Jump to content

toddharsh

Members
 View Profile  See their activity

  • Posts

    9

  • Joined

  • Last visited

 Content Type 

Everything posted by toddharsh

  1. toddharsh
    The unwanted audio is gone, and things seem to be working normally. So unless you want to check something else, it looks like it is fixed. Thanks for your help!!!
  2. toddharsh
    Below are the logs from mbar (there are two mbar-log.txt files, the first with infections, the second without). At this point, I'm not hearing anything in the background, which is a positive sign... Malwarebytes Anti-Rootkit BETA 1.06.1.1005 www.malwarebytes.org Database version: v2013.08.12.03 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 10.0.9200.16635 Todd :: MINIMUSH [administrator] 8/12/2013 9:32:46 AM mbar-log-2013-08-12 (09-32-46).txt Scan type: Quick scan Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUM | P2P Scan options disabled: PUP Kernel memory modifications detected. Deep Anti-Rootkit Scan engaged. Objects scanned: 226609 Time elapsed: 25 minute(s), 41 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) Physical Sectors Detected: 2 Master Boot Record on Drive #0 (Rootkit.Harbinger.MBR) -> Replace on reboot. Physical Sector #312581541 on Drive #0 (Forged physical sector) -> Replace on reboot. (end) Malwarebytes Anti-Rootkit BETA 1.06.1.1005 www.malwarebytes.org Database version: v2013.08.12.04 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 10.0.9200.16635 Todd :: MINIMUSH [administrator] 8/12/2013 11:40:22 AM mbar-log-2013-08-12 (11-40-22).txt Scan type: Quick scan Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUM | P2P Scan options disabled: PUP Objects scanned: 225504 Time elapsed: 26 minute(s), 44 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) Physical Sectors Detected: 0 (No malicious items detected) (end) --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.06.1.1005 © Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x86 Account is Administrative Internet Explorer version: 10.0.9200.16635 File system is: NTFS Disk drives: C:\ DRIVE_FIXED CPU speed: 1.662000 GHz Memory total: 1062567936, free: 169332736 Downloaded database version: v2013.08.12.03 Initializing... ------------ Kernel report ------------ 08/12/2013 09:32:28 ------------ Loaded modules ----------- \SystemRoot\system32\ntkrnlpa.exe \SystemRoot\system32\halmacpi.dll \SystemRoot\system32\kdcom.dll \SystemRoot\system32\mcupdate_GenuineIntel.dll \SystemRoot\system32\PSHED.dll \SystemRoot\system32\BOOTVID.dll \SystemRoot\system32\CLFS.SYS \SystemRoot\system32\CI.dll \SystemRoot\system32\drivers\Wdf01000.sys \SystemRoot\system32\drivers\WDFLDR.SYS \SystemRoot\system32\drivers\ACPI.sys \SystemRoot\system32\drivers\WMILIB.SYS \SystemRoot\system32\drivers\msisadrv.sys \SystemRoot\system32\drivers\pci.sys \SystemRoot\system32\drivers\vdrvroot.sys \SystemRoot\System32\drivers\partmgr.sys \SystemRoot\system32\DRIVERS\compbatt.sys \SystemRoot\system32\DRIVERS\BATTC.SYS \SystemRoot\system32\drivers\volmgr.sys \SystemRoot\System32\drivers\volmgrx.sys \SystemRoot\System32\drivers\mountmgr.sys \SystemRoot\system32\drivers\atapi.sys \SystemRoot\system32\drivers\ataport.SYS \SystemRoot\system32\drivers\msahci.sys \SystemRoot\system32\drivers\PCIIDEX.SYS \SystemRoot\system32\drivers\amdxata.sys \SystemRoot\system32\drivers\fltmgr.sys \SystemRoot\system32\drivers\fileinfo.sys \SystemRoot\system32\drivers\mfehidk.sys \SystemRoot\System32\Drivers\Ntfs.sys \SystemRoot\System32\Drivers\msrpc.sys \SystemRoot\System32\Drivers\ksecdd.sys \SystemRoot\System32\Drivers\cng.sys \SystemRoot\System32\drivers\pcw.sys \SystemRoot\System32\Drivers\Fs_Rec.sys \SystemRoot\system32\drivers\ndis.sys \SystemRoot\system32\drivers\NETIO.SYS \SystemRoot\System32\Drivers\ksecpkg.sys \SystemRoot\System32\drivers\tcpip.sys \SystemRoot\System32\drivers\fwpkclnt.sys \SystemRoot\system32\drivers\mfewfpk.sys \SystemRoot\system32\drivers\volsnap.sys \SystemRoot\System32\Drivers\spldr.sys \SystemRoot\System32\drivers\rdyboost.sys \SystemRoot\System32\Drivers\mup.sys \SystemRoot\System32\drivers\hwpolicy.sys \SystemRoot\System32\DRIVERS\fvevol.sys \SystemRoot\system32\DRIVERS\EMSC.SYS \SystemRoot\system32\DRIVERS\disk.sys \SystemRoot\system32\DRIVERS\CLASSPNP.SYS \SystemRoot\System32\Drivers\Null.SYS \SystemRoot\System32\Drivers\Beep.SYS \SystemRoot\System32\drivers\vga.sys \SystemRoot\System32\drivers\VIDEOPRT.SYS \SystemRoot\System32\drivers\watchdog.sys \SystemRoot\System32\DRIVERS\RDPCDD.sys \SystemRoot\system32\drivers\rdpencdd.sys \SystemRoot\system32\drivers\rdprefmp.sys \SystemRoot\System32\Drivers\Msfs.SYS \SystemRoot\System32\Drivers\Npfs.SYS \SystemRoot\system32\DRIVERS\tdx.sys \SystemRoot\system32\DRIVERS\TDI.SYS \SystemRoot\System32\DRIVERS\netbt.sys \SystemRoot\system32\drivers\afd.sys \SystemRoot\system32\drivers\ws2ifsl.sys \SystemRoot\system32\DRIVERS\wfplwf.sys \SystemRoot\system32\DRIVERS\pacer.sys \SystemRoot\system32\DRIVERS\vwififlt.sys \SystemRoot\system32\DRIVERS\netbios.sys \SystemRoot\system32\DRIVERS\wanarp.sys \SystemRoot\system32\drivers\termdd.sys \SystemRoot\system32\DRIVERS\rdbss.sys \SystemRoot\system32\drivers\nsiproxy.sys \SystemRoot\system32\drivers\mssmbios.sys \SystemRoot\System32\drivers\discache.sys \SystemRoot\System32\Drivers\dfsc.sys \SystemRoot\system32\DRIVERS\blbdrive.sys \SystemRoot\system32\DRIVERS\tunnel.sys \SystemRoot\system32\DRIVERS\intelppm.sys \SystemRoot\system32\DRIVERS\igdkmd32.sys \SystemRoot\System32\drivers\dxgkrnl.sys \SystemRoot\System32\drivers\dxgmms1.sys \SystemRoot\system32\drivers\HDAudBus.sys \SystemRoot\system32\DRIVERS\bcmwl6.sys \SystemRoot\system32\DRIVERS\vwifibus.sys \SystemRoot\system32\drivers\usbuhci.sys \SystemRoot\system32\drivers\USBPORT.SYS \SystemRoot\system32\drivers\usbehci.sys \SystemRoot\system32\DRIVERS\CmBatt.sys \SystemRoot\system32\drivers\i8042prt.sys \SystemRoot\system32\drivers\kbdclass.sys \??\C:\Windows\system32\drivers\VMkbd.sys \SystemRoot\system32\DRIVERS\SynTP.sys \SystemRoot\system32\DRIVERS\USBD.SYS \SystemRoot\system32\drivers\mouclass.sys \SystemRoot\system32\drivers\CompositeBus.sys \SystemRoot\System32\Drivers\RootMdm.sys \SystemRoot\system32\drivers\modem.sys \SystemRoot\system32\DRIVERS\AgileVpn.sys \SystemRoot\system32\DRIVERS\rasl2tp.sys \SystemRoot\system32\DRIVERS\ndistapi.sys \SystemRoot\system32\DRIVERS\ndiswan.sys \SystemRoot\system32\DRIVERS\raspppoe.sys \SystemRoot\system32\DRIVERS\raspptp.sys \SystemRoot\system32\DRIVERS\rassstp.sys \SystemRoot\system32\DRIVERS\RimSerial.sys \SystemRoot\system32\drivers\swenum.sys \SystemRoot\system32\drivers\ks.sys \SystemRoot\system32\drivers\umbus.sys \SystemRoot\system32\DRIVERS\vmnetadapter.sys \SystemRoot\system32\DRIVERS\VMNET.SYS \SystemRoot\system32\DRIVERS\usbhub.sys \SystemRoot\System32\Drivers\NDProxy.SYS \SystemRoot\system32\drivers\RTKVHDA.sys \SystemRoot\system32\drivers\portcls.sys \SystemRoot\system32\drivers\drmk.sys \SystemRoot\system32\drivers\mfeavfk.sys \SystemRoot\System32\Drivers\crashdmp.sys \SystemRoot\System32\Drivers\dump_dumpata.sys \SystemRoot\System32\Drivers\dump_msahci.sys \SystemRoot\System32\Drivers\dump_dumpfve.sys \SystemRoot\System32\win32k.sys \SystemRoot\System32\drivers\Dxapi.sys \SystemRoot\system32\DRIVERS\usbccgp.sys \SystemRoot\System32\Drivers\usbvideo.sys \SystemRoot\system32\DRIVERS\CtClsFlt.sys \SystemRoot\system32\DRIVERS\monitor.sys \SystemRoot\System32\TSDDD.dll \SystemRoot\System32\cdd.dll \SystemRoot\system32\drivers\luafv.sys \SystemRoot\system32\drivers\WudfPf.sys \SystemRoot\system32\DRIVERS\vmnetbridge.sys \SystemRoot\system32\DRIVERS\lltdio.sys \SystemRoot\system32\DRIVERS\nwifi.sys \SystemRoot\system32\DRIVERS\ndisuio.sys \SystemRoot\system32\DRIVERS\rspndr.sys \SystemRoot\system32\drivers\HTTP.sys \SystemRoot\system32\DRIVERS\bowser.sys \SystemRoot\System32\drivers\mpsdrv.sys \SystemRoot\system32\DRIVERS\mrxsmb.sys \SystemRoot\system32\DRIVERS\mrxsmb10.sys \SystemRoot\system32\DRIVERS\mrxsmb20.sys \??\C:\Windows\system32\drivers\hcmon.sys \??\C:\Windows\system32\Drivers\vmci.sys \??\C:\Windows\system32\Drivers\vmx86.sys \SystemRoot\system32\drivers\peauth.sys \SystemRoot\System32\Drivers\secdrv.SYS \SystemRoot\System32\DRIVERS\srvnet.sys \SystemRoot\System32\drivers\tcpipreg.sys \??\C:\Windows\system32\drivers\vmnetuserif.sys \??\C:\Program Files\VMware\VMware Workstation\vstor2-ws60.sys \SystemRoot\System32\DRIVERS\srv2.sys \SystemRoot\System32\DRIVERS\srv.sys \SystemRoot\system32\drivers\BCM42RLY.sys \SystemRoot\System32\Drivers\fastfat.SYS \??\C:\Windows\system32\drivers\mbamchameleon.sys \??\C:\Windows\system32\drivers\mbamswissarmy.sys \Windows\System32\ntdll.dll \Windows\System32\smss.exe \Windows\System32\apisetschema.dll \Windows\System32\autochk.exe \Windows\System32\msctf.dll \Windows\System32\usp10.dll \Windows\System32\nsi.dll \Windows\System32\shlwapi.dll \Windows\System32\advapi32.dll \Windows\System32\urlmon.dll \Windows\System32\user32.dll \Windows\System32\wininet.dll \Windows\System32\Wldap32.dll \Windows\System32\iertutil.dll \Windows\System32\kernel32.dll \Windows\System32\gdi32.dll \Windows\System32\normaliz.dll \Windows\System32\sechost.dll \Windows\System32\setupapi.dll \Windows\System32\imm32.dll \Windows\System32\ws2_32.dll \Windows\System32\shell32.dll \Windows\System32\clbcatq.dll \Windows\System32\difxapi.dll \Windows\System32\ole32.dll \Windows\System32\lpk.dll \Windows\System32\rpcrt4.dll \Windows\System32\comdlg32.dll \Windows\System32\msvcrt.dll \Windows\System32\imagehlp.dll \Windows\System32\psapi.dll \Windows\System32\oleaut32.dll \Windows\System32\KernelBase.dll \Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll \Windows\System32\comctl32.dll \Windows\System32\cfgmgr32.dll \Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll ----------- End ----------- Done! <<<1>>> Upper Device Name: \Device\Harddisk0\DR0 Upper Device Object: 0xffffffff84b667d0 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-0\ Lower Device Object: 0xffffffff84a58908 Lower Device Driver Name: \00000436\ IRP handler 0 of \Driver\atapi points to an unknown module Unhooking enabled. <<<1>>> Upper Device Name: \Device\Harddisk0\DR0 Upper Device Object: 0xffffffff84b667d0 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-0\ Lower Device Object: 0xffffffff84a58908 Lower Device Driver Name: \00000436\ Driver name found: atapi Initialization returned 0x0 Port sub-driver loaded: \??\C:\Windows\System32\drivers\ataport.sys (0x0) Load Function returned 0x0 <<<2>>> Device number: 0, partition: 3 Physical Sector Size: 512 Drive: 0, DevicePointer: 0xffffffff84b667d0, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xffffffff84b66408, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xffffffff84b667d0, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ DevicePointer: 0xffffffff84a4cb70, DeviceName: Unknown, DriverName: \Driver\ACPI\ DevicePointer: 0xffffffff84a58908, DeviceName: \Device\Ide\IdeDeviceP0T0L0-0\, DriverName: \00000436\ ------------ End ---------- Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ Upper DeviceData: 0xffffffffb70ed570, 0xffffffff84b667d0, 0xffffffff857aeac8 Lower DeviceData: 0xffffffffb171e690, 0xffffffff84a58908, 0xffffffffa83cc4f0 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes <<<2>>> Device number: 0, partition: 3 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Scanning drivers directory: C:\Windows\system32\drivers... <<<2>>> Device number: 0, partition: 3 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Done! Drive 0 Scanning MBR on drive 0... MBR buffers are not equal MBR is forged! [0c09dbfb6e001608950df0db533ee0d1] Inspecting partition table: MBR Signature: 55AA Disk Signature: DF0C7B4B Partition information: Partition 0 type is Other (0xde) Partition is NOT ACTIVE. Partition starts at LBA: 63 Numsec = 80262 Partition 1 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 81920 Numsec = 30720000 Partition file system is NTFS Partition is bootable Partition 2 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 30801920 Numsec = 281777840 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Infected: MBR on Drive 0 --> [Rootkit.Harbinger.MBR] Replacement MBR for a drive 0 found MBR infection found on drive 0 Disk Size: 160041885696 bytes Sector size: 512 bytes Scanning physical sectors of unpartitioned space on drive 0 (1-62-312561808-312581808)... Sectors 312581541 - 312581807 --> [Forged physical sectors] Done! Scan finished Creating System Restore point... Cleaning up... <<<2>>> Device number: 0, partition: 3 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes <<<2>>> Device number: 0, partition: 3 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Removal scheduling successful. System shutdown needed. System shutdown occurred ======================================= --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.06.1.1005 © Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x86 Account is Administrative Internet Explorer version: 10.0.9200.16635 File system is: NTFS Disk drives: C:\ DRIVE_FIXED CPU speed: 1.662000 GHz Memory total: 1062584320, free: 306712576 Downloaded database version: v2013.08.12.04 Initializing... ------------ Kernel report ------------ 08/12/2013 11:40:03 ------------ Loaded modules ----------- \SystemRoot\system32\ntkrnlpa.exe \SystemRoot\system32\halmacpi.dll \SystemRoot\system32\kdcom.dll \SystemRoot\system32\mcupdate_GenuineIntel.dll \SystemRoot\system32\PSHED.dll \SystemRoot\system32\BOOTVID.dll \SystemRoot\system32\CLFS.SYS \SystemRoot\system32\CI.dll \SystemRoot\system32\drivers\Wdf01000.sys \SystemRoot\system32\drivers\WDFLDR.SYS \SystemRoot\system32\drivers\ACPI.sys \SystemRoot\system32\drivers\WMILIB.SYS \SystemRoot\system32\drivers\msisadrv.sys \SystemRoot\system32\drivers\pci.sys \SystemRoot\system32\drivers\vdrvroot.sys \SystemRoot\System32\drivers\partmgr.sys \SystemRoot\system32\DRIVERS\compbatt.sys \SystemRoot\system32\DRIVERS\BATTC.SYS \SystemRoot\system32\drivers\volmgr.sys \SystemRoot\System32\drivers\volmgrx.sys \SystemRoot\System32\drivers\mountmgr.sys \SystemRoot\system32\drivers\atapi.sys \SystemRoot\system32\drivers\ataport.SYS \SystemRoot\system32\drivers\msahci.sys \SystemRoot\system32\drivers\PCIIDEX.SYS \SystemRoot\system32\drivers\amdxata.sys \SystemRoot\system32\drivers\fltmgr.sys \SystemRoot\system32\drivers\fileinfo.sys \SystemRoot\system32\drivers\mfehidk.sys \SystemRoot\System32\Drivers\Ntfs.sys \SystemRoot\System32\Drivers\msrpc.sys \SystemRoot\System32\Drivers\ksecdd.sys \SystemRoot\System32\Drivers\cng.sys \SystemRoot\System32\drivers\pcw.sys \SystemRoot\System32\Drivers\Fs_Rec.sys \SystemRoot\system32\drivers\ndis.sys \SystemRoot\system32\drivers\NETIO.SYS \SystemRoot\System32\Drivers\ksecpkg.sys \SystemRoot\System32\drivers\tcpip.sys \SystemRoot\System32\drivers\fwpkclnt.sys \SystemRoot\system32\drivers\mfewfpk.sys \SystemRoot\system32\drivers\volsnap.sys \SystemRoot\System32\Drivers\spldr.sys \SystemRoot\System32\drivers\rdyboost.sys \SystemRoot\System32\Drivers\mup.sys \SystemRoot\System32\drivers\hwpolicy.sys \SystemRoot\System32\DRIVERS\fvevol.sys \SystemRoot\system32\DRIVERS\EMSC.SYS \SystemRoot\system32\DRIVERS\disk.sys \SystemRoot\system32\DRIVERS\CLASSPNP.SYS \SystemRoot\System32\Drivers\Null.SYS \SystemRoot\System32\Drivers\Beep.SYS \SystemRoot\System32\drivers\vga.sys \SystemRoot\System32\drivers\VIDEOPRT.SYS \SystemRoot\System32\drivers\watchdog.sys \SystemRoot\System32\DRIVERS\RDPCDD.sys \SystemRoot\system32\drivers\rdpencdd.sys \SystemRoot\system32\drivers\rdprefmp.sys \SystemRoot\System32\Drivers\Msfs.SYS \SystemRoot\System32\Drivers\Npfs.SYS \SystemRoot\system32\DRIVERS\tdx.sys \SystemRoot\system32\DRIVERS\TDI.SYS \SystemRoot\System32\DRIVERS\netbt.sys \SystemRoot\system32\drivers\afd.sys \SystemRoot\system32\drivers\ws2ifsl.sys \SystemRoot\system32\DRIVERS\wfplwf.sys \SystemRoot\system32\DRIVERS\pacer.sys \SystemRoot\system32\DRIVERS\vwififlt.sys \SystemRoot\system32\DRIVERS\netbios.sys \SystemRoot\system32\DRIVERS\wanarp.sys \SystemRoot\system32\drivers\termdd.sys \SystemRoot\system32\DRIVERS\rdbss.sys \SystemRoot\system32\drivers\nsiproxy.sys \SystemRoot\system32\drivers\mssmbios.sys \SystemRoot\System32\drivers\discache.sys \SystemRoot\System32\Drivers\dfsc.sys \SystemRoot\system32\DRIVERS\blbdrive.sys \SystemRoot\system32\DRIVERS\tunnel.sys \SystemRoot\system32\DRIVERS\intelppm.sys \SystemRoot\system32\DRIVERS\igdkmd32.sys \SystemRoot\System32\drivers\dxgkrnl.sys \SystemRoot\System32\drivers\dxgmms1.sys \SystemRoot\system32\drivers\HDAudBus.sys \SystemRoot\system32\DRIVERS\bcmwl6.sys \SystemRoot\system32\DRIVERS\vwifibus.sys \SystemRoot\system32\drivers\usbuhci.sys \SystemRoot\system32\drivers\USBPORT.SYS \SystemRoot\system32\drivers\usbehci.sys \SystemRoot\system32\DRIVERS\CmBatt.sys \SystemRoot\system32\drivers\i8042prt.sys \SystemRoot\system32\drivers\kbdclass.sys \??\C:\Windows\system32\drivers\VMkbd.sys \SystemRoot\system32\DRIVERS\SynTP.sys \SystemRoot\system32\DRIVERS\USBD.SYS \SystemRoot\system32\drivers\mouclass.sys \SystemRoot\system32\drivers\CompositeBus.sys \SystemRoot\System32\Drivers\RootMdm.sys \SystemRoot\system32\drivers\modem.sys \SystemRoot\system32\DRIVERS\AgileVpn.sys \SystemRoot\system32\DRIVERS\rasl2tp.sys \SystemRoot\system32\DRIVERS\ndistapi.sys \SystemRoot\system32\DRIVERS\ndiswan.sys \SystemRoot\system32\DRIVERS\raspppoe.sys \SystemRoot\system32\DRIVERS\raspptp.sys \SystemRoot\system32\DRIVERS\rassstp.sys \SystemRoot\system32\DRIVERS\RimSerial.sys \SystemRoot\system32\drivers\swenum.sys \SystemRoot\system32\drivers\ks.sys \SystemRoot\system32\drivers\umbus.sys \SystemRoot\system32\DRIVERS\vmnetadapter.sys \SystemRoot\system32\DRIVERS\VMNET.SYS \SystemRoot\system32\DRIVERS\usbhub.sys \SystemRoot\System32\Drivers\NDProxy.SYS \SystemRoot\system32\drivers\RTKVHDA.sys \SystemRoot\system32\drivers\portcls.sys \SystemRoot\system32\drivers\drmk.sys \SystemRoot\system32\drivers\mfeavfk.sys \SystemRoot\System32\Drivers\crashdmp.sys \SystemRoot\System32\Drivers\dump_dumpata.sys \SystemRoot\System32\Drivers\dump_msahci.sys \SystemRoot\System32\Drivers\dump_dumpfve.sys \SystemRoot\System32\win32k.sys \SystemRoot\System32\drivers\Dxapi.sys \SystemRoot\system32\DRIVERS\monitor.sys \SystemRoot\System32\TSDDD.dll \SystemRoot\system32\DRIVERS\usbccgp.sys \SystemRoot\System32\Drivers\usbvideo.sys \SystemRoot\system32\DRIVERS\CtClsFlt.sys \SystemRoot\System32\cdd.dll \SystemRoot\system32\drivers\luafv.sys \SystemRoot\system32\drivers\WudfPf.sys \SystemRoot\system32\DRIVERS\vmnetbridge.sys \SystemRoot\system32\DRIVERS\lltdio.sys \SystemRoot\system32\DRIVERS\nwifi.sys \SystemRoot\system32\DRIVERS\ndisuio.sys \SystemRoot\system32\DRIVERS\rspndr.sys \SystemRoot\system32\drivers\HTTP.sys \SystemRoot\system32\DRIVERS\bowser.sys \SystemRoot\System32\drivers\mpsdrv.sys \SystemRoot\system32\DRIVERS\mrxsmb.sys \SystemRoot\system32\DRIVERS\mrxsmb10.sys \SystemRoot\system32\DRIVERS\mrxsmb20.sys \??\C:\Windows\system32\drivers\hcmon.sys \??\C:\Windows\system32\Drivers\vmci.sys \??\C:\Windows\system32\Drivers\vmx86.sys \SystemRoot\system32\drivers\peauth.sys \SystemRoot\System32\Drivers\secdrv.SYS \SystemRoot\System32\DRIVERS\srvnet.sys \SystemRoot\System32\drivers\tcpipreg.sys \??\C:\Windows\system32\drivers\vmnetuserif.sys \??\C:\Program Files\VMware\VMware Workstation\vstor2-ws60.sys \SystemRoot\System32\DRIVERS\srv2.sys \SystemRoot\System32\DRIVERS\srv.sys \SystemRoot\system32\drivers\BCM42RLY.sys \SystemRoot\System32\Drivers\fastfat.SYS \??\C:\Windows\system32\drivers\mbamchameleon.sys \??\C:\Windows\system32\drivers\mbamswissarmy.sys \Windows\System32\ntdll.dll \Windows\System32\smss.exe \Windows\System32\apisetschema.dll \Windows\System32\autochk.exe \Windows\System32\imagehlp.dll \Windows\System32\lpk.dll \Windows\System32\comdlg32.dll \Windows\System32\user32.dll \Windows\System32\msvcrt.dll \Windows\System32\imm32.dll \Windows\System32\difxapi.dll \Windows\System32\msctf.dll \Windows\System32\oleaut32.dll \Windows\System32\usp10.dll \Windows\System32\Wldap32.dll \Windows\System32\clbcatq.dll \Windows\System32\sechost.dll \Windows\System32\advapi32.dll \Windows\System32\kernel32.dll \Windows\System32\setupapi.dll \Windows\System32\wininet.dll \Windows\System32\ws2_32.dll \Windows\System32\shell32.dll \Windows\System32\gdi32.dll \Windows\System32\psapi.dll \Windows\System32\nsi.dll \Windows\System32\shlwapi.dll \Windows\System32\rpcrt4.dll \Windows\System32\normaliz.dll \Windows\System32\urlmon.dll \Windows\System32\ole32.dll \Windows\System32\iertutil.dll \Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll \Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll \Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll \Windows\System32\KernelBase.dll \Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll \Windows\System32\cfgmgr32.dll \Windows\System32\wintrust.dll \Windows\System32\comctl32.dll \Windows\System32\crypt32.dll \Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll \Windows\System32\devobj.dll \Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll \Windows\System32\msasn1.dll ----------- End ----------- Done! <<<1>>> Upper Device Name: \Device\Harddisk0\DR0 Upper Device Object: 0xffffffff84b69030 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-0\ Lower Device Object: 0xffffffff84a5e908 Lower Device Driver Name: \Driver\atapi\ <<<2>>> Device number: 0, partition: 3 Physical Sector Size: 512 Drive: 0, DevicePointer: 0xffffffff84b69030, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xffffffff84b69d10, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xffffffff84b69030, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ DevicePointer: 0xffffffff84a60918, DeviceName: Unknown, DriverName: \Driver\ACPI\ DevicePointer: 0xffffffff84a5e908, DeviceName: \Device\Ide\IdeDeviceP0T0L0-0\, DriverName: \Driver\atapi\ ------------ End ---------- Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ Upper DeviceData: 0x0, 0x0, 0x0 Lower DeviceData: 0x0, 0x0, 0x0 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes <<<2>>> Device number: 0, partition: 3 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Scanning drivers directory: C:\Windows\system32\drivers... <<<2>>> Device number: 0, partition: 3 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Done! Drive 0 Scanning MBR on drive 0... Inspecting partition table: MBR Signature: 55AA Disk Signature: DF0C7B4B Partition information: Partition 0 type is Other (0xde) Partition is NOT ACTIVE. Partition starts at LBA: 63 Numsec = 80262 Partition 1 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 81920 Numsec = 30720000 Partition file system is NTFS Partition is bootable Partition 2 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 30801920 Numsec = 281777840 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Disk Size: 160041885696 bytes Sector size: 512 bytes Scanning physical sectors of unpartitioned space on drive 0 (1-62-312561808-312581808)... Done! Scan finished ======================================= Removal queue found; removal started Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_i.mbam... Removing c:\programdata\malwarebytes' anti-malware (portable)\bootstrap_0_1_81920_i.mbam... Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_r.mbam... Removal finished
  3. toddharsh
    OK, done (the background audio remains)...
  4. toddharsh
    Sorry this took so long. Didn't expect this scan to run for nearly 11 hours. Here are the results... C:\Users\Todd\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19\30d99dd3-33ab3e41 multiple threats cleaned by deleting - quarantined C:\Users\Todd\Desktop\RK_Quarantine\PhysicalDrive0_LL2.dat Win32/Olmarik.AYX trojan cleaned by deleting - quarantined
  5. toddharsh
    Yes, sorry, still travelling with limited internet beyond my phone. I'll be able to respond for real on Saturday at the latest.
  6. toddharsh
    I'm still here, just travelling this weekend, hope to get to it soon...
  7. toddharsh
    Here are the results from combofix: ComboFix 13-08-02.01 - Todd 08/02/2013 18:04:27.1.2 - x86 Microsoft Windows 7 Starter 6.1.7601.1.1252.1.1033.18.1013.260 [GMT -4:00] Running from: c:\users\Todd\Desktop\ComboFix.exe AV: McAfee VirusScan Enterprise *Disabled/Outdated* {ADA629C7-7F48-5689-624A-3B76997E0892} SP: McAfee VirusScan Enterprise Antispyware Module *Disabled/Outdated* {16C7C823-5972-5907-58FA-0004E2F9422F} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\programdata\Microsoft\Windows\DRM\72A4.tmp c:\users\Todd\AppData\Local\Microsoft\Windows\Temporary Internet Files\{806D9FA4-FC0E-4217-8C79-F02F164E50C5}.xps c:\users\Todd\AppData\Local\Microsoft\Windows\Temporary Internet Files\{9F3E1F29-723E-471E-8E65-EB977B833D93}.xps . . ((((((((((((((((((((((((( Files Created from 2013-07-02 to 2013-08-02 ))))))))))))))))))))))))))))))) . . 2013-08-02 22:39 . 2013-08-02 22:39 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-08-02 15:38 . 2013-08-02 15:38 -------- d-----w- c:\windows\ERUNT 2013-08-02 04:49 . 2013-08-02 04:49 -------- d-----w- c:\windows\system32\MRT 2013-07-31 23:43 . 2013-07-31 23:43 -------- d-----w- c:\windows\Sun 2013-07-31 22:21 . 2013-07-31 22:21 -------- d-----w- c:\users\Todd\AppData\Roaming\Malwarebytes 2013-07-31 22:20 . 2013-07-31 22:20 -------- d-----w- c:\programdata\Malwarebytes 2013-07-31 22:20 . 2013-07-31 22:20 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2013-07-31 22:20 . 2013-04-04 18:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-07-31 22:18 . 2013-07-31 22:18 -------- d-----w- c:\users\Todd\AppData\Local\Programs 2013-07-30 18:57 . 2013-07-31 00:59 -------- d-----w- c:\users\Todd\AppData\Roaming\Web Cake 2013-07-30 18:56 . 2013-07-30 23:31 -------- d-----w- C:\QUARANTINE 2013-07-29 16:29 . 2013-07-31 00:59 -------- d-----w- c:\users\Todd\AppData\Local\Screencast-O-Matic 2013-07-15 05:33 . 2013-05-06 04:56 1620480 ----a-w- c:\windows\system32\WMVDECOD.DLL 2013-07-15 05:33 . 2013-04-10 05:03 936448 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll 2013-07-15 05:29 . 2013-04-09 23:34 1247744 ----a-w- c:\windows\system32\DWrite.dll 2013-07-15 05:28 . 2013-06-04 04:53 509440 ----a-w- c:\windows\system32\qedit.dll 2013-07-15 05:28 . 2013-06-05 03:05 2347520 ----a-w- c:\windows\system32\win32k.sys 2013-07-15 05:17 . 2013-05-27 04:57 680960 ----a-w- c:\program files\Windows Defender\MpSvc.dll 2013-07-15 05:17 . 2013-05-27 04:57 392704 ----a-w- c:\program files\Windows Defender\MpClient.dll 2013-07-15 05:17 . 2013-05-27 04:57 224768 ----a-w- c:\program files\Windows Defender\MpCommu.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-07-31 04:25 . 2013-05-12 03:35 75656 ----a-w- c:\windows\system32\MfeOtlkAddin.dll 2013-07-31 04:25 . 2013-05-12 03:35 23112 ----a-w- c:\windows\system32\MFEOtlk.dll 2013-06-12 03:57 . 2013-06-12 03:57 745472 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe 2013-06-12 03:57 . 2013-06-12 03:57 185344 ----a-w- c:\windows\system32\elshyph.dll 2013-06-12 03:57 . 2013-06-12 03:57 158720 ----a-w- c:\windows\system32\msls31.dll 2013-06-12 03:57 . 2013-06-12 03:57 523264 ----a-w- c:\windows\system32\vbscript.dll 2013-06-12 03:57 . 2013-06-12 03:57 150528 ----a-w- c:\windows\system32\iexpress.exe 2013-06-12 03:57 . 2013-06-12 03:57 138752 ----a-w- c:\windows\system32\wextract.exe 2013-06-12 03:57 . 2013-06-12 03:57 38400 ----a-w- c:\windows\system32\imgutil.dll 2013-06-12 03:57 . 2013-06-12 03:57 137216 ----a-w- c:\windows\system32\ieUnatt.exe 2013-06-12 03:57 . 2013-06-12 03:57 12800 ----a-w- c:\windows\system32\mshta.exe 2013-06-12 03:57 . 2013-06-12 03:57 73728 ----a-w- c:\windows\system32\SetIEInstalledDate.exe 2013-06-12 03:57 . 2013-06-12 03:57 61952 ----a-w- c:\windows\system32\tdc.ocx 2013-06-12 03:57 . 2013-06-12 03:57 48640 ----a-w- c:\windows\system32\mshtmler.dll 2013-06-12 03:57 . 2013-06-12 03:57 361984 ----a-w- c:\windows\system32\html.iec 2013-06-12 03:57 . 2013-06-12 03:57 110592 ----a-w- c:\windows\system32\IEAdvpack.dll 2013-06-12 03:57 . 2013-06-12 03:57 719360 ----a-w- c:\windows\system32\mshtmlmedia.dll 2013-06-12 03:57 . 2013-06-12 03:57 23040 ----a-w- c:\windows\system32\licmgr10.dll 2013-06-12 03:57 . 2013-06-12 03:57 1441280 ----a-w- c:\windows\system32\inetcpl.cpl 2013-06-12 03:55 . 2013-06-12 03:55 49152 ----a-w- c:\windows\system32\taskhost.exe 2013-06-12 03:54 . 2013-06-12 03:54 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll 2013-06-12 03:54 . 2013-06-12 03:54 906240 ----a-w- c:\windows\system32\FntCache.dll 2013-06-12 03:54 . 2013-06-12 03:54 604160 ----a-w- c:\windows\system32\d3d10level9.dll 2013-06-12 03:54 . 2013-06-12 03:54 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll 2013-06-12 03:54 . 2013-06-12 03:54 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll 2013-06-12 03:54 . 2013-06-12 03:54 417792 ----a-w- c:\windows\system32\WMPhoto.dll 2013-06-12 03:54 . 2013-06-12 03:54 4096 ---ha-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll 2013-06-12 03:54 . 2013-06-12 03:54 364544 ----a-w- c:\windows\system32\XpsGdiConverter.dll 2013-06-12 03:54 . 2013-06-12 03:54 3584 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll 2013-06-12 03:54 . 2013-06-12 03:54 3419136 ----a-w- c:\windows\system32\d2d1.dll 2013-06-12 03:54 . 2013-06-12 03:54 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll 2013-06-12 03:54 . 2013-06-12 03:54 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll 2013-06-12 03:54 . 2013-06-12 03:54 293376 ----a-w- c:\windows\system32\dxgi.dll 2013-06-12 03:54 . 2013-06-12 03:54 2560 ---ha-w- c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll 2013-06-12 03:54 . 2013-06-12 03:54 249856 ----a-w- c:\windows\system32\d3d10_1core.dll 2013-06-12 03:54 . 2013-06-12 03:54 2284544 ----a-w- c:\windows\system32\msmpeg2vdec.dll 2013-06-12 03:54 . 2013-06-12 03:54 220160 ----a-w- c:\windows\system32\d3d10core.dll 2013-06-12 03:54 . 2013-06-12 03:54 207872 ----a-w- c:\windows\system32\WindowsCodecsExt.dll 2013-06-12 03:54 . 2013-06-12 03:54 1988096 ----a-w- c:\windows\system32\d3d10warp.dll 2013-06-12 03:54 . 2013-06-12 03:54 187392 ----a-w- c:\windows\system32\UIAnimation.dll 2013-06-12 03:54 . 2013-06-12 03:54 161792 ----a-w- c:\windows\system32\d3d10_1.dll 2013-06-12 03:54 . 2013-06-12 03:54 1158144 ----a-w- c:\windows\system32\XpsPrint.dll 2013-06-12 03:54 . 2013-06-12 03:54 1080832 ----a-w- c:\windows\system32\d3d10.dll 2013-06-12 03:54 . 2013-06-12 03:54 10752 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll 2013-05-26 04:45 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll 2013-05-13 04:45 . 2013-07-01 04:45 1160192 ----a-w- c:\windows\system32\crypt32.dll 2013-05-13 04:45 . 2013-07-01 04:45 140288 ----a-w- c:\windows\system32\cryptsvc.dll 2013-05-13 04:45 . 2013-07-01 04:45 103936 ----a-w- c:\windows\system32\cryptnet.dll 2013-05-13 03:08 . 2013-07-01 04:45 903168 ----a-w- c:\windows\system32\certutil.exe 2013-05-13 03:08 . 2013-07-01 04:45 43008 ----a-w- c:\windows\system32\certenc.dll 2013-05-12 03:32 . 2013-05-12 03:33 180720 ----a-w- c:\windows\system32\drivers\mfewfpk.sys 2013-05-12 03:32 . 2013-05-12 03:33 159640 ----a-w- c:\windows\system32\mfevtps.exe 2013-05-12 03:32 . 2013-05-12 03:35 87816 ----a-w- c:\windows\system32\drivers\mferkdet.sys 2013-05-12 03:32 . 2013-05-12 03:34 477584 ----a-w- c:\windows\system32\drivers\mfehidk.sys 2013-05-12 03:32 . 2013-05-12 03:35 9648 ----a-w- c:\windows\system32\drivers\mfeclnk.sys 2013-05-12 03:32 . 2013-05-12 03:35 59616 ----a-w- c:\windows\system32\drivers\mfebopk.sys 2013-05-12 03:32 . 2013-05-12 03:35 215024 ----a-w- c:\windows\system32\drivers\mfeavfk.sys 2013-05-12 03:32 . 2013-05-12 03:35 121544 ----a-w- c:\windows\system32\drivers\mfeapfk.sys 2013-05-10 03:20 . 2013-07-01 04:55 24576 ----a-w- c:\windows\system32\cryptdlg.dll 2013-05-08 05:38 . 2013-07-01 04:53 1293672 ----a-w- c:\windows\system32\drivers\tcpip.sys 2013-05-06 05:06 . 2013-07-01 04:37 3913576 ----a-w- c:\windows\system32\ntoskrnl.exe 2013-05-06 05:06 . 2013-07-01 04:37 3968872 ----a-w- c:\windows\system32\ntkrnlpa.exe . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Desktop Software"="c:\program files\Common Files\SupportSoft\bin\bcont.exe" [2009-05-05 1025264] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-11-05 1594664] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-11-17 7866912] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-10-05 141848] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-10-05 173592] "Persistence"="c:\windows\system32\igfxpers.exe" [2009-10-05 150552] "Broadcom Wireless Manager UI"="c:\program files\Dell\Dell Wireless WLAN Card\WLTRAY.exe" [2009-07-17 4562944] "BTMeter"="c:\program files\Battery Meter\BTMeter.exe" [2009-09-17 632176] "WSED"="c:\program files\WSED\WSED.exe" [2009-05-27 247080] "CapsLKNotify"="c:\program files\CapsLKNotify\CapsLKNotify.exe" [2009-06-09 320880] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696] "Dell DataSafe Online"="c:\program files\Dell DataSafe Online\DataSafeOnline.exe" [2009-11-13 1807600] "dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-06-03 206064] "AT&T Communication Manager"="c:\program files\AT&T\Communication Manager\ATTCM.exe" [2008-05-02 33280] "BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 89184] "vmware-tray"="c:\program files\VMware\VMware Workstation\vmware-tray.exe" [2010-05-21 129584] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696] "McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\udaterui.exe" [2012-09-05 333416] "ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2012-08-15 215656] "MRT"="c:\windows\system32\MRT.exe" [2013-06-24 75733144] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "SPReview"="c:\windows\System32\SPReview\SPReview.exe" [2013-05-26 280576] . c:\users\Todd\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-9-21 1316192] OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2009-2-26 97680] OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office14\ONENOTEM.EXE /tsr [2013-6-25 228552] OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008] . c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe /firstrun [2009-9-21 1316192] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist] 2010-01-23 01:43 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-10-27 136176] R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-07-12 3289472] R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2012-07-13 160944] R3 ATTRcAppSvc;AT&T RcAppSvc;c:\program files\AT&T\Communication Manager\RcAppSvc.exe [2008-03-06 106496] R3 CAATT;AT&T Con App Svc;c:\program files\AT&T\Communication Manager\ConAppsSvc.exe [2008-03-06 118784] R3 dc3d;MS Hardware Device Detection Driver (HID);c:\windows\system32\DRIVERS\dc3d.sys [2009-10-17 16896] R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2010-01-20 14216] R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2010-01-20 8456] R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-10-27 136176] R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2013-05-12 87816] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-09-22 174592] R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-08-20 189440] R3 SWNC8U56;Sierra Wireless MUX NDIS Driver (UMTS56);c:\windows\system32\DRIVERS\swnc8u56.sys [2007-06-27 101248] R3 SWUMX56;Sierra Wireless USB MUX Driver (UMTS56);c:\windows\system32\DRIVERS\swumx56.sys [2007-06-27 73856] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224] S0 EMSC;COMPAL Embedded System Control;c:\windows\system32\DRIVERS\EMSC.SYS [2009-06-26 13680] S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2013-05-12 180720] S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648] S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2013-05-12 159640] S2 vmci;VMware vmci;c:\windows\system32\Drivers\vmci.sys [2010-05-21 70704] S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files\Common Files\VMware\USB\vmware-usbarbitrator.exe [2010-05-21 539184] S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2009-03-12 143840] . . --- Other Services/Drivers In Memory --- . *Deregistered* - mfeavfk01 . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS fdrespub AppIDSvc QWAVE wcncsvc HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 . Contents of the 'Scheduled Tasks' folder . 2013-08-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-10-27 17:13] . 2013-08-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-10-27 17:13] . . ------- Supplementary Scan ------- . IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105 LSP: c:\program files\VMware\VMware Workstation\vsocklib.dll TCP: DhcpNameServer = 209.18.47.61 209.18.47.62 . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2013-08-02 19:07:02 ComboFix-quarantined-files.txt 2013-08-02 23:06 . Pre-Run: 56,668,790,784 bytes free Post-Run: 60,682,649,600 bytes free . - - End Of File - - 4AE830C3C74E1C84A6B53DCA5989EA2D 5C616939100B85E558DA92B899A0FC36
  8. toddharsh
    Thanks for the help! Below are the reports in order. One question- for RogueKiller- did you want me to go ahead and delete the items it found? Guessing yes, but I don't want to mess up the process... ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 5.3.0 (08.02.2013:1) OS: Windows 7 Starter x86 Ran by Todd on Fri 08/02/2013 at 11:38:29.16 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5} Successfully deleted: [Registry] HKEY_CURRENT_USER\Software\yahoopartnertoolbar ~~~ Files Successfully deleted: [File] "C:\end" ~~~ Folders Successfully deleted: [Folder] "C:\ProgramData\iminent" Successfully deleted: [Folder] "C:\Users\Todd\AppData\Roaming\iminent" Successfully deleted: [Folder] "C:\Users\Todd\AppData\Roaming\searchprotect" Successfully deleted: [Folder] "C:\Users\Todd\appdata\local\conduit" Successfully deleted: [Folder] "C:\Users\Todd\appdata\locallow\conduit" Successfully deleted: [Folder] "C:\Users\Todd\appdata\locallow\pricegong" Successfully deleted: [Folder] "C:\Program Files\Common Files\umbrella" ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on Fri 08/02/2013 at 11:46:27.89 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ # AdwCleaner v2.306 - Logfile created 08/02/2013 at 11:52:08 # Updated 19/07/2013 by Xplode # Operating system : Windows 7 Starter Service Pack 1 (32 bits) # User : Todd - MINIMUSH # Boot Mode : Normal # Running from : C:\Users\Todd\Desktop\AdwCleaner.exe # Option [Delete] ***** [services] ***** ***** [Files / Folders] ***** Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Iminent Folder Deleted : C:\Users\Todd\AppData\Local\Temp\Iminent ***** [Registry] ***** Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} ***** [internet Browsers] ***** -\\ Internet Explorer v10.0.9200.16635 [OK] Registry is clean. ************************* AdwCleaner[s1].txt - [1387 octets] - [02/08/2013 11:52:08] ########## EOF - C:\AdwCleaner[s1].txt - [1447 octets] ########## Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Database version: v2013.08.02.06 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 10.0.9200.16635 Todd :: MINIMUSH [administrator] 8/2/2013 12:13:22 PM mbam-log-2013-08-02 (12-13-22).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 295802 Time elapsed: 1 hour(s), 6 minute(s), 20 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) RogueKiller V8.6.4 [Jul 29 2013] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.adlice.com/forum/ Website : http://www.adlice.com/softwares/roguekiller/ Blog : http://tigzyrk.blogspot.com/ Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version Started in : Normal mode User : Todd [Admin rights] Mode : Scan -- Date : 08/02/2013 13:25:57 | ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 8 ¤¤¤ [HJ POL] HKCU\[...]\System : DisableTaskMgr (0) -> FOUND [HJ POL] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND [HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND [HJ DESK] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND [HJ DESK] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND [HJ DESK] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Scheduled tasks : 0 ¤¤¤ ¤¤¤ Startup Entries : 0 ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [LOADED] ¤¤¤ [Address] IRP[iRP_MJ_INTERNAL_DEVICE_CONTROL] : C:\Windows\System32\drivers\mountmgr.sys -> HOOKED ([Address] Unknown @ 0x84DCBF3B) ¤¤¤ External Hives: ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> %SystemRoot%\System32\drivers\etc\hosts ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: WDC WD1600BEVT-75ZCT2 ATA Device +++++ --- User --- [MBR] f065f09a161e175381055c0b492071af [bSP] af8c281a8af39789fbfddbf03237633b : Windows Vista MBR Code Partition table: 0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo 1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 15000 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 30801920 | Size: 137586 Mo User = LL1 ... OK! User != LL2 ... KO! --- LL2 --- [MBR] 2d269ed09856e83555ddb92ce1411030 [bSP] 12dd905d909c232c79903e60ef8d6844 : Windows Vista/7/8 MBR Code Partition table: 0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo 1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 15000 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 30801920 | Size: 137586 Mo Finished : << RKreport[0]_S_08022013_132557.txt >>
  9. toddharsh
    Hi all... I seem to have the same problem discussed in several other threads- unwanted audio is playing in the background (sounds like it is from video commercials and news programs), the computer is slow, and I have some connectivity problems (for example, I'm unable to post a new topic in this forum from the infected computer). Malwarebytes quick scan removed some things, but the problems persist. Hoping someone can help! I've run DDS, in the other threads the solution quickly became personalized so I've stopped there. The results are below. Thanks! -todd DDS (Ver_2012-11-20.01) - NTFS_x86 Internet Explorer: 10.0.9200.16635 Run by Todd at 19:53:49 on 2013-08-01 Microsoft Windows 7 Starter 6.1.7601.1.1252.1.1033.18.1013.254 [GMT -4:00] . AV: McAfee VirusScan Enterprise *Disabled/Outdated* {ADA629C7-7F48-5689-624A-3B76997E0892} SP: McAfee VirusScan Enterprise Antispyware Module *Disabled/Outdated* {16C7C823-5972-5907-58FA-0004E2F9422F} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes ================ . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Program Files\Dell\DellDock\DockLogin.exe C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwltry.exe C:\Windows\System32\spoolsv.exe C:\Program Files\Flip Video\FlipShare\FlipShareService.exe C:\Program Files\McAfee\Common Framework\FrameworkService.exe C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe C:\Windows\system32\mfevtps.exe C:\Program Files\McAfee\VirusScan Enterprise\mfeann.exe C:\Windows\system32\conhost.exe C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe C:\Program Files\McAfee\Common Framework\naPrdMgr.exe C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe C:\Windows\system32\vmnat.exe C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe C:\Program Files\VMware\VMware Workstation\vmware-authd.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\system32\vmnetdhcp.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Program Files\Dell\DellDock\DellDock.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE C:\Windows\system32\igfxsrvc.exe C:\Program Files\Battery Meter\BTMeter.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\WSED\WSED.exe C:\Program Files\CapsLKNotify\CapsLKNotify.exe C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe C:\Program Files\Dell Support Center\bin\sprtcmd.exe C:\Program Files\VMware\VMware Workstation\vmware-tray.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\McAfee\Common Framework\UdaterUI.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE C:\Windows\system32\SearchProtocolHost.exe C:\Program Files\McAfee\Common Framework\McTray.exe C:\Program Files\Dell Support Center\gs_agent\dsc.exe C:\Windows\system32\SearchFilterHost.exe C:\Program Files\OpenOffice.org 3\program\soffice.exe C:\Program Files\OpenOffice.org 3\program\soffice.bin C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE C:\Windows\system32\sppsvc.exe C:\Program Files\Dell Support Center\bin\sprtsvc.exe C:\Windows\system32\conhost.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\System32\svchost.exe -k HPZ12 C:\Windows\system32\svchost.exe -k imgsvc . ============== Pseudo HJT Report =============== . BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned> BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office14\GROOVEEX.DLL BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20130731002659.dll BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: Windows Live Toolbar Helper: {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - c:\program files\windows live\toolbar\wltcore.dll TB: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - c:\program files\windows live\toolbar\wltcore.dll TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll TB: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - c:\program files\windows live\toolbar\wltcore.dll TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll uRun: [Desktop Software] "c:\program files\common files\supportsoft\bin\bcont.exe" /ini "c:\program files\comcastui\desktop software\uinstaller.ini" /fromrun /starthidden uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe" mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s mRun: [igfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [Persistence] c:\windows\system32\igfxpers.exe mRun: [broadcom Wireless Manager UI] c:\program files\dell\dell wireless wlan card\WLTRAY.exe mRun: [bTMeter] c:\program files\battery meter\BTMeter.exe mRun: [WSED] c:\program files\wsed\WSED.exe mRun: [CapsLKNotify] c:\program files\capslknotify\CapsLKNotify.exe mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [Dell DataSafe Online] "c:\program files\dell datasafe online\DataSafeOnline.exe" /m mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter mRun: [AT&T Communication Manager] "c:\program files\at&t\communication manager\ATTCM.exe" -a mRun: [bCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices mRun: [vmware-tray] "c:\program files\vmware\vmware workstation\vmware-tray.exe" mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [McAfeeUpdaterUI] "c:\program files\mcafee\common framework\udaterui.exe" /StartedFromRunKey mRun: [shStatEXE] "c:\program files\mcafee\virusscan enterprise\SHSTAT.EXE" /STANDALONE mRun: [MRT] "c:\windows\system32\MRT.exe" /R dRunOnce: [sPReview] "c:\windows\system32\spreview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 StartupFolder: c:\users\todd\appdata\roaming\micros~1\windows\startm~1\programs\startup\delldo~1.lnk - c:\program files\dell\delldock\DellDock.exe StartupFolder: c:\users\todd\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE StartupFolder: c:\users\todd\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~2.lnk - c:\program files\microsoft office\office14\ONENOTEM.EXE StartupFolder: c:\users\todd\appdata\roaming\micros~1\windows\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe uPolicies-Explorer: NoDriveTypeAutoRun = dword:145 mPolicies-Explorer: NoDriveTypeAutoRun = dword:255 mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 mPolicies-Explorer: NoDriveTypeAutoRun = dword:145 IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~1\micros~3\office14\ONBttnIE.dll/105 IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} LSP: c:\program files\vmware\vmware workstation\vsocklib.dll TCP: Interfaces\{30BD3E64-E4FB-4A7F-BA02-9D115EDD97ED} : DHCPNameServer = 209.18.47.61 209.18.47.62 TCP: Interfaces\{30BD3E64-E4FB-4A7F-BA02-9D115EDD97ED}\349647967616475602D20205C656163756023756560227563656074796F6E6 : DHCPNameServer = 10.0.0.1 TCP: Interfaces\{30BD3E64-E4FB-4A7F-BA02-9D115EDD97ED}\84F6473507F647D20516C616963746563734F6E676275637D4F6E647275616C6 : DHCPNameServer = 64.254.224.2 216.94.180.2 TCP: Interfaces\{30BD3E64-E4FB-4A7F-BA02-9D115EDD97ED}\9435D425D4 : DHCPNameServer = 64.254.224.2 216.94.180.2 TCP: Interfaces\{30BD3E64-E4FB-4A7F-BA02-9D115EDD97ED}\9435D425D40223031323 : DHCPNameServer = 203.56.3.15 203.56.3.16 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\program files\cozi express\CoziProtocolHandler.dll Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll Notify: igfxcui - igfxdev.dll SSODL: WebCheck - <orphaned> SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office14\GROOVEEX.DLL . ============= SERVICES / DRIVERS =============== . R0 EMSC;COMPAL Embedded System Control;c:\windows\system32\drivers\EMSC.sys [2009-6-26 13680] R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2013-5-11 477584] R0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2013-5-11 180720] R2 DockLoginService;Dock Login Service;c:\program files\dell\delldock\DockLogin.exe [2009-6-9 155648] R2 McAfeeFramework;McAfee Framework Service;c:\program files\mcafee\common framework\FrameworkService.exe [2012-9-5 132712] R2 McShield;McAfee McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2013-5-11 167344] R2 McTaskManager;McAfee Task Manager;c:\program files\mcafee\virusscan enterprise\VsTskMgr.exe [2012-8-14 210056] R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2013-5-11 159640] R2 Skype C2C Service;Skype C2C Service;c:\programdata\skype\toolbars\skype c2c service\c2c_service.exe [2013-7-12 3289472] R2 VMUSBArbService;VMware USB Arbitration Service;c:\program files\common files\vmware\usb\vmware-usbarbitrator.exe [2010-5-20 539184] R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\drivers\CtClsFlt.sys [2010-1-22 143840] R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2013-5-11 215024] R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2013-5-11 59616] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-7-13 160944] S3 ATTRcAppSvc;AT&T RcAppSvc;c:\program files\at&t\communication manager\RcAppSvc.exe [2008-3-6 106496] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888] S3 CAATT;AT&T Con App Svc;c:\program files\at&t\communication manager\ConAppsSvc.exe [2008-3-6 118784] S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2010-3-21 14216] S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2010-3-21 8456] S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2013-7-31 40776] S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2013-5-11 87816] S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2010-1-22 174592] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2010-1-22 189440] S3 SWNC8U56;Sierra Wireless MUX NDIS Driver (UMTS56);c:\windows\system32\drivers\swnc8u56.sys [2010-5-12 101248] S3 SWUMX56;Sierra Wireless USB MUX Driver (UMTS56);c:\windows\system32\drivers\swumx56.sys [2010-5-12 73856] S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-7-1 52224] . =============== Created Last 30 ================ . 2013-07-31 22:21:20 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2013-07-31 22:21:18 -------- d-----w- c:\users\todd\appdata\roaming\Malwarebytes 2013-07-31 22:20:33 -------- d-----w- c:\programdata\Malwarebytes 2013-07-31 22:20:26 22856 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-07-31 22:20:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2013-07-31 22:18:52 -------- d-----w- c:\users\todd\appdata\local\Programs 2013-07-30 19:08:21 -------- d-----w- c:\users\todd\appdata\roaming\Iminent 2013-07-30 19:07:28 -------- d-----w- c:\programdata\Iminent 2013-07-30 19:00:46 -------- d-----w- c:\users\todd\appdata\roaming\SearchProtect 2013-07-30 19:00:11 -------- d-----w- c:\program files\common files\Umbrella 2013-07-30 18:57:41 -------- d-----w- c:\users\todd\appdata\roaming\Web Cake 2013-07-30 18:57:01 -------- d-----w- c:\users\todd\appdata\local\Conduit 2013-07-30 18:56:56 -------- d-----w- C:\QUARANTINE 2013-07-29 16:29:05 -------- d-----w- c:\users\todd\appdata\local\Screencast-O-Matic 2013-07-15 05:33:39 1620480 ----a-w- c:\windows\system32\WMVDECOD.DLL 2013-07-15 05:33:22 936448 ----a-w- c:\program files\common files\microsoft shared\ink\journal.dll 2013-07-15 05:29:01 1247744 ----a-w- c:\windows\system32\DWrite.dll 2013-07-15 05:28:26 509440 ----a-w- c:\windows\system32\qedit.dll 2013-07-15 05:28:21 2347520 ----a-w- c:\windows\system32\win32k.sys 2013-07-15 05:17:53 680960 ----a-w- c:\program files\windows defender\MpSvc.dll 2013-07-15 05:17:51 392704 ----a-w- c:\program files\windows defender\MpClient.dll 2013-07-15 05:17:50 224768 ----a-w- c:\program files\windows defender\MpCommu.dll . ==================== Find3M ==================== . 2013-07-31 04:25:15 75656 ----a-w- c:\windows\system32\MfeOtlkAddin.dll 2013-07-31 04:25:14 23112 ----a-w- c:\windows\system32\MFEOtlk.dll 2013-06-12 03:55:50 49152 ----a-w- c:\windows\system32\taskhost.exe 2013-06-11 23:43:37 1767936 ----a-w- c:\windows\system32\wininet.dll 2013-06-11 23:43:00 2877440 ----a-w- c:\windows\system32\jscript9.dll 2013-06-11 23:42:58 61440 ----a-w- c:\windows\system32\iesetup.dll 2013-06-11 23:42:58 109056 ----a-w- c:\windows\system32\iesysprep.dll 2013-06-11 22:51:45 71680 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe 2013-06-07 02:37:52 2706432 ----a-w- c:\windows\system32\mshtml.tlb 2013-05-26 04:45:32 152576 ----a-w- c:\windows\system32\msclmd.dll 2013-05-13 04:45:55 140288 ----a-w- c:\windows\system32\cryptsvc.dll 2013-05-13 04:45:55 1160192 ----a-w- c:\windows\system32\crypt32.dll 2013-05-13 04:45:55 103936 ----a-w- c:\windows\system32\cryptnet.dll 2013-05-13 03:08:10 903168 ----a-w- c:\windows\system32\certutil.exe 2013-05-13 03:08:06 43008 ----a-w- c:\windows\system32\certenc.dll 2013-05-12 03:32:51 180720 ----a-w- c:\windows\system32\drivers\mfewfpk.sys 2013-05-12 03:32:50 159640 ----a-w- c:\windows\system32\mfevtps.exe 2013-05-12 03:32:47 87816 ----a-w- c:\windows\system32\drivers\mferkdet.sys 2013-05-12 03:32:45 477584 ----a-w- c:\windows\system32\drivers\mfehidk.sys 2013-05-12 03:32:43 9648 ----a-w- c:\windows\system32\drivers\mfeclnk.sys 2013-05-12 03:32:43 59616 ----a-w- c:\windows\system32\drivers\mfebopk.sys 2013-05-12 03:32:41 215024 ----a-w- c:\windows\system32\drivers\mfeavfk.sys 2013-05-12 03:32:40 121544 ----a-w- c:\windows\system32\drivers\mfeapfk.sys 2013-05-10 03:20:54 24576 ----a-w- c:\windows\system32\cryptdlg.dll 2013-05-08 05:38:00 1293672 ----a-w- c:\windows\system32\drivers\tcpip.sys 2013-05-06 05:06:47 3968872 ----a-w- c:\windows\system32\ntkrnlpa.exe 2013-05-06 05:06:47 3913576 ----a-w- c:\windows\system32\ntoskrnl.exe . ============= FINISH: 19:59:02.10 =============== . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 7 Starter Boot Device: \Device\HarddiskVolume2 Install Date: 2/13/2010 10:27:01 PM System Uptime: 8/1/2013 7:50:03 PM (0 hours ago) . Motherboard: Dell Inc. | | 0P9MDV Processor: Intel® Atom CPU N450 @ 1.66GHz | CPU 1 | 1667/667mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 134 GiB total, 51.669 GiB free. . ==== Disabled Device Manager Items ============= . Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318} Description: Dell Wireless 1397 WLAN Mini-Card Device ID: PCI\VEN_14E4&DEV_4315&SUBSYS_000C1028&REV_01\4&1B4B68A1&0&00E1 Manufacturer: Broadcom Name: Dell Wireless 1397 WLAN Mini-Card PNP Device ID: PCI\VEN_14E4&DEV_4315&SUBSYS_000C1028&REV_01\4&1B4B68A1&0&00E1 Service: BCM43XX . ==== System Restore Points =================== . RP138: 7/20/2013 1:21:11 AM - Windows Update RP139: 7/30/2013 8:37:18 PM - Restore Operation RP140: 7/30/2013 9:22:27 PM - Windows Update RP141: 7/30/2013 9:42:21 PM - Windows Update RP142: 7/30/2013 11:47:27 PM - Windows Update RP143: 8/1/2013 12:43:46 AM - Windows Update . ==== Installed Programs ====================== . Update for Microsoft Office 2007 (KB2508958) 7-Zip 9.16 beta Adobe Flash Player 11 ActiveX Adobe Reader 9.1.2 Advanced Audio FX Engine Advertising Center Age of Mythology AT&T Communication Manager Battery Meter CapsLKNotify Cisco EAP-FAST Module Cisco LEAP Module Cisco PEAP Module Compatibility Pack for the 2007 Office system Cozi Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition Dell DataSafe Online Dell Dock Dell Edoc Viewer Dell Support Center (Support Software) Dell Touchpad Dell Webcam Central Dell Wireless WLAN Card Utility Driver Installer EASEUS Partition Master 5.0.1 Unlimited Edition EMSC EndNote X4 F-Secure SSH Client FlipShare Function Keys GIMP 2.6.11 Google Toolbar for Internet Explorer Google Update Helper GoToAssist 8.0.0.514 ImagXpress Intel® Graphics Media Accelerator Driver Java Auto Updater Java 6 Update 35 Junk Mail filter update Live! Cam Avatar Creator Malwarebytes Anti-Malware version 1.75.0.1300 MATLAB R2011a McAfee Agent McAfee VirusScan Enterprise Menu Templates - Starter Kit Microsoft .NET Framework 4 Client Profile Microsoft Application Error Reporting Microsoft Choice Guard Microsoft Office 2007 Service Pack 3 (SP3) Microsoft Office Access MUI (English) 2010 Microsoft Office Access Setup Metadata MUI (English) 2010 Microsoft Office Excel MUI (English) 2007 Microsoft Office Excel MUI (English) 2010 Microsoft Office File Validation Add-In Microsoft Office Groove MUI (English) 2010 Microsoft Office Home and Student 2007 Microsoft Office InfoPath MUI (English) 2010 Microsoft Office OneNote MUI (English) 2007 Microsoft Office OneNote MUI (English) 2010 Microsoft Office Outlook MUI (English) 2010 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2010 Microsoft Office PowerPoint Viewer 2007 (English) Microsoft Office Professional Plus 2010 Microsoft Office Proof (English) 2007 Microsoft Office Proof (English) 2010 Microsoft Office Proof (French) 2007 Microsoft Office Proof (French) 2010 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proof (Spanish) 2010 Microsoft Office Proofing (English) 2007 Microsoft Office Proofing (English) 2010 Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) Microsoft Office Publisher MUI (English) 2010 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared MUI (English) 2010 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2010 Microsoft Office Suite Activation Assistant Microsoft Office Word MUI (English) 2007 Microsoft Office Word MUI (English) 2010 Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Sync Framework Runtime Native v1.0 (x86) Microsoft Sync Framework Services Native v1.0 (x86) Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Works Motorola Driver Installation Movie Templates - Starter Kit MSVCRT MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MSXML4 Parser Nero 9 Essentials Nero BurnRights Nero ControlCenter Nero CoverDesigner Nero Disc Copy Gadget Nero DiscSpeed Nero DriveSpeed Nero InfoTool Nero Installer Nero Online Upgrade Nero Rescue Agent Nero ShowTime Nero StartSmart Nero Vision NeroExpress neroxml Nokia Connectivity Adapter Cable DKU-5 OGA Notifier 2.0.0048.0 OpenOffice.org 3.2 R for Windows 2.15.0 Realtek High Definition Audio Driver ResearchSoft Direct Export Helper RStudio Screen Share 8.1.11 Security Update for CAPICOM (KB931906) Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595) Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642) Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576) Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393) Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628) Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687309) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition Skype Click to Call Skype™ 5.10 STATGRAPHICS Centurion XV.II tools-freebsd tools-linux tools-netware tools-solaris tools-windows tools-winPre2k Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft .NET Framework 4 Client Profile (KB2836939) Update for Microsoft Office 2007 Help for Common Features (KB963673) Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition Update for Microsoft Office 2010 (KB2494150) Update for Microsoft Office 2010 (KB2553092) Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition Update for Microsoft Office Excel 2007 Help (KB963678) Update for Microsoft Office OneNote 2007 Help (KB963670) Update for Microsoft Office Powerpoint 2007 Help (KB963669) Update for Microsoft Office Script Editor Help (KB963671) Update for Microsoft Office Word 2007 Help (KB963665) Virtual Access Client VMware Workstation Windows Live Call Windows Live Communications Platform Windows Live Essentials Windows Live Mail Windows Live Messenger Windows Live Movie Maker Windows Live Photo Gallery Windows Live Sign-in Assistant Windows Live Sync Windows Live Toolbar Windows Live Upload Tool Windows Live Writer WSED . ==== Event Viewer Messages From Past Week ======== . 8/1/2013 7:51:25 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: cdrom 8/1/2013 7:43:09 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running. 8/1/2013 7:43:09 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Multimedia Class Scheduler service, but this action failed with the following error: An instance of the service is already running. 8/1/2013 7:42:09 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Shell Hardware Detection service, but this action failed with the following error: An instance of the service is already running. 8/1/2013 7:42:09 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Server service, but this action failed with the following error: An instance of the service is already running. 8/1/2013 7:42:09 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Application Experience service, but this action failed with the following error: An instance of the service is already running. 8/1/2013 7:41:09 PM, Error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 8/1/2013 7:41:09 PM, Error: Service Control Manager [7031] - The User Profile Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 8/1/2013 7:41:09 PM, Error: Service Control Manager [7031] - The Themes service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 8/1/2013 7:41:09 PM, Error: Service Control Manager [7031] - The Task Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 8/1/2013 7:41:09 PM, Error: Service Control Manager [7031] - The System Event Notification Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 8/1/2013 7:41:09 PM, Error: Service Control Manager [7031] - The Shell Hardware Detection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 8/1/2013 7:41:09 PM, Error: Service Control Manager [7031] - The Server service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 8/1/2013 7:41:09 PM, Error: Service Control Manager [7031] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 8/1/2013 7:41:09 PM, Error: Service Control Manager [7031] - The IP Helper service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 8/1/2013 7:41:09 PM, Error: Service Control Manager [7031] - The IKE and AuthIP IPsec Keying Modules service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 8/1/2013 7:41:09 PM, Error: Service Control Manager [7031] - The Group Policy Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 8/1/2013 7:41:09 PM, Error: Service Control Manager [7031] - The Extensible Authentication Protocol service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 8/1/2013 7:41:09 PM, Error: Service Control Manager [7031] - The Computer Browser service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 8/1/2013 7:41:09 PM, Error: Service Control Manager [7031] - The Background Intelligent Transfer Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 8/1/2013 7:41:09 PM, Error: Service Control Manager [7031] - The Application Experience service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 8/1/2013 12:24:41 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR3. 8/1/2013 11:26:39 AM, Error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{43C2F413-9DBF-46AD-B3F8-973E7C896D58} because another computer on the network has the same name. The server could not start. 8/1/2013 11:26:26 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service. 8/1/2013 1:42:53 PM, Error: Microsoft-Windows-HAL [12] - The platform firmware has corrupted memory across the previous system power transition. Please check for updated firmware for your system. 7/31/2013 9:46:13 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service gupdate with arguments "/comsvc" in order to run the server: {4EB61BAC-A3B6-4760-9581-655041EF4D69} 7/31/2013 9:46:11 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Google Update Service (gupdate) service to connect. 7/31/2013 9:46:11 AM, Error: Service Control Manager [7000] - The Google Update Service (gupdate) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 7/31/2013 9:29:53 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service TrustedInstaller with arguments "" in order to run the server: {752073A1-23F2-4396-85F0-8FDB879ED0ED} 7/31/2013 9:29:51 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Modules Installer service to connect. 7/31/2013 9:29:51 AM, Error: Service Control Manager [7000] - The Windows Modules Installer service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 7/31/2013 7:14:25 PM, Error: Service Control Manager [7034] - The Application Information service terminated unexpectedly. It has done this 1 time(s). 7/31/2013 7:14:25 PM, Error: Service Control Manager [7031] - The Windows Update service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 7/31/2013 7:14:25 PM, Error: Service Control Manager [7031] - The Remote Access Connection Manager service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 7/31/2013 7:14:25 PM, Error: Service Control Manager [7000] - The Computer Browser service failed to start due to the following error: The pipe has been ended. 7/31/2013 6:15:28 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the LanmanServer service. 7/31/2013 5:19:29 PM, Error: Schannel [36888] - The following fatal alert was generated: 10. The internal error state is 10. 7/31/2013 2:35:35 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0xd95cdf84, 0x00000002, 0x00000001, 0x820b9f2f). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 073113-25287-01. 7/31/2013 2:21:02 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the NlaSvc service. 7/31/2013 12:46:58 AM, Error: Service Control Manager [7022] - The Windows Audio service hung on starting. 7/31/2013 10:06:04 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect. 7/30/2013 8:15:53 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting. 7/30/2013 7:56:00 PM, Error: Service Control Manager [7000] - The Application Experience service failed to start due to the following error: The client of a component requested an operation which is not valid given the state of the component instance. 7/30/2013 7:32:25 PM, Error: Service Control Manager [7031] - The McAfee McShield service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service. 7/28/2013 9:02:39 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v4.0.30319_X86 service to connect. . ==== End Of File ===========================
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.