Jump to content

aberndt

Members
 View Profile  See their activity

  • Posts

    10

  • Joined

  • Last visited

 Content Type 

Everything posted by aberndt

  1. aberndt
    Hi Mr. Charlie - Thank you for the advice. I will print this and take it with me over to her house this evening along with the recommended downloads. I will then remove pretty much everything left on her computer except MS Office and IE (she's 81, she reads email and that's pretty much it ) I'll update you tomorrow.
  2. aberndt
    Hi - Yesterday, my 81 yr old mother was the victim of a scam where the caller called her on the telephone and demanded her credit card number telling her that she would not be able to use her computer if she did not give them the number, so she did. They charged $269 for something, she doesn't know what. She then called me. Long story short, the charge and the credit card were cancelled but she does not know if they were ever on her computer. She has the computer shut down at the moment until I can get there tomorrow night to look at it. I'm not quite sure what I am looking for. I've run many malware scans in the past on a variety of devices but I generally know what I am looking for. Does anyone have any idea what I should look for specifically? The law enforcement officer I spoke with said these scams are quite prevalent so I was hoping someone might have some experience with this. Thank you in advance for your help.
  3. aberndt
    You too
  4. aberndt
    Thank you for all of your help!!! I've cleaned up all of the tools, now I will update everything before "repurposing" this computer.
  5. aberndt

    Thank you so much for your patience and expertise!!! You really helped a lot with the annoying, random ads!!! Your help is much appreciated :)

  6. aberndt
    Here it is: Results of screen317's Security Check version 0.99.81 Windows Vista Service Pack 1 x64 (UAC is disabled!) Out of date service pack!! Internet Explorer 8 Out of date! Internet Explorer 8 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Disabled! AVG Anti-Virus Business Edition 2012 Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Adobe Reader 10.1.9 Adobe Reader out of Date! ````````Process Check: objlist.exe by Laurent```````` AVG avgwdsvc.exe AVG avgtray.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 2 % Defragment your hard drive soon! (Do NOT defrag if SSD!) ````````````````````End of Log``````````````````````
  7. aberndt
    Hi Mr. Charlie - Here is the combo fix log: ComboFix 14-04-08.01 - MFRANZOWIAK 04/09/2014 7:29.3.4 - x64 Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1252.1.1033.18.7934.2403 [GMT -5:00] Running from: c:\users\mfranzowiak\Desktop\ComboFix.exe Command switches used :: c:\users\mfranzowiak\Desktop\CFScript.txt AV: AVG Anti-Virus Business Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0} SP: AVG Anti-Virus Business Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . . --------------- FCopy --------------- . c:\windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6000.21023_none_c47a129912422fc2\rpcss.dll --> c:\windows\system32\rpcss.dll . ((((((((((((((((((((((((( Files Created from 2014-03-09 to 2014-04-09 ))))))))))))))))))))))))))))))) . . 2014-04-09 12:36 . 2014-04-09 12:36 -------- d-----w- c:\users\SPAdmin\AppData\Local\temp 2014-04-09 12:36 . 2014-04-09 12:36 -------- d-----w- c:\users\slattocco\AppData\Local\temp 2014-04-09 12:36 . 2014-04-09 12:36 -------- d-----w- c:\users\LCARLSON\AppData\Local\temp 2014-04-09 12:36 . 2014-04-09 12:36 -------- d-----w- c:\users\Default\AppData\Local\temp 2014-04-09 12:36 . 2014-04-09 12:36 -------- d-----w- c:\users\Administrator\AppData\Local\temp 2014-04-04 15:16 . 2014-04-04 18:12 -------- d-----w- C:\VirusTools 2014-04-04 15:04 . 2014-04-04 15:04 -------- d-----w- c:\program files (x86)\ESET 2014-04-04 14:30 . 2014-04-04 14:30 -------- d-----w- c:\users\mfranzowiak\AppData\Local\VirtualStore 2014-04-04 14:06 . 2014-04-04 14:10 -------- d-----w- c:\programdata\HitmanPro 2014-04-04 12:31 . 2014-04-04 13:09 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable) 2014-04-04 12:01 . 2014-04-04 12:01 -------- d-----w- c:\program files\TightVNC 2014-04-04 12:01 . 2014-04-04 12:01 -------- d-----w- c:\programdata\TightVNC 2014-04-03 20:38 . 2014-04-08 17:46 119512 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys 2014-04-03 20:38 . 2014-04-08 17:42 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware 2014-04-03 20:38 . 2014-04-03 20:38 -------- d-----w- c:\programdata\Malwarebytes 2014-04-03 20:38 . 2014-04-03 14:51 63192 ----a-w- c:\windows\system32\drivers\mwac.sys 2014-04-03 20:38 . 2014-04-03 14:51 88280 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys 2014-04-03 20:38 . 2014-04-03 14:50 25816 ----a-w- c:\windows\system32\drivers\mbam.sys . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1555968] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "IndexTray"="c:\program files (x86)\Sharp\Sharpdesk\IndexTray.exe" [2005-11-06 106496] "Indexer"="c:\program files (x86)\Sharp\Sharpdesk\Indexer.exe" [2005-11-06 184320] "SharpTray"="c:\program files (x86)\Sharp\Sharpdesk\SharpTray.exe" [2005-11-06 32768] "TypeRegChecker"="c:\program files (x86)\Sharp\Sharpdesk\TypeRegChecker.exe" [2005-11-06 57344] "FtpServer.exe"="c:\program files (x86)\Sharp\Sharpdesk\FtpServer.exe" [2005-11-06 688128] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904] "AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-11-19 2598520] "SageAutoUpdate"="c:\program files (x86)\Sage\Advisor\Update\Sage.NA.AT_AU.SysTray.exe" [2013-08-27 1082672] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "SoftwareSASGeneration"= 1 (0x1) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys] @="" . --- Other Services/Drivers In Memory --- . *NewlyCreated* - 15612407 *Deregistered* - 15612407 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] getPlusHelper REG_MULTI_SZ getPlusHelper . HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs Themes . Contents of the 'Scheduled Tasks' folder . 2014-04-09 c:\windows\Tasks\User_Feed_Synchronization-{EA38E5EB-0DB7-4B9F-98F1-E18D8317D759}.job - c:\windows\system32\msfeedssync.exe [2012-11-19 04:32] . 2014-04-09 c:\windows\Tasks\User_Feed_Synchronization-{F5132AAB-19F0-430E-93DA-4778A91311BC}.job - c:\windows\system32\msfeedssync.exe [2012-11-19 04:32] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NVRaidService"="c:\windows\system32\nvraidservice.exe" [2009-06-30 291872] "tvncontrol"="c:\program files\TightVNC\tvnserver.exe" [2013-07-19 2179056] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\system32\blank.htm uInternet Settings,ProxyOverride = <local>;192.168.1.*;169.254.179.*;127.0.0.* uInternet Settings,ProxyServer = https=192.168.1.12:8080 TCP: DhcpNameServer = 192.168.1.8 192.168.1.5 . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) . . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\InforVisualDrillback] "ImagePath"="\"C:/Visual/VMFG_ini/http2vm.exe\" -p 9090 -n InforVisualDrillback webserversrvc" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\InforVisualDrillback] "ImagePath"="\"C:/Visual/VMFG_ini/http2vm.exe\" -p 9090 -n InforVisualDrillback webserversrvc" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_278_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_278_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}] @Denied: (A 2) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0] @="Shockwave Flash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}] @Denied: (A 2) (Everyone) @="" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0] @="FlashBroker" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes] "SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59, 00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\ . Completion time: 2014-04-09 07:38:31 ComboFix-quarantined-files.txt 2014-04-09 12:38 ComboFix2.txt 2014-04-08 19:05 ComboFix3.txt 2014-04-04 13:56 . Pre-Run: 570,767,376,384 bytes free Post-Run: 570,716,852,224 bytes free . - - End Of File - - E765AAB8DC65E7F31D24F7225885EF6A 5C616939100B85E558DA92B899A0FC36 and here is the AdwCleaner Log # AdwCleaner v3.023 - Report created 09/04/2014 at 07:41:58 # Updated 01/04/2014 by Xplode # Operating System : Windows Vista Ultimate Service Pack 1 (64 bits) # Username : MFRANZOWIAK - WISRACCOUNTANT # Running from : C:\Users\mfranzowiak\Desktop\AdwCleaner.exe # Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** ***** [ Shortcuts ] ***** ***** [ Registry ] ***** ***** [ Browsers ] ***** -\\ Internet Explorer v8.0.6001.19088 ************************* AdwCleaner[R1].txt - [658 octets] - [09/04/2014 07:39:45] AdwCleaner[s1].txt - [580 octets] - [09/04/2014 07:41:58] ########## EOF - U:\AdwCleaner\AdwCleaner[s1].txt - [639 octets] ########## Malwarebytes did not find anything. The computer appears to be running better. Physical Memory usage is around 19% rather than the 50+% it was running yesterday.
  8. aberndt
    I have attached the files from TDSS Killer and ComboFix ComboFix.txt TDSSKiller.3.0.0.30_08.04.2014_13.41.58_log.txt TDSSKiller.3.0.0.30_08.04.2014_13.45.02_log.txt
  9. aberndt
    Here is the report RogueKiller V8.8.15 _x64_ [Mar 27 2014] by Adlice Software mail : http://www.adlice.com/contact/ Feedback : http://forum.adlice.com Website : http://www.adlice.com/softwares/roguekiller/ Blog : http://www.adlice.com Operating System : Windows Vista (6.0.6001 Service Pack 1) 64 bits version Started in : Normal mode User : mfranzowiak [Admin rights] Mode : Scan -- Date : 04/08/2014 13:00:55 | ARK || FAK || MBR | ¤¤¤ Bad processes : 1 ¤¤¤ [sVCHOST] svchost.exe -- C:\Windows\System32\svchost.exe [7] -> KILLED [TermProc] ¤¤¤ Registry Entries : 5 ¤¤¤ [PROXY IE][PUM] HKCU\[...]\Internet Settings : ProxyServer (hxxps=192.168.1.12:8080 [Country: (Private Address) (XX), City: (Private Address)]) -> FOUND [HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND [HJ POL][PUM] HKLM\[...]\System : EnableLUA (0) -> FOUND [HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : DisableRegistryTools (0) -> FOUND [HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : EnableLUA (0) -> FOUND ¤¤¤ Scheduled tasks : 0 ¤¤¤ ¤¤¤ Startup Entries : 0 ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ Browser Addons : 0 ¤¤¤ ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤ [Address] EAT @explorer.exe (DllCanUnloadNow) : SETUPAPI.dll -> HOOKED (C:\Windows\system32\iertutil.dll @ 0xFD0589A0) [Address] EAT @explorer.exe (DllGetClassObject) : SETUPAPI.dll -> HOOKED (C:\Windows\system32\iertutil.dll @ 0xFD058A70) [Address] EAT @explorer.exe (IEGetFrameUtilExports) : SETUPAPI.dll -> HOOKED (C:\Windows\system32\iertutil.dll @ 0xFD058B60) [Address] EAT @explorer.exe (IEGetProcessModule) : SETUPAPI.dll -> HOOKED (C:\Windows\system32\iertutil.dll @ 0xFD058B20) [Address] EAT @explorer.exe (IEGetTabWindowExports) : SETUPAPI.dll -> HOOKED (C:\Windows\system32\iertutil.dll @ 0xFD058B30) [Address] EAT @explorer.exe (IERT_DelayLoadFailureHook) : SETUPAPI.dll -> HOOKED (C:\Windows\system32\iertutil.dll @ 0xFD059440) [Address] EAT @explorer.exe (ImpersonateUser) : SETUPAPI.dll -> HOOKED (C:\Windows\system32\iertutil.dll @ 0xFD062580) [Address] EAT @explorer.exe (ResetIEExtensibility) : SETUPAPI.dll -> HOOKED (C:\Windows\system32\iertutil.dll @ 0xFD0637D0) [Address] EAT @explorer.exe (ResetIERegistrySettings) : SETUPAPI.dll -> HOOKED (C:\Windows\system32\iertutil.dll @ 0xFD0635B0) [Address] EAT @explorer.exe (RevertImpersonate) : SETUPAPI.dll -> HOOKED (C:\Windows\system32\iertutil.dll @ 0xFD062600) ¤¤¤ External Hives: ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> %SystemRoot%\System32\drivers\etc\hosts 127.0.0.1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ SCSI) ST375052 8AS SCSI Disk Device +++++ --- User --- [MBR] b29020154d167cae0516a8785139f658 [bSP] b6be6e9d0f0336d35e5e33756ce073f7 : Windows Vista MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 701204 MB 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1436066415 | Size: 14198 MB User = LL1 ... OK! Error reading LL2 MBR! ([0x1] Incorrect function. ) +++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ USB) Generic- Compact Flash USB Device +++++ Error reading User MBR! ([0x15] The device is not ready. ) User = LL1 ... OK! Error reading LL2 MBR! ([0x32] The request is not supported. ) +++++ PhysicalDrive2: (\\.\PHYSICALDRIVE2 @ USB) Generic- SM/xD-Picture USB Device +++++ Error reading User MBR! ([0x15] The device is not ready. ) User = LL1 ... OK! Error reading LL2 MBR! ([0x32] The request is not supported. ) +++++ PhysicalDrive3: (\\.\PHYSICALDRIVE3 @ USB) Generic- SD/MMC USB Device +++++ Error reading User MBR! ([0x15] The device is not ready. ) User = LL1 ... OK! Error reading LL2 MBR! ([0x32] The request is not supported. ) +++++ PhysicalDrive4: (\\.\PHYSICALDRIVE4 @ USB) Generic- MS/MS-Pro USB Device +++++ Error reading User MBR! ([0x15] The device is not ready. ) User = LL1 ... OK! Error reading LL2 MBR! ([0x32] The request is not supported. ) Finished : << RKreport[0]_S_04082014_130055.txt >>
  10. aberndt
    Hi MrCharlie - Sorry for the delay in responding. I ended up switching out his computer and now have the infected computer at my workstation where I can focus on cleaning it up. I will follow your instructions and post back. Thank you for your patience!!!
  11. aberndt
    I believe I have a computer that is infected by something as it plays random audio files and ads when no programs are open. Also, one of the svchost.exe processes does not appear to be associated with any service. I have tried a variety of the recommended tools but none comes up with any infection. Below are the results of the dds.txt file, then the attach.txt file. Thank you. DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 8.0.6001.19088 Run by MFRANZOWIAK at 10:11:20 on 2014-04-04 Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1252.1.1033.18.7934.6098 [GMT -5:00] . AV: AVG Anti-Virus Business Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0} SP: AVG Anti-Virus Business Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k rpcss C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\SLsvc.exe C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe C:\Windows\system32\HPSIsvc.exe C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files (x86)\Sage\Advisor\Update\Sage.NA.AT_AU.Service.exe C:\Windows\system32\taskeng.exe C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\TightVNC\tvnserver.exe C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\WUDFHost.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\System32\nvraidservice.exe C:\Program Files\TightVNC\tvnserver.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files (x86)\Sharp\Sharpdesk\IndexTray.exe C:\Program Files (x86)\Sharp\Sharpdesk\Indexer.exe C:\Program Files (x86)\Sharp\Sharpdesk\SharpTray.exe C:\Program Files (x86)\Sharp\Sharpdesk\FTPServer.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Program Files (x86)\AVG\AVG2012\avgtray.exe C:\Program Files (x86)\Sharp\Sharpdesk\nsapp.exe C:\Windows\System32\mobsync.exe C:\Program Files (x86)\Sage\Advisor\Update\Sage.NA.AT_AU.SysTray.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files (x86)\AVG\AVG2012\avgcfgex.exe C:\Program Files\TightVNC\tvnserver.exe C:\Program Files\TightVNC\hookldr.exe C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe C:\Program Files (x86)\AVG\AVG2012\avgrsa.exe C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe C:\Windows\explorer.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . uProxyServer = hxxps=192.168.1.12:8080 uProxyOverride = <local>;192.168.1.*;169.254.179.*;127.0.0.* dURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned> BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun mRun: [indexTray] "C:\Program Files (x86)\Sharp\Sharpdesk\IndexTray.exe" mRun: [indexer] "C:\Program Files (x86)\Sharp\Sharpdesk\Indexer.exe" mRun: [sharpTray] "C:\Program Files (x86)\Sharp\Sharpdesk\SharpTray.exe" mRun: [TypeRegChecker] "C:\Program Files (x86)\Sharp\Sharpdesk\TypeRegChecker.exe" mRun: [FtpServer.exe] "C:\Program Files (x86)\Sharp\Sharpdesk\FtpServer.exe" -usedefault mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe" mRun: [sageAutoUpdate] C:\Program Files (x86)\Sage\Advisor\Update\Sage.NA.AT_AU.SysTray.exe uPolicies-Explorer: NoDriveTypeAutoRun = dword:145 uPolicies-Explorer: NoDrives = dword:0 mPolicies-Explorer: NoDrives = dword:0 mPolicies-System: EnableUIADesktopToggle = dword:0 mPolicies-System: SoftwareSASGeneration = dword:1 IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} TCP: NameServer = 192.168.1.8 192.168.1.5 TCP: Interfaces\{535BD828-C5A9-453E-9F67-2ECBDE3D3659} : DHCPNameServer = 192.168.1.8 192.168.1.5 Handler: sds - {79E0F14C-9C52-4218-89A7-7C4B0563D121} - C:\Program Files (x86)\Sharp\Sharpdesk\ExplorerExtensions.dll LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll x64-Run: [NVRaidService] C:\Windows\System32\nvraidservice.exe x64-Run: [tvncontrol] "C:\Program Files\TightVNC\tvnserver.exe" -controlservice -slave x64-mPolicies-Explorer: NoDrives = dword:0 x64-mPolicies-System: EnableUIADesktopToggle = dword:0 x64-mPolicies-System: SoftwareSASGeneration = dword:1 x64-Handler: sds - {79E0F14C-9C52-4218-89A7-7C4B0563D121} - <orphaned> . ============= SERVICES / DRIVERS =============== . R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2012-4-19 28480] R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2012-1-31 36944] R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2012-11-8 307040] R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2011-12-23 47696] R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2013-4-11 384800] R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe [2013-10-16 5175856] R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-2-14 193288] R2 HPSIService;HP SI Service;C:\Windows\System32\HPSIsvc.exe [2011-10-27 126520] R2 Sage.NA.AT_AU.Service;Sage Advisor Update;C:\Program Files (x86)\Sage\Advisor\Update\Sage.NA.AT_AU.Service.exe [2013-8-27 39728] R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2009-7-14 239648] R2 tvnserver;TightVNC Server;C:\Program Files\TightVNC\tvnserver.exe [2013-7-19 2179056] R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2012-12-10 127328] R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\System32\drivers\avgidsfiltera.sys [2011-12-23 29776] R3 mvusbews;USB EWS Device;C:\Windows\System32\drivers\mvusbews.sys [2011-10-27 20480] R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S3 InforVisualDrillback;InforVisualDrillback;C:\Visual\VMFG_ini\HTTP2VM.EXE [2010-4-24 6971651] S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968] S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-11-6 93184] . =============== File Associations =============== . FileExt: .jse: JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %* . =============== Created Last 30 ================ . . ==================== Find3M ==================== . 2014-04-04 14:04:06 10971424 ----a-w- C:\HitmanPro_x64.exe 2014-04-04 13:31:51 5193944 ------r- C:\ComboFix.exe 2014-04-04 12:31:09 119000 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys 2014-04-04 12:30:44 91352 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys 2014-03-05 14:26:14 63192 ----a-w- C:\Windows\System32\drivers\mwac.sys 2014-03-05 14:26:04 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys 2014-01-27 20:20:13 4121952 ----a-w- C:\tdsskiller (1).exe 2014-01-27 20:14:43 1933048 ----a-w- C:\rkill (1).exe 2014-01-27 20:09:55 12589848 ----a-w- C:\mbar-1.07.0.1009.exe . ============= FINISH: 10:11:34.52 =============== . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft® Windows Vista™ Ultimate Boot Device: \Device\HarddiskVolume1 Install Date: 11/6/2009 5:36:13 PM System Uptime: 4/4/2014 9:38:24 AM (1 hours ago) . Motherboard: PEGATRON CORPORATION | | VIOLET Processor: AMD Phenom 9750 Quad-Core Processor | CPU 1 | 1200/200mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 685 GiB total, 534.495 GiB free. D: is FIXED (NTFS) - 14 GiB total, 1.949 GiB free. E: is CDROM () F: is Removable G: is Removable H: is Removable I: is Removable . ==== Disabled Device Manager Items ============= . Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318} Description: Atheros 802.11 a/b/g/n Dualband Wireless Network Module Device ID: PCI\VEN_168C&DEV_002A&SUBSYS_1000168C&REV_01\4&2D1C7976&0&0098 Manufacturer: Atheros Communications Inc. Name: Atheros 802.11 a/b/g/n Dualband Wireless Network Module PNP Device ID: PCI\VEN_168C&DEV_002A&SUBSYS_1000168C&REV_01\4&2D1C7976&0&0098 Service: athr . ==== System Restore Points =================== . RP1015: 2/18/2014 - Scheduled Checkpoint RP1016: 2/19/2014 - Scheduled Checkpoint RP1017: 2/20/2014 - Scheduled Checkpoint RP1018: 2/21/2014 - Scheduled Checkpoint RP1019: 2/24/2014 4:20:50 PM - Scheduled Checkpoint RP1020: 2/26/2014 - Scheduled Checkpoint RP1021: 2/27/2014 - Scheduled Checkpoint RP1022: 2/28/2014 12:00:01 AM - Scheduled Checkpoint RP1023: 3/3/2014 4:25:52 PM - Scheduled Checkpoint RP1024: 3/5/2014 12:00:01 AM - Scheduled Checkpoint RP1025: 3/6/2014 - Scheduled Checkpoint RP1026: 3/7/2014 - Scheduled Checkpoint RP1027: 3/10/2014 9:28:46 AM - Scheduled Checkpoint RP1028: 3/11/2014 - Scheduled Checkpoint RP1029: 3/12/2014 - Scheduled Checkpoint RP1030: 3/13/2014 - Scheduled Checkpoint RP1031: 3/14/2014 12:00:01 AM - Scheduled Checkpoint RP1032: 3/17/2014 4:25:40 PM - Scheduled Checkpoint RP1033: 3/19/2014 12:00:01 AM - Scheduled Checkpoint RP1034: 3/19/2014 12:20:36 PM - Scheduled Checkpoint RP1035: 3/21/2014 12:00:02 AM - Scheduled Checkpoint RP1036: 3/24/2014 4:23:30 PM - Scheduled Checkpoint RP1037: 3/26/2014 12:00:01 AM - Scheduled Checkpoint RP1038: 3/26/2014 3:00:11 AM - Windows Update RP1039: 3/27/2014 - Scheduled Checkpoint RP1040: 3/28/2014 - Scheduled Checkpoint RP1041: 3/31/2014 4:24:32 PM - Scheduled Checkpoint RP1042: 4/2/2014 - Scheduled Checkpoint RP1043: 4/3/2014 - Scheduled Checkpoint RP1044: 4/3/2014 7:43:58 PM - Scheduled Checkpoint RP1045: 4/4/2014 6:54:34 AM - Installed TightVNC RP1046: 4/4/2014 6:59:01 AM - Removed TightVNC RP1047: 4/4/2014 7:01:26 AM - Installed TightVNC . ==== Installed Programs ====================== . Update for Microsoft Office 2007 (KB2508958) Adobe AIR Adobe Flash Player 11 ActiveX Adobe Reader X (10.1.6) AVG 2012 Compatibility Pack for the 2007 Office system Crystal Reports XI R2 Service Pack 5 Crystal Reports XI Release 2 ESET Online Scanner v3 Gupta Runtime 4.0 Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) HP LaserJet Professional P1100-P1560-P1600 Series Malwarebytes Anti-Malware version 2.00.0.1000 Microsoft .NET Framework 3.5 SP1 Microsoft .NET Framework 4 Client Profile Microsoft .NET Framework 4 Extended Microsoft Office 2007 Service Pack 2 (SP2) Microsoft Office Access MUI (English) 2007 Microsoft Office Access Setup Metadata MUI (English) 2007 Microsoft Office Excel MUI (English) 2007 Microsoft Office File Validation Add-In Microsoft Office InfoPath MUI (English) 2007 Microsoft Office Office 64-bit Components 2007 Microsoft Office Outlook MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office Professional Plus 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) Microsoft Office Publisher MUI (English) 2007 Microsoft Office Shared 64-bit MUI (English) 2007 Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Word MUI (English) 2007 Microsoft Silverlight Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft XML Parser and SDK MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) NVIDIA Drivers NVIDIA PhysX NVIDIA Stereoscopic 3D Driver PDFCreator Sage Advisor Update Sage Fixed Assets - Depreciation Security Update for 2007 Microsoft Office System (KB2288621) Security Update for CAPICOM (KB931906) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Extended (KB2416472) Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition Security Update for Microsoft Office Access 2007 (KB979440) Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition Security Update for Microsoft Office InfoPath 2007 (KB2510061) Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition Security Update for Microsoft Office system 2007 (KB974234) Security Update for Microsoft Office Visio Viewer 2007 (KB973709) Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition Sharpdesk surveyor 3.5.30 Symantec AntiVirus Win64 TightVNC Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Microsoft .NET Framework 4 Client Profile (KB2473228) Update for Microsoft Office 2007 Help for Common Features (KB963673) Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition Update for Microsoft Office 2007 System (KB2539530) Update for Microsoft Office Access 2007 Help (KB963663) Update for Microsoft Office Excel 2007 Help (KB963678) Update for Microsoft Office Infopath 2007 Help (KB963662) Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition Update for Microsoft Office Outlook 2007 Help (KB963677) Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2878234) 32-Bit Edition Update for Microsoft Office Powerpoint 2007 Help (KB963669) Update for Microsoft Office Publisher 2007 Help (KB963667) Update for Microsoft Office Script Editor Help (KB963671) Update for Microsoft Office Word 2007 Help (KB963665) Visual C++ 8.0 Runtime Setup Package (x64) VISUAL Enterprise 6.5.4 SP2 VISUAL Payroll 6.5.2 SP2 Visual Studio 2008 x64 Redistributables Windows Installer Clean Up Windows Live ID Sign-in Assistant . ==== Event Viewer Messages From Past Week ======== . 4/4/2014 9:29:52 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Beep i8042prt SRTSP 4/4/2014 8:47:03 AM, Error: Application Popup [1060] - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver. 4/4/2014 8:43:30 AM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. 4/4/2014 8:16:39 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Avgldx64 Avgmfx64 i8042prt spldr SRTSP SRTSPX Wanarpv6 4/4/2014 8:16:39 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start. 4/4/2014 8:16:02 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} 4/4/2014 8:16:02 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF} 4/4/2014 8:15:54 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC} 4/4/2014 6:57:29 AM, Error: Service Control Manager [7031] - The TightVNC Server service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service. 4/4/2014 6:55:20 AM, Error: Service Control Manager [7034] - The NVIDIA Stereoscopic 3D Driver Service service terminated unexpectedly. It has done this 1 time(s). 4/4/2014 6:46:36 AM, Error: EventLog [6008] - The previous system shutdown at 6:44:31 AM on 4/4/2014 was unexpected. 4/3/2014 3:29:18 PM, Error: EventLog [6008] - The previous system shutdown at 3:08:44 PM on 4/3/2014 was unexpected. 3/31/2014 6:53:18 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: i8042prt SRTSP 3/31/2014 6:53:17 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Adobe Acrobat Update Service service to connect. 3/31/2014 6:51:28 AM, Error: SRTSP [5] - Error loading Symantec real time Anti-Virus driver. . ==== End Of File ===========================
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.