytes ->Temporary Internet Files folder emptied: 15600128 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 20325264 bytes ->Flash cache emptied: 42218 bytes User: Mcx1-HPE-450T ->Temp folder emptied: 516 bytes ->Temporary Internet Files folder emptied: 1521667 bytes ->Flash cache emptied: 41620 bytes User: Public User: UpdatusUser ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Flash cache emptied: 41620 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 17635104 bytes %systemroot%\System32 (64bit) .tmp files removed: 20801048 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 675443054 bytes %systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 103765 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 4652799 bytes RecycleBin emptied: 25725 bytes Total Files Cleaned = 1,529.00 mb OTM by OldTimer - Version 3.1.21.0 log created on 07212013_164147 Files moved on Reboot... C:\Users\HP_Admin\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. C:\Users\HP_Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully. Registry entries deleted on Reboot... Results of screen317's Security Check version 0.99.70 Windows 7 Service Pack 1 x64 (UAC is disabled!) Internet Explorer 10 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! Norton Internet Security WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.75.0.1300 JavaFX 2.1.1 Java 6 Update 30 Java 7 Update 17 Java version out of Date! Adobe Flash Player 11.7.700.224 Adobe Reader 10.1.7 Adobe Reader out of Date! Mozilla Firefox (22.0) ````````Process Check: objlist.exe by Laurent```````` Norton ccSvcHst.exe Symantec Norton Online Backup NOBuAgent.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 0% ````````````````````End of Log``````````````````````
  4. Thanks, Kevin. The first RKill worked fine. ESET found 4 threats. The log flie is below. The audio ads went away after we ran TDSSKiller. At this point, my only concern left is making sure the infection is truly gone. # AdwCleaner v2.306 - Logfile created 07/21/2013 at 12:18:56 # Updated 19/07/2013 by Xplode # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits) # User : HP_Admin - HPE-450T # Boot Mode : Normal # Running from : C:\Users\HP_Admin\Desktop\AdwCleaner.exe # Option [Delete] ***** [services] ***** ***** [Files / Folders] ***** File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk ***** [Registry] ***** Key Deleted : HKCU\Software\InstallCore Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} ***** [internet Browsers] ***** -\\ Internet Explorer v10.0.9200.16521 [OK] Registry is clean. -\\ Mozilla Firefox v21.0 (en-US) File : C:\Users\Family User\AppData\Roaming\Mozilla\Firefox\Profiles\uypc5jyx.default\prefs.js [OK] File is clean. File : C:\Users\HP_Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1lbxlgrk.default\prefs.js [OK] File is clean. ************************* AdwCleaner[s1].txt - [1359 octets] - [21/07/2013 12:18:56] ########## EOF - C:\AdwCleaner[s1].txt - [1419 octets] ########## Rkill 2.5.7 by Lawrence Abrams (Grinler) http://www.bleepingcomputer.com/ Copyright 2008-2013 BleepingComputer.com More Information about Rkill can be found at this link: http://www.bleepingcomputer.com/forums/topic308364.html Program started at: 07/21/2013 12:25:39 PM in x64 mode. Windows Version: Windows 7 Home Premium Service Pack 1 Checking for Windows services to stop: * No malware services found to stop. Checking for processes to terminate: * No malware processes found to kill. Checking Registry for malware related settings: * Explorer Policy Removed: NoActiveDesktopChanges [HKLM] Backup Registry file created at: C:\Users\HP_Admin\Desktop\rkill\rkill-07-21-2013-12-25-47.reg Resetting .EXE, .COM, & .BAT associations in the Windows Registry. Performing miscellaneous checks: * Windows Defender Disabled [HKLM\SOFTWARE\Microsoft\Windows Defender] "DisableAntiSpyware" = dword:00000001 Checking Windows Service Integrity: * Windows Defender (WinDefend) is not Running. Startup Type set to: Manual Searching for Missing Digital Signatures: * No issues found. Checking HOSTS File: * No issues found. Program finished at: 07/21/2013 12:28:05 PM Execution time: 0 hours(s), 2 minute(s), and 26 seconds(s) Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Database version: v2013.07.21.04 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16521 HP_Admin :: HPE-450T [administrator] 7/21/2013 12:30:36 PM mbam-log-2013-07-21 (12-30-36).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 286943 Time elapsed: 4 minute(s), 1 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) ESET Scan: C:\$RECYCLE.BIN\S-1-5-21-4275314395-1686031173-2964223793-1005\$RBI8SDP.exe Win32/InstallCore.BN application C:\Installation Files\CuteWriter.exe a variant of Win32/Bundled.Toolbar.Ask application C:\Users\Family User\AppData\Local\Temp\AskSLib.dll a variant of Win32/Bundled.Toolbar.Ask application C:\Users\HP_Admin\AppData\Local\Temp\is357113909\DeltaTB.exe a variant of Win32/Toolbar.Babylon.E application
  5. OK, I ran it. It found 2 things:one of which was suspicious and I skipped. The other was malicious and I selected Cure. The file is apparently too long to post as text, so I'll attach it. Thanks again for the help! TDSSKiller.2.8.16.0_21.07.2013_01.17.24_log.txt
  6. Hello, After clicking on a fake Java popup, now whenever I boot up the computer normally (not in Safe Mode), I hear several audio ads being played on top of each other. Neither Norton nor MBAM found anything, but MBAR found 2 things: - MBR on drive 0 (Rootkit.Harbinger.MBR) - Physical Sector 1953524906 on drive 0 (Forged physical sector) I'm in over my head, so I thought I'd turn here. Any help would be greatly appreciated. Thanks! DDS (Ver_2012-11-20.01) - NTFS_AMD64 NETWORK Internet Explorer: 9.0.8112.16483 BrowserJavaVersion: 10.17.2 Run by HP_Admin at 16:40:35 on 2013-07-20 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8151.7163 [GMT -4:00] . AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202} FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} . ============== Running Processes =============== . C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\System32\svchost.exe -k NetworkService C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\Explorer.EXE C:\Windows\system32\ctfmon.exe C:\Windows\system32\ctfmon.exe C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . mWinlogon: Userinit = userinit.exe BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\coieplg.dll BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ips\ipsbho.dll BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\coieplg.dll TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - uRun: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe /autoRun uRun: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe uRunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe mRun: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe mRun: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun: [TrueImageMonitor.exe] "C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe" mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SNAPFI~1.LNK - C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe mPolicies-Explorer: NoActiveDesktop = dword:1 mPolicies-Explorer: NoActiveDesktopChanges = dword:1 mPolicies-System: ConsentPromptBehaviorAdmin = dword:0 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableLUA = dword:0 mPolicies-System: EnableUIADesktopToggle = dword:0 mPolicies-System: PromptOnSecureDesktop = dword:0 IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} TCP: NameServer = 192.168.1.1 TCP: Interfaces\{CE7DDFA1-F331-4F20-99EA-B2B9949F0DF4} : DHCPNameServer = 192.168.1.1 Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll SSODL: WebCheck - <orphaned> x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll x64-Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe x64-Run: [smartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe /background x64-Run: [Acronis Scheduler2 Service] "C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe" x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned> x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned> x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned> x64-SSODL: WebCheck - <orphaned> . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\HP_Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1lbxlgrk.default\ FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: C:\Users\Default\AppData\Local\HuluDesktop\instances\0.9.13.1\nphdplg.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll FF - plugin: C:\Windows\SysWOW64\npmproxy.dll FF - ExtSQL: 2013-05-31 22:52; {BBDA0591-3099-440a-AA10-41764D9DB4DB}; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.1.2\IPSFFPlgn FF - ExtSQL: 2013-07-20 13:53; {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.1.2\coFFPlgn . ============= SERVICES / DRIVERS =============== . R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\NISx64\1309010.00E\symds64.sys [2013-2-5 451192] R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\NISx64\1309010.00E\symefa64.sys [2013-2-5 1129120] R0 vididr;Acronis Virtual Disk;C:\Windows\System32\drivers\vididr.sys [2012-4-29 210016] R0 vidsflt53;Acronis Disk Storage Filter (53);C:\Windows\System32\drivers\vsflt53.sys [2012-4-29 141920] R3 BazisVirtualCDBus;WinCDEmu Virtual Bus Driver;C:\Windows\System32\drivers\BazisVirtualCDBus.sys [2011-6-4 198480] R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2010-10-5 56344] R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-10-5 346144] S1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.1.2\Definitions\BASHDefs\20130515.001\BHDrvx64.sys [2013-5-20 1390680] S1 ccSet_NIS;Norton Internet Security Settings Manager;C:\Windows\System32\drivers\NISx64\1309010.00E\ccsetx64.sys [2013-2-5 167072] S1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.1.2\Definitions\IPSDefs\20130531.001\IDSviA64.sys [2013-5-31 513184] S1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\NISx64\1309010.00E\ironx64.sys [2013-2-5 190072] S1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\NISx64\1309010.00E\symnets.sys [2013-2-5 405624] S2 BBSvc;BingBar Service;C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.EXE [2012-2-10 193816] S2 CinemaNow Service;CinemaNow Service;C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe [2010-6-12 400368] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624] S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2010-10-14 92216] S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-10-5 13336] S2 IHA_MessageCenter;IHA_MessageCenter;C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [2012-6-11 352248] S2 IntuitUpdateServiceV4;Intuit Update Service v4;C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2012-8-23 13672] S2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccsvchst.exe [2013-2-5 138272] S2 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-6-1 2804568] S2 pdfcDispatcher;PDF Document Manager;C:\Program Files (x86)\PDF Complete\pdfsvc.exe [2010-10-5 635416] S2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776] S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-1-18 382272] S2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-10-5 2320920] S3 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.EXE [2012-2-10 240408] S3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-8-15 138912] S3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2011-10-1 764264] S3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648] S3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960] S3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2011-10-1 22376] S3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496] S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-6-9 59392] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-10-10 1255736] . =============== Created Last 30 ================ . 2013-07-20 19:47:01 -------- d-----w- C:\Users\HP_Admin\AppData\Local\Mozilla 2013-07-20 18:08:01 -------- d-----w- C:\ProgramData\Malwarebytes' Anti-Malware (portable) . ==================== Find3M ==================== . 2013-05-15 06:25:13 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2013-05-15 06:25:13 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2013-05-15 06:25:06 17613192 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe 2013-05-05 21:16:13 2382848 ----a-w- C:\Windows\System32\mshtml.tlb 2013-05-05 19:12:55 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb . ============= FINISH: 16:40:45.05 =============== . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume1 Install Date: 10/9/2010 4:54:49 PM System Uptime: 7/20/2013 3:44:17 PM (1 hours ago) . Motherboard: MSI | | 2A9C Processor: Intel® Core i7 CPU 870 @ 2.93GHz | CPU 1 | 2926/133mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 919 GiB total, 715.371 GiB free. D: is FIXED (NTFS) - 12 GiB total, 1.497 GiB free. E: is CDROM (UDF) F: is Removable G: is Removable H: is Removable I: is Removable . ==== Disabled Device Manager Items ============= . Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1} Description: Security Processor Loader Driver Device ID: ROOT\LEGACY_SPLDR\0000 Manufacturer: Name: Security Processor Loader Driver PNP Device ID: ROOT\LEGACY_SPLDR\0000 Service: spldr . ==== System Restore Points =================== . No restore point in system. . ==== Installed Programs ====================== . Acronis True Image WD Edition ActiveCheck component for HP Active Support Library Adobe AIR Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Reader X (10.1.7) Apple Application Support Apple Mobile Device Support Apple Software Update AutoHotkey 1.0.48.05 Bejeweled 2 Deluxe Bing Bar Blackhawk Striker 2 Bonjour Build-a-lot 2 Chuzzle Deluxe CinemaNow Media Manager CutePDF Writer 2.8 CyberLink DVD Suite Deluxe D3DX10 Diablo II Diablo III Diner Dash 2 Restaurant Rescue Dora's Carnival Adventure DVD Menu Pack for HP MediaSmart Video Escape Rosecliff Island FATE Final Drive Nitro Frozen Synapse Heroes of Hellas 2 - Olympia Heroes of Might and Magic® III HP Advisor HP Customer Experience Enhancements HP Deskjet 3050A J611 series Basic Device Software HP Deskjet 3050A J611 series Help HP Game Console HP Games HP MediaSmart CinemaNow 2.0 HP MediaSmart DVD HP MediaSmart Music HP MediaSmart Photo HP MediaSmart SmartMenu HP MediaSmart Video HP MediaSmart/TouchSmart Netflix HP Odometer HP Photo Creations HP Setup HP Support Assistant HP Support Information HP Update HP Vision Hardware Diagnostics HPAsset component for HP Active Support Library Hulu Desktop IHA_MessageCenter Intel® Management Engine Components Intel® Rapid Storage Technology ISO Recorder iTunes Java 7 Update 17 Java Auto Updater Java 6 Update 30 JavaFX 2.1.1 Jewel Quest 3 Jewel Quest Solitaire 2 Juniper Networks Network Connect 7.1.0 Juniper Networks, Inc. Setup Client Activex Control Junk Mail filter update Kobo LabelPrint LightScribe System Software Malwarebytes Anti-Malware version 1.75.0.1300 Microsoft .NET Framework 4 Client Profile Microsoft Application Error Reporting Microsoft Office 2010 Microsoft Office Click-to-Run 2010 Microsoft Office Standard Edition 2003 Microsoft Office Starter 2010 - English Microsoft Office Word Viewer 2003 Microsoft PowerPoint Viewer Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft WSE 3.0 Runtime Might & Magic Heroes VI Movie Theme Pack for HP MediaSmart Video Mozilla Firefox 21.0 (x86 en-US) Mozilla Maintenance Service MSVCRT MSVCRT_amd64 MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) Norton Internet Security Norton Online Backup NVIDIA 3D Vision Controller Driver 301.42 NVIDIA 3D Vision Driver 301.42 NVIDIA Control Panel 301.42 NVIDIA Display Control Panel NVIDIA Graphics Driver 301.42 NVIDIA HD Audio Driver 1.3.16.0 NVIDIA Install Application NVIDIA PhysX NVIDIA PhysX System Software 9.12.0213 NVIDIA Stereoscopic 3D Driver NVIDIA Update 1.8.15 NVIDIA Update Components PDF Complete Special Edition Penguins! PhotoNow! PictureMover Plants vs. Zombies PlayReady PC Runtime amd64 Poker Superstars III Polar Bowler Polar Golfer Power2Go PowerDirector PressReader QuickTime Realtek High Definition Audio Driver Recovery Manager Riven The sequel to Myst Roxio CinemaNow 2.0 Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841) Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595) Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642) Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576) Skype Click to Call Skype™ 5.10 SpaceChem StarCraft StarCraft II The Ultimate Might and Magic® Archives Trine 1.09 TurboTax 2010 TurboTax 2010 wiliper TurboTax 2010 WinPerFedFormset TurboTax 2010 WinPerReleaseEngine TurboTax 2010 WinPerTaxSupport TurboTax 2010 wmdiper TurboTax 2010 wrapper TurboTax 2010 wtniper TurboTax 2011 TurboTax 2011 wiliper TurboTax 2011 WinPerFedFormset TurboTax 2011 WinPerReleaseEngine TurboTax 2011 WinPerTaxSupport TurboTax 2011 wmdiper TurboTax 2011 wrapper TurboTax 2011 wtniper TurboTax 2012 TurboTax 2012 wiliper TurboTax 2012 WinPerFedFormset TurboTax 2012 WinPerReleaseEngine TurboTax 2012 WinPerTaxSupport TurboTax 2012 wmdiper TurboTax 2012 wrapper TurboTax 2012 wtniper Ubisoft Game Launcher Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2473228) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Virtual Families Virtual Villagers - The Secret City Vz In Home Agent Wheel of Fortune 2 WinCDEmu Windows Live Communications Platform Windows Live Essentials Windows Live ID Sign-in Assistant Windows Live Installer Windows Live Language Selector Windows Live Mail Windows Live Messenger Windows Live MIME IFilter Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live SOXE Windows Live SOXE Definitions Windows Live Sync Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources Zinio Reader 4 Zuma Deluxe . ==== Event Viewer Messages From Past Week ======== . 7/20/2013 4:12:36 PM, Error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service. 7/20/2013 4:12:36 PM, Error: Service Control Manager [7031] - The User Profile Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service. 7/20/2013 4:12:36 PM, Error: Service Control Manager [7031] - The IKE and AuthIP IPsec Keying Modules service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service. 7/20/2013 4:05:03 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start. 7/20/2013 4:01:28 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F} 7/20/2013 4:01:28 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF} 7/20/2013 3:55:03 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service NVSvc with arguments "" in order to run the server: {DCAB0989-1301-4319-BE5F-ADE89F88581C} 7/20/2013 3:47:26 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running. 7/20/2013 3:46:39 PM, Error: Service Control Manager [7001] - The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start. 7/20/2013 3:45:27 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start. 7/20/2013 3:45:27 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} 7/20/2013 3:45:26 PM, Error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 7/20/2013 3:45:26 PM, Error: Service Control Manager [7031] - The User Profile Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 7/20/2013 3:45:26 PM, Error: Service Control Manager [7031] - The IKE and AuthIP IPsec Keying Modules service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 7/20/2013 3:45:03 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} 7/20/2013 3:44:58 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030} 7/20/2013 3:44:51 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC} 7/20/2013 3:44:40 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service TermService with arguments "" in order to run the server: {F9A874B6-F8A8-4D73-B5A8-AB610816828B} 7/20/2013 3:44:39 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: BHDrvx64 ccSet_NIS discache eeCtrl IDSVia64 spldr SRTSPX SymIRON SymNetS Wanarpv6 7/20/2013 3:44:38 PM, Error: Service Control Manager [7001] - The Client Virtualization Handler service depends on the Application Virtualization Client service which failed to start because of the following error: The dependency service or group failed to start. 7/20/2013 3:44:37 PM, Error: Service Control Manager [7001] - The Media Center Extender Service service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start. 7/20/2013 3:12:25 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service stisvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811} 7/20/2013 1:54:34 PM, Error: Service Control Manager [7038] - The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error: Logon failure: the specified account password has expired. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC). 7/20/2013 1:54:34 PM, Error: Service Control Manager [7000] - The NVIDIA Update Service Daemon service failed to start due to the following error: The service did not start due to a logon failure. . ==== End Of File ===========================
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.