Jump to content

Trojans & Recurring Malware


Recommended Posts

I am experiencing a number of issues over the last few days. It started with a Blue Screen of Death on Sunday. I have been running Malwarebytes somewhat frequently - now about 3-4 times a day. This morning it found 2 incidents that are repetitive: Trojan.fake.alert file and Trojan.fake.alert memory. File is C:\ProgramFiles\InternetExplorer\14DB.exe. After cleaning the two issues, I rebooted. I also run Trend Office Scan and it is blocking an event in my Registry, write operation HKCU\Software\Microsoft\WindowsNT\CurrentVersion\Winlogon\Shell. This is occuring every 30 seconds to 1 minute, and Trend is blocking the activity.

Today I was totally unable to access the internet with wireless or wired connection. I was forced to go back to a previous date, to get access.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.7600.16385

Run by lwiniarski at 15:41:37 on 2012-01-27

Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.3070.1563 [GMT -5:00]

.

AV: Trend Micro OfficeScan Antivirus *Enabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902}

SP: Trend Micro OfficeScan Anti-spyware *Enabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FW: Trend Micro Personal Firewall *Enabled* {50C2E989-60CF-0845-AFD3-290B7D301E79}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\SYSTEM32\WISPTIS.EXE

C:\Windows\system32\WUDFHost.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Juniper Networks\Common Files\dsNcService.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\Common Files\Juniper Networks\JUNS\dsAccessService.exe

C:\Windows\System32\svchost.exe -k HPZ12

C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe

C:\Windows\System32\svchost.exe -k HPZ12

C:\Windows\system32\svchost.exe -k regsvc

C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k secsvcs

C:\Program Files\Trend Micro\BM\TMBMSRV.exe

C:\Program Files\Trend Micro\OfficeScan Client\TmPfw.exe

C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe

C:\Program Files\Trend Micro\OfficeScan Client\CNTAoSMgr.exe

C:\Windows\system32\conhost.exe

C:\Windows\servicing\TrustedInstaller.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\taskeng.exe

C:\Windows\SYSTEM32\WISPTIS.EXE

C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe

C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\MSN Toolbar\Platform\4.0.0401.0\mswinext.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Trend Micro\OfficeScan Client\PccNTMon.exe

C:\Program Files\Real\RealPlayer\Update\realsched.exe

C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Common Files\Research In Motion\RIMDeviceManager\RIMDeviceManager.exe

C:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe

C:\Windows\system32\wuauclt.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Program Files\Common Files\Java\Java Update\jucheck.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = about:blank

uSearch Bar = Preserve

mStart Page = about:blank

uInternet Settings,ProxyServer = 192.168.1.87:80

uInternet Settings,ProxyOverride = 192.168.*;*.promys.com;<local>

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: MSN Toolbar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\4.0.0401.0\npwinext.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

TB: MSN Toolbar: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\4.0.0401.0\npwinext.dll

TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [YSearchProtection] "c:\program files\yahoo!\search protection\SearchProtection.exe"

mRun: [blackBerryAutoUpdate] c:\program files\common files\research in motion\auto update\RIMAutoUpdate.exe /background

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [MSN Toolbar] "c:\program files\msn toolbar\platform\4.0.0401.0\mswinext.exe"

mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [OfficeScanNT Monitor] "c:\program files\trend micro\officescan client\pccntmon.exe" -HideWindow

mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\deskto~1.lnk - c:\program files\research in motion\blackberry\DesktopMgr.exe

uPolicies-system: HideLegacyLogonScripts = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office12\REFIEBAR.DLL

Trusted Zone: juniper.net

Trusted Zone: mypromys.com\www

Trusted Zone: promys.com

Trusted Zone: promys.com\beta

Trusted Zone: promys.com\www

DPF: {00134F72-5284-44F7-95A8-52A619F70751} - hxxps://antigen:4343/officescan/console/html/ClientInstall/WinNTChk.cab

DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab

DPF: {08D75BC1-D2B5-11D1-88FC-0080C859833B} - hxxps://antigen:4343/officescan/console/html/ClientInstall/setup.cab

DPF: {2DEF4530-8CE6-41C9-84B6-A54536C90213} - hxxps://www.promys.com/viewer9/activeXViewer/activexviewer.cab

DPF: {3AC3D009-2E89-4F1E-9F51-04D4FBD50122} - hxxp://postavocale/shorewaredirector/clientinstall/ShoretelClientInstall.ocx

DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {8F6E7FB2-E56B-4F66-A4E1-9765D2565280} - hxxp://www.worldwinner.com/games/launcher/ie/v2.22.01.0/iewwload.cab

DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://zone.msn.com/bingame/dim2/default/popcaploader_v6.cab

DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://netcordia.webex.com/client/T27LB/nbr/ieatgpc1.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://neo.atrioncomm.com/dana-cached/sc/JuniperSetupClient.cab

TCP: DhcpNameServer = 192.168.1.1

TCP: Interfaces\{53584C28-635F-4AB7-902E-9D6E14688C0D} : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{53584C28-635F-4AB7-902E-9D6E14688C0D}\E6564776561627 : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{EACA20F4-AFDB-4B70-ACC0-D4338E6BF3CC} : DhcpNameServer = 192.168.1.1

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\lwiniarski\appdata\roaming\mozilla\firefox\profiles\u403bwti.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.xfinity.com/customer/start/?attr=mm&cid=insDate09222011

FF - prefs.js: network.proxy.ftp - 192.168.1.87

FF - prefs.js: network.proxy.ftp_port - 80

FF - prefs.js: network.proxy.gopher - 192.168.1.87

FF - prefs.js: network.proxy.gopher_port - 80

FF - prefs.js: network.proxy.http - 192.168.1.87

FF - prefs.js: network.proxy.http_port - 80

FF - prefs.js: network.proxy.socks - 192.168.1.87

FF - prefs.js: network.proxy.socks_port - 80

FF - prefs.js: network.proxy.ssl - 192.168.1.87

FF - prefs.js: network.proxy.ssl_port - 80

FF - prefs.js: network.proxy.type - 0

FF - component: c:\programdata\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll

FF - component: c:\programdata\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordlegacyext.dll

FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll

FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\programdata\real\realplayer\browserrecordplugin\firefox\Ext

.

============= SERVICES / DRIVERS ===============

.

R1 NEOFLTR_700_16007;Juniper Networks TDI Filter Driver (NEOFLTR_700_16007);c:\windows\system32\drivers\NEOFLTR_700_16007.SYS [2010-6-24 84336]

R1 tmlwf;Trend Micro NDIS 6.0 Filter Driver;c:\windows\system32\drivers\tmlwf.sys [2010-4-24 146960]

R2 JuniperAccessService;Juniper Unified Network Service;c:\program files\common files\juniper networks\juns\dsAccessService.exe [2011-4-25 198000]

R2 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [2010-6-15 57424]

R2 TmFilter;Trend Micro Filter;c:\program files\trend micro\officescan client\tmxpflt.sys [2010-10-20 262416]

R2 TmPreFilter;Trend Micro PreFilter;c:\program files\trend micro\officescan client\tmpreflt.sys [2010-10-20 36624]

R2 tmwfp;Trend Micro WFP Callout Driver;c:\windows\system32\drivers\tmwfp.sys [2010-4-24 283152]

R3 MSTabBtn;Quanta Computer Tablet PC Buttons HID Driver;c:\windows\system32\drivers\mstabbtn.sys [2007-3-9 10496]

R3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-10 4231168]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-7-16 136176]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]

S3 EDSLSWCU;EDSLSWCU;c:\users\dwear\appdata\local\temp\edslswcu.exe --> c:\users\dwear\appdata\local\temp\EDSLSWCU.exe [?]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-7-16 136176]

S3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\37D4.tmp [2011-10-6 6144]

.

=============== Created Last 30 ================

.

2012-01-27 20:30:59 56200 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{3856f704-25c9-4109-8159-d45a71fd0e13}\offreg.dll

2012-01-27 19:34:11 20464 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-01-27 18:57:43 6823496 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{3856f704-25c9-4109-8159-d45a71fd0e13}\mpengine.dll

2012-01-26 14:48:11 -------- d-----w- c:\users\lwiniarski\appdata\roaming\9A721

2012-01-24 19:58:14 -------- d-----w- C:\9A721

2012-01-24 19:58:12 -------- d-----w- c:\program files\LP

2012-01-24 04:49:25 -------- d-----w- c:\users\lwiniarski\appdata\local\ID Vault

2012-01-24 04:49:25 -------- d-----w- c:\programdata\IsolatedStorage

2012-01-24 04:49:06 -------- d-----w- c:\users\lwiniarski\appdata\roaming\ID Vault

2012-01-24 04:48:48 -------- d-----w- c:\program files\Constant Guard Protection Suite

2012-01-24 04:47:32 -------- d-----w- c:\programdata\White Sky, Inc

2012-01-17 21:34:19 -------- d-----w- c:\program files\Bonjour

.

==================== Find3M ====================

.

2012-01-27 19:24:47 102400 ----a-w- c:\windows\RegBootClean.exe

2011-11-24 04:23:31 2340352 ----a-w- c:\windows\system32\win32k.sys

2011-11-05 04:35:50 981504 ----a-w- c:\windows\system32\wininet.dll

2011-11-05 04:34:15 44544 ----a-w- c:\windows\system32\licmgr10.dll

2011-11-05 04:30:11 2048 ----a-w- c:\windows\system32\tzres.dll

2011-11-05 03:28:41 386048 ----a-w- c:\windows\system32\html.iec

2011-11-05 02:55:38 1638912 ----a-w- c:\windows\system32\mshtml.tlb

.

============= FINISH: 15:43:04.75 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Professional

Boot Device: \Device\HarddiskVolume2

Install Date: 12/21/2009 2:43:14 PM

System Uptime: 1/27/2012 3:29:46 PM (0 hours ago)

.

Motherboard: Gateway | |

Processor: Intel® Core2 Duo CPU T8300 @ 2.40GHz | uFCPGA2 | 2401/800mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 222 GiB total, 150.053 GiB free.

D: is FIXED (NTFS) - 11 GiB total, 5.213 GiB free.

E: is CDROM ()

.

==== Disabled Device Manager Items =============

.

Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Description: SASDIFSV

Device ID: ROOT\LEGACY_SASDIFSV\0000

Manufacturer:

Name: SASDIFSV

PNP Device ID: ROOT\LEGACY_SASDIFSV\0000

Service: SASDIFSV

.

Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Description: SASKUTIL

Device ID: ROOT\LEGACY_SASKUTIL\0000

Manufacturer:

Name: SASKUTIL

PNP Device ID: ROOT\LEGACY_SASKUTIL\0000

Service: SASKUTIL

.

==== System Restore Points ===================

.

RP337: 1/11/2012 3:00:13 AM - Windows Update

RP338: 1/13/2012 4:18:24 AM - Windows Update

RP339: 1/17/2012 4:40:28 AM - Windows Update

RP340: 1/20/2012 10:50:44 AM - Windows Update

RP341: 1/21/2012 6:59:43 PM - Windows Update

RP342: 1/24/2012 12:36:30 AM - Windows Update

RP343: 1/24/2012 3:00:12 AM - Windows Update

RP344: 1/24/2012 5:59:39 AM - Windows Defender Checkpoint

RP345: 1/27/2012 12:51:16 PM - Restore Operation

.

==== Installed Programs ======================

.

Update for Microsoft Office 2007 (KB2508958)

32 Bit HP BiDi Channel Components Installer

Acrobat.com

Adobe AIR

Adobe Flash Player 10 Plugin

Adobe Flash Player 11 ActiveX

Adobe Reader 9.2

Adobe Reader 9.4.4

Apple Application Support

Apple Mobile Device Support

Apple Software Update

AVS Image Converter 1.3.2.141

AVS Update Manager 1.0

AVS4YOU Software Navigator 1.4

Bejeweled Blitz

BlackBerry Desktop Software 5.0.1

BlackBerry Device Software Updater

Comcast Desktop Software (v1.2.0.9)

demoMailOutlookAddin2007

FastStone Image Viewer 3.0

FUJIFILM MyFinePix Studio 3.0

Google Earth Plug-in

Google Update Helper

GoToMeeting 4.8.0.723

iTunes

Java Auto Updater

Java 6 Update 22

Juniper Networks Cache Cleaner 6.5.0

Juniper Networks Host Checker

Juniper Networks Network Connect 7.0.0

Juniper Networks Secure Application Manager

Juniper Networks Secure Meeting 6.0.0

Juniper Networks Secure Meeting 6.5.0

Juniper Networks Secure Meeting 7.0.0

Juniper Networks Secure Meeting 7.1.0

Juniper Networks, Inc. Setup Client

Malwarebytes Anti-Malware version 1.60.0.1800

Microsoft .NET Framework 4 Client Profile

Microsoft Default Manager

Microsoft Office 2007 Primary Interop Assemblies

Microsoft Office 2007 Service Pack 2 (SP2)

Microsoft Office Excel MUI (English) 2007

Microsoft Office Live Meeting 2007

Microsoft Office Outlook MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

Microsoft Office Publisher MUI (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Small Business 2007

Microsoft Office Word MUI (English) 2007

Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs

Microsoft Search Enhancement Pack

Microsoft UI Engine

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual Studio 2005 Tools for Office Runtime

Mozilla Firefox (3.6.15)

MSN Toolbar

MSN Toolbar Platform

Music Rescue

PrintMaster Gold 4.00

QuickTime

RealNetworks - Microsoft Visual C++ 2008 Runtime

RealPlayer

RealUpgrade 1.1

Scrabble v2.0

Security Update for 2007 Microsoft Office System (KB2288621)

Security Update for 2007 Microsoft Office System (KB2288931)

Security Update for 2007 Microsoft Office System (KB2345043)

Security Update for 2007 Microsoft Office System (KB2553089)

Security Update for 2007 Microsoft Office System (KB2553090)

Security Update for 2007 Microsoft Office System (KB2584063)

Security Update for 2007 Microsoft Office System (KB969559)

Security Update for 2007 Microsoft Office System (KB976321)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition

Security Update for Microsoft Office InfoPath 2007 (KB979441)

Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition

Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition

Security Update for Microsoft Office system 2007 (972581)

Security Update for Microsoft Office system 2007 (KB974234)

Security Update for Microsoft Office Visio Viewer 2007 (KB973709)

Security Update for Microsoft Office Word 2007 (KB2344993)

ShoreTel Call Manager

Simple Image Editor for Web Developers

Texas Instruments PCIxx21/x515/xx12 drivers.

TIPCI

Trend Micro OfficeScan Client

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft Office 2007 Help for Common Features (KB963673)

Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition

Update for Microsoft Office 2007 System (KB2539530)

Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition

Update for Microsoft Office Excel 2007 Help (KB963678)

Update for Microsoft Office Outlook 2007 (KB2583910)

Update for Microsoft Office Outlook 2007 Help (KB963677)

Update for Microsoft Office Powerpoint 2007 Help (KB963669)

Update for Microsoft Office Publisher 2007 Help (KB963667)

Update for Microsoft Office Script Editor Help (KB963671)

Update for Microsoft Office Word 2007 Help (KB963665)

Update for Outlook 2007 Junk Email Filter (KB2596560)

Ven2008

Visual Studio 2005 Tools for Office Second Edition Runtime

WebEx

Windows Live ID Sign-in Assistant

WinPcap 4.1.2

Wireshark 1.4.3

Yahoo! Messenger

Yahoo! Search Protection

Yahoo! Software Update

.

==== Event Viewer Messages From Past Week ========

.

1/27/2012 3:35:24 PM, Error: Microsoft-Windows-GroupPolicy [1129] - The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.

1/27/2012 3:30:44 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SASDIFSV SASKUTIL

1/27/2012 3:30:38 PM, Error: NETLOGON [5719] - This computer was not able to set up a secure session with a domain controller in domain ATRIONCOMM due to the following: There are currently no logon servers available to service the logon request. This may lead to authentication problems. Make sure that this computer is connected to the network. If the problem persists, please contact your domain administrator. ADDITIONAL INFO If this computer is a domain controller for the specified domain, it sets up the secure session to the primary domain controller emulator in the specified domain. Otherwise, this computer sets up the secure session to any domain controller in the specified domain.

1/27/2012 3:30:33 PM, Error: Service Control Manager [7000] - The Ati External Event Utility service failed to start due to the following error: The system cannot find the file specified.

1/27/2012 3:29:01 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the TmProxy service.

1/27/2012 3:25:17 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AeLookupSvc service.

1/27/2012 3:25:17 PM, Error: Service Control Manager [7000] - The Application Experience service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

1/27/2012 2:49:03 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.

1/27/2012 2:49:02 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the IKE and AuthIP IPsec Keying Modules service, but this action failed with the following error: An instance of the service is already running.

1/27/2012 2:49:02 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Computer Browser service, but this action failed with the following error: An instance of the service is already running.

1/27/2012 2:48:02 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Server service, but this action failed with the following error: An instance of the service is already running.

1/27/2012 2:47:03 PM, Error: Service Control Manager [7031] - The Windows Update service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

1/27/2012 2:47:03 PM, Error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

1/27/2012 2:47:03 PM, Error: Service Control Manager [7031] - The User Profile Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

1/27/2012 2:47:03 PM, Error: Service Control Manager [7031] - The Themes service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

1/27/2012 2:47:03 PM, Error: Service Control Manager [7031] - The Task Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

1/27/2012 2:47:03 PM, Error: Service Control Manager [7031] - The System Event Notification Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

1/27/2012 2:47:03 PM, Error: Service Control Manager [7031] - The Shell Hardware Detection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

1/27/2012 2:47:03 PM, Error: Service Control Manager [7031] - The Secondary Logon service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

1/27/2012 2:47:03 PM, Error: Service Control Manager [7031] - The Remote Access Connection Manager service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

1/27/2012 2:47:02 PM, Error: Service Control Manager [7031] - The Server service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

1/27/2012 2:47:02 PM, Error: Service Control Manager [7031] - The IP Helper service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

1/27/2012 2:47:02 PM, Error: Service Control Manager [7031] - The IKE and AuthIP IPsec Keying Modules service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

1/27/2012 2:47:02 PM, Error: Service Control Manager [7031] - The Group Policy Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

1/27/2012 2:47:02 PM, Error: Service Control Manager [7031] - The Extensible Authentication Protocol service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

1/27/2012 2:47:02 PM, Error: Service Control Manager [7031] - The Computer Browser service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

1/27/2012 2:47:02 PM, Error: Service Control Manager [7031] - The Background Intelligent Transfer Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

1/27/2012 2:47:02 PM, Error: Service Control Manager [7031] - The Application Experience service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

1/27/2012 10:26:49 AM, Error: Microsoft-Windows-GroupPolicy [1055] - The processing of Group Policy failed. Windows could not resolve the computer name. This could be caused by one of more of the following: a) Name Resolution failure on the current domain controller. b) Active Directory Replication Latency (an account created on another domain controller has not replicated to the current domain controller).

1/27/2012 1:13:24 PM, Error: Service Control Manager [7001] - The OfficeScan NT Firewall service depends on the Trend Micro WFP Callout Driver service which failed to start because of the following error: The system cannot find the file specified.

1/27/2012 1:13:24 PM, Error: Service Control Manager [7000] - The Trend Micro WFP Callout Driver service failed to start due to the following error: The system cannot find the file specified.

1/27/2012 1:13:09 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.

1/27/2012 1:13:09 PM, Error: Service Control Manager [7003] - The Internet Connection Sharing (ICS) service depends the following service: BFE. This service might not be installed.

1/27/2012 1:13:09 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.

1/27/2012 1:13:09 PM, Error: Service Control Manager [7000] - The Trend Micro WFP Callout Driver service failed to start due to the following error: There are no more endpoints available from the endpoint mapper.

1/27/2012 1:13:08 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.

1/26/2012 12:16:31 PM, Error: ACPI [13] - : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly.

1/24/2012 8:56:04 AM, Error: Schannel [36888] - The following fatal alert was generated: 40. The internal error state is 107.

1/24/2012 8:56:04 AM, Error: Schannel [36874] - An SSL 3.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.

1/24/2012 5:53:01 AM, Error: Service Control Manager [7023] - The Windows Update service terminated with the following error: Not enough storage is available to process this command.

1/24/2012 5:22:08 PM, Error: Service Control Manager [7034] - The Yahoo! Updater service terminated unexpectedly. It has done this 1 time(s).

1/24/2012 4:47:36 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Background Intelligent Transfer Service service, but this action failed with the following error: An instance of the service is already running.

1/24/2012 4:45:37 AM, Error: Service Control Manager [7034] - The Windows Update service terminated unexpectedly. It has done this 2 time(s).

1/24/2012 4:45:37 AM, Error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.

1/24/2012 4:45:37 AM, Error: Service Control Manager [7031] - The User Profile Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.

1/24/2012 4:45:37 AM, Error: Service Control Manager [7031] - The Themes service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

1/24/2012 4:45:37 AM, Error: Service Control Manager [7031] - The Task Scheduler service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

1/24/2012 4:45:37 AM, Error: Service Control Manager [7031] - The System Event Notification Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.

1/24/2012 4:45:37 AM, Error: Service Control Manager [7031] - The Secondary Logon service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.

1/24/2012 4:45:37 AM, Error: Service Control Manager [7031] - The Remote Access Connection Manager service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.

1/24/2012 4:45:36 AM, Error: Service Control Manager [7031] - The Server service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

1/24/2012 4:45:36 AM, Error: Service Control Manager [7031] - The IP Helper service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.

1/24/2012 4:45:36 AM, Error: Service Control Manager [7031] - The IKE and AuthIP IPsec Keying Modules service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.

1/24/2012 4:45:36 AM, Error: Service Control Manager [7031] - The Group Policy Client service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.

1/24/2012 4:45:36 AM, Error: Service Control Manager [7031] - The Extensible Authentication Protocol service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

1/24/2012 4:45:36 AM, Error: Service Control Manager [7031] - The Background Intelligent Transfer Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

1/24/2012 12:28:32 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

1/24/2012 12:28:32 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

1/24/2012 12:28:29 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.

1/24/2012 12:28:29 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

1/24/2012 12:28:21 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

1/24/2012 12:28:00 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache SASDIFSV SASKUTIL spldr tmtdi Wanarpv6

1/24/2012 12:27:57 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000007a (0xc041ae30, 0xc0000185, 0xaf3f8860, 0x835c69c4). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 012412-36379-01.

1/24/2012 12:09:33 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache SASDIFSV SASKUTIL slcu spldr tmtdi Wanarpv6

1/24/2012 12:09:27 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000007e (0xc0000005, 0x820d341d, 0x8b627b4c, 0x8b627730). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 012412-26644-01.

1/24/2012 12:05:17 PM, Error: Service Control Manager [7000] - The Multimedia Class Scheduler service failed to start due to the following error: A thread could not be created for the service.

1/24/2012 11:41:01 AM, Error: Service Control Manager [7023] - The Multimedia Class Scheduler service terminated with the following error: Not enough storage is available to process this command.

1/24/2012 10:34:32 AM, Error: Microsoft-Windows-GroupPolicy [1053] - The processing of Group Policy failed. Windows could not resolve the user name. This could be caused by one of more of the following: a) Name Resolution failure on the current domain controller. b) Active Directory Replication Latency (an account created on another domain controller has not replicated to the current domain controller).

1/23/2012 5:33:32 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000007a (0xc0419d70, 0xc0000185, 0x409cd860, 0x833ae9c4). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 012312-31028-01.

1/23/2012 5:09:53 PM, Error: Service Control Manager [7000] - The Multimedia Class Scheduler service failed to start due to the following error: The client of a component requested an operation which is not valid given the state of the component instance.

1/23/2012 5:08:39 PM, Error: Service Control Manager [7000] - The WinHTTP Web Proxy Auto-Discovery Service service failed to start due to the following error: The client of a component requested an operation which is not valid given the state of the component instance.

1/23/2012 11:49:13 PM, Error: Service Control Manager [7030] - The CGPS Service service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

1/23/2012 11:48:54 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}

1/21/2012 6:42:25 PM, Error: Microsoft-Windows-DNS-Client [1012] - There was an error while attempting to read the local hosts file.

1/21/2012 2:49:08 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000050 (0x821d5000, 0x00000000, 0x890c47f0, 0x00000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 012112-43664-01.

.

==== End Of File ===========================

Link to post
Share on other sites

  • 2 months later...
  • 1 month later...

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.