Jump to content

Search the Community

Showing results for tags 'Smart Fortress 2012'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Announcements
    • Malwarebytes News
    • Beta Testing Program
  • Malware Removal Help
    • Windows Malware Removal Help & Support
    • Mac Malware Removal Help & Support
    • Mobile Malware Removal Help & Support
    • Malware Removal Self-Help Guides
  • Malwarebytes for Home Support
    • Malwarebytes for Windows Support Forum
    • Malwarebytes for Mac Support Forum
    • Malwarebytes for Android Support Forum
    • Malwarebytes for iOS Support
    • Malwarebytes Privacy
    • Malwarebytes Browser Guard
    • False Positives
    • Comments and Suggestions
  • Malwarebytes for Business Support
    • Malwarebytes Endpoint Protection
    • Malwarebytes Incident Response (includes Breach Remediation)
    • Malwarebytes Endpoint Security
    • Malwarebytes Business Products Comments and Suggestions
  • Malwarebytes Tools and Other Products
    • Malwarebytes AdwCleaner
    • Malwarebytes Junkware Removal Tool Support
    • Malwarebytes Anti-Rootkit BETA Support
    • Malwarebytes Techbench USB (Legacy)
    • Malwarebytes Secure Backup discontinued
    • Other Tools
    • Malwarebytes Tools Comments and Suggestions
  • General Computer Help and Security Updates
    • BSOD, Crashes, Kernel Debugging
    • General Windows PC Help
  • Research Center
    • Newest Rogue-Ransomware Threats
    • Newest Malware Threats
    • Newest Mobile Threats
    • Newest IP or URL Threats
    • Newest Mac Threats
    • Report Scam Phone Numbers
  • General
    • General Chat
    • Forums Announcements & Feedback

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


AIM


MSN


Website URL


ICQ


Yahoo


Jabber


Location


Interests

Found 6 results

  1. I have Ran TDDSKiller with no infections found So far on every attempt to run ComboFix I get a warning that the recycle bin is corrupted. I then boot into safe mode and delete $RECYCLE.BIN then the problem is solved. Until I attempt to run ComboFix again. Then the problem returns. I have local network access, but no Internet access. I have been browsing around looking for help, and these are some of the commonly requested logs that I was able to get. MBAM Log Malwarebytes' Anti-Malware 1.51.2.1300 www.malwarebytes.org Database version: 7622 Windows 6.0.6001 Service Pack 1 (Safe Mode) Internet Explorer 7.0.6001.18000 6/7/2012 3:02:45 PM mbam-log-2012-06-07 (15-02-45).txt Scan type: Full scan (C:\|D:\|) Objects scanned: 304125 Time elapsed: 34 minute(s), 54 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) Security Check Log Results of screen317's Security Check version 0.99.41 Windows Vista Service Pack 1 x86 (UAC is enabled) Out of date service pack!! Internet Explorer 7 Out of date! ``````````````Antivirus/Firewall Check:`````````````` Windows Security Center service is not running! This report may not be accurate! WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` Out of date HijackThis installed! Spybot - Search & Destroy SUPERAntiSpyware Malwarebytes Anti-Malware version 1.61.0.1400 HijackThis 2.0.2 CCleaner Java 6 Update 7 Java version out of date! Adobe Reader 8 Adobe Reader out of date! Adobe Reader X KB403742.. Adobe Reader out of Date! ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbam.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 1 % ````````````````````End of Log`````````````````````` FSS Log Farbar Service Scanner Version: 09-06-2012 Ran by josh (administrator) on 12-06-2012 at 13:13:48 Running from "\\MAINPC\Users\Public" Microsoft® Windows Vista™ Home Premium Service Pack 1 (X86) Boot Mode: Nerwork **************************************************************** Internet Services: ============ Connection Status: ============== Attempt to access Local Host IP returned error: Localhost is blokked: Other errors LAN connected. Attempt to access Google IP returned error: Other errors Attempt to access Google.com returned error: Other errors Attempt to access Yahoo IP returned error: Other errors Attempt to access Yahoo.com returned error: Other errors Windows Firewall: ============= mpsdrv Service is not running. Checking service configuration: The start type of mpsdrv service is OK. The ImagePath of mpsdrv service is OK. MpsSvc Service is not running. Checking service configuration: Checking Start type: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist. Checking ImagePath: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist. Checking ServiceDll: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist. Firewall Disabled Policy: ================== System Restore: ============ SDRSVC Service is not running. Checking service configuration: The start type of SDRSVC service is OK. The ImagePath of SDRSVC service is OK. The ServiceDll of SDRSVC service is OK. VSS Service is not running. Checking service configuration: The start type of VSS service is OK. The ImagePath of VSS service is OK. System Restore Disabled Policy: ======================== Security Center: ============ wscsvc Service is not running. Checking service configuration: The start type of wscsvc service is OK. The ImagePath of wscsvc: "%SystemRoot%\System32\svchost.exe -k netsvcs". The ServiceDll of wscsvc service is OK. Windows Update: ============ wuauserv Service is not running. Checking service configuration: The start type of wuauserv service is OK. The ImagePath of wuauserv service is OK. The ServiceDll of wuauserv service is OK. BITS Service is not running. Checking service configuration: The start type of BITS service is OK. The ImagePath of BITS service is OK. The ServiceDll of BITS service is OK. EventSystem Service is not running. Checking service configuration: The start type of EventSystem service is OK. The ImagePath of EventSystem service is OK. The ServiceDll of EventSystem service is OK. Windows Autoupdate Disabled Policy: ============================ Windows Defender: ============== WinDefend Service is not running. Checking service configuration: The start type of WinDefend service is set to Demand. The default start type is Auto. The ImagePath of WinDefend service is OK. The ServiceDll of WinDefend service is OK. File Check: ======== C:\Windows\system32\nsisvc.dll => MD5 is legit C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit C:\Windows\system32\dhcpcsvc.dll [2008-05-21 16:29] - [2008-01-19 03:34] - 0204288 ____A (Microsoft Corporation) 43A988A9C10333476CB5FB667CBD629D C:\Windows\system32\Drivers\afd.sys [2012-03-12 11:10] - [2011-04-21 09:16] - 0273408 ____A (Microsoft Corporation) 48EB99503533C27AC6135648E5474457 C:\Windows\system32\Drivers\tdx.sys => MD5 is legit C:\Windows\system32\Drivers\tcpip.sys [2012-03-12 11:07] - [2010-06-16 11:55] - 0902032 ____A (Microsoft Corporation) 6216A954ED7045B62880A92D6C9B9FC7 C:\Windows\system32\dnsrslvr.dll [2012-03-12 11:10] - [2011-03-02 10:49] - 0086528 ____A (Microsoft Corporation) 4805D9A6D281C7A7DEFD9094DEC6AF7D C:\Windows\system32\mpssvc.dll [2008-05-21 16:30] - [2008-01-19 03:34] - 0393216 ____A (Microsoft Corporation) D1639BA315B0D79DEC49A4B0E1FB929B C:\Windows\system32\bfe.dll [2012-03-12 11:07] - [2010-06-16 11:09] - 0328704 ____A (Microsoft Corporation) D3E6D78285529962349A7F1617035938 C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit C:\Windows\system32\SDRSVC.dll => MD5 is legit C:\Windows\system32\vssvc.exe [2008-05-21 16:30] - [2008-01-19 03:33] - 1054720 ____A (Microsoft Corporation) D5FB73D19C46ADE183F968E13F186B23 C:\Windows\system32\wscsvc.dll [2008-05-21 16:29] - [2008-01-19 03:37] - 0061440 ____A (Microsoft Corporation) 683DD16B590372F2C9661D277F35E49C C:\Windows\system32\wbem\WMIsvc.dll [2008-05-21 16:29] - [2008-01-19 03:36] - 0161792 ____A (Microsoft Corporation) 00B79A7C984678F24CF052E5BEB3A2F5 C:\Windows\system32\wuaueng.dll => MD5 is legit C:\Windows\system32\qmgr.dll [2008-05-21 16:30] - [2008-01-19 03:36] - 0758272 ____A (Microsoft Corporation) 02ED7B4DBC2A3232A389106DA7515C3D C:\Windows\system32\es.dll [2008-08-14 15:41] - [2008-04-18 01:48] - 0269312 ____A (Microsoft Corporation) 3CB3343D720168B575133A0A20DC2465 C:\Windows\system32\cryptsvc.dll [2008-05-21 16:28] - [2008-01-19 03:34] - 0128000 ____A (Microsoft Corporation) 6DE363F9F99334514C46AEC02D3E3678 C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit C:\Windows\system32\svchost.exe => MD5 is legit C:\Windows\system32\rpcss.dll [2009-08-15 15:48] - [2009-03-03 00:39] - 0551424 ____A (Microsoft Corporation) 301AE00E12408650BADDC04DBC832830 **** End of log **** HijackThis log Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 3:28:02 AM, on 6/12/2012 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18639) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Logitech\SetPoint\KEM.exe C:\Program Files\Nikon\Nikon Message Center 2\NkMC2.exe C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe C:\Windows\System32\mobsync.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE C:\Windows\RtHDVCpl.exe C:\Windows\System32\rundll32.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe C:\Windows\System32\SysMonitor.exe C:\Program Files\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe C:\Windows\System32\rundll32.exe C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac C:\Windows\ehome\ehtray.exe C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\ehome\ehmsas.exe C:\Windows\system32\wbem\unsecapp.exe C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE C:\Windows\system32\taskmgr.exe \MAINPC\Users\Public\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://en.us.acer.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.us.acer.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.1.100:80 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file) O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [setPoint] C:\Program Files\Logitech\SetPoint\KEM.EXE O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [Nikon Message Center 2] C:\Program Files\Nikon\Nikon Message Center 2\NkMC2.exe -s O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe O4 - HKLM\..\Run: [sMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe O4 - HKLM\..\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [Acer Product Registration] "C:\Program Files\Acer Registration\ACE1.exe" /startup O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Windows\system32\SysMonitor.exe O4 - HKLM\..\Run: [Acer Assist Launcher] C:\Program Files\Acer Assist\launcher.exe O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe" O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe O4 - HKCU\..\Run: [Djykh] rundll32 "C:\Users\josh\AppData\Roaming\rasmanp.dll",NOEHO O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe" O4 - HKCU\..\Run: [speech Recognition] "C:\Windows\Speech\Common\sapisvr.exe" -SpeechUX -Startup O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - Global Startup: Empowering Technology Launcher.lnk = ? O4 - Global Startup: hpoddt01.exe.lnk = ? O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll O13 - Gopher Prefix: O16 - DPF: Cab1 - https://registration.rr.com/RegHelper.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{1C2B8C46-71C8-4D3F-BF01-803E1143AC2B}: NameServer = 8.8.8.8,192.168.1.1 O17 - HKLM\System\CS1\Services\Tcpip\..\{1C2B8C46-71C8-4D3F-BF01-803E1143AC2B}: NameServer = 8.8.8.8,192.168.1.1 O17 - HKLM\System\CS2\Services\Tcpip\..\{1C2B8C46-71C8-4D3F-BF01-803E1143AC2B}: NameServer = 8.8.8.8,192.168.1.1 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing) O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- End of file - 10369 bytes Thanks for any and all assistance!
  2. Hi there, Firstly a big thank you to your community and software devs. After tackling Smart Fortress 2012 for the best part of two days, it's great to be able to go somewhere and get help from those who have been able to remove it already Using instructions on your forum and bleeping computer (where I was directed to MWB), I have been able to remove this horrible malware. As you can see below, I ran two MWB scans during the process (1 quick and 1 full), these removed a number of issues: Malwarebytes Anti-Malware (Trial) 1.61.0.1400 www.malwarebytes.org Database version: v2012.04.04.08 Windows 7 Service Pack 1 x64 NTFS (Safe Mode/Networking) Internet Explorer 9.0.8112.16421 Me :: XPS-435 [administrator] Protection: Disabled 27/04/2012 1:29:50 AM mbam-log-2012-04-27 (01-29-50).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 243759 Time elapsed: 7 minute(s), 16 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1D4DB7D2-6EC9-47a3-BD87-1E41684E07BB} (PUP.MyWebSearch) -> Quarantined and deleted successfully. Registry Values Detected: 1 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|dplaysvr (Trojan.Agent) -> Data: C:\Users\Me\AppData\Local\dplaysvr.exe -> Quarantined and deleted successfully. Registry Data Items Detected: 5 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully. HKLM\SOFTWARE\Microsoft\Security Center|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully. HKLM\SOFTWARE\Microsoft\Security Center|FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully. HKLM\SOFTWARE\Microsoft\Security Center|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully. Folders Detected: 0 (No malicious items detected) Files Detected: 3 C:\Users\Me\AppData\Local\Temp\ms0cfg32.exe (Exploit.Drop.CFG) -> Quarantined and deleted successfully. C:\Users\Me\AppData\Local\dplaysvr.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\Me\Local Settings\Application Data\dplaysvr.exe (Trojan.Agent) -> Quarantined and deleted successfully. (end) Malwarebytes Anti-Malware (Trial) 1.61.0.1400 www.malwarebytes.org Database version: v2012.04.26.03 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Me :: XPS-435 [limited] Protection: Enabled 27/04/2012 1:46:25 AM mbam-log-2012-04-27 (01-46-25).txt Scan type: Full scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 824904 Time elapsed: 8 hour(s), 58 minute(s), 32 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 5 C:\Program Files (x86)\Windows Live\Messenger\riched20.dll (PUP.FunWebProducts) -> Quarantined and deleted successfully. C:\Users\Me\AppData\Local\Temp\~!#3330.tmp (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\Me\AppData\Local\Temp\~!#3A14.tmp (Trojan.LameShield) -> Quarantined and deleted successfully. C:\Users\Me\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40\fea0068-1e46f336 (Trojan.FakeMS) -> Quarantined and deleted successfully. C:\Windows\Temp\temp08.exe (Trojan.LameShield) -> Quarantined and deleted successfully. (end) This all seemed fine, though I noticed MWB was now blocking iexplore.exe from connecting to IP: 91.218.121.57, what seemes like randomly while in IE9. Seems to go for increasing port numbers at each attempt also. 2012/04/28 05:55:36 +1000 XPS-435 Me IP-BLOCK 91.218.121.57 (Type: outgoing, Port: 62627, Process: iexplore.exe) 2012/04/28 05:55:44 +1000 XPS-435 Me IP-BLOCK 91.218.121.57 (Type: outgoing, Port: 62630, Process: iexplore.exe) 2012/04/28 05:55:44 +1000 XPS-435 Me IP-BLOCK 91.218.121.57 (Type: outgoing, Port: 62629, Process: iexplore.exe) 2012/04/28 05:55:44 +1000 XPS-435 Me IP-BLOCK 91.218.121.57 (Type: outgoing, Port: 62631, Process: iexplore.exe) Was so close to doing a rebuild, but figured I have come this far and was hoping you could provide some help on how to stop this (and anything else you see that may be suspicious in my logs). Per directions on your site, please find below copy of DDS.txt and Attach.txt: ------------------------------------------- DDS.txt --------------------------------------------------------- . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421 Run by Me at 7:22:36 on 2012-04-28 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.61.1033.18.12279.9256 [GMT 10:00] . AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A} FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\WUDFHost.exe C:\Windows\system32\WUDFHost.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\atieclxx.exe C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe C:\Windows\system32\nvvsvc.exe C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Windows\SysWOW64\bgsvcgen.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files (x86)\FOXTEL\Download Player\Download Control\DCBin\DCService.exe C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe C:\Program Files (x86)\Common Files\Logishrd\LVMVFM\LVPrS64H.exe C:\Windows\system32\mfevtps.exe C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe C:\Windows\SysWOW64\PnkBstrA.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe C:\Windows\SysWOW64\vmnat.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files (x86)\Acronis\DiskDirector\OSS\reinstall_svc.exe C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe C:\Windows\SysWOW64\vmnetdhcp.exe C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\Explorer.EXE C:\Program Files (x86)\Google\Update\GoogleUpdate.exe C:\Program Files\Logitech\Gaming Software\LWEMon.exe C:\Program Files\Logitech\GamePanel Software\LGDevAgt.exe C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe C:\Program Files (x86)\PowerISO\PWRISOVM.EXE C:\Program Files\Microsoft IntelliPoint\ipoint.exe C:\Program Files\Logitech\SetPointP\SetPoint.exe C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\NVIDIA Corporation\Display\nvtray.exe C:\Windows\SysWOW64\rundll32.exe C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe C:\Users\Me\AppData\Local\Google\Update\GoogleUpdate.exe C:\Program Files (x86)\Logitech\Vid HD\Vid.exe C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe C:\Users\Me\AppData\Local\Google\Chrome\Application\18.0.1025.162\chrome_frame_helper.exe C:\Program Files (x86)\Common Files\Panasonic\HD Writer AutoStart\HDWriterAutoStart.exe C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE C:\Windows\SysWOW64\rundll32.exe C:\Program Files (x86)\Citrix\ICA Client\concentr.exe C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe C:\Program Files\Logitech\SetPointG\SetPointII.exe C:\Program Files (x86)\NETGEAR Genie\bin\genie_tray.exe C:\Windows\splwow64.exe C:\Program Files (x86)\Windows Media Player\wmplayer.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\System32\alg.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe C:\Program Files (x86)\NETGEAR\USB Control Center\Control Center.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe C:\Program Files (x86)\CyberLink\Shared files\brs.exe C:\Program Files (x86)\DVD or CD Sharing\ODSAgent.exe C:\Program Files\McAfee.com\Agent\mcagent.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files\iPod\bin\iPodService.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Program Files (x86)\Memeo\AutoBackup\InstantBackup.exe C:\Windows\system32\DllHost.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe C:\Program Files\Common Files\McAfee\Core\mchost.exe C:\Windows\System32\svchost.exe -k secsvcs C:\Windows\system32\svchost.exe -k SDRSVC C:\Windows\system32\vssvc.exe C:\Windows\System32\svchost.exe -k swprv C:\Windows\SysWOW64\NOTEPAD.EXE C:\Windows\SysWOW64\DllHost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com.au/ uInternet Settings,ProxyOverride = *.local mWinlogon: Userinit=userinit.exe, BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120418141541.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - No File BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL BHO: {DA5BCE70-D057-4D63-943D-5F3927EC59F1} - No File BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun uRun: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent uRun: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe uRun: [AdobeBridge] uRun: [Google Update] "C:\Users\Me\AppData\Local\Google\Update\GoogleUpdate.exe" /c uRun: [Logitech Vid] "C:\Program Files (x86)\Logitech\Vid HD\Vid.exe" -bootmode uRun: [JumiController] C:\Program Files (x86)\Jumi\jumi.exe uRun: [OfficeSyncProcess] "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden uRun: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe uRun: [NETGEARGenie] "C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe" -mini -redirect uRun: [ChromeFrameHelper] "C:\Users\Me\AppData\Local\Google\Chrome\Application\18.0.1025.162\chrome_frame_helper.exe" --startup mRun: [Freecorder FLV Service] "C:\Program Files (x86)\Freecorder\FLVSrvc.exe" /run mRun: [P17RunE] RunDll32 P17RunE.dll,RunDLLEntry mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe mRun: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices mRun: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin mRun: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup mRun: [OLPSYNCH] C:\Program Files (x86)\Offline Course Player\OlpSynch.exe mRun: [CloneCDTray] "C:\Program Files (x86)\SlySoft\CloneCD\CloneCDTray.exe" /s mRun: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide mRun: [FAStartup] mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [Netgear UDS Control Center] C:\Program Files (x86)\NETGEAR\USB Control Center\Control Center.exe -mini mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun: [Memeo Instant Backup] C:\Program Files (x86)\Memeo\AutoBackup\MemeoLauncher2.exe --silent --no_ui mRun: [Memeo AutoSync] C:\Program Files (x86)\Memeo\AutoSync\MemeoLauncher2.exe --silent mRun: [TrueImageMonitor.exe] "C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe" mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW mRun: [updateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5" mRun: [MDS_Menu] "C:\Program Files (x86)\CyberLink\MediaShow4\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\MediaShow4" UpdateWithCreateOnce "Software\CyberLink\MediaShow\4.1" mRun: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe" mRun: [updateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0" mRun: [RemoteControl9] "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe" mRun: [bDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe mRun: [updatePPShortCut] "C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerProducer" UpdateWithCreateOnce "Software\CyberLink\PowerProducer\5.0" mRun: [uCam_Menu] "C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0" mRun: [LGODDFU] "C:\Program Files (x86)\lg_fwupdate\fwupdate.exe" blrun mRun: [updatePSTShortCut] "C:\Program Files (x86)\CyberLink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Blu-ray Disc Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter" mRun: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [DVD or CD Sharing] "C:\Program Files (x86)\DVD or CD Sharing\ODSAgent.exe" mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun: [RandomBars] "C:\Program Files (x86)\Common Files\RandomBars\RandomBars.exe" /g mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray StartupFolder: C:\Users\Me\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HDWRIT~1.LNK - C:\Program Files (x86)\Common Files\Panasonic\HD Writer AutoStart\HDWriterAutoStart.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ONLINE~1.LNK - C:\Windows\Installer\{0F1F7A90-E71B-4E45-A066-2891619F22E1}\pnaico.exe.20FBBF0A_A7E5_4BDE_9798_9811C3D135AC.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\PICTUR~1.LNK - C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1) mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) mPolicies-system: EnableLinkedConnections = 1 (0x1) IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll LSP: %SystemRoot%\system32\vsocklib.dll Trusted Zone: debras.com.au\www Trusted Zone: westpac.com.au\red DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxps://a248.e.akamai.net/f/248/14778/2h/dlmanager.download.akamai.com/14778/dlmanager/versions/activex/dlm-activex-2.2.6.0.cab DPF: {82E5DF24-51E8-47CD-864A-F4BD5005AA73} - hxxps://www.icloud.com/system/iCloud.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15112/CTPID.cab TCP: DhcpNameServer = 192.168.1.1 TCP: Interfaces\{059445F7-6DF0-4E11-AD5E-04032E76E034} : DhcpNameServer = 10.4.85.135 10.4.176.231 TCP: Interfaces\{2B1A7A28-C8E2-4B03-892A-C7567C36589E} : DhcpNameServer = 192.168.1.1 TCP: Interfaces\{46221949-C3D6-4920-A444-9BAEBDBA4A15} : DhcpNameServer = 10.176.66.71 10.188.66.103 Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\McAfee\MSC\McSnIePl.dll Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Users\Me\AppData\Local\Google\Chrome\Application\18.0.1025.162\npchrome_frame.dll Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe" BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO-X64: AcroIEHelperStub - No File BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120418141541.dll BHO-X64: scriptproxy - No File BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll BHO-X64: SkypeIEPluginBHO - No File BHO-X64: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - No File BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL BHO-X64: URLRedirectionBHO - No File BHO-X64: {DA5BCE70-D057-4D63-943D-5F3927EC59F1} - No File BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll mRun-x64: [Freecorder FLV Service] "C:\Program Files (x86)\Freecorder\FLVSrvc.exe" /run mRun-x64: [P17RunE] RunDll32 P17RunE.dll,RunDLLEntry mRun-x64: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe mRun-x64: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices mRun-x64: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe mRun-x64: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin mRun-x64: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup mRun-x64: [OLPSYNCH] C:\Program Files (x86)\Offline Course Player\OlpSynch.exe mRun-x64: [CloneCDTray] "C:\Program Files (x86)\SlySoft\CloneCD\CloneCDTray.exe" /s mRun-x64: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide mRun-x64: [FAStartup] mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun-x64: [Netgear UDS Control Center] C:\Program Files (x86)\NETGEAR\USB Control Center\Control Center.exe -mini mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun-x64: [Memeo Instant Backup] C:\Program Files (x86)\Memeo\AutoBackup\MemeoLauncher2.exe --silent --no_ui mRun-x64: [Memeo AutoSync] C:\Program Files (x86)\Memeo\AutoSync\MemeoLauncher2.exe --silent mRun-x64: [TrueImageMonitor.exe] "C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe" mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW mRun-x64: [updateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5" mRun-x64: [MDS_Menu] "C:\Program Files (x86)\CyberLink\MediaShow4\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\MediaShow4" UpdateWithCreateOnce "Software\CyberLink\MediaShow\4.1" mRun-x64: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe" mRun-x64: [updateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0" mRun-x64: [RemoteControl9] "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe" mRun-x64: [bDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe mRun-x64: [updatePPShortCut] "C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerProducer" UpdateWithCreateOnce "Software\CyberLink\PowerProducer\5.0" mRun-x64: [uCam_Menu] "C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0" mRun-x64: [LGODDFU] "C:\Program Files (x86)\lg_fwupdate\fwupdate.exe" blrun mRun-x64: [updatePSTShortCut] "C:\Program Files (x86)\CyberLink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Blu-ray Disc Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter" mRun-x64: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun-x64: [DVD or CD Sharing] "C:\Program Files (x86)\DVD or CD Sharing\ODSAgent.exe" mRun-x64: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun-x64: [RandomBars] "C:\Program Files (x86)\Common Files\RandomBars\RandomBars.exe" /g mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL . ============= SERVICES / DRIVERS =============== . R0 fltsrv;Acronis Storage Filter Management;C:\Windows\system32\DRIVERS\fltsrv.sys --> C:\Windows\system32\DRIVERS\fltsrv.sys [?] R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?] R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys --> C:\Windows\system32\drivers\mfewfpk.sys [?] R0 vididr;Acronis Virtual Disk;C:\Windows\system32\DRIVERS\vididr.sys --> C:\Windows\system32\DRIVERS\vididr.sys [?] R0 vidsflt61;Acronis Disk Storage Filter (61);C:\Windows\system32\DRIVERS\vsflt61.sys --> C:\Windows\system32\DRIVERS\vsflt61.sys [?] R1 ctxusbm;Citrix USB Monitor Driver;C:\Windows\system32\DRIVERS\ctxusbm.sys --> C:\Windows\system32\DRIVERS\ctxusbm.sys [?] R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\system32\DRIVERS\mfenlfk.sys --> C:\Windows\system32\DRIVERS\mfenlfk.sys [?] R2 afcdpsrv;Acronis Nonstop Backup Service;C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2011-12-19 3450832] R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?] R2 Foxtel;Foxtel Download Manager;C:\Program Files (x86)\FOXTEL\Download Player\Download Control\DCBin\DCService.exe [2009-9-24 70144] R2 LVPrcS64;Process Monitor;C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe [2010-5-7 197976] R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-4-27 654408] R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-3-31 249936] R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-3-31 249936] R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-3-31 249936] R2 McShield;McAfee McShield;C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2012-3-31 199272] R2 MemeoBackgroundService;MemeoBackgroundService;C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe [2011-5-5 25824] R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2012-3-31 210584] R2 mfevtp;McAfee Validation Trust Protection Service;"C:\Windows\system32\mfevtps.exe" --> C:\Windows\system32\mfevtps.exe [?] R2 NETGEARGenieDaemon;NETGEARGenieDaemon;C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe [2012-3-7 1370400] R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-9-30 2253120] R2 OS Selector;Acronis OS Selector activator;C:\Program Files (x86)\Acronis\DiskDirector\OSS\reinstall_svc.exe [2010-9-29 2139400] R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2010-7-19 1153368] R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-14 381248] R2 syncagentsrv;Acronis Sync Agent Service;C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe [2011-11-10 5890144] R2 VMUSBArbService;VMware USB Arbitration Service;C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [2011-8-29 846448] R3 afcdp;afcdp;C:\Windows\system32\DRIVERS\afcdp.sys --> C:\Windows\system32\DRIVERS\afcdp.sys [?] R3 cfwids;McAfee Inc. cfwids;C:\Windows\system32\drivers\cfwids.sys --> C:\Windows\system32\drivers\cfwids.sys [?] R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;C:\Windows\system32\drivers\LGBusEnum.sys --> C:\Windows\system32\drivers\LGBusEnum.sys [?] R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;C:\Windows\system32\drivers\LGVirHid.sys --> C:\Windows\system32\drivers\LGVirHid.sys [?] R3 LVPr2M64;Logitech LVPr2M64 Driver;C:\Windows\system32\DRIVERS\LVPr2M64.sys --> C:\Windows\system32\DRIVERS\LVPr2M64.sys [?] R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?] R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?] R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\system32\drivers\mfefirek.sys --> C:\Windows\system32\drivers\mfefirek.sys [?] R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?] R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?] S2 0234041313755837mcinstcleanup;McAfee Application Installer Cleanup (0234041313755837);C:\Windows\TEMP\023404~1.EXE C:\PROGRA~2\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service --> C:\Windows\TEMP\023404~1.EXE C:\PROGRA~2\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service [?] S2 CLKMSVC10_9EC60124;CyberLink Product - 2012/01/14 22:53:28;C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [2010-11-23 240112] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-1-30 135664] S3 ACSSCR;ACR38 Smart Card Reader;C:\Windows\system32\DRIVERS\a38usb.sys --> C:\Windows\system32\DRIVERS\a38usb.sys [?] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-24 253088] S3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?] S3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?] S3 CompFilter64;UVCCompositeFilter;C:\Windows\system32\DRIVERS\lvbflt64.sys --> C:\Windows\system32\DRIVERS\lvbflt64.sys [?] S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2010-5-1 79360] S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-5-1 79360] S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files (x86)\steam\steamapps\common\dragon age ultimate edition\bin_ship\DAUpdaterSvc.Service.exe --> c:\program files (x86)\steam\steamapps\common\dragon age ultimate edition\bin_ship\DAUpdaterSvc.Service.exe [?] S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-1-30 135664] S3 jumi;%Jumi%;C:\Windows\system32\DRIVERS\jumi.sys --> C:\Windows\system32\DRIVERS\jumi.sys [?] S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\system32\DRIVERS\lvrs64.sys --> C:\Windows\system32\DRIVERS\lvrs64.sys [?] S3 LVUVC64;Logitech HD Pro Webcam C910(UVC);C:\Windows\system32\DRIVERS\lvuvc64.sys --> C:\Windows\system32\DRIVERS\lvuvc64.sys [?] S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?] S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880] S3 Netaapl;Apple Mobile Device Ethernet Service;C:\Windows\system32\DRIVERS\netaapl64.sys --> C:\Windows\system32\DRIVERS\netaapl64.sys [?] S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184] S3 RemoteControl-USBLAN;RemoteControl-USBLAN;C:\Windows\system32\DRIVERS\rcblan.sys --> C:\Windows\system32\DRIVERS\rcblan.sys [?] S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096] S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?] S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?] . =============== Created Last 30 ================ . 2012-04-27 21:12:24 -------- d-----w- C:\Users\Me\AppData\Local\{CEE896F5-E443-416B-90BD-A5B1FD04E79C} 2012-04-27 21:12:04 -------- d-----w- C:\Users\Me\AppData\Local\{3FA50B24-8FAD-11E1-826D-B8AC6F996F26} 2012-04-27 17:31:00 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{033B5F5C-4A19-4D45-BF9B-DFE534E72D46}\offreg.dll 2012-04-27 13:11:39 8917360 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{033B5F5C-4A19-4D45-BF9B-DFE534E72D46}\mpengine.dll 2012-04-26 16:19:08 222560 ----a-w- C:\Windows\SysWow64\snapapi.dll 2012-04-26 15:17:00 -------- d-----w- C:\Users\Me\AppData\Roaming\Malwarebytes 2012-04-26 15:16:56 -------- d-----w- C:\ProgramData\Malwarebytes 2012-04-26 15:16:55 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys 2012-04-26 15:16:55 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2012-04-26 15:10:07 883616 ----a-w- C:\FixExec.com 2012-04-26 14:32:35 302080 ----a-w- C:\ProgramData\XkFcjVGVgWJhiQK.exe 2012-04-26 14:30:41 -------- d-----w- C:\ProgramData\99058D5000007AC400043884B4EB2367 2012-04-26 14:30:34 -------- d-----w- C:\Program Files (x86)\Common Files\RandomBars 2012-04-26 14:30:13 42592 --sh--w- C:\Users\Me\AppData\Local\dplayx.dll 2012-04-24 05:36:13 8741536 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe 2012-04-24 04:39:26 418464 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2012-04-15 03:54:18 -------- d-----w- C:\Program Files\iPod 2012-04-15 03:54:17 -------- d-----w- C:\Program Files\iTunes 2012-04-12 17:01:19 81408 ----a-w- C:\Windows\System32\imagehlp.dll 2012-04-12 17:01:19 5120 ----a-w- C:\Windows\SysWow64\wmi.dll 2012-04-12 17:01:19 5120 ----a-w- C:\Windows\System32\wmi.dll 2012-04-12 17:01:19 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys 2012-04-12 17:01:19 220672 ----a-w- C:\Windows\System32\wintrust.dll 2012-04-12 17:01:19 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll 2012-04-12 17:01:19 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll 2012-04-12 17:00:48 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA% 2012-04-01 08:38:51 -------- d-----w- C:\Program Files (x86)\THQ 2012-03-31 14:44:02 -------- d-----w- C:\Users\Me\AppData\Local\Eraser 6 2012-03-30 16:26:14 10248 ----a-w- C:\Windows\System32\drivers\mfeclnk.sys 2012-03-30 16:25:26 75936 ----a-w- C:\Windows\System32\drivers\mfenlfk.sys 2012-03-30 16:25:26 289664 ----a-w- C:\Windows\System32\drivers\mfewfpk.sys 2012-03-30 16:25:25 65264 ----a-w- C:\Windows\System32\drivers\cfwids.sys 2012-03-30 16:25:25 487296 ----a-w- C:\Windows\System32\drivers\mfefirek.sys 2012-03-30 16:25:25 229528 ----a-w- C:\Windows\System32\drivers\mfeavfk.sys 2012-03-30 16:25:25 100912 ----a-w- C:\Windows\System32\drivers\mferkdet.sys 2012-03-30 16:19:07 162192 ----a-w- C:\Windows\System32\mfevtps.exe . ==================== Find3M ==================== . 2012-04-26 14:28:57 283304 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr 2012-04-26 14:28:57 283304 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe 2012-04-26 14:28:38 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0 2012-04-24 05:36:21 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2012-04-14 04:31:07 96784 ----a-w- C:\Windows\SysWow64\packet.dll 2012-04-14 04:31:07 369168 ----a-w- C:\Windows\System32\wpcap.dll 2012-04-14 04:31:07 35344 ----a-w- C:\Windows\System32\drivers\npf.sys 2012-04-14 04:31:07 281104 ----a-w- C:\Windows\SysWow64\wpcap.dll 2012-04-14 04:31:07 106000 ----a-w- C:\Windows\System32\packet.dll 2012-03-30 16:49:12 198944 ----a-w- C:\Windows\System32\drivers\snapman.sys 2012-03-08 08:50:28 49016 ----a-w- C:\Windows\SysWow64\sirenacm.dll 2012-03-06 06:53:37 5559152 ----a-w- C:\Windows\System32\ntoskrnl.exe 2012-03-06 05:59:47 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe 2012-03-06 05:59:41 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe 2012-02-28 06:56:48 2311168 ----a-w- C:\Windows\System32\jscript9.dll 2012-02-28 06:49:56 1390080 ----a-w- C:\Windows\System32\wininet.dll 2012-02-28 06:48:57 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl 2012-02-28 06:42:55 2382848 ----a-w- C:\Windows\System32\mshtml.tlb 2012-02-28 01:18:55 1799168 ----a-w- C:\Windows\SysWow64\jscript9.dll 2012-02-28 01:11:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2012-02-28 01:11:07 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll 2012-02-28 01:03:16 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2012-02-23 00:18:36 279656 ------w- C:\Windows\System32\MpSigStub.exe 2012-02-22 03:29:46 647208 ----a-w- C:\Windows\System32\drivers\mfehidk.sys 2012-02-22 03:29:46 160792 ----a-w- C:\Windows\System32\drivers\mfeapfk.sys 2012-02-17 06:38:26 1031680 ----a-w- C:\Windows\System32\rdpcore.dll 2012-02-17 05:34:22 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll 2012-02-17 04:58:24 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys 2012-02-17 04:57:32 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys 2012-02-15 12:22:10 76888 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe 2012-02-14 02:09:44 1070352 ----a-w- C:\Windows\SysWow64\MSCOMCTL.OCX 2012-02-10 06:36:07 1544192 ----a-w- C:\Windows\System32\DWrite.dll 2012-02-10 05:38:43 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll 2012-02-03 04:34:34 3145728 ----a-w- C:\Windows\System32\win32k.sys . ============= FINISH: 7:23:01.33 =============== ------------------------------------------- Attach.txt --------------------------------------------------------- . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume2 Install Date: 20/12/2009 7:18:33 AM System Uptime: 28/04/2012 7:10:55 AM (0 hours ago) . Motherboard: DELL Inc. | | 0X501H Processor: Intel® Core™ i7 CPU 920 @ 2.67GHz | CPU 1 | 2668/133mhz . ==== Disk Partitions ========================= . A: is FIXED (NTFS) - 1863 GiB total, 191.101 GiB free. B: is FIXED (NTFS) - 1863 GiB total, 351.271 GiB free. C: is FIXED (NTFS) - 1863 GiB total, 246.958 GiB free. D: is CDROM () E: is CDROM (UDF) F: is CDROM () . ==== Disabled Device Manager Items ============= . Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318} Description: VMware Virtual Ethernet Adapter for VMnet1 Device ID: ROOT\VMWARE\0000 Manufacturer: VMware, Inc. Name: VMware Virtual Ethernet Adapter for VMnet1 PNP Device ID: ROOT\VMWARE\0000 Service: VMnetAdapter . Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318} Description: VMware Virtual Ethernet Adapter for VMnet8 Device ID: ROOT\VMWARE\0001 Manufacturer: VMware, Inc. Name: VMware Virtual Ethernet Adapter for VMnet8 PNP Device ID: ROOT\VMWARE\0001 Service: VMnetAdapter . Class GUID: {36fc9e60-c465-11cf-8056-444553540000} Description: Unknown Device Device ID: USB\VID_0000&PID_0000\5&4051B8C&0&3 Manufacturer: (Standard USB Host Controller) Name: Unknown Device PNP Device ID: USB\VID_0000&PID_0000\5&4051B8C&0&3 Service: . ==== System Restore Points =================== . RP375: 27/04/2012 1:55:02 AM - Removed Eraser 6.0.9.2563 RP376: 27/04/2012 7:49:01 PM - Removed Eraser 6.0.9.2563 RP377: 27/04/2012 8:11:15 PM - Installed Microsoft Fix it 50687 RP378: 27/04/2012 11:11:09 PM - Windows Update . ==== Installed Programs ====================== . Acrobat.com Acronis Disk Director 11 Home Acronis Drive Cleanser Acronis True Image Home 2012 Adobe AIR Adobe Community Help Adobe Creative Suite 5 Production Premium Adobe ExtendScript Toolkit 2 Adobe Media Player Adobe Reader 9.5.1 Adobe Shockwave Player 11.5 Adobe Story Age of Empires III Apple Application Support Apple Software Update Ashes Cricket 2009 Back to the Future: Ep 2 - Get Tannen! Back to the Future: Ep 3 - Citizen Brown Back to the Future: Episode 1 Battlefield 3™ Battlefield: Bad Company 2 Battlelog Web Plugins Call of Duty Modern Warfare 3 version 1.0 Call of Duty® 4 - Modern Warfare™ Call of Duty: Black Ops Call of Duty: Black Ops - Multiplayer CameraHelperMsi Canon CanoScan Toolbox 5.0 CCS64 V3.8 Citrix online plug-in Citrix online plug-in (DV) Citrix online plug-in (HDX) Citrix online plug-in (PNA) Citrix online plug-in (SSON) Citrix online plug-in (USB) Citrix online plug-in (Web) Click to Call with Skype CloneCD Creative ALchemy Creative Audio Control Panel Creative MediaSource 5 Creative Software AutoUpdate Creative Sound Blaster Properties x64 Edition Creative WaveStudio 7 Cyberduck 4.0 (8510) CyberLink BD Advisor 2.0 CyberLink Blu-ray Disc Suite CyberLink LabelPrint CyberLink LG Burning Tool CyberLink MediaShow CyberLink PowerBackup CyberLink PowerDVD 9 CyberLink PowerProducer CyberLink YouCam D3DX10 Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition Dell Driver Download Manager DivX Setup DVD or CD Sharing DVDFab 8.1.5.9 (20/01/2012) Qt e-tax 2011 eReg ESN Sonar F1 2011 Finding Nemo Foxtel Download Manager 4.1.500.11 FOXTEL Download Player Freecorder 4.0 Application Google Chrome Google Chrome Frame Google Earth Plug-in Google Toolbar for Internet Explorer Google Update Helper HandBrake 0.9.6 HD Writer AE 2.1 ImgBurn Java Auto Updater Java™ 6 Update 29 Junk Mail filter update LG Tool Kit LightScribe System Software Logitech Harmony Remote Software 7 Logitech Touch Mouse Server 1.0 Logitech Vid HD Logitech Webcam Software LWS Facebook LWS Gallery LWS Help_main LWS Launcher LWS Motion Detection LWS Pictures And Video LWS Twitter LWS Video Mask Maker LWS Webcam Software LWS WLM Plugin LWS YouTube Plugin Magic Bullet Quick Looks Limited MakeMKV v1.7.4 Malwarebytes Anti-Malware version 1.61.0.1400 Mass Effect™ 3 Demo McAfee SecurityCenter Medal of Honor™ Multiplayer Medal of Honor™ Single Player Memeo AutoSync Memeo Instant Backup Microsoft Age of Empires II Microsoft Age of Empires II: The Conquerors Expansion Microsoft Chart Controls for Microsoft .NET Framework 3.5 Microsoft Flight Microsoft Games for Windows - LIVE Redistributable Microsoft Games for Windows Marketplace Microsoft Office 2010 Service Pack 1 (SP1) Microsoft Office Access MUI (English) 2010 Microsoft Office Access Setup Metadata MUI (English) 2010 Microsoft Office Excel MUI (English) 2010 Microsoft Office Groove MUI (English) 2010 Microsoft Office InfoPath MUI (English) 2010 Microsoft Office OneNote MUI (English) 2010 Microsoft Office Outlook MUI (English) 2010 Microsoft Office PowerPoint MUI (English) 2010 Microsoft Office Professional Plus 2010 Microsoft Office Proof (English) 2010 Microsoft Office Proof (French) 2010 Microsoft Office Proof (Spanish) 2010 Microsoft Office Proofing (English) 2010 Microsoft Office Publisher MUI (English) 2010 Microsoft Office Shared MUI (English) 2010 Microsoft Office Shared Setup Metadata MUI (English) 2010 Microsoft Office Word MUI (English) 2010 Microsoft SQL Server Compact 3.5 SP1 English Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft_VC80_ATL_x86 Microsoft_VC80_CRT_x86 Microsoft_VC80_MFC_x86 Microsoft_VC80_MFCLOC_x86 Microsoft_VC90_ATL_x86 Microsoft_VC90_CRT_x86 Microsoft_VC90_MFC_x86 MSVCRT MSVCRT_amd64 MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) NETGEAR Genie NETGEAR USB Control Center NVIDIA PhysX NVIDIA Stereoscopic 3D Driver Offline Course Player OpenAL Origin PDF Settings CS5 PictureMover Plex Plex Media Server Plus Pack for Acronis True Image Home 2012 PowerISO PunkBuster Services PxMergeModule QuickTime Rapture3D 2.4.9 Game Remote Control USB Driver ResScan Roadkil's Raw Copy Version 1.2 Safari Security Update for CAPICOM (KB931906) Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841) Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft Office 2010 (KB2553091) Security Update for Microsoft Office 2010 (KB2553096) Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2598039) 32-Bit Edition Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition Security Update for Microsoft SharePoint Workspace 2010 (KB2566445) Security Update for Microsoft Visio Viewer 2010 (KB2597170) 32-Bit Edition SHIFT 2 UNLEASHED™ Skype™ 5.5 Spybot - Search & Destroy System Requirements Lab Test Drive Unlimited 2 Ubisoft Game Launcher Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft Excel 2010 (KB2553439) 32-Bit Edition Update for Microsoft Office 2010 (KB2494150) Update for Microsoft Office 2010 (KB2553065) Update for Microsoft Office 2010 (KB2553092) Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition Update for Microsoft Office 2010 (KB2566458) Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition VC80CRTRedist - 8.0.50727.6195 Virtua Tennis™ 2009 Visual C++ 2008 x86 Runtime - (v9.0.30729) Visual C++ 2008 x86 Runtime - v9.0.30729.01 VMware Player Windows Live Communications Platform Windows Live Essentials Windows Live Installer Windows Live Mail Windows Live Messenger Windows Live Photo Common Windows Live PIMT Platform Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources WinX DVD Ripper Platinum 6.0.2 WinZip 15.5 World of Warcraft World of Warcraft Public Test . ==== Event Viewer Messages From Past Week ======== . 28/04/2012 7:13:00 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Lbd luafv 28/04/2012 7:13:00 AM, Error: Service Control Manager [7022] - The NETGEARGenieDaemon service hung on starting. 28/04/2012 7:08:19 AM, Error: Service Control Manager [7011] - A timeout (120000 milliseconds) was reached while waiting for a transaction response from the IPBusEnum service. 27/04/2012 8:27:26 PM, Error: Service Control Manager [7023] - The Base Filtering Engine service terminated with the following error: Access is denied. 27/04/2012 8:27:26 PM, Error: Service Control Manager [7001] - The Windows Firewall service depends on the Base Filtering Engine service which failed to start because of the following error: Access is denied. 27/04/2012 8:27:26 PM, Error: Service Control Manager [7001] - The McAfee Personal Firewall Service service depends on the Windows Firewall service which failed to start because of the following error: The dependency service or group failed to start. 27/04/2012 8:26:12 PM, Error: Service Control Manager [7024] - The HomeGroup Listener service terminated with service-specific error %%-2147023143. 27/04/2012 8:23:02 PM, Error: Service Control Manager [7003] - The SBSD Security Center Service service depends the following service: wscsvc. This service might not be installed. 27/04/2012 8:23:02 PM, Error: Service Control Manager [7001] - The Internet Connection Sharing (ICS) service depends on the Base Filtering Engine service which failed to start because of the following error: Access is denied. 27/04/2012 8:23:01 PM, Error: Service Control Manager [7001] - The IPsec Policy Agent service depends on the Base Filtering Engine service which failed to start because of the following error: Access is denied. 27/04/2012 8:22:58 PM, Error: Service Control Manager [7001] - The IKE and AuthIP IPsec Keying Modules service depends on the Base Filtering Engine service which failed to start because of the following error: Access is denied. 27/04/2012 7:59:15 PM, Error: Service Control Manager [7003] - The McAfee Personal Firewall Service service depends the following service: MpsSvc. This service might not be installed. 27/04/2012 7:43:33 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed. 27/04/2012 7:43:33 PM, Error: Service Control Manager [7003] - The Internet Connection Sharing (ICS) service depends the following service: BFE. This service might not be installed. 27/04/2012 7:43:29 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service. 27/04/2012 7:43:29 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed. 27/04/2012 6:25:11 PM, Error: Service Control Manager [7034] - The AMD External Events Utility service terminated unexpectedly. It has done this 1 time(s). 27/04/2012 2:41:41 AM, Error: Service Control Manager [7034] - The VMware Authorization Service service terminated unexpectedly. It has done this 1 time(s). 27/04/2012 2:41:36 AM, Error: Service Control Manager [7031] - The VMware USB Arbitration Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service. 27/04/2012 12:59:44 AM, Error: Service Control Manager [7034] - The McAfee Services service terminated unexpectedly. It has done this 3 time(s). 27/04/2012 12:58:44 AM, Error: Service Control Manager [7031] - The McAfee Services service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 27/04/2012 12:57:44 AM, Error: Service Control Manager [7034] - The McAfee Firewall Core Service service terminated unexpectedly. It has done this 1 time(s). 27/04/2012 12:57:44 AM, Error: Service Control Manager [7031] - The McAfee Services service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 27/04/2012 12:38:49 AM, Error: Service Control Manager [7031] - The McAfee Proxy Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 27/04/2012 12:38:49 AM, Error: Service Control Manager [7031] - The McAfee Anti-Spam Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 27/04/2012 12:38:30 AM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 27/04/2012 12:37:54 AM, Error: Service Control Manager [7034] - The Acronis Nonstop Backup Service service terminated unexpectedly. It has done this 3 time(s). 27/04/2012 12:37:52 AM, Error: Service Control Manager [7009] - A timeout was reached (120000 milliseconds) while waiting for the VMware USB Arbitration Service service to connect. 27/04/2012 12:37:52 AM, Error: Service Control Manager [7000] - The VMware USB Arbitration Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 27/04/2012 12:37:44 AM, Error: Service Control Manager [7034] - The VMware NAT Service service terminated unexpectedly. It has done this 3 time(s). 27/04/2012 12:37:44 AM, Error: Service Control Manager [7031] - The Acronis Nonstop Backup Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service. 27/04/2012 12:37:42 AM, Error: Service Control Manager [7031] - The VMware USB Arbitration Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service. 27/04/2012 12:37:42 AM, Error: Service Control Manager [7009] - A timeout was reached (120000 milliseconds) while waiting for the Acronis Sync Agent Service service to connect. 27/04/2012 12:37:42 AM, Error: Service Control Manager [7000] - The Acronis Sync Agent Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 27/04/2012 12:37:41 AM, Error: Service Control Manager [7009] - A timeout was reached (120000 milliseconds) while waiting for the Windows Live ID Sign-in Assistant service to connect. 27/04/2012 12:37:41 AM, Error: Service Control Manager [7000] - The Windows Live ID Sign-in Assistant service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 27/04/2012 12:37:40 AM, Error: Service Control Manager [7031] - The VMware NAT Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service. 27/04/2012 12:37:39 AM, Error: Service Control Manager [7031] - The McAfee Proxy Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 27/04/2012 12:37:39 AM, Error: Service Control Manager [7031] - The McAfee Anti-Spam Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 27/04/2012 12:37:39 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "109" attempting to start the service mcmscsvc with arguments "" in order to run the server: {26608B46-476A-4BF1-9CC6-AFEA28EBBC17} 27/04/2012 12:37:37 AM, Error: Service Control Manager [7000] - The McAfee Services service failed to start due to the following error: The pipe has been ended. 27/04/2012 12:37:30 AM, Error: Service Control Manager [7034] - The VMware DHCP Service service terminated unexpectedly. It has done this 1 time(s). 27/04/2012 12:37:30 AM, Error: Service Control Manager [7034] - The Process Monitor service terminated unexpectedly. It has done this 1 time(s). 27/04/2012 12:37:30 AM, Error: Service Control Manager [7034] - The PnkBstrB service terminated unexpectedly. It has done this 1 time(s). 27/04/2012 12:37:30 AM, Error: Service Control Manager [7034] - The PnkBstrA service terminated unexpectedly. It has done this 1 time(s). 27/04/2012 12:37:30 AM, Error: Service Control Manager [7034] - The NETGEARGenieDaemon service terminated unexpectedly. It has done this 1 time(s). 27/04/2012 12:37:30 AM, Error: Service Control Manager [7034] - The MemeoBackgroundService service terminated unexpectedly. It has done this 1 time(s). 27/04/2012 12:37:30 AM, Error: Service Control Manager [7034] - The LightScribeService Direct Disc Labeling Service service terminated unexpectedly. It has done this 1 time(s). 27/04/2012 12:37:30 AM, Error: Service Control Manager [7034] - The iPod Service service terminated unexpectedly. It has done this 1 time(s). 27/04/2012 12:37:30 AM, Error: Service Control Manager [7034] - The Foxtel Download Manager service terminated unexpectedly. It has done this 1 time(s). 27/04/2012 12:37:30 AM, Error: Service Control Manager [7034] - The Cyberlink RichVideo Service(CRVS) service terminated unexpectedly. It has done this 1 time(s). 27/04/2012 12:37:30 AM, Error: Service Control Manager [7034] - The Creative Audio Service service terminated unexpectedly. It has done this 1 time(s). 27/04/2012 12:37:30 AM, Error: Service Control Manager [7034] - The B's Recorder GOLD Library General Service service terminated unexpectedly. It has done this 1 time(s). 27/04/2012 12:37:30 AM, Error: Service Control Manager [7034] - The Adobe Flash Player Update Service service terminated unexpectedly. It has done this 1 time(s). 27/04/2012 12:37:30 AM, Error: Service Control Manager [7034] - The Acronis Scheduler2 Service service terminated unexpectedly. It has done this 1 time(s). 27/04/2012 12:37:30 AM, Error: Service Control Manager [7034] - The Acronis OS Selector activator service terminated unexpectedly. It has done this 1 time(s). 27/04/2012 12:37:30 AM, Error: Service Control Manager [7031] - The Windows Live ID Sign-in Assistant service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service. 27/04/2012 12:37:30 AM, Error: Service Control Manager [7031] - The VMware NAT Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service. 27/04/2012 12:37:30 AM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 27/04/2012 12:37:30 AM, Error: Service Control Manager [7031] - The Acronis Sync Agent Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service. 27/04/2012 12:37:30 AM, Error: Service Control Manager [7031] - The Acronis Nonstop Backup Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service. 27/04/2012 12:33:17 AM, Error: Service Control Manager [7031] - The Acronis Sync Agent Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service. 27/04/2012 12:33:08 AM, Error: Service Control Manager [7031] - The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service. 27/04/2012 12:33:06 AM, Error: Service Control Manager [7034] - The SBSD Security Center Service service terminated unexpectedly. It has done this 1 time(s). 27/04/2012 12:33:06 AM, Error: Service Control Manager [7034] - The NVIDIA Update Service Daemon service terminated unexpectedly. It has done this 1 time(s). 27/04/2012 12:33:06 AM, Error: Service Control Manager [7031] - The McAfee VirusScan Announcer service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 27/04/2012 12:33:06 AM, Error: Service Control Manager [7031] - The McAfee Personal Firewall Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 27/04/2012 12:33:06 AM, Error: Service Control Manager [7031] - The McAfee Network Agent service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 27/04/2012 12:05:40 AM, Error: Service Control Manager [7022] - The Windows Search service hung on starting. 27/04/2012 12:05:40 AM, Error: Service Control Manager [7001] - The UPnP Device Host service depends on the SSDP Discovery service which failed to start because of the following error: After starting, the service hung in a start-pending state. 27/04/2012 12:05:40 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service upnphost with arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56} 27/04/2012 12:05:10 AM, Error: Service Control Manager [7022] - The SSDP Discovery service hung on starting. 27/04/2012 12:03:24 AM, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly. 27/04/2012 12:01:16 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Lbd 27/04/2012 1:32:56 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service McNaiAnn with arguments "" in order to run the server: {DC7EF8E1-824F-4110-AB43-1604DA9B4F40} 27/04/2012 1:30:46 AM, Error: Service Control Manager [7001] - The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start. 27/04/2012 1:29:09 AM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start. 27/04/2012 1:29:08 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030} 27/04/2012 1:29:08 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} 27/04/2012 1:29:06 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} 27/04/2012 1:29:00 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC} 27/04/2012 1:28:46 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: ctxusbm discache ElbyCDIO Lbd luafv SCDEmu spldr Wanarpv6 27/04/2012 1:28:45 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start. 27/04/2012 1:28:43 AM, Error: Service Control Manager [7001] - The Creative Audio Service service depends on the Windows Audio service which failed to start because of the following error: The dependency service or group failed to start. 27/04/2012 1:13:38 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service McNaiAnn with arguments "" in order to run the server: {395633B1-EED9-4DFC-B67F-9788B51C9F06} 26/04/2012 11:59:45 PM, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147014847 25/04/2012 5:54:50 PM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit. 23/04/2012 1:28:59 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk3\DR3. 22/04/2012 8:34:49 PM, Error: srv [2019] - The server was unable to allocate from the system nonpaged pool because the pool was empty. 22/04/2012 11:52:50 PM, Error: srv [2017] - The server was unable to allocate from the system nonpaged pool because the server reached the configured limit for nonpaged pool allocations. . ==== End Of File =========================== Again, thanks for providing help on this, much appreciated Max
  3. Hello folks, Yesterday (Tue. 4/24/12) I was infected with the Smart Fortress 2012 virus. This is one of the standard fake anti-virus programs. It stopped me from running most programs, blocked my internet and even basic network access. Little did I know, but it also stopped my System Restore from working properly. I did some searching and found instructions on how to remove the virus by registering with its fixed registration code, which let me run programs again, then ran Malwarebytes which was supposed to remove Smart Fortress 2012. Well, it seemed to work, BUT, I still have no network connections, and of course can't access the internet. I cannot "Repair" my network connections, as when I try I get the message "Windows could not finish repairing the problem because the following action cannot be completed: Failed to query TCP/IP settings of the connection. Cannot Proceed." This happens with my Local Area Connection and Wireless connections. After a day of searching around, I've tried a few things and have exhausted my options, so I come to you for help. What I've tried: netsh int ip reset reset.log netsh int ipv6 reset reset.log netsh winsock reset catalog ipconfig /flushdns Also, when I run "ipconfig /all", I only get this message: "An internal error occurred: The request is not supported." So then after more research, I tried running a system restore going back to a restore point of a day before the infection (Mon. 4/23/12) and even last week. No success. It lets me choose a date to restore to/from, then goes through its process, reboots, etc. then tells me that no changes were made. It does NOT re-install the Smart Fortress 2012 virus, however, thankfully. It just seems like the virus has somehow disabled system restore from working properly. As it stands, I seem to have two issues. I think Smart Fortress 2012 is removed, but some of the changes it made seem to be left-over. Issue #1: No network connectivity Issue #2: System restore not working properly (but not disabled) I've followed the instructions to download and run dss.com. I am including the DSS.txt and Attach.txt logs below, generated by running dss.com. I will truly appreciate any assistance you can offer. THANK YOU! Here's DDS.TXT: . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_24 Run by greerste at 23:19:11 on 2012-04-25 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2972.1951 [GMT -5:00] . AV: VirusScan Enterprise + AntiSpyware Enterprise *Enabled/Updated* {918A2B0B-2C60-4016-A4AB-E868DEABF7F0} FW: McAfee Host Intrusion Prevention Firewall *Enabled* . ============== Running Processes =============== . C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe C:\WINDOWS\System32\svchost.exe -k netsvcs c:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\Program Files\McAfee\Endpoint Encryption for PC\SbClientManager.exe C:\Program Files\ActivIdentity\ActivClient\acautoup.exe C:\Program Files\ActivIdentity\ActivClient\accoca.exe C:\WINDOWS\system32\agrsmsvc.exe C:\WINDOWS\system32\cisvc.exe C:\Program Files\McAfee\Host Intrusion Prevention\FireSvc.exe C:\Program Files\McAfee\Host Intrusion Prevention\HIPSCore\HIPSvc.exe C:\WINDOWS\system32\svchost.exe -k hpdevmgmt C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\WINDOWS\Explorer.EXE C:\Program Files\McAfee\SiteAdvisor Enterprise\McSACore.exe C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe C:\Program Files\McAfee\Common Framework\FrameworkService.exe C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe C:\WINDOWS\system32\mfevtps.exe C:\WINDOWS\System32\svchost.exe -k HPZ12 C:\oracle\ora92\bin\omtsreco.exe C:\WINDOWS\System32\svchost.exe -k HPZ12 C:\PROGRA~1\HEWLET~1\PCCOE3~1\OVCMS~1\radsched.exe C:\PROGRA~1\HEWLET~1\PCCOE3~1\OVCMS~1\radalert.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\StartNow Toolbar\ToolbarUpdaterService.exe C:\Program Files\Hewlett-Packard\PC COE\COEMsgDisplay.exe C:\Program Files\McAfee\Host Intrusion Prevention\FireTray.exe C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe C:\Program Files\Hewlett-Packard\PC COE\IDA.EXE C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\ActivIdentity\ActivClient\acevents.exe C:\Program Files\SafeBoot Tray Manager\SbTrayManager.exe C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\RA2HP\HPRAService.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\McAfee\Common Framework\udaterui.exe C:\Program Files\Microsoft Office Communicator\communicator.exe C:\Program Files\McAfee\Common Framework\McTray.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\Hewlett-Packard\GetITIcon\GetITShell.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\ActivIdentity\ActivClient\acsagent.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Trusteer\Rapport\bin\RapportService.exe C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\zabkat\xplorer2_lite\xplorer2_lite.exe C:\WINDOWS\system32\cidaemon.exe C:\WINDOWS\system32\cidaemon.exe C:\Program Files\Microsoft\BingBar\7.1.382.0\SeaPort.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://pwb.tenncare.nash.tenn/tennessee/ uWindow Title = Internet Explorer, optimized for Bing and MSN BHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - c:\program files\techsmith\snagit 10\SnagitBHO.dll BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll BHO: StartNow Toolbar Helper: {6e13d095-45c3-4271-9475-f3b48227dd9f} - c:\program files\startnow toolbar\Toolbar32.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\office14\GROOVEEX.DLL BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\program files\mcafee\siteadvisor enterprise\McIEPlg.dll BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\office14\URLREDIR.DLL BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\microsoft\bingbar\7.1.382.0\BingExt.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll TB: Snagit: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - c:\program files\techsmith\snagit 10\SnagitIEAddin.dll TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\program files\mcafee\siteadvisor enterprise\McIEPlg.dll TB: StartNow Toolbar: {5911488e-9d1e-40ec-8cbb-06b231cc153f} - c:\program files\startnow toolbar\Toolbar32.dll TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\7.1.382.0\BingExt.dll" TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [COEMsgDisplay] c:\program files\hewlett-packard\pc coe\COEMsgDisplay.exe mRun: [shStatEXE] "c:\program files\mcafee\virusscan enterprise\SHSTAT.EXE" /STANDALONE mRun: [McAfee Host Intrusion Prevention Tray] "c:\program files\mcafee\host intrusion prevention\FireTray.exe" mRun: [<NO NAME>] mRun: [accrdsub] "c:\program files\actividentity\activclient\accrdsub.exe" mRun: [iDA] c:\program files\hewlett-packard\pc coe\IDA.EXE mRun: [iAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe mRun: [QlbCtrl.exe] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe mRun: [GetIT] "c:\program files\hewlett-packard\getit\GetIT.exe" mRun: [safeBootTrayManager] "c:\program files\safeboot tray manager\SbTrayManager.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe" mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe" mRun: [PasswordRegistration] c:\windows\system32\MsPwdRegistration.exe mRun: [soundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe mRun: [HPRAService] c:\program files\ra2hp\HPRAService.exe mRun: [eepc_SmartClient] c:\program files\smartclient\Smart.exe mRun: [igfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [Persistence] c:\windows\system32\igfxpers.exe mRun: [WatchDog] c:\program files\intervideo\dvd check\DVDCheck.exe mRun: [McAfeeUpdaterUI] "c:\program files\mcafee\common framework\udaterui.exe" /StartedFromRunKey mRun: [Communicator] "c:\program files\microsoft office communicator\communicator.exe" /fromrunkey mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe" mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe mRun: [GetITIcon] c:\program files\hewlett-packard\getiticon\GetITShell.exe mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [XPOff2003Excempt] c:\program files\hewlett-packard\ast\XPOff2003Excempt.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\activc~1.lnk - c:\program files\actividentity\activclient\acsagent.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\dvdche~1.lnk - c:\program files\intervideo\dvd check\DVDCheck.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\vpncli~1.lnk - c:\windows\installer\{d25122bc-a60e-4663-b602-b01718f12044}\Icon3E5562ED7.ico uPolicies-explorer: NoWindowsUpdate = 0 (0x0) mPolicies-explorer: NoMSAppLogo5ChannelNotify = 1 (0x1) mPolicies-system: HideFastUserSwitching = 1 (0x1) mPolicies-system: DisableNT4Policy = 1 (0x1) IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html IE: {c95fe080-8f5d-11d2-a20b-00aa003c157a} IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm IE: {E270AB82-96D5-45DB-ABE3-0BC038B92334} - c:\program files\hewlett-packard\ietoolbar\HP IE Fix.exe IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll Trusted Zone: compaq.com Trusted Zone: compaq.com.ar Trusted Zone: compaq.com.br Trusted Zone: compaq.com.co Trusted Zone: compaq.com.mx Trusted Zone: compaq.com.sg Trusted Zone: compaq.com.ve Trusted Zone: cpqcorp.net Trusted Zone: dcu.org Trusted Zone: eds.com Trusted Zone: hp.com Trusted Zone: hpqcorp.net DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab DPF: {00000035-9593-4264-8B29-930B3E4EDCCD} - hxxps://www.rooms.hp.com/vRoom_Cab/WebHPVCInstall35.cab DPF: {3605B612-C3CF-4AB4-A426-2D853391DB2E} - hxxp://10.172.117.45/qcbin/capicom.dll DPF: {857ABA85-8AB2-4C9E-8FAA-D2A963739859} - hxxps://digitalbadge.external.hp.com/hp/HPPKI.cab DPF: {87A7D186-27E6-11D3-A4CB-00C04F72C232} - hxxp://pve.corp.hp.com/APP/VIEWER/appl/sagraphicview.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab DPF: {A996E48C-D3DC-4244-89F7-AFA33EC60679} - hxxps://digitalbadge.external.hp.com/hp/capicom.cab DPF: {AB01FF2E-A848-410C-B47B-CB467C476AD9} - hxxps://digitalbadge.external.hp.com/hp/HPPKI.cab DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab DPF: {D5B680E5-9C5F-45E0-A97C-521D4F281173} - hxxp://msps.tenncare.nash.tenn/PWA/_layouts/pwa/objects/1033/pjcintl.cab DPF: {E3089160-E8AD-4C5B-B47C-ADDF3DF660DD} - hxxp://msps.tenncare.nash.tenn/PWA/_layouts/pwa/objects/pjclient.cab DPF: {FCADE536-93F5-4577-80A3-E7C32FAC4C7D} - hxxp://10.172.117.45/qcbin/Spider10.cab TCP: DhcpNameServer = 10.170.0.2 10.170.1.2 TCP: Interfaces\{6717FA1B-0E1C-4890-AF23-69A72DE7112C} : DhcpNameServer = 10.170.0.2 10.170.1.2 Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\program files\mcafee\siteadvisor enterprise\McIEPlg.dll Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\program files\mcafee\siteadvisor enterprise\McIEPlg.dll Handler: saphtmlp - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files\sap\frontend\sapgui\SAPHTMLP.DLL Handler: sapr3 - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files\sap\frontend\sapgui\SAPHTMLP.DLL Notify: ackpbsc - c:\windows\system32\ackpbsc.dll Notify: acunlock - c:\program files\actividentity\activclient\acunlock.dll Notify: igfxcui - igfxdev.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\office14\GROOVEEX.DLL LSA: Notification Packages = SbNp scecli mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe" mASetup: {922E8525-AC7E-4294-ACAA-43712D4423C0} - "c:\program files\common files\hewlett-packard\actset\HpActSet.exe" mASetup: {9AC2D554-AC12-4F1F-AAB9-E6363ADE5381} - "c:\program files\common files\hewlett-packard\actset\HpActSet.exe" mASetup: {AC194855-F7AC-4D04-B4C9-07BA46FCB697} - "c:\program files\common files\hewlett-packard\actset\HpActSet.exe" mASetup: {E5BA0430-919F-46DD-B656-0796F8A5ADFF} - msiexec /fu {E5BA0430-919F-46DD-B656-0796F8A5ADFF} /qn . ================= FIREFOX =================== . FF - ProfilePath - c:\documents and settings\greerste\application data\mozilla\firefox\profiles\5os093az.default\ FF - prefs.js: browser.search.defaulturl - Bing FF - prefs.js: browser.startup.homepage - hxxp://www.bing.com/?pc=MOZO FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?form=MOZPLB&pc=MOZO&q= FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordlegacyext.dll FF - component: c:\program files\mcafee\siteadvisor enterprise\components\McFFPlg.dll FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll FF - plugin: c:\progra~1\office14\NPAUTHZ.DLL FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\microsoft silverlight\5.0.61118.0\npctrlui.dll FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll . ============= SERVICES / DRIVERS =============== . R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-9-14 344304] R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [2012-3-11 56208] R0 SafeBoot;SafeBoot;c:\windows\system32\drivers\SafeBoot.sys [2009-3-25 103760] R0 SBAlg;SBAlg;c:\windows\system32\drivers\SbAlg.sys [2008-8-13 44976] R0 SbFsLock;SbFsLock;c:\windows\system32\drivers\SbFsLock.sys [2009-3-25 6496] R0 SFAUDIO;Sonic Focus DSP Driver;c:\windows\system32\drivers\sfaudio.sys [2008-5-1 24064] R1 RapportCerberus_34302;RapportCerberus_34302;c:\documents and settings\all users\application data\trusteer\rapport\store\exts\rapportcerberus\34302\RapportCerberus32_34302.sys [2011-12-15 228208] R1 RapportEI;RapportEI;c:\program files\trusteer\rapport\bin\RapportEI.sys [2012-3-11 71440] R1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2012-3-11 164112] R1 RsvLock;RsvLock;c:\windows\system32\drivers\RsvLock.sys [2009-3-25 33328] R1 SbFlop;SbFlop;c:\windows\system32\drivers\SbFlop.sys [2009-3-25 34480] R1 SbPrcCtl;SbPrcCtl;c:\windows\system32\drivers\SbPrcCtl.sys [2009-3-25 15248] R2 acautoup;ActivClient Auto-Update Service;c:\program files\actividentity\activclient\acautoup.exe [2009-9-14 46120] R2 accoca;ActivClient Middleware Service;c:\program files\actividentity\activclient\accoca.exe [2009-9-14 198184] R2 enterceptAgent;McAfee Host Intrusion Prevention Service;c:\program files\mcafee\host intrusion prevention\FireSvc.exe [2010-6-15 1498224] R2 FIMPasswordReset;Forefront Identity Manager Password Reset Client Service;c:\program files\microsoft forefront identity manager\2010\password reset client service\PwdMgmtProxy.exe [2012-1-28 75608] R2 hips;McAfee HIPSCore Service;c:\program files\mcafee\host intrusion prevention\hipscore\HIPSvc.exe [2011-4-25 35696] R2 McAfee SiteAdvisor Enterprise Service;McAfee SiteAdvisor Enterprise Service;c:\program files\mcafee\siteadvisor enterprise\McSACore.exe [2009-12-16 222528] R2 McAfeeEngineService;McAfee Engine Service;c:\program files\mcafee\virusscan enterprise\EngineServer.exe [2010-1-6 22816] R2 McAfeeFramework;McAfee Framework Service;c:\program files\mcafee\common framework\FrameworkService.exe [2011-5-19 120128] R2 McShield;McAfee McShield;c:\program files\mcafee\virusscan enterprise\Mcshield.exe [2010-1-6 147472] R2 McTaskManager;McAfee Task Manager;c:\program files\mcafee\virusscan enterprise\VsTskMgr.exe [2010-1-6 66896] R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2009-9-14 69192] R2 radsched;HPCA Scheduler Daemon;c:\progra~1\hewlet~1\pccoe3~1\ovcms~1\radsched.exe [2010-4-21 190184] R2 RapportMgmtService;Rapport Management Service;c:\program files\trusteer\rapport\bin\RapportMgmtService.exe [2012-3-11 931640] R2 SafeBootClientManager;SafeBoot Client Manager;c:\program files\mcafee\endpoint encryption for pc\SbClientManager.exe [2009-3-25 380988] R2 Updater Service for StartNow Toolbar;Updater Service for StartNow Toolbar;c:\program files\startnow toolbar\ToolbarUpdaterService.exe [2011-10-25 244960] R3 akbus;ActivCard Virtual Reader Enumerator;c:\windows\system32\drivers\akbus.sys [2007-4-6 13619] R3 akpcsc;ActivCard Virtual PC/SC Device Driver;c:\windows\system32\drivers\akpcsc.sys [2009-9-14 9493] R3 aksbus;ActivIdentity Virtual Reader Enumerator;c:\windows\system32\drivers\aksbus.sys [2007-4-6 13647] R3 akspcsc;ActivIdentity Virtual PC/SC Device Driver;c:\windows\system32\drivers\akspcsc.sys [2009-9-14 10161] R3 BBUpdate;BBUpdate;c:\program files\microsoft\bingbar\7.1.382.0\SeaPort.EXE [2012-4-16 240208] R3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2010-5-24 193840] R3 FirehkMP;FirehkMP;c:\windows\system32\drivers\firehk.sys [2009-9-14 44680] R3 HIPK;McAfee Inc. HIPK;c:\windows\system32\drivers\HIPK.sys [2009-9-14 107960] R3 HIPPSK;McAfee Inc. HIPPSK;c:\windows\system32\drivers\HIPPSK.sys [2009-9-14 38680] R3 HIPQK;McAfee Inc. HIPQK;c:\windows\system32\drivers\HIPQK.sys [2009-9-14 35552] R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [2007-4-17 41216] R3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [2012-4-25 32072] R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-4-25 40776] R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-9-14 91832] R3 RapportIaso;RapportIaso;c:\documents and settings\all users\application data\trusteer\rapport\store\exts\rapportms\28896\RapportIaso.sys [2011-8-8 21520] S2 BBSvc;BingBar Service;c:\program files\microsoft\bingbar\7.1.382.0\BBSvc.EXE [2012-4-16 193616] S2 radexecd;HPCA Notify Daemon;c:\progra~1\hewlet~1\pccoe3~1\ovcms~1\radexecd.exe [2010-4-21 300776] S2 Radstgms;HPCA MSI Redirector;c:\progra~1\hewlet~1\pccoe3~1\ovcms~1\Radstgms.exe [2010-4-21 333544] S3 AKSIM;ActivKey Sim;c:\windows\system32\drivers\aksim.sys [2007-12-11 27008] S3 Firehk;McAfee NDIS Intermediate Filter;c:\windows\system32\drivers\firehk.sys [2009-9-14 44680] S3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\drivers\ivusb.sys [2010-7-29 25112] S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-9-14 43288] S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2009-9-14 66600] S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\office14\GROOVE.EXE [2011-6-12 31125880] S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000] S3 RadiaMsi;RadiaMsi;c:\windows\system32\drivers\radiamsi.sys [2009-9-10 29072] S3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2005-1-26 280344] S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520] S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2009-9-14 14336] S3 WISOVD;WISOVD;\??\c:\program files\winiso computing\winiso\bin\driver\wisovd_xp.sys --> c:\program files\winiso computing\winiso\bin\driver\WISOVD_xp.sys [?] . =============== Created Last 30 ================ . 2012-04-26 04:04:52 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2012-04-26 04:04:49 32072 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys 2012-04-26 03:11:24 -------- d-----w- c:\program files\VS Revo Group 2012-04-26 02:00:34 -------- d-----w- c:\documents and settings\all users\application data\Spybot - Search & Destroy 2012-04-26 00:26:14 40328 ----a-w- c:\windows\system32\HIPIS0e011b5.dll 2012-04-25 19:01:44 -------- d-----w- C:\REGISTRY BACKUP 2012-04-24 21:12:34 -------- d-----w- c:\documents and settings\greerste\application data\Malwarebytes 2012-04-24 21:11:59 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes 2012-04-24 21:11:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-04-24 21:11:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-04-24 20:56:39 389120 ----a-w- c:\windows\system32\explorer.exe 2012-04-24 18:47:58 -------- d-----w- c:\documents and settings\greerste\local settings\application data\{F7C06562-8E3D-11E1-826D-B8AC6F996F26} 2012-04-24 18:47:33 0 --sha-w- c:\windows\system32\dds_trash_log.cmd 2012-04-24 18:46:54 -------- d-----w- c:\documents and settings\all users\application data\F4D55F3B002F77DD0003FDA7D151FC4E 2012-04-23 14:42:33 8071760 ----a-w- c:\documents and settings\all users\application data\microsoft\bingbar\bbsvc\7.1.382.0oemBingBarSetup-Partner.EXE 2012-04-20 14:33:44 -------- d-----w- c:\documents and settings\greerste\application data\HpUpdate 2012-04-20 14:33:35 -------- d-----w- c:\windows\Hewlett-Packard 2012-04-13 08:24:22 -------- d-----w- c:\program files\FastStone Image Viewer 2012-04-13 07:17:11 -------- d-----w- c:\documents and settings\greerste\local settings\application data\photoOptimizeHistoryDataBase 2012-04-13 07:17:10 -------- d-----w- c:\documents and settings\greerste\local settings\application data\Ashampoo Photo Optimizer 3 2012-04-13 07:14:06 -------- d-----w- c:\documents and settings\all users\Documents 2012-04-13 07:13:55 -------- d-----w- c:\program files\Ashampoo 2012-04-13 07:08:01 -------- d-----w- c:\documents and settings\greerste\application data\XnView 2012-04-13 07:04:44 -------- d-----w- c:\program files\XnView 2012-04-13 07:03:19 -------- d-----w- c:\program files\IrfanView 2012-04-01 05:20:56 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys 2012-04-01 05:20:56 107368 ----a-w- c:\windows\system32\GEARAspi.dll 2012-04-01 05:19:46 -------- d-----w- c:\program files\iPod 2012-04-01 05:19:42 -------- d-----w- c:\program files\iTunes 2012-04-01 05:19:42 -------- d-----w- c:\documents and settings\all users\application data\{429CAD59-35B1-4DBC-BB6D-1DB246563521} 2012-04-01 05:18:37 -------- d-----w- c:\program files\Bonjour . ==================== Find3M ==================== . 2012-04-13 03:47:32 143008 ----a-w- c:\windows\system32\KevlarSigs.dll 2012-03-11 18:48:50 56208 ----a-w- c:\windows\system32\drivers\RapportKELL.sys 2012-03-09 17:09:44 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-03-01 11:01:32 916992 ----a-w- c:\windows\system32\wininet.dll 2012-03-01 11:01:32 43520 ------w- c:\windows\system32\licmgr10.dll 2012-03-01 11:01:32 1469440 ------w- c:\windows\system32\inetcpl.cpl 2012-02-29 14:10:16 177664 ----a-w- c:\windows\system32\wintrust.dll 2012-02-29 14:10:16 148480 ----a-w- c:\windows\system32\imagehlp.dll 2012-02-29 12:17:40 385024 ------w- c:\windows\system32\html.iec 2012-02-14 17:09:44 1070352 ----a-w- c:\windows\system32\MSCOMCTL.OCX 2012-02-03 09:22:18 1860096 ----a-w- c:\windows\system32\win32k.sys 2012-01-29 02:01:10 29528 ----a-w- c:\windows\system32\MsPwdGina.dll 2012-01-29 02:01:10 26984 ----a-w- c:\windows\system32\MsPwdRegistration.exe 2012-01-29 02:01:09 1242464 ----a-w- c:\windows\system32\GateFramework.dll . ============= FINISH: 23:22:04.42 =============== Here's Attach.txt: . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft Windows XP Professional Boot Device: \Device\HarddiskVolume1 Install Date: 5/24/2010 9:37:18 PM System Uptime: 4/25/2012 7:23:01 PM (4 hours ago) . Motherboard: Hewlett-Packard | | 30DD Processor: Intel® Core2 Duo CPU T9600 @ 2.80GHz | Intel® Genuine processor | 2793/266mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 149 GiB total, 30.908 GiB free. D: is Removable H: is FIXED (NTFS) - 932 GiB total, 792.708 GiB free. . ==== Disabled Device Manager Items ============= . Class GUID: {4D36E978-E325-11CE-BFC1-08002BE10318} Description: Communications Port Device ID: ACPI\PNP0501\5&2239DA31&0 Manufacturer: (Standard port types) Name: Communications Port (COM1) PNP Device ID: ACPI\PNP0501\5&2239DA31&0 Service: Serial . Class GUID: {4D36E965-E325-11CE-BFC1-08002BE10318} Description: CD-ROM Drive Device ID: IDE\CDROMHP_DVDRAM_GT30L_________________________MP04____\4&6FF1A8C&0&0.1.0 Manufacturer: (Standard CD-ROM drives) Name: hp DVDRAM GT30L PNP Device ID: IDE\CDROMHP_DVDRAM_GT30L_________________________MP04____\4&6FF1A8C&0&0.1.0 Service: cdrom . Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318} Description: Cisco Systems VPN Adapter Device ID: ROOT\NET\0000 Manufacturer: Cisco Systems Name: Cisco Systems VPN Adapter PNP Device ID: ROOT\NET\0000 Service: CVirtA . ==== System Restore Points =================== . RP450: 3/7/2012 12:27:20 PM - System Checkpoint RP451: 3/8/2012 2:31:14 PM - System Checkpoint RP452: 3/8/2012 4:14:50 PM - Installed Windows Internet Explorer 8. RP453: 3/8/2012 4:16:11 PM - Software Distribution Service 3.0 RP454: 3/9/2012 4:56:04 PM - System Checkpoint RP455: 3/10/2012 7:52:49 PM - System Checkpoint RP456: 3/11/2012 11:12:32 PM - Software Distribution Service 3.0 RP457: 3/12/2012 11:41:49 PM - System Checkpoint RP458: 3/13/2012 9:07:26 AM - Installed Rapport RP459: 3/14/2012 11:05:57 AM - System Checkpoint RP460: 3/14/2012 5:44:52 PM - Software Distribution Service 3.0 RP461: 3/16/2012 1:21:50 PM - System Checkpoint RP462: 3/19/2012 11:52:50 AM - System Checkpoint RP463: 3/19/2012 4:52:13 PM - Installed Windows XP KB2621440. RP464: 3/20/2012 5:12:38 PM - System Checkpoint RP465: 3/21/2012 7:34:30 PM - System Checkpoint RP466: 3/22/2012 10:55:10 AM - Installed SAP BusinessObjects Enterprise XI 3.1 Client Tools SP3 RP467: 3/23/2012 12:17:19 PM - System Checkpoint RP468: 3/26/2012 1:01:26 PM - System Checkpoint RP469: 3/27/2012 1:17:13 PM - System Checkpoint RP470: 3/28/2012 2:45:31 PM - System Checkpoint RP471: 3/29/2012 8:07:26 PM - System Checkpoint RP472: 3/31/2012 2:28:52 PM - System Checkpoint RP473: 4/1/2012 12:19:31 AM - Installed iTunes RP474: 4/5/2012 2:10:20 AM - System Checkpoint RP475: 4/11/2012 8:30:39 PM - System Checkpoint RP476: 4/12/2012 8:36:08 PM - System Checkpoint RP477: 4/15/2012 10:05:46 PM - System Checkpoint RP478: 4/17/2012 1:09:40 PM - System Checkpoint RP479: 4/17/2012 10:12:25 PM - Software Distribution Service 3.0 RP480: 4/18/2012 11:12:25 PM - System Checkpoint RP481: 4/20/2012 3:31:40 PM - System Checkpoint RP482: 4/23/2012 11:17:11 AM - System Checkpoint RP483: 4/24/2012 3:47:06 PM - Installed Rapport RP484: 4/25/2012 10:32:03 AM - Post 'Smart-Fortress 2012' malware removal RP485: 4/25/2012 2:31:40 PM - Restore Operation RP486: 4/25/2012 3:51:38 PM - Restore Operation RP487: 4/25/2012 5:22:29 PM - Restore Operation RP488: 4/25/2012 5:36:38 PM - Restore Operation . ==== Installed Programs ====================== . . 32 Bit HP CIO Components Installer 7-Zip 9.15 beta AC3Filter 1.63b Acrobat Professional Acrobat.com ActivClient ActivIdentity Device Installer Adobe Acrobat 9.2.0 - CPSID_50026 Adobe AIR Adobe Flash Player 10 Plugin Adobe Flash Player 11 ActiveX Agere Systems HDA Modem ALTools Update Anti-Twin (Installation 10/5/2010) Apple Application Support Apple Mobile Device Support Apple Software Update Ashampoo Photo Optimizer 3 v.3.13 Audacity 1.3.13 (Unicode) AudioShell 1.3.5 Auslogics Disk Defrag Avaya CMS Supervisor R15 Belarc Advisor 8.2 Bing Bar Bonjour BufferChm C4400 C4400_Help Cards_Calendar_OrderGift_DoMorePlugout CCleaner Cisco Systems VPN Client 4.8.01.0300 Copy CustomerResearchQFolder Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition Destination Component DeviceDiscovery DeviceManagementQFolder DocProc DocProcQFolder DVD Shrink 3.2 ECL Viewer eSupportQFolder Everything 1.2.1.371 Exact Audio Copy 1.0beta3 Fast Duplicate File Finder 3.0.0.1 FastStone Image Viewer 4.6 FastStone Photo Resizer 3.1 ffdshow v1.1.3562 [2010-09-07] FFmpeg v0.6.2 for Audacity File Shredder 2.0 FileNet IDM Viewer 3.3 FLAC 1.2.1b (remove only) foobar2000 v1.1.10 Forefront Identity Manager Add-ins and Extensions FreeCommander 2009.02a Get IT Icon GetDiz GPBaseService GroupWise GroupWise Desktop Migrator GUIPDFTK Hawking Technologies HWUG1 Wireless-G USB Adapter Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Hotfix for Windows Media Format 11 SDK (KB929399) Hotfix for Windows Media Player 11 (KB939683) Hotfix for Windows XP (KB2158563) Hotfix for Windows XP (KB2443685) Hotfix for Windows XP (KB2633952) Hotfix for Windows XP (KB915800-v4) Hotfix for Windows XP (KB915865) Hotfix for Windows XP (KB942288-v3) Hotfix for Windows XP (KB944043-v3) Hotfix for Windows XP (KB949764) Hotfix for Windows XP (KB952287) Hotfix for Windows XP (KB953955) Hotfix for Windows XP (KB954550-v5) Hotfix for Windows XP (KB955567) Hotfix for Windows XP (KB961118) Hotfix for Windows XP (KB961853-v2) Hotfix for Windows XP (KB969262) Hotfix for Windows XP (KB970653-v3) Hotfix for Windows XP (KB971421) Hotfix for Windows XP (KB976098-v2) Hotfix for Windows XP (KB979306) Hotfix for Windows XP (KB981793) HP 3D DriveGuard HP Client Automation Application Manager Agent HP Client Management Interface 1.00 D8 HP Customer Participation Program 10.0 HP Fonts HP Imaging Device Functions 10.0 HP Integrated Module with Bluetooth wireless technology HP Photosmart C4400 All-In-One Driver Software 10.0 Rel .3 HP Photosmart Essential 2.5 HP Quick Launch Buttons 6.40 D3 HP Smart Web Printing HP Solution Center 10.0 HP Update HP Virtual Rooms 8.0 HP Wireless Assistant HPPhotoSmartPhotobookWebPack1 HPProductAssistant HPSSupply ID3-TagIT 3 ImgBurn Intel® Graphics Media Accelerator Driver Intel® Matrix Storage Manager Internet Explorer Self Help Tool InterVideo DVD Check InterVideo Register Manager InterVideo WinDVD IrfanView (remove only) ISO Workshop 2.0 iTunes Japanese Fonts Support For Adobe Reader 9 JDownloader 0.9 Kat CD Ripper Korean Fonts Support For Adobe Reader 9 LADSPA_plugins-win-0.4.15 Lexmark Printer Software Uninstall LightScribe System Software 1.12.37.1 Malwarebytes Anti-Malware version 1.61.0.1400 MarketResearch McAfee Agent McAfee AntiSpyware Enterprise Module McAfee Host Intrusion Prevention McAfee SiteAdvisor Enterprise Plus McAfee VirusScan Enterprise MediaMonkey 4.0 Medieval CUE Splitter Messaging API and Collaboration Data Objects 1.2.1 Microsoft .NET Framework (English) Microsoft .NET Framework (English) v1.0.3705 Microsoft .NET Framework 1.0 Hotfix (KB928367) Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Security Update (KB2656353) Microsoft .NET Framework 1.1 Security Update (KB2656370) Microsoft .NET Framework 1.1 Security Update (KB979906) Microsoft .NET Framework 2.0 Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 Microsoft .NET Framework 3.5 SP1 Microsoft Compression Client Pack 1.0 for Windows XP Microsoft Internationalized Domain Names Mitigation APIs Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 Microsoft National Language Support Downlevel APIs Microsoft Office 2003 Web Components Microsoft Office 2007 Primary Interop Assemblies Microsoft Office 2007 Service Pack 3 (SP3) Microsoft Office 2010 Service Pack 1 (SP1) Microsoft Office Access MUI (English) 2007 Microsoft Office Access MUI (English) 2010 Microsoft Office Access Setup Metadata MUI (English) 2007 Microsoft Office Access Setup Metadata MUI (English) 2010 Microsoft Office Excel MUI (English) 2007 Microsoft Office Excel MUI (English) 2010 Microsoft Office File Validation Add-In Microsoft Office Groove MUI (English) 2010 Microsoft Office InfoPath MUI (English) 2007 Microsoft Office InfoPath MUI (English) 2010 Microsoft Office OneNote 2003 Microsoft Office OneNote MUI (English) 2010 Microsoft Office Outlook MUI (English) 2007 Microsoft Office Outlook MUI (English) 2010 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2010 Microsoft Office Professional Edition 2003 Microsoft Office Professional Plus 2007 Microsoft Office Professional Plus 2010 Microsoft Office Project 2007 Service Pack 3 (SP3) Microsoft Office Project MUI (English) 2007 Microsoft Office Project Professional 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (English) 2010 Microsoft Office Proof (French) 2007 Microsoft Office Proof (French) 2010 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proof (Spanish) 2010 Microsoft Office Proofing (English) 2007 Microsoft Office Proofing (English) 2010 Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) Microsoft Office Publisher MUI (English) 2007 Microsoft Office Publisher MUI (English) 2010 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared MUI (English) 2010 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2010 Microsoft Office Visio 2007 Service Pack 3 (SP3) Microsoft Office Visio MUI (English) 2007 Microsoft Office Visio Professional 2003 Microsoft Office Visio Professional 2007 Microsoft Office Word MUI (English) 2007 Microsoft Office Word MUI (English) 2010 Microsoft redistributable runtime DLLs VS2008 SP1(x86) Microsoft Silverlight Microsoft Software Update for Web Folders (English) 12 Microsoft Software Update for Web Folders (English) 14 Microsoft User-Mode Driver Framework Feature Pack 1.0 Microsoft VC90 CRT + OMP Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2005 Runtime Microsoft WSE 3.0 Runtime Monkey's Audio Mozilla Firefox 11.0 (x86 en-US) Mp3tag v2.49 MSXML 4.0 SP2 (KB941833) MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MSXML 4.0 SP2 Parser and SDK MSXML 6.0 Parser MSXML4.0 redistributable MWSnap 3 NirSoft SysExporter Notepad++ OCR Software by I.R.I.S. 10.0 Office Communicator 2007 R2 PanoStandAlone Password Safe PC COE PC COE Required Settings PC Hard Drive Maintenance PDFCreator PIXresizer 2.0.4 PS_AIO_03_C4400_ProductContext PS_AIO_03_C4400_Software PS_AIO_03_C4400_Software_Min PSSWCORE PuTTY version 0.60 QuickTime Rapport RealNetworks - Microsoft Visual C++ 2008 Runtime RealPlayer RealUpgrade 1.1 Remote Access to HP Network 6.2 Revo Uninstaller 1.93 Revo Uninstaller Pro 2.5.8 Roxio Activation Module Roxio Creator Audio Roxio Creator Business Roxio Creator Business v10 Roxio Creator Copy Roxio Creator Data Roxio Creator Tools Roxio Express Labeler 3 SAP Business Explorer SAP BusinessObjects Enterprise XI 3.1 Client Tools SP3 SAP GUI for Windows 7.20 SAP JNet SAP Netweaver Business Client SapInstSelectorv2 Scan Security Update for CAPICOM (KB931906) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424) Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2553091) Security Update for Microsoft Office 2010 (KB2553096) Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2598039) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition Security Update for Microsoft SharePoint Workspace 2010 (KB2566445) Security Update for Microsoft Visio Viewer 2010 (KB2597170) 32-Bit Edition Security Update for Microsoft Windows (KB2564958) Security Update for Windows Internet Explorer 7 (KB2183461) Security Update for Windows Internet Explorer 7 (KB2360131) Security Update for Windows Internet Explorer 7 (KB2416400) Security Update for Windows Internet Explorer 7 (KB2482017) Security Update for Windows Internet Explorer 7 (KB2497640) Security Update for Windows Internet Explorer 7 (KB2530548) Security Update for Windows Internet Explorer 7 (KB2544521) Security Update for Windows Internet Explorer 7 (KB2559049) Security Update for Windows Internet Explorer 7 (KB2647516) Security Update for Windows Internet Explorer 7 (KB982381) Security Update for Windows Internet Explorer 8 (KB2510531) Security Update for Windows Internet Explorer 8 (KB2544521) Security Update for Windows Internet Explorer 8 (KB2618444) Security Update for Windows Internet Explorer 8 (KB2647516) Security Update for Windows Internet Explorer 8 (KB2675157) Security Update for Windows Internet Explorer 8 (KB982381) Security Update for Windows Media Player (KB2378111) Security Update for Windows Media Player (KB952069) Security Update for Windows Media Player (KB954155) Security Update for Windows Media Player (KB968816) Security Update for Windows Media Player (KB973540) Security Update for Windows Media Player (KB975558) Security Update for Windows Media Player (KB978695) Security Update for Windows Media Player 11 (KB936782) Security Update for Windows Media Player 11 (KB954154) Security Update for Windows Search 4 - KB963093 Security Update for Windows XP (KB2079403) Security Update for Windows XP (KB2115168) Security Update for Windows XP (KB2121546) Security Update for Windows XP (KB2160329) Security Update for Windows XP (KB2229593) Security Update for Windows XP (KB2259922) Security Update for Windows XP (KB2279986) Security Update for Windows XP (KB2286198) Security Update for Windows XP (KB2296011) Security Update for Windows XP (KB2296199) Security Update for Windows XP (KB2347290) Security Update for Windows XP (KB2360937) Security Update for Windows XP (KB2387149) Security Update for Windows XP (KB2393802) Security Update for Windows XP (KB2412687) Security Update for Windows XP (KB2419632) Security Update for Windows XP (KB2423089) Security Update for Windows XP (KB2436673) Security Update for Windows XP (KB2440591) Security Update for Windows XP (KB2443105) Security Update for Windows XP (KB2476490) Security Update for Windows XP (KB2476687) Security Update for Windows XP (KB2478960) Security Update for Windows XP (KB2478971) Security Update for Windows XP (KB2479628) Security Update for Windows XP (KB2479943) Security Update for Windows XP (KB2481109) Security Update for Windows XP (KB2483185) Security Update for Windows XP (KB2485376) Security Update for Windows XP (KB2485663) Security Update for Windows XP (KB2503658) Security Update for Windows XP (KB2503665) Security Update for Windows XP (KB2506212) Security Update for Windows XP (KB2506223) Security Update for Windows XP (KB2507618) Security Update for Windows XP (KB2507938) Security Update for Windows XP (KB2508272) Security Update for Windows XP (KB2508429) Security Update for Windows XP (KB2509553) Security Update for Windows XP (KB2510581) Security Update for Windows XP (KB2511455) Security Update for Windows XP (KB2524375) Security Update for Windows XP (KB2535512) Security Update for Windows XP (KB2536276-v2) Security Update for Windows XP (KB2536276) Security Update for Windows XP (KB2544893-v2) Security Update for Windows XP (KB2544893) Security Update for Windows XP (KB2555917) Security Update for Windows XP (KB2566454) Security Update for Windows XP (KB2567053) Security Update for Windows XP (KB2567680) Security Update for Windows XP (KB2570222) Security Update for Windows XP (KB2570947) Security Update for Windows XP (KB2584146) Security Update for Windows XP (KB2585542) Security Update for Windows XP (KB2592799) Security Update for Windows XP (KB2598479) Security Update for Windows XP (KB2603381) Security Update for Windows XP (KB2618451) Security Update for Windows XP (KB2619339) Security Update for Windows XP (KB2620712) Security Update for Windows XP (KB2621440) Security Update for Windows XP (KB2624667) Security Update for Windows XP (KB2631813) Security Update for Windows XP (KB2633171) Security Update for Windows XP (KB2639417) Security Update for Windows XP (KB2641653) Security Update for Windows XP (KB2646524) Security Update for Windows XP (KB2647518) Security Update for Windows XP (KB2653956) Security Update for Windows XP (KB2660465) Security Update for Windows XP (KB2661637) Security Update for Windows XP (KB923561) Security Update for Windows XP (KB938464-v2) Security Update for Windows XP (KB941569) Security Update for Windows XP (KB946648) Security Update for Windows XP (KB950759) Security Update for Windows XP (KB950760) Security Update for Windows XP (KB950762) Security Update for Windows XP (KB950974) Security Update for Windows XP (KB951066) Security Update for Windows XP (KB951376-v2) Security Update for Windows XP (KB951698) Security Update for Windows XP (KB952004) Security Update for Windows XP (KB952954) Security Update for Windows XP (KB953838) Security Update for Windows XP (KB954211) Security Update for Windows XP (KB954459) Security Update for Windows XP (KB954600) Security Update for Windows XP (KB955069) Security Update for Windows XP (KB956390) Security Update for Windows XP (KB956572) Security Update for Windows XP (KB956744) Security Update for Windows XP (KB956802) Security Update for Windows XP (KB956803) Security Update for Windows XP (KB956841) Security Update for Windows XP (KB956844) Security Update for Windows XP (KB957095) Security Update for Windows XP (KB957097) Security Update for Windows XP (KB958215) Security Update for Windows XP (KB958644) Security Update for Windows XP (KB958687) Security Update for Windows XP (KB958690) Security Update for Windows XP (KB959426) Security Update for Windows XP (KB960225) Security Update for Windows XP (KB960714) Security Update for Windows XP (KB960803) Security Update for Windows XP (KB960859) Security Update for Windows XP (KB961371-v2) Security Update for Windows XP (KB961373) Security Update for Windows XP (KB961501) Security Update for Windows XP (KB963027) Security Update for Windows XP (KB968537) Security Update for Windows XP (KB969059) Security Update for Windows XP (KB969897) Security Update for Windows XP (KB969947) Security Update for Windows XP (KB970238) Security Update for Windows XP (KB970430) Security Update for Windows XP (KB971468) Security Update for Windows XP (KB971486) Security Update for Windows XP (KB971557) Security Update for Windows XP (KB971633) Security Update for Windows XP (KB971657) Security Update for Windows XP (KB971961) Security Update for Windows XP (KB972260) Security Update for Windows XP (KB972270) Security Update for Windows XP (KB973346) Security Update for Windows XP (KB973354) Security Update for Windows XP (KB973507) Security Update for Windows XP (KB973869) Security Update for Windows XP (KB973904) Security Update for Windows XP (KB974112) Security Update for Windows XP (KB974318) Security Update for Windows XP (KB974392) Security Update for Windows XP (KB974571) Security Update for Windows XP (KB975025) Security Update for Windows XP (KB975467) Security Update for Windows XP (KB975560) Security Update for Windows XP (KB975561) Security Update for Windows XP (KB975562) Security Update for Windows XP (KB975713) Security Update for Windows XP (KB977816) Security Update for Windows XP (KB977914) Security Update for Windows XP (KB978037) Security Update for Windows XP (KB978251) Security Update for Windows XP (KB978262) Security Update for Windows XP (KB978338) Security Update for Windows XP (KB978542) Security Update for Windows XP (KB978601) Security Update for Windows XP (KB978706) Security Update for Windows XP (KB979309) Security Update for Windows XP (KB979482) Security Update for Windows XP (KB979559) Security Update for Windows XP (KB979683) Security Update for Windows XP (KB979687) Security Update for Windows XP (KB980195) Security Update for Windows XP (KB980218) Security Update for Windows XP (KB980232) Security Update for Windows XP (KB980436) Security Update for Windows XP (KB981322) Security Update for Windows XP (KB981349) Security Update for Windows XP (KB981852) Security Update for Windows XP (KB981957) Security Update for Windows XP (KB981997) Security Update for Windows XP (KB982132) Security Update for Windows XP (KB982214) Security Update for Windows XP (KB982665) Security Update for Windows XP (KB982802) Shop for HP Supplies SmartWebPrintingOC Snagit 10 SolutionCenter StartNow Toolbar Status Sun JRE 1.6.0 Synaptics Pointing Device Driver Toolbox Trader's Little Helper 2.6.0 TrayApp UnloadSupport Unlocker 1.9.0 Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Microsoft Excel 2010 (KB2553439) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2598306) 32-Bit Edition Update for Microsoft Office 2010 (KB2553065) Update for Microsoft Office 2010 (KB2553092) Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition Update for Microsoft Office 2010 (KB2566458) Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition Update for Windows Internet Explorer 8 (KB2598845) Update for Windows XP (KB2345886) Update for Windows XP (KB2467659) Update for Windows XP (KB2641690) Update for Windows XP (KB898461) Update for Windows XP (KB943729) Update for Windows XP (KB951978) Update for Windows XP (KB955759) Update for Windows XP (KB955839) Update for Windows XP (KB968389) Update for Windows XP (KB971029) Update for Windows XP (KB973687) Update for Windows XP (KB973815) Update for Windows XP (KB978207) Update for Windows XP (KB980182) vcredist_x86 VideoToolkit01 VirtualDJ Home FREE VLC media player 1.1.11 WebFldrs XP WebReg Winamp Winamp Detector Plug-in Windows Genuine Advantage Notifications (KB905474) Windows Internet Explorer 7 Windows Internet Explorer 8 Windows Management Framework Core Windows Media Format 11 runtime Windows Media Player 11 Windows Media Player Enterprise Deployment Windows Search 4.0 WMP Tag Plus 1.2 Xcelsius 2008 Xiph.Org Open Codecs 0.84.17359 XnView 1.98.8 XnView Shell Extension 3.2.0 XP Netlogon Service Restarter xplorer² lite 32 bit . ==== Event Viewer Messages From Past Week ======== . 4/25/2012 5:06:48 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} 4/25/2012 5:06:32 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: BANTExt Cdrom Fips Imapi intelppm IPSec mfehidk RapportKELL redbook RsvLock SbPrcCtl Tcpip 4/25/2012 5:00:58 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD BANTExt Cdrom Fips FireTDI Imapi intelppm IPSec mfehidk mfetdik MRxSmb NetBIOS NetBT RapportKELL RasAcd Rdbss redbook RsvLock SbPrcCtl Tcpip 4/25/2012 5:00:58 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning. 4/25/2012 5:00:58 PM, error: Service Control Manager [7001] - The McAfee Validation Trust Protection Service service depends on the McAfee Inc. mfehidk service which failed to start because of the following error: A device attached to the system is not functioning. 4/25/2012 5:00:58 PM, error: Service Control Manager [7001] - The McAfee McShield service depends on the McAfee Validation Trust Protection Service service which failed to start because of the following error: The dependency service or group failed to start. 4/25/2012 5:00:58 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning. 4/24/2012 4:51:45 PM, error: Service Control Manager [7001] - The TCP/IP Protocol Driver service depends on the IPSEC driver service which failed to start because of the following error: The specified driver is invalid. 4/24/2012 4:51:45 PM, error: Service Control Manager [7001] - The Network Location Awareness (NLA) service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: The dependency service or group failed to start. 4/24/2012 4:51:45 PM, error: Service Control Manager [7000] - The IPSEC driver service failed to start due to the following error: The specified driver is invalid. 4/24/2012 4:51:44 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Cdrom Imapi IPSec redbook Tcpip 4/24/2012 4:50:37 PM, error: System Error [1003] - Error code 1000000a, parameter1 000000b0, parameter2 00000002, parameter3 00000000, parameter4 804ef42a. 4/24/2012 4:48:42 PM, error: Service Control Manager [7024] - The HPCA MSI Redirector service terminated with service-specific error 0 (0x0). 4/24/2012 4:48:42 PM, error: Service Control Manager [7023] - The Windows Firewall/Internet Connection Sharing (ICS) service terminated with the following error: The system cannot find the file specified. 4/24/2012 4:48:42 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Intel® Matrix Storage Event Monitor service to connect. 4/24/2012 4:48:42 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning. 4/24/2012 4:48:42 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning. 4/24/2012 4:48:42 PM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning. 4/24/2012 4:48:42 PM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning. 4/24/2012 4:48:42 PM, error: Service Control Manager [7000] - The Intel® Matrix Storage Event Monitor service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 4/24/2012 4:48:41 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning. 4/24/2012 4:44:30 PM, error: NetBT [4311] - Initialization failed because the driver device could not be created. 4/24/2012 4:07:34 PM, error: Service Control Manager [7000] - The HTTP SSL service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 4/24/2012 4:07:32 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the HTTP SSL service to connect. 4/24/2012 3:46:21 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Cdrom Imapi redbook 4/24/2012 1:52:59 PM, error: Service Control Manager [7034] - The McAfee McShield service terminated unexpectedly. It has done this 1 time(s). 4/24/2012 1:51:30 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Apple Mobile Device service to connect. 4/24/2012 1:51:30 PM, error: Service Control Manager [7000] - The Apple Mobile Device service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 4/24/2012 1:51:00 PM, error: Service Control Manager [7034] - The McAfee SiteAdvisor Enterprise Service service terminated unexpectedly. It has done this 1 time(s). 4/24/2012 1:50:56 PM, error: Service Control Manager [7000] - The Forefront Identity Manager Password Reset Client Service service failed to start due to the following error: Access is denied. 4/24/2012 1:50:31 PM, error: Service Control Manager [7034] - The Smart Card service terminated unexpectedly. It has done this 1 time(s). 4/24/2012 1:50:31 PM, error: Service Control Manager [7034] - The Office Software Protection Platform service terminated unexpectedly. It has done this 1 time(s). 4/24/2012 1:50:31 PM, error: Service Control Manager [7034] - The iPod Service service terminated unexpectedly. It has done this 1 time(s). 4/24/2012 1:50:31 PM, error: Service Control Manager [7034] - The HPCA Scheduler Daemon service terminated unexpectedly. It has done this 1 time(s). 4/24/2012 1:50:31 PM, error: Service Control Manager [7034] - The HPCA MSI Redirector service terminated unexpectedly. It has done this 1 time(s). 4/24/2012 1:50:31 PM, error: Service Control Manager [7034] - The Com4QLBEx service terminated unexpectedly. It has done this 1 time(s). 4/24/2012 1:50:31 PM, error: Service Control Manager [7034] - The BingBar Service service terminated unexpectedly. It has done this 1 time(s). 4/24/2012 1:50:31 PM, error: Service Control Manager [7034] - The BBUpdate service terminated unexpectedly. It has done this 1 time(s). 4/24/2012 1:50:31 PM, error: Service Control Manager [7031] - The Bluetooth Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 4/24/2012 1:50:30 PM, error: Service Control Manager [7034] - The Updater Service for StartNow Toolbar service terminated unexpectedly. It has done this 1 time(s). 4/24/2012 1:50:30 PM, error: Service Control Manager [7034] - The SafeBoot Client Manager service terminated unexpectedly. It has done this 1 time(s). 4/24/2012 1:50:30 PM, error: Service Control Manager [7034] - The OracleMTSRecoveryService service terminated unexpectedly. It has done this 1 time(s). 4/24/2012 1:50:30 PM, error: Service Control Manager [7034] - The McAfee Task Manager service terminated unexpectedly. It has done this 1 time(s). 4/24/2012 1:50:30 PM, error: Service Control Manager [7034] - The McAfee Engine Service service terminated unexpectedly. It has done this 1 time(s). 4/24/2012 1:50:30 PM, error: Service Control Manager [7034] - The LightScribeService Direct Disc Labeling Service service terminated unexpectedly. It has done this 1 time(s). 4/24/2012 1:50:30 PM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s). 4/24/2012 1:50:30 PM, error: Service Control Manager [7034] - The IviRegMgr service terminated unexpectedly. It has done this 1 time(s). 4/24/2012 1:50:30 PM, error: Service Control Manager [7034] - The Intel® Matrix Storage Event Monitor service terminated unexpectedly. It has done this 1 time(s). 4/24/2012 1:50:30 PM, error: Service Control Manager [7034] - The Indexing Service service terminated unexpectedly. It has done this 1 time(s). 4/24/2012 1:50:30 PM, error: Service Control Manager [7034] - The hpqwmiex service terminated unexpectedly. It has done this 1 time(s). 4/24/2012 1:50:30 PM, error: Service Control Manager [7034] - The HPCA Notify Daemon service terminated unexpectedly. It has done this 1 time(s). 4/24/2012 1:50:30 PM, error: Service Control Manager [7034] - The Cisco Systems, Inc. VPN Service service terminated unexpectedly. It has done this 1 time(s). 4/24/2012 1:50:30 PM, error: Service Control Manager [7034] - The Agere Modem Call Progress Audio service terminated unexpectedly. It has done this 1 time(s). 4/24/2012 1:50:30 PM, error: Service Control Manager [7034] - The ActivClient Middleware Service service terminated unexpectedly. It has done this 1 time(s). 4/24/2012 1:50:30 PM, error: Service Control Manager [7034] - The ActivClient Auto-Update Service service terminated unexpectedly. It has done this 1 time(s). 4/24/2012 1:50:30 PM, error: Service Control Manager [7031] - The Forefront Identity Manager Password Reset Client Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 6000 milliseconds: Restart the service. 4/24/2012 1:50:30 PM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 4/24/2012 1:48:26 PM, error: Service Control Manager [7023] - The SISNICXP service terminated with the following error: The specified module could not be found. 4/23/2012 9:14:49 AM, error: Dhcp [1002] - The IP address lease 10.1.10.33 for the Network Card with network address D8D3852B4014 has been denied by the DHCP server 10.170.0.2 (The DHCP Server sent a DHCPNACK message). 4/21/2012 11:25:19 AM, error: Dhcp [1002] - The IP address lease 10.171.124.72 for the Network Card with network address D8D3852B4014 has been denied by the DHCP server 10.1.10.1 (The DHCP Server sent a DHCPNACK message). 4/21/2012 10:52:02 AM, error: ipnathlp [32003] - The Network Address Translator (NAT) was unable to request an operation of the kernel-mode translation module. This may indicate misconfiguration, insufficient resources, or an internal error. The data is the error code. 4/20/2012 10:23:09 AM, error: NETLOGON [5783] - The session setup to the Windows NT or Windows 2000 Domain Controller \\g4w0040.americas.hpqcorp.net for the domain AMERICAS is not responsive. The current RPC call from Netlogon on \\SGREER1 to \\g4w0040.americas.hpqcorp.net has been cancelled. 4/19/2012 9:35:00 AM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC000000D' while processing the file 'BootCode.ini' on the volume 'Disk0'. It has stopped monitoring the volume. 4/19/2012 9:29:25 AM, error: DCOM [10005] - DCOM got error "%1068" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} 4/19/2012 9:11:54 AM, error: Dhcp [1002] - The IP address lease 192.168.1.6 for the Network Card with network address D8D3852B4014 has been denied by the DHCP server 10.170.0.2 (The DHCP Server sent a DHCPNACK message). 4/18/2012 10:10:31 AM, error: Service Control Manager [7022] - The HP CUE DeviceDiscovery Service service hung on starting. 4/18/2012 10:10:31 AM, error: NETLOGON [5719] - No Domain Controller is available for domain AMERICAS due to the following: There are currently no logon servers available to service the logon request. . Make sure that the computer is connected to the network and try again. If the problem persists, please contact your domain administrator. 4/18/2012 10:09:12 AM, error: Service Control Manager [7001] - The Windows Search service depends on the Terminal Services service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. . ==== End Of File ===========================
  4. Thank you for your help with this problem. I just had Smart Fortress 2012 downloaded by accident today and have been trying to fix everything for hours. I have used the following programs that may have removed the Smart Fortress 2012 but left the rootkit problems. The computer also cannot connect to the network/internet and the install/remove programs doesn't show any programs when I open it. The combofix says I have the rootkit problem but after the program is finished and I run it again, it still says I have the rootkit problem. Since I dont have internet connection on that computer, I can't download that windows program that it recommends. Here is the dss file. I have also added the FSS file as well since it looks like my problem is similar to someone else that had posted to this forum and the FSS file was asked of them as well. I have also run the combofix and malware bytes programs as well. dss . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_29 Run by Administrator at 19:00:51 on 2012-05-08 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3247.2606 [GMT -7:00] . AV: TELUS security services Anti-Virus *Enabled/Updated* {5B5A3BD7-8573-4672-AEA8-C9BB713B6755} FW: TELUS security services Firewall *Enabled* . ============== Running Processes =============== . C:\WINDOWS\system32\svchost.exe -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\Program Files\TELUS\TELUS security services\Fws.exe svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\WINDOWS\System32\svchost.exe -k HPZ12 C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\WINDOWS\explorer.exe . ============== Pseudo HJT Report =============== . BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: PlusIEEventHelper Class: {551a852f-39a6-44a7-9c13-afbec9185a9d} - c:\program files\nuance\pdf viewer plus\bin\PlusIEContextMenu.dll BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll BHO: Act.UI.InternetExplorer.Plugins.AttachFile.CAttachFile: {d5233fcd-d258-4903-89b8-fb1568e7413d} - mscoree.dll BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll uRun: [iSUSPM] c:\documents and settings\all users\application data\flexnet\connect\11\ISUSPM.exe -scheduler mRun: [VirtualCloneDrive] "c:\program files\elaborate bytes\virtualclonedrive\VCDDaemon.exe" /s mRun: [RTHDCPL] RTHDCPL.EXE mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [ConnectionManager] c:\program files\winsim\connectionmanager\Simply.SystemTrayIcon.exe mRun: [Act.Outlook.Service] "c:\program files\act\act for windows\Act.Outlook.Service.exe" mRun: [Act! Preloader] "c:\program files\act\act for windows\ActSage.exe" -preload mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe" mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe" mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe" mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [Tsa.exe] "c:\program files\telus\telus security advisor\Tsa.exe" /AUTORUN mRun: [indexSearch] "c:\program files\nuance\paperport\IndexSearch.exe" mRun: [PaperPort PTD] "c:\program files\nuance\paperport\pptd40nt.exe" mRun: [PPort12reminder] "c:\program files\nuance\paperport\ereg\ereg.exe" -r "c:\documents and settings\all users\application data\scansoft\paperport\12\config\ereg\Ereg.ini" mRun: [PDFHook] c:\program files\nuance\pdf viewer plus\pdfpro5hook.exe mRun: [PDF5 Registry Controller] c:\program files\nuance\pdf viewer plus\RegistryController.exe mRunOnce: [Malwarebytes Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\autoca~1.lnk - c:\program files\common files\autodesk shared\acstart16.exe IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office12\EXCEL.EXE/3000 IE: Open with PDF Viewer Plus - c:\program files\nuance\pdf viewer plus\bin\PlusIEContextMenu.dll/PlusIEContextMenu.htm IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~1\office12\ONBttnIE.dll IE: {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - mscoree.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office11\REFIEBAR.DLL DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab Notify: AtiExtEvent - Ati2evxx.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll . ================= FIREFOX =================== . FF - ProfilePath - c:\documents and settings\administrator\application data\mozilla\firefox\profiles\rn1tsvfc.default\ FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll FF - plugin: c:\program files\telus\telus security advisor\nprpspa.dll . ============= SERVICES / DRIVERS =============== . R0 RadialpointIDSEH;RadialpointIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2012-2-9 25608] R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [2011-8-25 101904] R3 RadialpointIDSDriver;RadialpointIDSDriver;c:\program files\telus\telus security services\avg\identity protection\agent\drivers\AVGIDSDriver.sys [2012-2-9 122376] R3 RadialpointIDSFilter;RadialpointIDSFilter;c:\program files\telus\telus security services\avg\identity protection\agent\drivers\AVGIDSfilter.sys [2012-2-9 30216] R3 RadialpointIDSShim;RadialpointIDSShim;c:\program files\telus\telus security services\avg\identity protection\agent\drivers\AVGIDSShim.sys [2012-2-9 25736] S2 ACT! Scheduler;ACT! Scheduler;c:\program files\act\act for windows\Act.Scheduler.exe [2010-1-20 81920] S2 MSSQL$ACT7;SQL Server (ACT7);c:\program files\microsoft sql server\mssql.1\mssql\binn\sqlservr.exe [2010-12-10 29293408] S2 PDFProFiltSrvPP;PDFProFiltSrvPP;c:\program files\nuance\paperport\PDFProFiltSrvPP.exe [2010-3-9 144672] S2 Radialpoint Security Services;TELUS security services;c:\program files\telus\telus security services\RpsSecurityAwareR.exe [2010-6-2 166944] S2 RadialpointIDSAgent;RadialpointIDSAgent;c:\program files\telus\telus security services\avg\identity protection\agent\bin\AVGIDSAgent.exe [2012-2-9 5832712] S2 ServicepointService;ServicepointService;c:\program files\telus\telus security advisor\ServicepointService.exe [2012-2-6 689464] S2 Simply Accounting Database Connection Manager;Simply Accounting Database Connection Manager;c:\program files\winsim\connectionmanager\SimplyConnectionManager.exe [2011-12-22 21320] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-2 253600] S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2011-8-25 1691480] S3 BazisPortableCDBus;Portable WinCDEmu driver;c:\windows\system32\drivers\BazisPortableCDBus.sys [2011-8-25 152576] S3 brfilt;Brother MFC Filter Driver;c:\windows\system32\drivers\BrFilt.sys [2011-9-26 2944] S3 BrSerWDM;Brother Serial driver;c:\windows\system32\drivers\BrSerWdm.sys [2011-9-26 60416] S3 BrUsbMdm;Brother MFC USB Fax Only Modem;c:\windows\system32\drivers\BrUsbMdm.sys [2011-9-26 11008] S3 BrUsbScn;Brother MFC USB Scanner driver;c:\windows\system32\drivers\BrUsbScn.sys [2011-9-26 10368] S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-5-1 129976] S3 Sage Simply Accounting Transaction Manager 2012 - CDN;Sage Simply Accounting Transaction Manager 2012 - CDN;c:\program files\winsim\transactionmanager2012 - cdn\Sage_SA.TransactionManager.exe [2011-12-22 46408] S3 Simply Accounting Transaction Manager 2010 - CDN;Simply Accounting Transaction Manager 2010 - CDN;c:\program files\winsim\transactionmanager2010 - cdn\Sage_SA.TransactionManager.exe [2010-12-4 42312] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504] . =============== File Associations =============== . .scr=AutoCADScriptFile . =============== Created Last 30 ================ . 2012-05-09 02:00:40 -------- d-s---w- C:\ComboFix 2012-05-09 01:33:51 -------- d-----w- c:\documents and settings\administrator\application data\Malwarebytes 2012-05-09 01:33:45 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-05-09 01:33:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-05-09 01:33:45 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes 2012-05-09 00:54:50 -------- d-----w- c:\windows\system32\wbem\snmp 2012-05-09 00:54:49 -------- d-----w- c:\windows\system32\xircom 2012-05-08 23:42:38 98816 ----a-w- c:\windows\sed.exe 2012-05-08 23:42:38 518144 ----a-w- c:\windows\SWREG.exe 2012-05-08 23:42:38 256000 ----a-w- c:\windows\PEV.exe 2012-05-08 23:42:38 208896 ----a-w- c:\windows\MBR.exe 2012-05-08 21:59:20 -------- d-----w- c:\windows\system32\wbem\repository\FS 2012-05-08 21:59:20 -------- d-----w- c:\windows\system32\wbem\Repository 2012-05-08 21:23:57 -------- d-----w- c:\documents and settings\all users\application data\B7E858A7212C2CDD0003CDDAD151FC4E 2012-05-01 18:07:51 -------- d-----w- c:\program files\Mozilla Maintenance Service 2012-05-01 18:07:46 157352 ----a-w- c:\program files\mozilla firefox\maintenanceservice_installer.exe 2012-05-01 18:07:46 129976 ----a-w- c:\program files\mozilla firefox\maintenanceservice.exe 2012-04-16 20:10:42 588728 ----a-w- c:\program files\mozilla firefox\gkmedias.dll 2012-04-16 20:10:42 43960 ----a-w- c:\program files\mozilla firefox\mozglue.dll . ==================== Find3M ==================== . 2012-05-09 01:08:49 848 --sha-w- c:\documents and settings\all users\application data\KGyGaAvL.sys 2012-04-02 14:51:02 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-04-02 14:51:02 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-02-10 15:39:58 53192 ----a-w- c:\windows\system32\drivers\rp_skt32.sys 2012-02-09 15:58:15 48384 ----a-w- c:\windows\system32\drivers\rp_pkt32.sys . ============= FINISH: 19:01:04.81 =============== FSS Farbar Service Scanner Version: 08-05-2012 Ran by Administrator (administrator) on 08-05-2012 at 19:10:00 Running from "C:\Documents and Settings\Administrator\Desktop" Microsoft Windows XP Professional Service Pack 3 (X86) Boot Mode: Normal **************************************************************** Internet Services: ============ Connection Status: ============== Localhost is accessible. There is no connection to network. Attempt to access Google IP returned error: Google IP is unreachable Attempt to access Yahoo IP returned error: Yahoo IP is unreachable Windows Firewall: ============= sharedaccess Service is not running. Checking service configuration: The start type of sharedaccess service is OK. The ImagePath of sharedaccess service is OK. The ServiceDll of sharedaccess service is OK. Firewall Disabled Policy: ================== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall"=DWORD:0 System Restore: ============ System Restore Disabled Policy: ======================== Security Center: ============ Windows Update: ============ wuauserv Service is not running. Checking service configuration: The start type of wuauserv service is OK. The ImagePath of wuauserv service is OK. The ServiceDll of wuauserv: "C:\WINDOWS\system32\wuauserv.dll". BITS Service is not running. Checking service configuration: The start type of BITS service is OK. The ImagePath of BITS service is OK. The ServiceDll of BITS service is OK. cryptsvc Service is not running. Checking service configuration: The start type of cryptsvc service is OK. The ImagePath of cryptsvc service is OK. The ServiceDll of cryptsvc service is OK. Windows Autoupdate Disabled Policy: ============================ File Check: ======== C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit C:\WINDOWS\system32\Drivers\afd.sys [2008-04-13 14:49] - [2011-08-17 06:49] - 0138496 ____A () 1FD9B92FE3F09865211FCA69925C15CB ATTENTION!=====> C:\WINDOWS\system32\Drivers\afd.sys IS INFECTED AND SHOULD BE REPLACED. C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit C:\WINDOWS\system32\netman.dll => MD5 is legit C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit C:\WINDOWS\system32\srsvc.dll => MD5 is legit C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit C:\WINDOWS\system32\wscsvc.dll => MD5 is legit C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit C:\WINDOWS\system32\wuauserv.dll => MD5 is legit C:\WINDOWS\system32\qmgr.dll => MD5 is legit C:\WINDOWS\system32\es.dll => MD5 is legit C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit C:\WINDOWS\system32\svchost.exe => MD5 is legit C:\WINDOWS\system32\rpcss.dll => MD5 is legit C:\WINDOWS\system32\services.exe => MD5 is legit Extra List: ======= Gpc(3) IPSec(5) NetBT(6) PSched(7) RPPKT(12) Tcpip(4) 0x0D00000005000000010000000200000003000000040000000E000000060000000700000008000000090000000A0000000B0000000C000000 IpSec Tag value is correct. **** End of log ****
  5. Merged Post I got infected yesterday with the Smart Fortress 2012 virus. I have taken the following steps already: 1) uninstalled the virus (using Add/Remove Programs). 2) ran MBAM and quarantined all the threats. Please check my DDS.txt and Attach.txt file contents below: ******************************************************************* DDS ******************************************************************* . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 9.0.8112.16421 Run by Anirban at 21:01:12 on 2012-04-17 Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3037.781 [GMT -5:00] . SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Application Updater\ApplicationUpdater.exe C:\Program Files\AVS4YOU\AVSFirewall\AVSFirewallService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Microsoft\BingBar\SeaPort.EXE C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\WUDFHost.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Program Files\TeamViewer\Version7\TeamViewer.exe C:\Windows\Explorer.EXE C:\Program Files\TeamViewer\Version7\tv_w32.exe C:\Windows\system32\wbengine.exe C:\Windows\System32\svchost.exe -k swprv C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\ClamWin\bin\ClamTray.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Nikon\Nikon Message Center 2\NkMC2.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe C:\Program Files\AVS4YOU\AVSFirewall\AVSFirewall.exe C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Users\Anirban\AppData\Local\Google\Update\GoogleUpdate.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Common Files\Apple\Internet Services\ubd.exe C:\Program Files\SugarSync\SugarSyncManager.exe C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe C:\Windows\system32\conhost.exe C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe C:\Windows\system32\sppsvc.exe C:\Windows\System32\svchost.exe -k secsvcs C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\svchost.exe -k SDRSVC C:\Program Files\Internet Explorer\IELowutil.exe C:\Program Files\Internet Explorer\iexplore.exe \\?\C:\Windows\system32\wbem\WMIADAP.EXE C:\Windows\servicing\TrustedInstaller.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\wuauclt.exe C:\Windows\system32\conhost.exe . ============== Pseudo HJT Report =============== . uSearch Page = hxxp://www.google.com uStart Page = hxxp://www.google.com/ uDefault_Search_URL = hxxp://www.google.com/ie uWindow Title = Internet Explorer, optimized for Bing and MSN uInternet Settings,ProxyOverride = *.local uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s uURLSearchHooks: H - No File uURLSearchHooks: YouTube Downloader Toolbar: {f3fee66e-e034-436a-86e4-9690573bee8a} - c:\program files\youtube downloader toolbar\ie\5.4\youtubedownloaderToolbarIE.dll uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn2\yt.dll uURLSearchHooks: FCToolbarURLSearchHook Class: {3d68e927-6002-6bb4-7940-c297f1177192} - c:\program files\shopping4causes shopping plugin\Helper.dll BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn2\yt.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll BHO: Shopping4Causes Shopping Plugin: {7c4155b9-efe5-2364-45e9-6679a6060ed5} - c:\program files\shopping4causes shopping plugin\Toolbar.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll" BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: YouTube Downloader Toolbar: {f3fee66e-e034-436a-86e4-9690573bee8a} - c:\program files\youtube downloader toolbar\ie\5.4\youtubedownloaderToolbarIE.dll BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn2\YTSingleInstance.dll TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn2\yt.dll TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll" TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll TB: YouTube Downloader Toolbar: {f3fee66e-e034-436a-86e4-9690573bee8a} - c:\program files\youtube downloader toolbar\ie\5.4\youtubedownloaderToolbarIE.dll TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File TB: {724D43A0-0D85-11D4-9908-00400523E39A} - No File uRun: [Google Update] "c:\users\anirban\appdata\local\google\update\GoogleUpdate.exe" /c uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messen~1\YahooMessenger.exe" -quiet uRun: [cdloader] "c:\users\anirban\appdata\roaming\mjusbsp\cdloader2.exe" MAGICJACK uRun: [ChicaPasswordManager] c:\program files\chicalogic\chica password manager\stpass.exe uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe" uRun: [MobileDocuments] c:\program files\common files\apple\internet services\ubd.exe uRun: [sugarSync] "c:\program files\sugarsync\SugarSyncManager.exe" -startInTray -usedelay=true uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil32_11_2_202_228_ActiveX.exe -update activex mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe" mRun: [ClamWin] "c:\program files\clamwin\bin\ClamTray.exe" --logon mRun: [igfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [Persistence] c:\windows\system32\igfxpers.exe mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe mRun: [KeePass 2 PreLoad] "c:\program files\keepass password safe 2\KeePass.exe" --preload mRun: [Nikon Message Center 2] c:\program files\nikon\nikon message center 2\NkMC2.exe -s mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe" mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [LWS] c:\program files\logitech\lws\webcam software\LWS.exe -hide mRun: [AVSFirewall] c:\program files\avs4you\avsfirewall\AVSFirewall.exe mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [<NO NAME>] mRun: [searchSettings] "c:\program files\common files\spigot\search settings\SearchSettings.exe" StartupFolder: c:\users\anirban\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\audibl~1.lnk - c:\program files\audible\bin\AudibleDownloadHelper.exe mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} - hxxp://www.anandabazar.com/wfplayer/tdserver.cab DPF: {79D6214F-CFCE-480F-9901-27950E78F1E6} - hxxps://vpn.dhsgroup.com/MLWebCacheCleaner.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {BEA7310D-06C4-4339-A784-DC3804819809} - hxxp://www.cvsphoto.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab TCP: DhcpNameServer = 209.55.24.10 209.55.27.13 8.8.8.8 TCP: Interfaces\{2B2BA879-5951-4705-936A-A976907A6EAD} : DhcpNameServer = 209.55.24.10 209.55.27.13 8.8.8.8 TCP: Interfaces\{2B2BA879-5951-4705-936A-A976907A6EAD}\25F49584F4D454 : DhcpNameServer = 192.168.1.1 TCP: Interfaces\{2B2BA879-5951-4705-936A-A976907A6EAD}\C696E6B6379737 : DhcpNameServer = 68.87.85.102 68.87.69.150 Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll Notify: igfxcui - igfxdev.dll STS: Windows DreamScene: {e31004d1-a431-41b8-826f-e902f9d95c81} - %SystemRoot%\System32\DreamScene.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll . ============= SERVICES / DRIVERS =============== . R1 AVSRegMonDrv;AVSRegMonDrv;c:\program files\avs4you\avsfirewall\AVSRegMonDrv.sys [2012-3-21 17992] R1 AVSTDIFilterDrv;AVSTDIFilterDrv;c:\program files\avs4you\avsfirewall\AVSTDIFilterDrv.sys [2012-3-21 24648] R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128] R2 Application Updater;Application Updater;c:\program files\application updater\ApplicationUpdater.exe [2012-3-16 782744] R2 AVSFirewallService;AVSFirewall Service;c:\program files\avs4you\avsfirewall\AVSFirewallService.exe [2012-3-21 80456] R2 TeamViewer7;TeamViewer 7;c:\program files\teamviewer\version7\TeamViewer_Service.exe [2012-2-23 2886528] R2 UMVPFSrv;UMVPFSrv;c:\program files\common files\logishrd\lvmvfm\UMVPFSrv.exe [2011-8-19 450848] R3 AVSNDISIMMP;AVSNDISIMMP;c:\windows\system32\drivers\AVSNDISIMDriver.sys [2012-3-21 23624] R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-8-20 189440] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-4 135664] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-9 253600] S3 AVSNDISIM;AVSNDISIM Service;c:\windows\system32\drivers\AVSNDISIMDriver.sys [2012-3-21 23624] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888] S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-2-28 183560] S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2010-12-27 39272] S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-23 1493352] S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-2-4 135664] S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992] S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-6-22 52224] S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-4-23 1343400] S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040] . =============== Created Last 30 ================ . 2012-04-18 02:03:18 6582328 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{9510dca6-7f9e-4b00-9353-26258ca4f33c}\mpengine.dll 2012-04-18 02:00:31 56200 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{1fccac7c-7145-427b-ad78-cdec048c44e1}\offreg.dll 2012-04-18 01:59:21 6582328 ------w- c:\programdata\microsoft\windows defender\definition updates\{1fccac7c-7145-427b-ad78-cdec048c44e1}\mpengine.dll 2012-04-18 01:57:11 -------- d-----w- c:\users\anirban\appdata\local\tjnet 2012-04-16 02:42:14 -------- d-----w- c:\program files\Ad-Aware Antivirus 2012-04-16 02:40:33 -------- d-----w- c:\users\anirban\appdata\roaming\Ad-Aware Antivirus 2012-04-13 16:46:52 -------- d-----w- c:\users\anirban\appdata\roaming\Malwarebytes 2012-04-13 16:46:46 -------- d-----w- c:\programdata\Malwarebytes 2012-04-13 16:46:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-04-11 03:01:01 -------- d-----w- c:\users\anirban\CertDumps 2012-04-10 03:00:43 -------- d-----w- c:\users\anirban\appdata\local\SugarSync 2012-04-10 03:00:35 -------- d-----w- c:\program files\SugarSync 2012-04-10 02:46:48 -------- d-----w- c:\users\anirban\appdata\roaming\Dropbox 2012-04-09 12:30:47 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-04-09 01:48:37 -------- d-----w- c:\program files\YouTube Downloader Toolbar 2012-04-09 01:48:37 -------- d-----w- c:\program files\common files\Spigot 2012-04-09 01:48:37 -------- d-----w- c:\program files\Application Updater 2012-04-01 14:55:21 -------- d-----w- c:\program files\iPod 2012-04-01 14:55:20 -------- d-----w- c:\program files\iTunes 2012-03-22 19:12:12 4435968 ----a-w- c:\windows\system32\GPhotos.scr 2012-03-22 02:40:22 23624 ----a-w- c:\windows\system32\drivers\AVSNDISIMDriver.sys 2012-03-22 02:04:41 1003008 ----a-w- c:\windows\system32\libeay32.dll 2012-03-22 01:59:12 974848 ----a-w- c:\windows\system32\mfc70.dll 2012-03-22 01:59:12 487424 ----a-w- c:\windows\system32\msvcp70.dll 2012-03-22 01:59:11 344064 ----a-w- c:\windows\system32\msvcr70.dll 2012-03-20 03:43:04 -------- d-----w- c:\users\anirban\appdata\roaming\AVS4YOU 2012-03-20 03:42:15 11137024 ----a-w- c:\windows\system32\libmfxsw32.dll 2012-03-20 03:42:10 -------- d-----w- c:\program files\common files\AVSMedia 2012-03-20 03:42:06 1700352 ----a-w- c:\windows\system32\GdiPlus.dll 2012-03-20 03:42:05 -------- d-----w- c:\programdata\AVS4YOU 2012-03-20 03:42:05 -------- d-----w- c:\program files\AVS4YOU 2012-03-20 03:40:24 -------- d-----w- c:\program files\TeamViewer . ==================== Find3M ==================== . 2012-04-09 12:30:47 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-02-23 14:18:36 237072 ------w- c:\windows\system32\MpSigStub.exe 2012-02-17 05:34:22 826880 ----a-w- c:\windows\system32\rdpcore.dll 2012-02-17 04:14:08 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-02-17 04:13:22 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys 2012-02-15 17:01:50 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll 2012-02-15 17:01:50 43520 ----a-w- c:\windows\system32\drivers\usbaapl.sys 2012-02-10 05:38:43 1077248 ----a-w- c:\windows\system32\DWrite.dll 2012-02-03 03:54:27 2343424 ----a-w- c:\windows\system32\win32k.sys 2012-01-25 05:32:35 58880 ----a-w- c:\windows\system32\rdpwsx.dll 2012-01-25 05:32:34 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll 2012-01-25 05:27:51 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe . ============= FINISH: 21:05:35.66 =============== ************************************************************************************** Attach.txt ************************************************************************************** . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft Windows 7 Professional Boot Device: \Device\HarddiskVolume3 Install Date: 10/29/2009 7:38:05 AM System Uptime: 4/17/2012 8:55:35 PM (1 hours ago) . Motherboard: Dell Inc. | | 0P301D Processor: Intel® Core2 Duo CPU E7400 @ 2.80GHz | Socket 775 | 1593/266mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 288 GiB total, 79.247 GiB free. D: is FIXED (NTFS) - 10 GiB total, 4.621 GiB free. E: is CDROM () F: is FIXED (NTFS) - 1397 GiB total, 496.431 GiB free. I: is FIXED (NTFS) - 298 GiB total, 88.695 GiB free. J: is Removable . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP776: 4/6/2012 9:58:40 AM - Windows Update RP777: 4/10/2012 3:54:04 AM - Windows Update RP778: 4/10/2012 10:00:26 PM - Installed CertDumps Q and A for Oracle 1Z0-515 Demo RP779: 4/12/2012 3:00:14 AM - Windows Update RP780: 4/13/2012 2:07:08 PM - Removed CertDumps Q and A for Oracle 1Z0-515 Demo RP781: 4/13/2012 2:10:49 PM - Removed YouTube Downloader Toolbar v5.4. RP782: 4/15/2012 9:26:02 PM - Removed YouTube Downloader Toolbar v5.4. RP783: 4/17/2012 9:01:28 PM - Windows Update . ==== Installed Programs ====================== . Update for Microsoft Office 2007 (KB2508958) 7-Zip 4.65 Adobe AIR Adobe Flash Player 10 Plugin Adobe Flash Player 11 ActiveX Adobe Reader 9.5.0 Apple Application Support Apple Mobile Device Support Apple Software Update Artisteer 2 Audible Download Manager AudibleManager AVS Audio Editor 7.1 AVS Audio Recorder version 4.0 AVS Cover Editor 2.0.1.3 AVS Disc Creator 5 AVS DVD Copy 4.1.2.283 AVS Firewall version 2.1 AVS Registry Cleaner version 2.1 AVS Screen Capture version 2.0.1 AVS Update Manager 1.0 AVS Video Converter 8 AVS Video Editor 6 AVS Video Recorder 2.4 AVS Video ReMaker 4.0.8.140 AVS4YOU Software Navigator 1.4 Bing Bar Bing Rewards Client Installer Bonjour CameraHelperMsi Canon Digital Camera Solution Disk 40-46 Software Starter Guide CANON iMAGE GATEWAY Task for ZoomBrowser EX Canon Internet Library for ZoomBrowser EX Canon MOV Decoder Canon MOV Encoder Canon MovieEdit Task for ZoomBrowser EX Canon Personal Printing Guide Canon Utilities CameraWindow Canon Utilities CameraWindow DC Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX Canon Utilities MyCamera Canon Utilities MyCamera DC Canon Utilities PhotoStitch Canon Utilities RemoteCapture Task for ZoomBrowser EX Canon Utilities ZoomBrowser EX Canon ZoomBrowser EX Memory Card Utility Cisco Connect ClamWin Free Antivirus 0.96.1 Convert AVI to MP4 1.3 D3DX10 erLT GoodSync Google Chrome Google Earth Plug-in Google Talk Plugin Google Toolbar for Internet Explorer Google Update Helper HandBrake 0.9.6 iCloud InstaCodecs Intel® Graphics Media Accelerator Driver Intel® TV Wizard Internet TV for Windows Media Center iTunes Java Auto Updater Java 6 Update 26 Junk Mail filter update KeePass Password Safe 2.14 Logitech Vid HD Logitech Webcam Software Logitech Webcam Software Driver Package LWS Facebook LWS Gallery LWS Help_main LWS Launcher LWS Motion Detection LWS Pictures And Video LWS Twitter LWS Video Mask Maker LWS VideoEffects LWS Webcam Software LWS WLM Plugin LWS YouTube Plugin magicJack MediaMonkey 3.2 Mesh Runtime Messenger Companion Microsoft .NET Framework 4 Client Profile Microsoft Application Error Reporting Microsoft Office 2007 Service Pack 3 (SP3) Microsoft Office Access MUI (English) 2007 Microsoft Office Access Setup Metadata MUI (English) 2007 Microsoft Office Excel MUI (English) 2007 Microsoft Office File Validation Add-In Microsoft Office Groove MUI (English) 2007 Microsoft Office Groove Setup Metadata MUI (English) 2007 Microsoft Office InfoPath MUI (English) 2007 Microsoft Office Live Add-in 1.4 Microsoft Office OneNote MUI (English) 2007 Microsoft Office Outlook Connector Microsoft Office Outlook MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) Microsoft Office Publisher MUI (English) 2007 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Ultimate 2007 Microsoft Office Word MUI (English) 2007 Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft UI Engine Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 MobileMe Control Panel MSVCRT MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) my Picturetown Uploader Nikon File Uploader 2 Nikon Message Center 2 OGA Notifier 2.0.0048.0 Picasa 3 Picture Control Utility PrimoPDF -- by Nitro PDF Software QuickTime Safari Security Update for CAPICOM (KB931906) Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition Shopping4Causes Shopping Plugin Skype Toolbars Skype™ 4.2 SmartSound Common Data SmartSound Quicktracks 5 Spelling Dictionaries Support For Adobe Reader 9 SugarSync Manager SyncBack TeamViewer 7 uCeritify O1Z0-047 - Oracle Database SQL Expert uCeritify O1Z0-147 - Oracle9i: Program with PL/SQL uCeritify O1Z0-515 - Oracle Data Warehousing 11g Essentials Unity Web Player Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft Office 2007 Help for Common Features (KB963673) Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2597970) 32-Bit Edition Update for Microsoft Office Access 2007 Help (KB963663) Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition Update for Microsoft Office Excel 2007 Help (KB963678) Update for Microsoft Office Infopath 2007 Help (KB963662) Update for Microsoft Office OneNote 2007 Help (KB963670) Update for Microsoft Office Outlook 2007 Help (KB963677) Update for Microsoft Office Powerpoint 2007 Help (KB963669) Update for Microsoft Office Publisher 2007 Help (KB963667) Update for Microsoft Office Script Editor Help (KB963671) Update for Microsoft Office Word 2007 Help (KB963665) ViewNX 2 Windows Live Communications Platform Windows Live Essentials Windows Live Family Safety Windows Live ID Sign-in Assistant Windows Live Installer Windows Live Mail Windows Live Mesh Windows Live Mesh ActiveX Control for Remote Connections Windows Live Messenger Windows Live Messenger Companion Core Windows Live MIME IFilter Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live Remote Client Windows Live Remote Client Resources Windows Live Remote Service Windows Live Remote Service Resources Windows Live SOXE Windows Live SOXE Definitions Windows Live Sync Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources Windows Media Center Add-in for Flash Windows Media Encoder 9 Series Yahoo! Messenger Yahoo! Software Update Yahoo! Toolbar YouTube Downloader 3.5 YouTube Downloader Toolbar v5.4 . ==== Event Viewer Messages From Past Week ======== . 4/15/2012 9:22:52 PM, Error: Microsoft-Windows-DNS-Client [1012] - There was an error while attempting to read the local hosts file. 4/15/2012 9:22:50 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: luafv 4/15/2012 9:22:47 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed. 4/15/2012 9:22:47 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed. 4/15/2012 9:22:46 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service. 4/15/2012 9:18:22 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046} 4/15/2012 9:17:23 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start. 4/15/2012 9:17:22 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030} 4/15/2012 9:17:22 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} 4/15/2012 9:17:22 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89} 4/15/2012 9:17:22 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E} 4/15/2012 9:17:21 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} 4/15/2012 9:17:15 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC} 4/15/2012 9:17:05 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AVSRegMonDrv AVSTDIFilterDrv CSC DfsC discache luafv NetBIOS NetBT nsiproxy Psched rdbss spldr tdx vwififlt Wanarpv6 WfpLwf 4/15/2012 9:17:05 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 4/15/2012 9:17:05 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning. 4/15/2012 9:17:05 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning. 4/15/2012 9:17:05 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start. 4/15/2012 9:17:05 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start. 4/15/2012 9:17:05 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning. 4/15/2012 9:17:05 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 4/15/2012 9:17:05 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning. 4/15/2012 9:17:05 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning. 4/15/2012 9:17:05 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start. 4/15/2012 9:16:04 PM, Error: Service Control Manager [7038] - The netprofm service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The security account manager (SAM) or local security authority (LSA) server was in the wrong state to perform the security operation. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC). 4/15/2012 9:16:04 PM, Error: Service Control Manager [7000] - The Network List Service service failed to start due to the following error: The service did not start due to a logon failure. 4/15/2012 9:16:04 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1069" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89} 4/15/2012 10:28:28 PM, Error: Service Control Manager [7038] - The WinHttpAutoProxySvc service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The security account manager (SAM) or local security authority (LSA) server was in the wrong state to perform the security operation. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC). 4/15/2012 10:28:28 PM, Error: Service Control Manager [7000] - The WinHTTP Web Proxy Auto-Discovery Service service failed to start due to the following error: The service did not start due to a logon failure. 4/14/2012 6:07:12 AM, Error: Service Control Manager [7023] - The Sandrathesrv service terminated with the following error: The specified module could not be found. 4/14/2012 6:07:08 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000d1 (0x5f895838, 0x00000002, 0x00000000, 0x8e86819a). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 041412-30950-01. 4/13/2012 5:24:37 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F} 4/13/2012 5:24:37 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF} 4/13/2012 4:44:25 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097} 4/13/2012 4:41:18 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AVSRegMonDrv discache luafv spldr Wanarpv6 4/13/2012 11:22:40 AM, Error: Microsoft-Windows-Directory-Services-SAM [12291] - SAM failed to start the TCP/IP or SPX/IPX listening thread 4/13/2012 11:18:51 AM, Error: Service Control Manager [7031] - The AVSFirewall Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service. 4/13/2012 11:18:31 AM, Error: Service Control Manager [7034] - The Windows Live ID Sign-in Assistant service terminated unexpectedly. It has done this 3 time(s). 4/13/2012 11:18:21 AM, Error: Service Control Manager [7031] - The Windows Live ID Sign-in Assistant service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service. 4/13/2012 11:18:12 AM, Error: Service Control Manager [7000] - The TeamViewer 7 service failed to start due to the following error: The pipe has been ended. 4/13/2012 11:18:10 AM, Error: Service Control Manager [7034] - The Yahoo! Updater service terminated unexpectedly. It has done this 1 time(s). 4/13/2012 11:18:10 AM, Error: Service Control Manager [7034] - The UMVPFSrv service terminated unexpectedly. It has done this 1 time(s). 4/13/2012 11:18:10 AM, Error: Service Control Manager [7034] - The SeaPort service terminated unexpectedly. It has done this 1 time(s). 4/13/2012 11:18:10 AM, Error: Service Control Manager [7034] - The iPod Service service terminated unexpectedly. It has done this 1 time(s). 4/13/2012 11:18:10 AM, Error: Service Control Manager [7034] - The Application Updater service terminated unexpectedly. It has done this 1 time(s). 4/13/2012 11:18:10 AM, Error: Service Control Manager [7031] - The Windows Live ID Sign-in Assistant service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service. 4/13/2012 11:18:10 AM, Error: Service Control Manager [7031] - The TeamViewer 7 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 2000 milliseconds: Restart the service. 4/13/2012 11:18:10 AM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 4/13/2012 11:02:42 AM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 5 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 4/13/2012 11:01:42 AM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 4 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 4/13/2012 11:01:37 AM, Error: Service Control Manager [7034] - The Windows Live ID Sign-in Assistant service terminated unexpectedly. It has done this 4 time(s). 4/13/2012 11:00:42 AM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 3 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 4/13/2012 11:00:08 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v4.0.30319_X86 service to connect. 4/13/2012 11:00:08 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Google Update Service (gupdate) service to connect. 4/13/2012 11:00:08 AM, Error: Service Control Manager [7000] - The Google Update Service (gupdate) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 4/13/2012 10:59:42 AM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 4/13/2012 10:58:51 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Live ID Sign-in Assistant service to connect. 4/13/2012 10:58:51 AM, Error: Service Control Manager [7000] - The Windows Live ID Sign-in Assistant service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 4/13/2012 10:58:48 AM, Error: Service Control Manager [7034] - The TeamViewer 7 service terminated unexpectedly. It has done this 3 time(s). 4/13/2012 10:58:45 AM, Error: Service Control Manager [7031] - The TeamViewer 7 service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 2000 milliseconds: Restart the service. 4/13/2012 10:58:45 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the AVSFirewall Service service to connect. 4/13/2012 10:58:45 AM, Error: Service Control Manager [7000] - The AVSFirewall Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 4/13/2012 10:58:42 AM, Error: Microsoft-Windows-DistributedCOM [10000] - Unable to start a DCOM Server: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}. The error: "5" Happened while starting this command: C:\Windows\system32\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} 4/13/2012 10:58:04 AM, Error: Service Control Manager [7000] - The 3245 service failed to start due to the following error: The system cannot find the file specified. 4/11/2012 9:47:53 PM, Error: Application Popup [56] - Driver USB returned invalid ID for a child device (0). . ==== End Of File =========================== RogueKiller logs: RogueKiller V7.3.2 [03/20/2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/ Blog: http://tigzyrk.blogspot.com Operating System: Windows 7 (6.1.7601 Service Pack 1) 32 bits version Started in : Normal mode User: Anirban [Admin rights] Mode: Scan -- Date: 04/17/2012 21:51:06 ¤¤¤ Bad processes: 0 ¤¤¤ ¤¤¤ Registry Entries: 5 ¤¤¤ [sUSP PATH] HKCU\[...]\Run : cdloader ("C:\Users\Anirban\AppData\Roaming\mjusbsp\cdloader2.exe" MAGICJACK) -> FOUND [sUSP PATH] HKUS\S-1-5-21-471896891-1290605738-1470872022-1000[...]\Run : cdloader ("C:\Users\Anirban\AppData\Roaming\mjusbsp\cdloader2.exe" MAGICJACK) -> FOUND [HJ] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND [HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver: [LOADED] ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: WDC WD3200AAKS-75L9A0 ATA Device +++++ --- User --- [MBR] 53d6b2f140a8eb4a0f6dd29d686e3281 [bSP] b7986a247bf948dd1ad3dc756b531f19 : Windows 7 MBR Code Partition table: 0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 54 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 112640 | Size: 10240 Mo 2 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 21084160 | Size: 294949 Mo User = LL1 ... OK! User = LL2 ... OK! +++++ PhysicalDrive1: WDC WD15EARS-00Z5B1 ATA Device +++++ --- User --- [MBR] aaa32b0d3cd6ea00588f5a70f8242a55 [bSP] 15be58b075c7fd67c1901860f5918704 : Windows 7 MBR Code Partition table: 0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 1430797 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[1].txt >> RKreport[1].txt
  6. I've managed to run a complete scan multiple times, but the virus keeps re-appearing. I'm also currently running Anvi which is giving notices of changes that are being requested. So I'm pretty sure Smart Fortress is still out there, but I'm keeping it at bay. Logs attached. . attach.txt dds.txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.