"...contained a virus and was deleted" Possible Trojan:Win32/Meredrop is a backdoor Trojan

nick20z71 · May 30, 2013

Every File I try to download from i.e.10 results in the message..."contained a virus and was deleted" Even .pdf files and simple phone messages from work. It is VERY frustrating. PLEASE someone help... All files and programs will need to be downloaded from my work computer. Thank You in advance...

AdvancedSetup · May 30, 2013

Please visit the following page and download our Anti-Rootkit.

Malwarebytes Anti-Rootkit

Follow the basic directions from that page but in your case you're going to want to download it from work or a another computer and copy the files from within the zip file to a new folder location and then either copy to a USB stick or burn to a CD.

Then try to run it from the USB Stick or copy it from the CD to the hard drive and then run it.

If needed go into Safe Mode and try to run from there but if at all possible try to run it from Normal Windows mode first. Only use Safe Mode as a last resort.

Then post back the log file and we'll continue from there.

If you have any questions or issues please let me know.

Thanks

nick20z71 · May 30, 2013

Ok....I will download tonight when I am at work and run Fri. morning when I get home. THANK YOU in advance... p.s. - I have ran malwarebytes and combofix ( I already had them on my laptop. ) Also, when I go into control panel "Windows Defender" icon is blank and it will not let me open the folder up.

nick20z71 · May 31, 2013

Also, tonight will be my last night at work, any other files or programs you think I should download just so I have them for this weekend?

nick20z71 · June 1, 2013

ok...I ran it once and it found 13 things all in the recycle bin. It cleaned them up, created a restore point, and I ran it again and it didn't find anything. I was still get the same message when trying to download anything from the net, so I ran the "fixdamage.exe" and it rebooted....still nothing. When I go into control panel, "windows defender" stillhas a blank icon and says I do not have permission to access, even though I am logged in as administrator....What next?

nick20z71 · June 2, 2013

bump...

AdvancedSetup · June 2, 2013

Please download MiniToolBox save it to your desktop and run it.

Checkmark the following check-boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Devices
List Users, Partitions and Memory size.
List Minidump Files

Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using Reset FF Proxy Settings option Firefox should be closed.

nick20z71 · June 2, 2013

Ok, I will today when I go to my parents and use their computer to download. Is there any other programs that I can download and put on my USB flash just in case to speed this process up a little? Like anything you think I MIGHT need next? Thanks again!

nick20z71 · June 2, 2013

Oh yeah, I forgot some other info....I had the "FBI, child porn, downloading illegal music" virus about a month ago. Couldn't even log onto my account. Had to create a temp log-on to get computer back....probably has something to do with that. AND I noticed earlier that windows firewall is turned off and won't let me turn it back on...

nick20z71 · June 2, 2013

MiniToolBox by Farbar Version:21-04-2013

Ran by Nick (administrator) on 02-06-2013 at 18:17:28

Running from "C:\Users\Nick\Desktop"

Windows 7 Home Premium Service Pack 1 (X64)

Boot Mode: Normal

***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.

No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================

"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

127.0.0.1 localhost

========================= IP Configuration: ================================

Intel® WiFi Link 5100 AGN = Wireless Network Connection (Connected)

Realtek PCIe GBE Family Controller = Local Area Connection (Media disconnected)

Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 2 (Media disconnected)

# ----------------------------------

# IPv4 Configuration

# ----------------------------------

pushd interface ipv4

reset

set global

popd

# End of IPv4 configuration

Windows IP Configuration

Host Name . . . . . . . . . . . . : Nick-Laptop

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Hybrid

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

Wireless LAN adapter Wireless Network Connection 2:

Media State . . . . . . . . . . . : Media disconnected

Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter

Physical Address. . . . . . . . . : 00-24-D6-49-C2-EB

DHCP Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Intel® WiFi Link 5100 AGN

Physical Address. . . . . . . . . : 00-24-D6-49-C2-EA

DHCP Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

Link-local IPv6 Address . . . . . : fe80::5177:2a41:2980:6ef3%11(Preferred)

IPv4 Address. . . . . . . . . . . : 192.168.1.149(Preferred)

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Lease Obtained. . . . . . . . . . : Saturday, June 01, 2013 2:30:11 AM

Lease Expires . . . . . . . . . . : Monday, June 03, 2013 6:12:38 PM

Default Gateway . . . . . . . . . : 192.168.1.1

DHCP Server . . . . . . . . . . . : 192.168.1.1

DHCPv6 IAID . . . . . . . . . . . : 301998843

DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-12-80-4E-D6-00-26-9E-AD-8B-D0

DNS Servers . . . . . . . . . . . : 209.143.0.10

66.209.140.124

NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected

Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller

Physical Address. . . . . . . . . : 00-26-9E-AD-8B-D0

DHCP Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{A24119A2-3A96-43EB-B748-146FFD77C266}:

Media State . . . . . . . . . . . : Media disconnected

Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Microsoft ISATAP Adapter

Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0

DHCP Enabled. . . . . . . . . . . : No

Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 11:

Media State . . . . . . . . . . . : Media disconnected

Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Microsoft 6to4 Adapter

Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0

DHCP Enabled. . . . . . . . . . . : No

Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 15:

Media State . . . . . . . . . . . : Media disconnected

Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface

Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0

DHCP Enabled. . . . . . . . . . . : No

Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{5651DC7F-9D8D-42D7-8786-1610698A7D53}:

Media State . . . . . . . . . . . : Media disconnected

Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Microsoft ISATAP Adapter #4

Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0

DHCP Enabled. . . . . . . . . . . : No

Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{B6A25829-8906-43F5-B0C6-A79415B42864}:

Media State . . . . . . . . . . . : Media disconnected

Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Microsoft ISATAP Adapter #5

Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0

DHCP Enabled. . . . . . . . . . . : No

Autoconfiguration Enabled . . . . : Yes

Server: primary.dns.bright.net

Address: 209.143.0.10

Name: google.com

Addresses: 2607:f8b0:4009:800::1006

74.125.225.39

74.125.225.40

74.125.225.41

74.125.225.46

74.125.225.32

74.125.225.33

74.125.225.34

74.125.225.35

74.125.225.36

74.125.225.37

74.125.225.38

Pinging google.com [74.125.225.40] with 32 bytes of data:

Reply from 74.125.225.40: bytes=32 time=72ms TTL=53

Reply from 74.125.225.40: bytes=32 time=86ms TTL=53

Ping statistics for 74.125.225.40:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 72ms, Maximum = 86ms, Average = 79ms

DNS request timed out.

timeout was 2 seconds.

Server: UnKnown

Address: 209.143.0.10

DNS request timed out.

timeout was 2 seconds.

Name: yahoo.com

Addresses: 98.139.183.24

206.190.36.45

98.138.253.109

Pinging yahoo.com [206.190.36.45] with 32 bytes of data:

Reply from 206.190.36.45: bytes=32 time=208ms TTL=52

Reply from 206.190.36.45: bytes=32 time=125ms TTL=52

Ping statistics for 206.190.36.45:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 125ms, Maximum = 208ms, Average = 166ms

Pinging 127.0.0.1 with 32 bytes of data:

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================

Interface List

16...00 24 d6 49 c2 eb ......Microsoft Virtual WiFi Miniport Adapter

11...00 24 d6 49 c2 ea ......Intel® WiFi Link 5100 AGN

10...00 26 9e ad 8b d0 ......Realtek PCIe GBE Family Controller

1...........................Software Loopback Interface 1

23...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter

12...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter

21...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface

24...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #4

37...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #5

===========================================================================

IPv4 Route Table

===========================================================================

Active Routes:

Network Destination Netmask Gateway Interface Metric

0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.149 30

127.0.0.0 255.0.0.0 On-link 127.0.0.1 306

127.0.0.1 255.255.255.255 On-link 127.0.0.1 306

127.255.255.255 255.255.255.255 On-link 127.0.0.1 306

192.168.1.0 255.255.255.0 On-link 192.168.1.149 286

192.168.1.149 255.255.255.255 On-link 192.168.1.149 286

192.168.1.255 255.255.255.255 On-link 192.168.1.149 286

224.0.0.0 240.0.0.0 On-link 127.0.0.1 306

224.0.0.0 240.0.0.0 On-link 192.168.1.149 286

255.255.255.255 255.255.255.255 On-link 127.0.0.1 306

255.255.255.255 255.255.255.255 On-link 192.168.1.149 286

===========================================================================

Persistent Routes:

None

IPv6 Route Table

===========================================================================

Active Routes:

If Metric Network Destination Gateway

1 306 ::1/128 On-link

11 286 fe80::/64 On-link

11 286 fe80::5177:2a41:2980:6ef3/128

On-link

1 306 ff00::/8 On-link

11 286 ff00::/8 On-link

===========================================================================

Persistent Routes:

None

========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)

ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"

Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)

Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)

Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)

Catalog5 05 C:\Windows\SysWOW64\wshbth.dll [36352] (Microsoft Corporation)

Catalog5 06 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [134512] (Microsoft Corporation)

Catalog5 07 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [134512] (Microsoft Corporation)

Catalog5 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)

Catalog5 09 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)

Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)

Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)

Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)

Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)

Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)

Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)

Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)

Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)

Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)

Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)

Catalog9 11 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)

x64-Catalog5 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"

x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)

x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)

x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)

x64-Catalog5 05 C:\Windows\System32\wshbth.dll [47104] (Microsoft Corporation)

x64-Catalog5 06 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [168304] (Microsoft Corporation)

x64-Catalog5 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [168304] (Microsoft Corporation)

x64-Catalog5 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

x64-Catalog5 09 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)

x64-Catalog9 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

x64-Catalog9 02 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

x64-Catalog9 03 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

x64-Catalog9 04 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

x64-Catalog9 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

x64-Catalog9 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

x64-Catalog9 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

x64-Catalog9 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

x64-Catalog9 11 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:

==================

Error: (06/02/2013 04:48:23 AM) (Source: SideBySide) (User: )

Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.

The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.

Error: (05/31/2013 05:14:57 PM) (Source: SideBySide) (User: )

Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.

The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.

Error: (05/30/2013 08:18:31 PM) (Source: SideBySide) (User: )

Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.

The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.

Error: (05/28/2013 04:02:29 PM) (Source: SideBySide) (User: )

Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.

The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.

Error: (05/27/2013 05:12:44 PM) (Source: SideBySide) (User: )

Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.

The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.

Error: (05/26/2013 07:01:38 PM) (Source: Windows Backup) (User: )

Description: The backup did not complete because of an error writing to the backup location F:\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006).

Error: (05/26/2013 11:57:23 AM) (Source: SideBySide) (User: )

Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.

The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.

Error: (05/25/2013 05:37:54 PM) (Source: Application Error) (User: )

Description: Faulting application name: DivXUpdate.exe, version: 1.0.6.1, time stamp: 0x4d879f41

Faulting module name: ole32.dll, version: 6.1.7601.17514, time stamp: 0x4ce7b96f

Exception code: 0xc0000005

Fault offset: 0x00039342

Faulting process id: 0x101c

Faulting application start time: 0xDivXUpdate.exe0

Faulting application path: DivXUpdate.exe1

Faulting module path: DivXUpdate.exe2

Report Id: DivXUpdate.exe3

Error: (05/24/2013 03:12:50 AM) (Source: SideBySide) (User: )

Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.

The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.

Error: (05/22/2013 09:03:16 PM) (Source: SideBySide) (User: )

Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.

The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.

System errors:

=============

Error: (06/02/2013 03:38:23 AM) (Source: Service Control Manager) (User: )

Description: The MpsSvc service failed to start due to the following error:

%%5

Error: (06/02/2013 03:37:48 AM) (Source: Service Control Manager) (User: )

Description: The MpsSvc service failed to start due to the following error:

%%5

Error: (06/02/2013 03:37:22 AM) (Source: Service Control Manager) (User: )

Description: The MpsSvc service failed to start due to the following error:

%%5

Error: (06/02/2013 03:37:12 AM) (Source: Service Control Manager) (User: )

Description: The MpsSvc service failed to start due to the following error:

%%5

Error: (06/02/2013 03:36:55 AM) (Source: Service Control Manager) (User: )

Description: The MpsSvc service failed to start due to the following error:

%%5

Error: (06/02/2013 02:37:01 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)

Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Windows Defender - KB915597 (Definition 1.151.1320.0).

Error: (06/02/2013 02:26:07 AM) (Source: Service Control Manager) (User: )

Description: The Google Update Service (gupdate) service failed to start due to the following error:

%%109

Error: (06/02/2013 02:26:07 AM) (Source: DCOM) (User: )

Description: 109gupdate/comsvc{4EB61BAC-A3B6-4760-9581-655041EF4D69}

Error: (06/01/2013 02:51:51 AM) (Source: Microsoft-Windows-HAL) (User: )

Description: The platform firmware has corrupted memory across the previous system power transition. Please check for updated firmware for your system.

Error: (06/01/2013 02:32:20 AM) (Source: Service Control Manager) (User: )

Description: The WinDefend service terminated with the following error:

%%126

Microsoft Office Sessions:

=========================

Error: (06/02/2013 04:48:23 AM) (Source: SideBySide)(User: )

Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3

Error: (05/31/2013 05:14:57 PM) (Source: SideBySide)(User: )

Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3

Error: (05/30/2013 08:18:31 PM) (Source: SideBySide)(User: )

Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3

Error: (05/28/2013 04:02:29 PM) (Source: SideBySide)(User: )

Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3

Error: (05/27/2013 05:12:44 PM) (Source: SideBySide)(User: )

Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3

Error: (05/26/2013 07:01:38 PM) (Source: Windows Backup)(User: )

Description: F:\The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006)

Error: (05/26/2013 11:57:23 AM) (Source: SideBySide)(User: )

Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3

Error: (05/25/2013 05:37:54 PM) (Source: Application Error)(User: )

Description: DivXUpdate.exe1.0.6.14d879f41ole32.dll6.1.7601.175144ce7b96fc000000500039342101c01ce57fa04eea4b9C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exeC:\Windows\syswow64\ole32.dll5af96ed8-c583-11e2-a9b6-00269ead8bd0

Error: (05/24/2013 03:12:50 AM) (Source: SideBySide)(User: )

Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3

Error: (05/22/2013 09:03:16 PM) (Source: SideBySide)(User: )

Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3

CodeIntegrity Errors:

===================================

Date: 2011-11-28 09:24:59.876

Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2011-11-28 09:24:59.844

Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

=========================== Installed Programs ============================

3100_3200_3300_Help (Version: 82.0.242.000)

3100_3200_3300trb (Version: 82.0.242.000)

3200 (Version: 130.0.421.000)

64 Bit HP CIO Components Installer (Version: 7.2.8)

Acrobat.com (Version: 1.6.65)

Adobe AIR (Version: 1.5.0.7220)

Adobe Flash Player 11 ActiveX (Version: 11.7.700.202)

Adobe Reader 9.5.5 MUI (Version: 9.5.5)

AIO_CDB_ProductContext (Version: 130.0.365.000)

AIO_CDB_Software (Version: 130.0.365.000)

AIO_Scan (Version: 130.0.421.000)

BitPim 1.0.7 (Version: 1.0.7)

BufferChm (Version: 130.0.331.000)

Choice Guard (Version: 1.2.87.0)

Cisco Connect (Version: 1.2.10104.2)

Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000)

Copy (Version: 130.0.428.000)

Corel Paint Shop Pro Photo X2 (Version: 12.50.0001)

Corel VideoStudio 12 (Version: 12.0.0.0000)

CPUID CPU-Z 1.56

CyberLink DVD Suite (Version: 6.0.3101)

Destinations (Version: 130.0.0.0)

DeviceDiscovery (Version: 130.0.465.000)

DigitalPersona Personal 4.11 (Version: 4.11.3826)

DIRECTV2PC (Version: 2.0.5717)

DivX Setup (Version: 2.6.1.24)

DocProc (Version: 13.0.0.0)

ENE CIR Receiver Driver (Version: 2.7.4.0)

Fax (Version: 130.0.418.000)

ffdshow v1.1.3562 [2010-09-07] (Version: 1.1.3562.0)

Google Earth Plug-in (Version: 7.0.3.8542)

Google Toolbar for Internet Explorer (Version: 1.0.0)

Google Toolbar for Internet Explorer (Version: 7.4.3607.2246)

Google Update Helper (Version: 1.3.21.145)

GPBaseService2 (Version: 130.0.371.000)

Hewlett-Packard ACLM.NET v1.1.0.0 (Version: 1.00.0000)

HP 3D DriveGuard (Version: 4.0.3.1)

HP Advisor (Version: 3.2.8946.3086)

HP Customer Participation Program 13.0 (Version: 13.0)

HP Deskjet 1000 J110 series Basic Device Software (Version: 22.50.231.0)

HP Deskjet 1000 J110 series Help (Version: 140.0.65.65)

HP Imaging Device Functions 13.0 (Version: 13.0)

HP Integrated Module with Bluetooth wireless technology (Version: 6.2.0.9600)

HP MediaSmart DVD (Version: 3.0.3123)

HP MediaSmart Internet TV (Version: 3.0.1916)

HP MediaSmart Live TV (Version: 3.0.1924)

HP MediaSmart Movie Themes (Version: 3.0.3102)

HP MediaSmart Music/Photo/Video (Version: 3.0.3123)

HP MediaSmart SlingPlayer (Version: 2.1.1.60)

HP MediaSmart SmartMenu (Version: 3.0.30.1)

HP MediaSmart Software Notebook Demo (Version: 1.00.0000)

HP MediaSmart Webcam (Version: 3.0.1913)

HP Photosmart Essential 3.5 (Version: 3.5)

HP Photosmart Officejet and Deskjet All-In-One Driver Software 13.0 Rel. B (Version: 13.0)

HP Product Detection (Version: 11.14.0001)

HP Product Detection (Version: 11.14.0004)

HP Quick Launch Buttons (Version: 6.50.3.1)

HP Setup (Version: 1.2.3220.3079)

HP Smart Web Printing 4.60 (Version: 4.60)

HP Solution Center 13.0 (Version: 13.0)

HP Support Assistant (Version: 4.2.8.3)

HP Tone Control (Version: 1.0.7)

HP Update (Version: 5.001.000.014)

HP User Guides 0143 (Version: 1.01.0003)

HP Wireless Assistant (Version: 3.50.9.1)

HPPhotoGadget (Version: 130.0.282.000)

HPPhotoSmartDiscLabelContent1 (Version: 2.04.0000)

HPPhotosmartEssential (Version: 2.04.0000)

HPProductAssistant (Version: 130.0.371.000)

HPSSupply (Version: 130.0.371.000)

IDT Audio (Version: 1.0.6225.0)

ImgBurn (Version: 2.5.0.0)

Intel® Matrix Storage Manager

Internet TV for Windows Media Center (Version: 4.2.2.0)

Java 7 Update 21 (Version: 7.0.210)

Java Auto Updater (Version: 2.1.9.5)

Java 6 Update 14 (64-bit) (Version: 6.0.140)

JMicron Flash Media Controller Driver (Version: 1.0.32.1)

Junk Mail filter update (Version: 14.0.8064.206)

LabelPrint (Version: 2.5.1913)

LG USB Modem driver

LightScribe System Software (Version: 1.18.10.2)

LightScribe Template Designs - 9 to 5 Pack 1 (Version: 1.15.0.0)

LightScribe Template Designs - Architecture Pack 1 (Version: 1.15.0.0)

LightScribe Template Designs - Business Pack 1 (Version: 1.10.16.1)

LightScribe Template Labeler (Version: 1.18.5.1)

Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)

MarketResearch (Version: 130.0.374.000)

Microsoft Application Error Reporting (Version: 12.0.6015.5000)

Microsoft Office Live Add-in 1.5 (Version: 2.0.4024.1)

Microsoft Office PowerPoint Viewer 2007 (English) (Version: 12.0.6612.1000)

Microsoft Office XP Professional with FrontPage (Version: 10.0.6626.0)

Microsoft Silverlight (Version: 5.1.20125.0)

Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (Version: 8.0.50727.4053)

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)

Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)

Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)

Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)

Microsoft Works (Version: 9.7.0621)

Mozilla Firefox 11.0 (x86 en-US) (Version: 11.0)

MSVCRT (Version: 14.0.1468.721)

MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)

MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)

Network64 (Version: 130.0.572.000)

Network64 (Version: 140.0.221.000)

NVIDIA Control Panel 285.62 (Version: 285.62)

NVIDIA Graphics Driver 285.62 (Version: 285.62)

NVIDIA HD Audio Driver 1.2.24.0 (Version: 1.2.24.0)

NVIDIA Install Application (Version: 2.1002.46.235)

NVIDIA PhysX (Version: 9.11.0621)

NVIDIA PhysX System Software 9.11.0621 (Version: 9.11.0621)

NVIDIA Update 1.5.20 (Version: 1.5.20)

NVIDIA Update Components (Version: 1.5.20)

OCR Software by I.R.I.S. 13.0 (Version: 13.0)

PhotoNow! (Version: 1.1.5615)

Power2Go (Version: 6.0.3101)

PowerDirector (Version: 7.0.3101)

PowerRecover (Version: 5.5.1923)

QLBCASL (Version: 6.40.17.2)

Realtek 8136 8168 8169 Ethernet Driver (Version: 1.00.0007)

Scan (Version: 13.0.0.0)

Search Toolbar (Version: 1.2)

Shop for HP Supplies (Version: 13.0)

SmartWebPrinting (Version: 140.0.186.000)

SolutionCenter (Version: 130.0.373.000)

SP45990 - Wallpaper Picture Position Enabler for Windows 7 (Version: 1.0.0)

Status (Version: 130.0.469.000)

Synaptics Pointing Device Driver (Version: 15.3.29.0)

System Requirements Lab

Toolbox (Version: 130.0.648.000)

TrayApp (Version: 130.0.422.000)

UniMoto 2.2.12 build 173

UnloadSupport (Version: 11.0.0)

Validity Sensors DDK (Version: 3.1.366)

VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0)

VideoStudio (Version: 12.0.0.0000)

Visual C++ 8.0 Runtime Setup Package (x64) (Version: 9.0.0.623)

WebReg (Version: 130.0.132.017)

Windows Live Communications Platform (Version: 14.0.8064.206)

Windows Live Essentials (Version: 14.0.8064.0206)

Windows Live Essentials (Version: 14.0.8064.206)

Windows Live ID Sign-in Assistant (Version: 6.500.3146.0)

Windows Live Mail (Version: 14.0.8064.0206)

Windows Live Upload Tool (Version: 14.0.8014.1029)

Windows Live Writer (Version: 14.0.8064.0206)

Windows Media Center Add-in for Flash (Version: 4.1.2.0)

Windows Media Center Add-in for Silverlight (Version: 4.7.3.0)

Windows Media Encoder 9 Series

Windows Media Encoder 9 Series (Version: 9.00.2980)

Yahoo! Toolbar

========================= Devices: ================================

Name: HP Integrated Module with Bluetooth 2.1 Wireless Technology

Description: HP Integrated Module with Bluetooth 2.1 Wireless Technology

Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}

Manufacturer: Broadcom

Service: BTHUSB

Problem: : This device is disabled. (Code 22)

Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Photosmart Plus B210 series

Description: Photosmart Plus B210 series

Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}

Manufacturer: HP

Service:

Problem: : This device is disabled. (Code 22)

Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

========================= Memory info: ===================================

Percentage of memory in use: 22%

Total physical RAM: 8182.89 MB

Available physical RAM: 6364.3 MB

Total Pagefile: 16363.96 MB

Available Pagefile: 14341.76 MB

Total Virtual: 4095.88 MB

Available Virtual: 3962.96 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:282.74 GB) (Free:188.67 GB) NTFS

2 Drive d: (RECOVERY) (Fixed) (Total:15.05 GB) (Free:2.47 GB) NTFS

4 Drive f: () (Removable) (Total:14.9 GB) (Free:14.83 GB) FAT32

========================= Users: ========================================

User accounts for \\NICK-LAPTOP

Administrator Guest Nick

temp UpdatusUser Yajaira

========================= Minidump Files ==================================

No minidump file found

**** End of log ****

AdvancedSetup · June 3, 2013

Since the computer either has or has had such an infection it might be best to run the following tool from Kaspersky.

Then depending on what if finds we'll move on to another tool. The infection may be gone at this point and could simply just be left over damage but this tool from Kaspersky should help us determine that.

Kaspersky Rescue Disk 10 Product Info

Kaspersky Rescue Disk 10 download

Here is a video demonstrating how to properly burn the ISO image file to CD so that it is bootable.

How to create the Kaspersky Rescue Disk 10 CD

Here is a FREE utility to properly burn the ISO image if needed.

ImgBurn

How to write an image file to a disc with ImgBurn

Further information on using Kaspersky Rescue Disk

How to Use the Kaspersky Rescue Disk to Clean Your Infected PC

nick20z71 · June 5, 2013

Working on burning the .iso image right now....will report in awhile after scanning...

nick20z71 · June 5, 2013

Ok...made the bootable CD. Ran it, it found 3 threats (HEUR:Exploit.Java.CVE-2012-1723.gen). When asked what to do with these it only had two options...Delete Archive and Skip (recommended). I chose Skip at first. Then went back and let it delete the archive. Is there a report I need to post?

AdvancedSetup · June 6, 2013

No, please go ahead and start the computer again in Normal Mode and try to run a Quick Scan with MBAM and post back the new log.

Then if you can try to run the following.

You can copy the file to a USB stick or CD to get it onto the computer if needed.

Please run the following scanner and send back the logs.

Download DDS from one of the locations below and save to your Desktop

dds.scr

dds.com

Temporarily disable any script blocker if your Anti-Virus/Anti-Malware has it.

How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Once downloaded you can disconnect from the Internet and disable your Ant-Virus temporarily if needed.

Then double click dds.scr or dds.com to run the tool.

Click the Run button if prompted with an Open File - Security Warning dialog box.

A black DOS console should open and run for a moment.

DDS.txt
Attach.txt

Save both reports to your desktop
Please include the following logs in your next reply: DDS.txt and Attach.txt
You can ignore the note about zipping the Attach.txt file in most cases.

Thanks

nick20z71 · June 7, 2013

MalwareBytes log...

Malwarebytes Anti-Malware 1.75.0.1300

www.malwarebytes.org

Database version: v2013.06.07.05

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 10.0.9200.16576

Nick :: NICK-LAPTOP [administrator]

6/7/2013 8:29:21 AM

mbam-log-2013-06-07 (08-29-21).txt

Scan type: Quick scan

Scan options disabled: P2P

Objects scanned: 294217

Time elapsed: 3 minute(s), 7 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

nick20z71 · June 7, 2013

DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 10.0.9200.16576 BrowserJavaVersion: 10.21.2

Run by Nick at 8:33:49 on 2013-06-07

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8183.5973 [GMT -4:00]

.

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\STacSV64.exe

C:\Windows\system32\Hpservice.exe

C:\Windows\system32\vcsFPService.exe

C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Program Files (x86)\DigitalPersona\Bin\DpHostW.exe

C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe

C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe

C:\Program Files (x86)\DirecTV\DirecTV\Kernel\DMP\CLDTVHNService.exe

C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt

C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe

C:\Windows\system32\taskhost.exe

C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\Dwm.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Windows\Explorer.EXE

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\svchost.exe -k HPService

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe

C:\Program Files (x86)\DigitalPersona\Bin\DpAgent.exe

C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE

C:\Windows\system32\taskeng.exe

c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe

C:\Program Files\DigitalPersona\Bin\DPAgent.exe

c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe

c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\TVAgent.exe

C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe

C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe

C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe

C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe

C:\Windows\system32\svchost.exe -k SDRSVC

C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe

C:\Program Files (x86)\DigitalPersona\Bin\DpAgent.exe

C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe

C:\Program Files\DigitalPersona\Bin\DPAgent.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE

C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe

C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe

C:\Windows\System32\WScript.exe

C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

C:\Windows\system32\LogonUI.exe

C:\Windows\System32\svchost.exe -k HPZ12

C:\Windows\system32\WUDFHost.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

dURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>

BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll

BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll

BHO: DigitalPersona Personal Extension: {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files (x86)\DigitalPersona\Bin\DpOtsPluginIe8.dll

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll

BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll

TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll

mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe

mRun: [DpAgent] C:\Program Files (x86)\DigitalPersona\Bin\dpagent.exe

mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe

mRun: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MICROS~1.LNK - C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE

uPolicies-Explorer: NoDrives = dword:0

mPolicies-Explorer: NoDrives = dword:0

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab

DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect119b.cab

DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: NameServer = 209.143.0.10 66.209.140.124

TCP: Interfaces\{A24119A2-3A96-43EB-B748-146FFD77C266} : DHCPNameServer = 209.143.0.10 66.209.140.124

TCP: Interfaces\{A24119A2-3A96-43EB-B748-146FFD77C266}\2456C6B696E6E253241453 : DHCPNameServer = 192.168.2.1

TCP: Interfaces\{A24119A2-3A96-43EB-B748-146FFD77C266}\B427573756 : DHCPNameServer = 209.143.0.10 66.209.140.124

TCP: Interfaces\{A24119A2-3A96-43EB-B748-146FFD77C266}\B42757375613 : DHCPNameServer = 192.168.2.1

mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"

x64-BHO: DigitalPersona Personal Extension: {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files\DigitalPersona\Bin\DpOtsPluginIe8.dll

x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll

x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll

x64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe

x64-Run: [smartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe /background

x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab

x64-DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab

x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\1xigwfwl.default\

FF - ExtSQL: !HIDDEN! 2010-01-04 14:58; smartwebprinting@hp.com; C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

FF - ExtSQL: !HIDDEN! 2011-05-15 17:49; otis@digitalpersona.com; C:\Program Files (x86)\DigitalPersona\Bin\FirefoxExt

.

============= SERVICES / DRIVERS ===============

.

R2 {55662437-DA8C-40c0-AADA-2C816A897A49};Power Control [2009/11/02 01:51:33];C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl [2009-11-2 146928]

R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe [2009-11-2 89600]

R2 CLDTVHNService;CLDTVHNService;C:\Program Files (x86)\DirecTV\DirecTV\Kernel\DMP\CLDTVHNService.exe [2009-9-17 75048]

R2 cpuz134;cpuz134;C:\Windows\System32\drivers\cpuz134_x64.sys [2010-11-26 21480]

R2 hpsrv;HP Service;C:\Windows\System32\hpservice.exe [2011-5-13 30520]

R2 ntk_dtv;ntk_dtv;C:\Program Files (x86)\DirecTV\DirecTV\Kernel\DMP\ntk_dtv_64.sys [2009-9-17 82416]

R2 vcsFPService;Validity VCS Fingerprint Service;C:\Windows\System32\vcsFPService.exe [2009-7-13 1924400]

R3 enecir;ENE CIR Receiver;C:\Windows\System32\drivers\enecir.sys [2009-6-29 70656]

R3 JMCR;JMCR;C:\Windows\System32\drivers\jmcr.sys [2009-7-20 140712]

R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\System32\drivers\NETw5s64.sys [2010-1-13 7675392]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-6-10 539240]

S3 btusbflt;Bluetooth USB Filter;C:\Windows\System32\drivers\btusbflt.sys [2010-4-14 54824]

S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2009-11-2 35104]

S3 Com4QLBEx;Com4QLBEx;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-8-15 228408]

S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\NETw5v64.sys [2009-11-2 5435904]

S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]

S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]

S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-6-17 59392]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-4-4 1255736]

S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-6-10 389120]

.

=============== Created Last 30 ================

.

2013-06-04 20:12:25 -------- d---a-w- C:\Kaspersky Rescue Disk 10.0

2013-05-30 00:23:26 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll

2013-05-23 00:14:58 983400 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys

2013-05-23 00:14:58 265064 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys

2013-05-23 00:14:58 144384 ----a-w- C:\Windows\System32\cdd.dll

2013-05-23 00:14:44 1930752 ----a-w- C:\Windows\System32\authui.dll

2013-05-23 00:14:43 70144 ----a-w- C:\Windows\System32\appinfo.dll

2013-05-23 00:14:43 1796096 ----a-w- C:\Windows\SysWow64\authui.dll

2013-05-23 00:14:43 111448 ----a-w- C:\Windows\System32\consent.exe

2013-05-23 00:14:29 3153920 ----a-w- C:\Windows\System32\win32k.sys

2013-05-11 11:39:03 -------- d--h--w- C:\Windows\AxInstSV

2013-05-10 20:22:06 9317456 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{23B4656B-8844-41C6-A2D8-DA7531006F8C}\mpengine.dll

.

==================== Find3M ====================

.

2013-05-14 22:03:00 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2013-05-14 22:03:00 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2013-05-08 00:34:58 952 --sha-w- C:\ProgramData\KGyGaAvL.sys

2013-05-02 06:06:08 278800 ------w- C:\Windows\System32\MpSigStub.exe

2013-04-12 14:45:08 1656680 ----a-w- C:\Windows\System32\drivers\ntfs.sys

2013-04-05 06:52:14 2242048 ----a-w- C:\Windows\System32\wininet.dll

2013-04-05 06:50:36 3958784 ----a-w- C:\Windows\System32\jscript9.dll

2013-04-05 06:50:31 67072 ----a-w- C:\Windows\System32\iesetup.dll

2013-04-05 06:50:31 136704 ----a-w- C:\Windows\System32\iesysprep.dll

2013-04-05 05:28:24 1767424 ----a-w- C:\Windows\SysWow64\wininet.dll

2013-04-05 05:26:26 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll

2013-04-05 05:26:21 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll

2013-04-05 05:26:21 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll

2013-04-05 04:43:00 2706432 ----a-w- C:\Windows\System32\mshtml.tlb

2013-04-05 04:29:45 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2013-04-05 03:51:11 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe

2013-04-05 03:38:25 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe

2013-04-04 18:50:32 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys

2013-03-30 11:09:25 9728 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll

2013-03-20 19:47:51 861088 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll

2013-03-20 19:47:51 782240 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2013-03-19 06:04:06 5550424 ----a-w- C:\Windows\System32\ntoskrnl.exe

2013-03-19 05:46:56 43520 ----a-w- C:\Windows\System32\csrsrv.dll

2013-03-19 05:04:13 3968856 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2013-03-19 05:04:10 3913560 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2013-03-19 04:47:50 6656 ----a-w- C:\Windows\SysWow64\apisetschema.dll

2013-03-19 03:06:33 112640 ----a-w- C:\Windows\System32\smss.exe

.

============= FINISH: 8:35:21.76 ===============

nick20z71 · June 7, 2013

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume1

Install Date: 12/14/2009 8:50:19 PM

System Uptime: 6/7/2013 1:51:13 AM (7 hours ago)

.

Motherboard: Quanta | | 7001

Processor: Intel® Core i7 CPU Q 720 @ 1.60GHz | CPU | 1325/1066mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 283 GiB total, 189.395 GiB free.

D: is FIXED (NTFS) - 15 GiB total, 2.467 GiB free.

E: is CDROM (CDFS)

G: is Removable

.

==== Disabled Device Manager Items =============

.

Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}

Description: Photosmart Plus B210 series

Device ID: ROOT\MULTIFUNCTION\0000

Manufacturer: HP

Name: Photosmart Plus B210 series

PNP Device ID: ROOT\MULTIFUNCTION\0000

Service:

.

==== System Restore Points ===================

.

RP314: 5/29/2013 5:11:27 PM - Windows Update

RP315: 5/29/2013 8:22:36 PM - Installed Java 7 Update 21

RP316: 5/31/2013 7:53:52 PM - Malwarebytes Anti-Rootkit Restore Point

RP317: 6/2/2013 2:36:33 AM - Windows Update

RP318: 6/5/2013 6:48:31 PM - Windows Update

.

==== Installed Programs ======================

.

3100_3200_3300_Help

3100_3200_3300trb

3200

64 Bit HP CIO Components Installer

Acrobat.com

Adobe AIR

Adobe Flash Player 11 ActiveX

Adobe Reader 9.5.5 MUI

AIO_CDB_ProductContext

AIO_CDB_Software

AIO_Scan

BitPim 1.0.7

BufferChm

Choice Guard

Cisco Connect

Compatibility Pack for the 2007 Office system

Copy

Corel Paint Shop Pro Photo X2

Corel VideoStudio 12

CPUID CPU-Z 1.56

CyberLink DVD Suite

Destinations

DeviceDiscovery

DigitalPersona Personal 4.11

DIRECTV2PC

DivX Setup

DocProc

ENE CIR Receiver Driver

Fax

ffdshow v1.1.3562 [2010-09-07]

Google Earth Plug-in

Google Toolbar for Internet Explorer

Google Update Helper

GPBaseService2

Hewlett-Packard ACLM.NET v1.1.0.0

HP 3D DriveGuard

HP Advisor

HP Customer Participation Program 13.0

HP Deskjet 1000 J110 series Basic Device Software

HP Deskjet 1000 J110 series Help

HP Imaging Device Functions 13.0

HP Integrated Module with Bluetooth wireless technology

HP MediaSmart DVD

HP MediaSmart Internet TV

HP MediaSmart Live TV

HP MediaSmart Movie Themes

HP MediaSmart Music/Photo/Video

HP MediaSmart SlingPlayer

HP MediaSmart SmartMenu

HP MediaSmart Software Notebook Demo

HP MediaSmart Webcam

HP Photosmart Essential 3.5

HP Photosmart Officejet and Deskjet All-In-One Driver Software 13.0 Rel. B

HP Product Detection

HP Quick Launch Buttons

HP Setup

HP Smart Web Printing 4.60

HP Solution Center 13.0

HP Support Assistant

HP Tone Control

HP Update

HP User Guides 0143

HP Wireless Assistant

HPPhotoGadget

HPPhotoSmartDiscLabelContent1

HPPhotosmartEssential

HPProductAssistant

HPSSupply

IDT Audio

ImgBurn

Intel® Matrix Storage Manager

Internet TV for Windows Media Center

Java 7 Update 21

Java Auto Updater

Java 6 Update 14 (64-bit)

JMicron Flash Media Controller Driver

Junk Mail filter update

LabelPrint

LG USB Modem driver

LightScribe System Software

LightScribe Template Designs - 9 to 5 Pack 1

LightScribe Template Designs - Architecture Pack 1

LightScribe Template Designs - Business Pack 1

LightScribe Template Labeler

Malwarebytes Anti-Malware version 1.75.0.1300

MarketResearch

Microsoft Application Error Reporting

Microsoft Office Live Add-in 1.5

Microsoft Office PowerPoint Viewer 2007 (English)

Microsoft Office XP Professional with FrontPage

Microsoft Silverlight

Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2005 Redistributable (x64)

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Works

Mozilla Firefox 11.0 (x86 en-US)

MSVCRT

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

Network64

NVIDIA Control Panel 285.62

NVIDIA Graphics Driver 285.62

NVIDIA HD Audio Driver 1.2.24.0

NVIDIA Install Application

NVIDIA PhysX

NVIDIA PhysX System Software 9.11.0621

NVIDIA Update 1.5.20

NVIDIA Update Components

OCR Software by I.R.I.S. 13.0

PhotoNow!

Power2Go

PowerDirector

PowerRecover

QLBCASL

Realtek 8136 8168 8169 Ethernet Driver

Scan

Search Toolbar

Shop for HP Supplies

SmartWebPrinting

SolutionCenter

SP45990 - Wallpaper Picture Position Enabler for Windows 7

Status

Synaptics Pointing Device Driver

System Requirements Lab

Toolbox

TrayApp

UniMoto 2.2.12 build 173

UnloadSupport

Validity Sensors DDK

VC80CRTRedist - 8.0.50727.6195

VideoStudio

Visual C++ 8.0 Runtime Setup Package (x64)

WebReg

Windows Live Communications Platform

Windows Live Essentials

Windows Live ID Sign-in Assistant

Windows Live Mail

Windows Live Upload Tool

Windows Live Writer

Windows Media Center Add-in for Flash

Windows Media Center Add-in for Silverlight

Windows Media Encoder 9 Series

Yahoo! Toolbar

.

==== Event Viewer Messages From Past Week ========

.

6/6/2013 7:50:34 PM, Error: Service Control Manager [7000] - The MpsSvc service failed to start due to the following error: Access is denied.

6/6/2013 5:39:05 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Windows Defender - KB915597 (Definition 1.151.1542.0).

6/5/2013 9:28:22 AM, Error: Microsoft-Windows-HAL [12] - The platform firmware has corrupted memory across the previous system power transition. Please check for updated firmware for your system.

6/5/2013 8:25:05 AM, Error: Service Control Manager [7023] - The WinDefend service terminated with the following error: Access is denied.

6/5/2013 8:22:44 AM, Error: Service Control Manager [7000] - The BFE service failed to start due to the following error: Access is denied.

6/5/2013 6:37:56 PM, Error: Service Control Manager [7034] - The Google Update Service (gupdate) service terminated unexpectedly. It has done this 1 time(s).

6/4/2013 8:07:59 PM, Error: Service Control Manager [7023] - The Server service terminated with the following error: The service has not been started.

6/3/2013 5:49:39 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Windows Defender - KB915597 (Definition 1.151.1320.0).

6/3/2013 12:55:59 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.

6/2/2013 2:26:07 AM, Error: Service Control Manager [7000] - The Google Update Service (gupdate) service failed to start due to the following error: The pipe has been ended.

6/2/2013 2:26:07 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "109" attempting to start the service gupdate with arguments "/comsvc" in order to run the server: {4EB61BAC-A3B6-4760-9581-655041EF4D69}

6/1/2013 2:32:20 AM, Error: Service Control Manager [7023] - The WinDefend service terminated with the following error: The specified module could not be found.

6/1/2013 2:27:33 AM, Error: Service Control Manager [7001] - The IKE and AuthIP IPsec Keying Modules service depends on the BFE service which failed to start because of the following error: Access is denied.

.

==== End Of File ===========================

nick20z71 · June 10, 2013

bump...

nick20z71 · June 12, 2013

bump...

AdvancedSetup · June 13, 2013

I'm sorry about that. The system did not seem to alert me that you had replied.

So are you able to now save and run other software now ?

Please uninstall ALL versions of Java from your computer. Then do the following.

In the folder where you saved MBAR there is another folder called Plugins and inside that folder is a file named: fixdamage.exe

Please right click over that file and choose Run as administrator

That will attempt to fix some of the damage that has been done. Then reboot the computer and run the MiniToolbox scanner again and post back that log.

nick20z71 · June 17, 2013

No, I am not able to download or save anything still...I am going to do what you instructed tonight/tomorrow and respond back with post logs tomorrow. Thanks...

nick20z71 · June 17, 2013

How do I remove all versions of JAVA from my computer? It seems like every time I have a problem, it is always coming from that...Why is this? Should I not be updating or downloading JAVA to the computer?

nick20z71 · June 17, 2013

ok...I went to control panel and opened up "programs and features" folder, right clicked on two versions of JAVA ( one from Sun Microsystems, and one from Oracle), Uninstalled both, rebooted. Ran Fixdamage.exe, rebooted, then ran mini toolbox and here is the log...

nick20z71 · June 17, 2013

MiniToolBox by Farbar Version:21-04-2013

Ran by Nick (administrator) on 16-06-2013 at 20:53:25

Running from "C:\Users\Nick\Desktop"

Windows 7 Home Premium Service Pack 1 (X64)

Boot Mode: Normal

***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.

No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================

"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

127.0.0.1 localhost

========================= IP Configuration: ================================

Intel® WiFi Link 5100 AGN = Wireless Network Connection (Connected)

Realtek PCIe GBE Family Controller = Local Area Connection (Media disconnected)

Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 2 (Media disconnected)

# ----------------------------------

# IPv4 Configuration

# ----------------------------------

pushd interface ipv4

reset

set global

popd

# End of IPv4 configuration

Windows IP Configuration

Host Name . . . . . . . . . . . . : Nick-Laptop

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Hybrid

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

Wireless LAN adapter Wireless Network Connection 2:

Media State . . . . . . . . . . . : Media disconnected

Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter

Physical Address. . . . . . . . . : 00-24-D6-49-C2-EB

DHCP Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Intel® WiFi Link 5100 AGN

Physical Address. . . . . . . . . : 00-24-D6-49-C2-EA

DHCP Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

Link-local IPv6 Address . . . . . : fe80::5177:2a41:2980:6ef3%11(Preferred)

IPv4 Address. . . . . . . . . . . : 192.168.1.102(Preferred)

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Lease Obtained. . . . . . . . . . : Sunday, June 16, 2013 8:45:51 PM

Lease Expires . . . . . . . . . . : Monday, June 17, 2013 8:45:55 PM

Default Gateway . . . . . . . . . : 192.168.1.1

DHCP Server . . . . . . . . . . . : 192.168.1.1

DHCPv6 IAID . . . . . . . . . . . : 301998843

DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-12-80-4E-D6-00-26-9E-AD-8B-D0

DNS Servers . . . . . . . . . . . : 209.143.0.10

66.209.140.124

NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected

Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller

Physical Address. . . . . . . . . : 00-26-9E-AD-8B-D0

DHCP Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{A24119A2-3A96-43EB-B748-146FFD77C266}:

Media State . . . . . . . . . . . : Media disconnected

Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Microsoft ISATAP Adapter

Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0

DHCP Enabled. . . . . . . . . . . : No

Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 11:

Media State . . . . . . . . . . . : Media disconnected

Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Microsoft 6to4 Adapter

Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0

DHCP Enabled. . . . . . . . . . . : No

Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 15:

Media State . . . . . . . . . . . : Media disconnected

Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface

Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0

DHCP Enabled. . . . . . . . . . . : No

Autoconfiguration Enabled . . . . : Yes

Server: primary.dns.bright.net

Address: 209.143.0.10

Name: google.com

Addresses: 2607:f8b0:4009:800::100e

173.194.46.33

173.194.46.34

173.194.46.35

173.194.46.36

173.194.46.37

173.194.46.38

173.194.46.39

173.194.46.40

173.194.46.41

173.194.46.46

173.194.46.32

Pinging google.com [173.194.46.35] with 32 bytes of data:

Reply from 173.194.46.35: bytes=32 time=73ms TTL=53

Ping statistics for 173.194.46.35:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 73ms, Maximum = 73ms, Average = 73ms

Server: primary.dns.bright.net

Address: 209.143.0.10

Name: yahoo.com

Addresses: 98.139.183.24

206.190.36.45

98.138.253.109

Pinging yahoo.com [98.138.253.109] with 32 bytes of data:

Reply from 98.138.253.109: bytes=32 time=85ms TTL=53

Reply from 98.138.253.109: bytes=32 time=88ms TTL=53

Ping statistics for 98.138.253.109:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 85ms, Maximum = 88ms, Average = 86ms

Pinging 127.0.0.1 with 32 bytes of data:

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================

Interface List

16...00 24 d6 49 c2 eb ......Microsoft Virtual WiFi Miniport Adapter

11...00 24 d6 49 c2 ea ......Intel® WiFi Link 5100 AGN

10...00 26 9e ad 8b d0 ......Realtek PCIe GBE Family Controller

1...........................Software Loopback Interface 1

24...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter

12...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter

21...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface

===========================================================================

IPv4 Route Table

===========================================================================

Active Routes:

Network Destination Netmask Gateway Interface Metric

0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.102 30

127.0.0.0 255.0.0.0 On-link 127.0.0.1 306

127.0.0.1 255.255.255.255 On-link 127.0.0.1 306

127.255.255.255 255.255.255.255 On-link 127.0.0.1 306

192.168.1.0 255.255.255.0 On-link 192.168.1.102 286

192.168.1.102 255.255.255.255 On-link 192.168.1.102 286

192.168.1.255 255.255.255.255 On-link 192.168.1.102 286

224.0.0.0 240.0.0.0 On-link 127.0.0.1 306

224.0.0.0 240.0.0.0 On-link 192.168.1.102 286

255.255.255.255 255.255.255.255 On-link 127.0.0.1 306

255.255.255.255 255.255.255.255 On-link 192.168.1.102 286