rootkit.0access infection

AjneedsHelp · August 9, 2012

I have xp and yesterday I was hit with security shield rougue stuff. Which I guess started to give me lots of malware and trojans. I have removed lots of virus and trojans but I keep getting the rootkit.0access showng up. I am pretty much a noob so here I am lol.

I came across a couple threads for malware so AI dl both olt and dds and attached all reports.

Thanks so much in advance

AJ

screen317 · August 9, 2012

Hi and welcome to Malwarebytes.

In the future, please post all logs directly into your reply instead of attaching them unless otherwise indicated. With that said, please update MBAM, run a Quick Scan, and post its log.

Next, run DDS again and post DDS.txt directly in your reply.

AjneedsHelp · August 9, 2012

Malwarebytes Anti-Malware 1.62.0.1300

www.malwarebytes.org

Database version: v2012.08.09.07

Windows Vista Service Pack 2 x86 NTFS

Internet Explorer 9.0.8112.16421

admin :: ADMIN-PC [administrator]

8/9/2012 2:18:18 PM

mbam-log-2012-08-09 (10-39-32).txt

Scan type: Quick scan

Scan options disabled: P2P

Objects scanned: 176045

Time elapsed: 5 minute(s), 28 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 1

C:\Windows\Installer\{fca258e8-1ee8-4b52-22e5-e18f37c3df53}\U\800000cb.@ (Rootkit.0Access) -> No action taken.

(end)

posting the dds is just a sec

AjneedsHelp · August 9, 2012

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.3.1

Run by admin at 14:29:29 on 2012-08-09

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1527.623 [GMT -4:00]

.

AV: Panda Cloud Antivirus *Enabled/Updated* {3456760B-FDAA-FFFD-06C2-7BB528D2066C}

SP: Panda Cloud Antivirus *Enabled/Updated* {8F3797EF-DB90-F073-3C72-40C753554CD1}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FW: Cloud Antivirus Firewall *Disabled* {0C6DF72E-B7C5-FEA5-2D9D-D280D6014117}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAMain.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Windows\system32\igfxsrvc.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAService.exe

C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe

C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\DRIVERS\xaudio.exe

C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe

C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe

C:\Windows\system32\WUDFHost.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE

C:\Windows\System32\mobsync.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

\\.\globalroot\systemroot\Installer\{fca258e8-1ee8-4b52-22e5-e18f37c3df53}\U

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://google.com/

uInternet Settings,ProxyServer = 141.146.4.12:80

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\oracle\javafx 2.0 runtime\bin\jp2ssv.dll

TB: {687578B9-7132-4A7A-80E4-30EE31099E03} - No File

uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe

uRun: [Google Update] "c:\users\admin\appdata\local\google\update\GoogleUpdate.exe" /c

uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [PSUAMain] "c:\program files\panda security\panda cloud antivirus\PSUAMain.exe" /LaunchSysTray

mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab

TCP: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12

TCP: Interfaces\{53281ECA-C300-45EC-85D9-1DF25CBA976B} : DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

Notify: igfxcui - igfxdev.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\admin\appdata\roaming\mozilla\firefox\profiles\hg1zo6ae.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.startup.homepage - about:home

FF - prefs.js: keyword.URL - hxxp://www.google.com/search?rlz=1V2IPYX&ie=utf-8&q=

FF - prefs.js: network.proxy.type - 0

FF - plugin: c:\progra~1\micros~4\office14\NPSPWRAP.DLL

FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\oracle\javafx 2.0 runtime\bin\plugin2\npjp2.dll

FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll

FF - plugin: c:\users\admin\appdata\local\google\update\1.3.21.115\npGoogleUpdate3.dll

FF - plugin: c:\users\admin\appdata\roaming\mozilla\firefox\profiles\hg1zo6ae.default\extensions\devicedetection@logitech.com\plugins\npLogitechDeviceDetection.dll

FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_270.dll

FF - plugin: c:\windows\system32\npdeployJava1.dll

FF - plugin: c:\windows\system32\npmproxy.dll

.

============= SERVICES / DRIVERS ===============

.

R1 NNSALPC;NNSAlpc;c:\windows\system32\drivers\NNSAlpc.sys [2012-6-27 82472]

R1 NNSHTTP;NNSHttp;c:\windows\system32\drivers\NNSHttp.sys [2012-6-27 120744]

R1 NNSIDS;NNSids;c:\windows\system32\drivers\NNSIds.sys [2012-6-27 122664]

R1 NNSPICC;NNSPicc;c:\windows\system32\drivers\NNSpicc.sys [2012-6-27 93992]

R1 NNSPOP3;NNSPop3;c:\windows\system32\drivers\NNSPop3.sys [2012-6-27 104104]

R1 NNSPROT;NNSProt;c:\windows\system32\drivers\NNSProt.sys [2012-6-27 286376]

R1 NNSPRV;NNSPrv;c:\windows\system32\drivers\NNSPrv.sys [2012-6-27 153000]

R1 NNSSMTP;NNSSmtp;c:\windows\system32\drivers\NNSSmtp.sys [2012-6-27 106536]

R1 NNSSTRM;NNSStrm;c:\windows\system32\drivers\NNSStrm.sys [2012-7-12 206632]

R1 NNSTLSC;NNSTlsc;c:\windows\system32\drivers\NNStlsc.sys [2012-6-27 92840]

R1 PSINKNC;PSINKnc;c:\windows\system32\drivers\PSINKNC.sys [2012-7-13 174632]

R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-1-3 63928]

R2 cvhsvc;Client Virtualization Handler;c:\program files\common files\microsoft shared\virtualization handler\CVHSVC.EXE [2012-2-7 822624]

R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]

R2 NanoServiceMain;Panda Cloud Antivirus Service;c:\program files\panda security\panda cloud antivirus\PSANHost.exe [2012-7-13 140064]

R2 PSINAflt;PSINAflt;c:\windows\system32\drivers\PSINAflt.sys [2012-7-13 148520]

R2 PSINFile;PSINFile;c:\windows\system32\drivers\PSINFile.sys [2012-7-13 103464]

R2 PSINProc;PSINProc;c:\windows\system32\drivers\PSINProc.sys [2012-7-13 114216]

R2 PSINProt;PSINProt;c:\windows\system32\drivers\PSINProt.sys [2012-7-13 120872]

R2 PSUAService;Panda Product Service;c:\program files\panda security\panda cloud antivirus\PSUAService.exe [2012-7-13 36640]

R2 sftlist;Application Virtualization Client;c:\program files\microsoft application virtualization client\sftlist.exe [2011-10-1 508776]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-8-9 22344]

R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-8-9 40776]

R3 Sftfs;Sftfs;c:\windows\system32\drivers\Sftfslh.sys [2011-10-1 579944]

R3 Sftplay;Sftplay;c:\windows\system32\drivers\Sftplaylh.sys [2011-10-1 194408]

R3 Sftredir;Sftredir;c:\windows\system32\drivers\Sftredirlh.sys [2011-10-1 21864]

R3 Sftvol;Sftvol;c:\windows\system32\drivers\Sftvollh.sys [2011-10-1 19304]

R3 sftvsa;Application Virtualization Service Agent;c:\program files\microsoft application virtualization client\sftvsa.exe [2011-10-1 219496]

R4 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-8-9 655944]

S1 NNSNAHSL;Network Activity Hook Server LightWeight Filter Driver;c:\windows\system32\drivers\NNSNAHSL.sys [2012-6-27 28712]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-6-7 160944]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-3-31 250056]

S3 cpudrv;cpudrv;c:\program files\systemrequirementslab\cpudrv.sys [2011-6-2 11336]

S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-4-27 113120]

S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2009-11-5 4640000]

S3 PSKMAD;PSKMAD;c:\windows\system32\drivers\PSKMAD.sys [2012-8-9 46280]

S3 VST_DPV;VST_DPV;c:\windows\system32\drivers\VSTDPV3.SYS [2008-1-20 987648]

S3 VSTHWBS2;VSTHWBS2;c:\windows\system32\drivers\VSTBS23.SYS [2008-1-20 251904]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

S4 NNSPIHSW;NNSPihsw;c:\windows\system32\drivers\NNSPihsw.sys [2012-6-27 60968]

.

=============== Created Last 30 ================

.

2012-08-09 15:17:30 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2012-08-09 14:38:57 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-08-09 14:38:57 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-08-09 04:13:35 46280 ----a-w- c:\windows\system32\drivers\PSKMAD.sys

2012-08-07 21:09:42 -------- d-----w- c:\programdata\Nexon

2012-08-07 21:09:40 -------- d-----w- c:\programdata\NexonUS

2012-08-07 17:38:56 -------- d-----w- c:\program files\common files\Steam

2012-08-07 17:38:39 -------- d-----w- c:\program files\Steam

2012-08-07 12:49:55 6891424 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{5e6260e9-238d-4c4c-b89d-75ee85d577b3}\mpengine.dll

2012-08-06 21:34:07 -------- d--h--w- c:\windows\msdownld.tmp

2012-08-06 21:34:05 -------- d-----w- c:\windows\system32\directx

2012-08-06 21:33:47 -------- d-----w- c:\windows\system32\AGEIA

2012-08-06 21:33:17 -------- d-----w- c:\program files\common files\Wise Installation Wizard

2012-08-06 19:15:31 -------- d-----w- c:\programdata\Hi-Rez Studios

2012-08-03 13:04:38 -------- d-----w- c:\users\admin\appdata\local\Microsoft Help

2012-07-26 14:34:39 -------- d-----w- c:\program files\Share YouTube Videos

2012-07-26 03:18:11 -------- d-----w- c:\users\admin\appdata\roaming\YourFileDownloader

2012-07-26 03:18:11 -------- d-----w- c:\program files\YourFileDownloader

2012-07-19 02:30:55 -------- d-----w- c:\programdata\VirtualizedApplications

2012-07-18 23:35:49 -------- d-----w- c:\users\admin\appdata\local\SoftGrid Client

2012-07-18 23:35:47 -------- d-----w- c:\users\admin\appdata\roaming\SoftGrid Client

2012-07-18 23:33:51 -------- d-----w- c:\windows\PCHEALTH

2012-07-18 23:33:51 -------- d-----w- c:\program files\Microsoft Application Virtualization Client

2012-07-18 23:33:06 -------- d-----w- c:\users\admin\appdata\roaming\TP

2012-07-18 23:00:05 -------- d-----w- c:\program files\Microsoft SQL Server

2012-07-18 22:52:19 -------- d-----w- c:\programdata\Package Cache

2012-07-18 22:51:40 -------- d-----w- c:\users\admin\appdata\local\Microsoft adCenter

2012-07-14 05:38:30 -------- d-----w- c:\windows\CheckSur

2012-07-13 11:01:51 120872 ----a-w- c:\windows\system32\drivers\PSINProt.sys

2012-07-13 11:01:50 174632 ----a-w- c:\windows\system32\drivers\PSINKNC.sys

2012-07-13 11:01:50 114216 ----a-w- c:\windows\system32\drivers\PSINProc.sys

2012-07-13 11:01:16 103464 ----a-w- c:\windows\system32\drivers\PSINFile.sys

2012-07-13 11:01:15 148520 ----a-w- c:\windows\system32\drivers\PSINAflt.sys

2012-07-12 15:18:32 206632 ----a-w- c:\windows\system32\drivers\NNSStrm.sys

2012-07-11 12:57:21 708608 ----a-w- c:\program files\common files\system\ado\msado15.dll

2012-07-11 12:56:59 278528 ----a-w- c:\windows\system32\schannel.dll

2012-07-11 12:56:57 204288 ----a-w- c:\windows\system32\ncrypt.dll

2012-07-11 12:56:56 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys

2012-07-11 12:56:39 1401856 ----a-w- c:\windows\system32\msxml6.dll

2012-07-11 12:56:38 1248768 ----a-w- c:\windows\system32\msxml3.dll

2012-07-11 02:33:23 2047488 ----a-w- c:\windows\system32\win32k.sys

2012-07-10 19:10:06 -------- d-----w- c:\users\admin\appdata\roaming\Malwarebytes

2012-07-10 19:09:55 -------- d-----w- c:\programdata\Malwarebytes

.

==================== Find3M ====================

.

2012-08-02 18:22:32 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-08-02 18:22:32 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-07-13 05:39:26 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys

2012-06-27 19:51:07 92840 ----a-w- c:\windows\system32\drivers\NNStlsc.sys

2012-06-27 19:51:06 286376 ----a-w- c:\windows\system32\drivers\NNSProt.sys

2012-06-27 19:51:06 153000 ----a-w- c:\windows\system32\drivers\NNSPrv.sys

2012-06-27 19:51:06 106536 ----a-w- c:\windows\system32\drivers\NNSSmtp.sys

2012-06-27 19:51:05 60968 ----a-w- c:\windows\system32\drivers\NNSPihsw.sys

2012-06-27 19:51:05 104104 ----a-w- c:\windows\system32\drivers\NNSPop3.sys

2012-06-27 19:51:04 93992 ----a-w- c:\windows\system32\drivers\NNSpicc.sys

2012-06-27 19:51:04 28712 ----a-w- c:\windows\system32\drivers\NNSNAHSL.sys

2012-06-27 19:51:04 122664 ----a-w- c:\windows\system32\drivers\NNSIds.sys

2012-06-27 19:51:03 82472 ----a-w- c:\windows\system32\drivers\NNSAlpc.sys

2012-06-27 19:51:03 120744 ----a-w- c:\windows\system32\drivers\NNSHttp.sys

2012-06-25 20:04:24 1394248 ----a-w- c:\windows\system32\msxml4.dll

2012-06-02 22:12:32 2422272 ----a-w- c:\windows\system32\wucltux.dll

2012-06-02 22:12:13 88576 ----a-w- c:\windows\system32\wudriver.dll

2012-06-02 19:19:42 171904 ----a-w- c:\windows\system32\wuwebv.dll

2012-06-02 19:12:20 33792 ----a-w- c:\windows\system32\wuapp.exe

2012-06-02 08:33:25 1800192 ----a-w- c:\windows\system32\jscript9.dll

2012-06-02 08:25:08 1129472 ----a-w- c:\windows\system32\wininet.dll

2012-06-02 08:25:03 1427968 ----a-w- c:\windows\system32\inetcpl.cpl

2012-06-02 08:20:33 142848 ----a-w- c:\windows\system32\ieUnatt.exe

2012-06-02 08:16:52 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2012-05-31 16:25:14 237072 ------w- c:\windows\system32\MpSigStub.exe

.

============= FINISH: 14:30:47.61 ===============

AjneedsHelp · August 9, 2012

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft® Windows Vista™ Home Premium

Boot Device: \Device\HarddiskVolume1

Install Date: 1/24/2012 5:35:25 PM

System Uptime: 8/9/2012 2:03:00 PM (0 hours ago)

.

Motherboard: ASUSTeK Computer INC. | | Lancaster8

Processor: Intel® Pentium® Dual CPU E2140 @ 1.60GHz | CPU 1 | 1200/200mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 289 GiB total, 182.089 GiB free.

E: is CDROM ()

F: is Removable

G: is Removable

H: is Removable

I: is Removable

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

==== Installed Programs ======================

.

µTorrent

Adobe AIR

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader X (10.1.3)

BovadaPoker

CCleaner

Google Chrome

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Intel® Graphics Media Accelerator Driver

Java Auto Updater

Java 7 Update 3

JavaFX 2.0.3

League of Legends

LOLReplay

Malwarebytes Anti-Malware version 1.62.0.1300

Mass Video Blaster

Microsoft .NET Framework 3.5 SP1

Microsoft .NET Framework 4 Client Profile

Microsoft .NET Framework 4 Extended

Microsoft adCenter Desktop

Microsoft Office Click-to-Run 2010

Microsoft Office Home and Student 2010 - English

Microsoft SQL Server 2012 Express LocalDB

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319

Mozilla Firefox 14.0.1 (x86 en-US)

Mozilla Maintenance Service

MSXML 4.0 SP3 Parser

MSXML 4.0 SP3 Parser (KB2721691)

MSXML 4.0 SP3 Parser (KB973685)

NVIDIA PhysX

OverBet

Panda Cloud Antivirus

Pando Media Booster

Proxy Goblin

Realtek High Definition Audio Driver

Revo Uninstaller 1.94

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft .NET Framework 4 Extended (KB2656351)

Share YouTube Videos version 1

Skype™ 5.10

Soft Data Fax Modem with SmartCP

Spiral Knights

Steam

System Requirements Lab for Intel

Team Fortress 2

Update 4.0.2 for Microsoft .NET Framework 4 Client Profile (KB2544514)

Update 4.0.2 for Microsoft .NET Framework 4 Extended (KB2544514)

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft .NET Framework 4 Extended (KB2468871)

Update for Microsoft .NET Framework 4 Extended (KB2533523)

Update for Microsoft .NET Framework 4 Extended (KB2600217)

Video Marketing Blaster

VLC media player 2.0.2

WinRAR 4.11 (32-bit)

.

==== Event Viewer Messages From Past Week ========

.

8/9/2012 2:05:53 PM, Error: Microsoft-Windows-WMPNSS-Service [14325] - Service 'WMPNetworkSvc' did not start correctly because QueryService encountered error '0x80070424'. In Windows Media Player, turn off media sharing, and then turn it back on.

8/9/2012 2:03:59 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: i8042prt

8/9/2012 2:03:59 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.

8/9/2012 2:03:59 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.

8/9/2012 2:03:59 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.

8/9/2012 10:30:22 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: i8042prt NNSALPC NNSHTTP NNSIDS NNSPICC NNSPOP3 NNSPROT NNSPRV NNSSMTP NNSSTRM NNSTLSC PSINKNC spldr Wanarpv6

8/9/2012 10:30:22 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.

8/9/2012 10:30:22 AM, Error: Service Control Manager [7001] - The Client Virtualization Handler service depends on the Application Virtualization Client service which failed to start because of the following error: The dependency service or group failed to start.

8/9/2012 10:30:14 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

8/9/2012 10:30:14 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

8/9/2012 10:30:11 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

8/9/2012 10:30:04 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

8/8/2012 12:18:08 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.

8/8/2012 12:18:08 AM, Error: Service Control Manager [7000] - The Steam Client Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

.

==== End Of File ===========================

AjneedsHelp · August 9, 2012

Sorry I didn't update the malwarebytes before I did a rerun new results will be posted in a just a sec

again sorry about being a time waster lol

AjneedsHelp · August 9, 2012

Malwarebytes Anti-Malware 1.62.0.1300

www.malwarebytes.org

Database version: v2012.08.09.10

Windows Vista Service Pack 2 x86 NTFS

Internet Explorer 9.0.8112.16421

admin :: ADMIN-PC [administrator]

8/9/2012 3:08:40 PM

mbam-log-2012-08-09 (15-16-05).txt

Scan type: Quick scan

Scan options disabled: P2P

Objects scanned: 176108

Time elapsed: 4 minute(s), 40 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 1

C:\Windows\Installer\{fca258e8-1ee8-4b52-22e5-e18f37c3df53}\U\800000cb.@ (Rootkit.0Access) -> No action taken.

(end)

AjneedsHelp · August 9, 2012

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.3.1

Run by admin at 15:20:00 on 2012-08-09

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1527.661 [GMT -4:00]