Jump to content

Malware Infection DDS File Logs


Recommended Posts

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16490
Run by Tiff-Den at 18:41:05 on 2013-06-21
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.4044.2807 [GMT -4:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\Explorer.EXE
C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Windows\system32\mfevtps.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar1.exe
C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar2.exe
C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.

mWinlogon: Userinit = userinit.exe
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
mRun: [HPQuickWebProxy] "C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe"
mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{60B0D51B-5A8E-445B-B8CA-C08A6C9530EC} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{631E7B7D-DD44-4C17-A0A4-126A9BD77285} : DHCPNameServer = 40.21.1.201 40.21.1.202
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1} - msiexec /fu {F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1} /qn
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-Run: [setDefault] C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe
x64-Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll
x64-Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
x64-mASetup: {6032497A-4479-462B-ADB8-A0A372BB9A23} - msiexec /fu {6032497A-4479-462B-ADB8-A0A372BB9A23} /qn
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\System32\drivers\mfehidk.sys [2013-2-19 771536]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\System32\drivers\mfewfpk.sys [2013-2-19 340216]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-9-9 86072]
R2 HPAuto;HP Auto;C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe [2011-2-17 682040]
R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-9-12 227896]
R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2011-7-11 26680]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-12-12 13592]
R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-12-12 2425960]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-6-20 418376]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-6-20 701512]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2013-6-19 201304]
R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2013-6-19 201304]
R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2013-6-19 201304]
R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2013-6-19 201304]
R2 McShield;McAfee McShield;C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2013-6-19 241456]
R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2013-6-19 218760]
R2 mfevtp;McAfee Validation Trust Protection Service;C:\Windows\System32\mfevtps.exe [2013-6-19 182752]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-12-12 2656280]
R3 cfwids;McAfee Inc. cfwids;C:\Windows\System32\drivers\cfwids.sys [2013-6-19 70112]
R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\System32\drivers\clwvd.sys [2010-7-28 31088]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2011-8-26 317440]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-6-20 25928]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\System32\drivers\mfeavfk.sys [2013-6-19 309840]
R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\System32\drivers\mfefirek.sys [2013-6-19 515968]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\System32\drivers\netr28x.sys [2011-12-12 1492992]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-12-12 565352]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 HipShieldK;McAfee Inc. HipShieldK;C:\Windows\System32\drivers\HipShieldK.sys [2013-6-19 196440]
S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\System32\drivers\mferkdet.sys [2013-6-19 106552]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\System32\drivers\RtsPStor.sys [2011-12-12 339048]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-6-20 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2013-06-20 16:55:28 -------- d-----w- C:\Users\Tiff-Den\AppData\Roaming\Malwarebytes
2013-06-20 16:55:14 -------- d-----w- C:\ProgramData\Malwarebytes
2013-06-20 16:55:12 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2013-06-20 16:55:12 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-06-20 16:54:42 -------- d-----w- C:\Users\Tiff-Den\AppData\Local\Programs
2013-06-20 16:00:02 -------- d-----w- C:\Windows\SysWow64\Wat
2013-06-20 16:00:01 -------- d-----w- C:\Windows\System32\Wat
2013-06-20 12:01:11 9728 ----a-w- C:\Windows\System32\Wdfres.dll
2013-06-20 12:01:11 785512 ----a-w- C:\Windows\System32\drivers\Wdf01000.sys
2013-06-20 12:01:11 54376 ----a-w- C:\Windows\System32\drivers\WdfLdr.sys
2013-06-20 12:01:11 2560 ----a-w- C:\Windows\System32\drivers\en-US\wdf01000.sys.mui
2013-06-20 11:50:40 46080 ----a-w- C:\Windows\System32\atmlib.dll
2013-06-20 11:50:40 367616 ----a-w- C:\Windows\System32\atmfd.dll
2013-06-20 11:50:40 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2013-06-20 11:50:40 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll
2013-06-20 11:49:54 87040 ----a-w- C:\Windows\System32\drivers\WUDFPf.sys
2013-06-20 11:49:54 84992 ----a-w- C:\Windows\System32\WUDFSvc.dll
2013-06-20 11:49:54 45056 ----a-w- C:\Windows\System32\WUDFCoinstaller.dll
2013-06-20 11:49:54 229888 ----a-w- C:\Windows\System32\WUDFHost.exe
2013-06-20 11:49:54 198656 ----a-w- C:\Windows\System32\drivers\WUDFRd.sys
2013-06-20 11:49:54 194048 ----a-w- C:\Windows\System32\WUDFPlatform.dll
2013-06-20 11:49:53 744448 ----a-w- C:\Windows\System32\WUDFx.dll
2013-06-20 11:48:06 81408 ----a-w- C:\Windows\System32\imagehlp.dll
2013-06-20 11:48:06 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2013-06-20 11:48:06 5120 ----a-w- C:\Windows\System32\wmi.dll
2013-06-20 11:48:06 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2013-06-20 11:48:06 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2013-06-20 11:13:46 -------- d-----w- C:\Users\Tiff-Den\AppData\Local\Google
2013-06-20 11:13:39 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-06-20 11:12:45 -------- d-----w- C:\Users\Tiff-Den\AppData\Local\Adobe
2013-06-20 11:10:08 956928 ----a-w- C:\Windows\System32\localspl.dll
2013-06-20 11:09:41 983912 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2013-06-20 11:09:40 265064 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys
2013-06-20 11:09:39 1544704 ----a-w- C:\Windows\System32\DWrite.dll
2013-06-20 11:09:39 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
2013-06-20 11:09:31 3717632 ----a-w- C:\Windows\System32\mstscax.dll
2013-06-20 11:09:31 3217408 ----a-w- C:\Windows\SysWow64\mstscax.dll
2013-06-20 11:09:31 158720 ----a-w- C:\Windows\System32\aaclient.dll
2013-06-20 11:09:31 131584 ----a-w- C:\Windows\SysWow64\aaclient.dll
2013-06-20 11:09:30 44032 ----a-w- C:\Windows\System32\tsgqec.dll
2013-06-20 11:09:30 36864 ----a-w- C:\Windows\SysWow64\tsgqec.dll
2013-06-20 11:09:14 886784 ----a-w- C:\Program Files\Common Files\System\wab32.dll
2013-06-20 11:09:14 708608 ----a-w- C:\Program Files (x86)\Common Files\System\wab32.dll
2013-06-20 11:08:50 55296 ----a-w- C:\Windows\System32\dhcpcsvc6.dll
2013-06-20 11:08:50 44032 ----a-w- C:\Windows\SysWow64\dhcpcsvc6.dll
2013-06-20 11:08:50 226816 ----a-w- C:\Windows\System32\dhcpcore6.dll
2013-06-20 11:08:50 193536 ----a-w- C:\Windows\SysWow64\dhcpcore6.dll
2013-06-20 11:08:40 142336 ----a-w- C:\Windows\System32\poqexec.exe
2013-06-20 11:08:40 123904 ----a-w- C:\Windows\SysWow64\poqexec.exe
2013-06-20 11:08:38 288088 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
2013-06-20 11:08:38 1910632 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-06-20 11:08:19 2048 ----a-w- C:\Windows\System32\tzres.dll
2013-06-20 11:08:18 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2013-06-20 11:06:42 950128 ----a-w- C:\Windows\System32\drivers\ndis.sys
2013-06-20 11:04:49 220160 ----a-w- C:\Windows\System32\wintrust.dll
2013-06-20 11:04:49 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2013-06-20 11:04:39 215040 ----a-w- C:\Windows\System32\winsrv.dll
2013-06-20 11:04:39 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2013-06-20 11:04:38 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2013-06-20 11:04:38 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2013-06-20 11:04:38 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2013-06-20 11:04:32 2048 ----a-w- C:\Windows\SysWow64\user.exe
2013-06-20 11:04:25 245760 ----a-w- C:\Windows\System32\OxpsConverter.exe
2013-06-20 11:02:33 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2013-06-20 11:01:26 498688 ----a-w- C:\Windows\System32\drivers\afd.sys
2013-06-20 11:01:23 75120 ----a-w- C:\Windows\System32\drivers\partmgr.sys
2013-06-20 10:59:41 95744 ----a-w- C:\Windows\System32\synceng.dll
2013-06-20 10:59:41 78336 ----a-w- C:\Windows\SysWow64\synceng.dll
2013-06-20 10:59:40 751104 ----a-w- C:\Windows\System32\win32spl.dll
2013-06-20 10:59:40 492544 ----a-w- C:\Windows\SysWow64\win32spl.dll
2013-06-20 10:59:26 68608 ----a-w- C:\Windows\System32\taskhost.exe
2013-06-20 10:59:25 223752 ----a-w- C:\Windows\System32\drivers\fvevol.sys
2013-06-20 10:59:23 59392 ----a-w- C:\Windows\System32\browcli.dll
2013-06-20 10:59:23 136704 ----a-w- C:\Windows\System32\browser.dll
2013-06-20 10:59:22 41984 ----a-w- C:\Windows\SysWow64\browcli.dll
2013-06-20 10:59:11 30720 ----a-w- C:\Windows\System32\cryptdlg.dll
2013-06-20 10:59:11 24576 ----a-w- C:\Windows\SysWow64\cryptdlg.dll
2013-06-20 10:57:59 57344 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msador15.dll
2013-06-20 10:57:59 352256 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msadomd.dll
2013-06-20 10:57:58 61440 ----a-w- C:\Program Files\Common Files\System\ado\msador15.dll
2013-06-20 10:57:58 372736 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msadox.dll
2013-06-20 10:57:58 212992 ----a-w- C:\Program Files (x86)\Common Files\System\msadc\msadco.dll
2013-06-20 10:57:58 143360 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msjro.dll
2013-06-20 10:57:58 1133568 ----a-w- C:\Windows\System32\cdosys.dll
2013-06-20 10:57:38 1731920 ----a-w- C:\Windows\System32\ntdll.dll
2013-06-20 10:57:38 1292080 ----a-w- C:\Windows\SysWow64\ntdll.dll
2013-06-20 10:57:34 67072 ----a-w- C:\Windows\splwow64.exe
2013-06-20 10:57:34 559104 ----a-w- C:\Windows\System32\spoolsv.exe
2013-06-20 10:57:30 77312 ----a-w- C:\Windows\System32\packager.dll
2013-06-20 10:57:30 67072 ----a-w- C:\Windows\SysWow64\packager.dll
2013-06-20 01:00:31 425345024 ----a-w- C:\ProgramData\Microsoft\OEMOffice14\Office14\Updates\OFFICESUITEWWSP1-X-NONE.MSP
2013-06-20 00:28:01 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2013-06-20 00:28:01 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2013-06-20 00:28:01 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2013-06-19 23:44:48 196440 ----a-w- C:\Windows\System32\drivers\HipShieldK.sys
2013-06-19 23:44:10 -------- d-----w- C:\Program Files (x86)\McAfee.com
2013-06-19 23:44:04 10728 ----a-w- C:\Windows\System32\drivers\mfeclnk.sys
2013-06-19 23:44:04 -------- d-----w- C:\Program Files (x86)\Common Files\McAfee
2013-06-19 23:44:02 70112 ----a-w- C:\Windows\System32\drivers\cfwids.sys
2013-06-19 23:44:02 515968 ----a-w- C:\Windows\System32\drivers\mfefirek.sys
2013-06-19 23:44:02 309840 ----a-w- C:\Windows\System32\drivers\mfeavfk.sys
2013-06-19 23:44:02 106552 ----a-w- C:\Windows\System32\drivers\mferkdet.sys
2013-06-19 23:43:30 -------- d-----w- C:\Program Files\Common Files\McAfee
2013-06-19 23:43:23 -------- d-----w- C:\Program Files\McAfee.com
2013-06-19 23:43:23 -------- d-----w- C:\Program Files\McAfee
2013-06-19 23:43:20 -------- d-----w- C:\Program Files (x86)\McAfee
2013-06-19 23:31:08 182752 ----a-w- C:\Windows\System32\mfevtps.exe
2013-06-19 22:43:29 -------- d-----w- C:\Users\Tiff-Den\AppData\Local\CrashDumps
2013-06-19 22:34:04 -------- d-----w- C:\Users\Tiff-Den\AppData\Roaming\Synaptics
2013-06-19 22:32:11 -------- d-----w- C:\Users\Tiff-Den\AppData\Roaming\hpqlog
2013-06-19 22:32:09 -------- d-----w- C:\Users\Tiff-Den\AppData\Local\Hewlett-Packard
2013-06-19 21:26:04 -------- d-----w- C:\Users\Tiff-Den\AppData\Local\RemEngine
2013-06-19 21:26:01 -------- d-----w- C:\Users\Tiff-Den\AppData\Local\Hewlett-Packard_Company
2013-06-19 21:23:05 -------- d-----w- C:\Users\Tiff-Den\AppData\Local\VirtualStore
2013-06-19 21:23:04 2622464 ----a-w- C:\Windows\System32\wucltux.dll
.
==================== Find3M  ====================
.
2013-06-20 11:13:39 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-17 03:09:56 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2013-05-17 03:02:29 1392128 ----a-w- C:\Windows\System32\wininet.dll
2013-05-17 03:01:13 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2013-05-17 02:56:09 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2013-05-17 02:56:00 599040 ----a-w- C:\Windows\System32\vbscript.dll
2013-05-17 02:51:27 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2013-05-16 22:39:39 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-05-16 22:28:26 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-05-16 22:27:30 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2013-05-16 22:21:37 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2013-05-16 22:20:30 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2013-05-16 22:16:57 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-05-13 05:51:01 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2013-05-13 05:51:00 1464320 ----a-w- C:\Windows\System32\crypt32.dll
2013-05-13 05:51:00 139776 ----a-w- C:\Windows\System32\cryptnet.dll
2013-05-13 05:50:40 52224 ----a-w- C:\Windows\System32\certenc.dll
2013-05-13 04:45:55 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2013-05-13 04:45:55 1160192 ----a-w- C:\Windows\SysWow64\crypt32.dll
2013-05-13 04:45:55 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2013-05-13 03:43:55 1192448 ----a-w- C:\Windows\System32\certutil.exe
2013-05-13 03:08:10 903168 ----a-w- C:\Windows\SysWow64\certutil.exe
2013-05-13 03:08:06 43008 ----a-w- C:\Windows\SysWow64\certenc.dll
2013-04-13 05:49:23 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49:19 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49:19 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49:19 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45:16 474624 ----a-w- C:\Windows\apppatch\AcSpecfc.dll
2013-04-13 04:45:15 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll
2013-04-12 14:45:08 1656680 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2013-04-10 03:30:50 3153920 ----a-w- C:\Windows\System32\win32k.sys
.
============= FINISH: 18:42:20.51 ===============

 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 6/19/2013 5:22:19 PM
System Uptime: 6/21/2013 5:42:01 PM (1 hours ago)
.
Motherboard: Hewlett-Packard |  | 166D
Processor: Intel® Pentium® CPU B950 @ 2.10GHz | CPU1 | 987/1333mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 274 GiB total, 236.788 GiB free.
D: is FIXED (NTFS) - 20 GiB total, 2.129 GiB free.
E: is FIXED (FAT32) - 4 GiB total, 1.078 GiB free.
F: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP3: 6/19/2013 8:28:08 PM - Windows Update
RP4: 6/20/2013 7:45:08 AM - Windows Update
RP5: 6/21/2013 10:44:53 AM - Windows Update
RP6: 6/21/2013 10:57:48 AM - OTL Restore Point - 6/21/2013 10:57:47 AM
.
==== Installed Programs ======================
.
Adobe Flash Player 11 ActiveX
Adobe Reader X (10.1.0) MUI
Adobe Shockwave Player 11.6
Bejeweled 3
Blackhawk Striker 2
Blio
Chuzzle Deluxe
Cradle of Rome 2
CyberLink YouCam
D3DX10
Dora's World Adventure
ESU for Microsoft Windows 7 SP1
Evernote v. 4.2.3
Farm Frenzy
Farmscapes
FATE
Final Drive Fury
Hewlett-Packard ACLM.NET v1.1.2.0
Hoyle Card Games
HP Application Assistant
HP Auto
HP Client Services
HP Customer Experience Enhancements
HP Documentation
HP Games
HP Launch Box
HP MovieStore
HP On Screen Display
HP Power Manager
HP Quick Launch
HP QuickWeb
HP Recovery Manager
HP Security Assistant
HP Setup
HP Setup Manager
HP Software Framework
HP Support Assistant
IDT Audio
Intel® Control Center
Intel® Management Engine Components
Intel® Processor Graphics
Intel® Rapid Storage Technology
Jewel Match 3
Jewel Quest Mysteries: The Seventh Gate Collector's Edition
John Deere Drive Green
Junk Mail filter update
Letters from Nowhere 2
Luxor HD
Mah Jong Medley
Malwarebytes Anti-Malware version 1.75.0.1300
McAfee SecurityCenter
Mesh Runtime
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Office 2010
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft WSE 3.0 Runtime
MSVCRT
MSVCRT_amd64
opensource
Penguins!
Plants vs. Zombies - Game of the Year
PlayReady PC Runtime x86
Poker Superstars III
Polar Bowler
Polar Golfer
Ralink RT5390 802.11b/g/n WiFi Adapter
Realtek Ethernet Controller Driver
Realtek PCIE Card Reader
RollerCoaster Tycoon 3: Platinum
Shared C Run-time for x64
Skype™ 5.5
swMSM
Synaptics TouchPad Driver
The Treasures of Mystery Island: The Ghost Ship
Torchlight
Update Installer for WildTangent Games App
Virtual Villagers 4 - The Tree of Life
WildTangent Games App (HP Games)
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Zuma's Revenge
.
==== Event Viewer Messages From Past Week ========
.
6/21/2013 5:43:00 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001]  - The computer has rebooted from a bugcheck.  The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffffa80076b93ef, 0x0000000000000000, 0x000007fffffa003c). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 062113-49514-01.
6/21/2013 12:04:16 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001]  - The computer has rebooted from a bugcheck.  The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff80003107d35, 0x0000000000000000, 0xffffffffffffffff). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 062113-38313-01.
6/21/2013 10:41:23 AM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the HPWMISVC service.
6/20/2013 8:05:37 AM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Microsoft XML Core Services 4.0 Service Pack 2 for x64-based Systems (KB973688).
6/20/2013 7:59:11 AM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft XML Core Services 4.0 Service Pack 2 for x64-based Systems (KB954430).
6/20/2013 2:53:44 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Wlansvc service.
6/20/2013 12:15:03 PM, Error: Service Control Manager [7032]  - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error:  An instance of the service is already running.
6/20/2013 12:15:03 PM, Error: Service Control Manager [7032]  - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Multimedia Class Scheduler service, but this action failed with the following error:  An instance of the service is already running.
6/20/2013 12:15:03 PM, Error: Service Control Manager [7032]  - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the IKE and AuthIP IPsec Keying Modules service, but this action failed with the following error:  An instance of the service is already running.
6/20/2013 12:15:03 PM, Error: Service Control Manager [7032]  - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Computer Browser service, but this action failed with the following error:  An instance of the service is already running.
6/20/2013 12:12:03 PM, Error: Service Control Manager [7032]  - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Server service, but this action failed with the following error:  An instance of the service is already running.
6/20/2013 12:11:03 PM, Error: Service Control Manager [7032]  - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Application Experience service, but this action failed with the following error:  An instance of the service is already running.
6/20/2013 12:10:03 PM, Error: Service Control Manager [7034]  - The Windows Update service terminated unexpectedly.  It has done this 2 time(s).
6/20/2013 12:10:03 PM, Error: Service Control Manager [7031]  - The Windows Management Instrumentation service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 300000 milliseconds: Restart the service.
6/20/2013 12:10:03 PM, Error: Service Control Manager [7031]  - The Themes service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
6/20/2013 12:10:03 PM, Error: Service Control Manager [7031]  - The Task Scheduler service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
6/20/2013 12:10:03 PM, Error: Service Control Manager [7031]  - The Shell Hardware Detection service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
6/20/2013 12:10:03 PM, Error: Service Control Manager [7031]  - The Server service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
6/20/2013 12:10:03 PM, Error: Service Control Manager [7031]  - The Multimedia Class Scheduler service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 300000 milliseconds: Restart the service.
6/20/2013 12:10:03 PM, Error: Service Control Manager [7031]  - The IKE and AuthIP IPsec Keying Modules service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 300000 milliseconds: Restart the service.
6/20/2013 12:10:03 PM, Error: Service Control Manager [7031]  - The Computer Browser service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 300000 milliseconds: Restart the service.
6/20/2013 12:10:03 PM, Error: Service Control Manager [7031]  - The Application Experience service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
6/20/2013 12:08:20 PM, Error: Service Control Manager [7034]  - The Application Information service terminated unexpectedly.  It has done this 1 time(s).
6/20/2013 12:08:20 PM, Error: Service Control Manager [7031]  - The Windows Update service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
6/20/2013 12:08:20 PM, Error: Service Control Manager [7031]  - The Windows Management Instrumentation service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
6/20/2013 12:08:20 PM, Error: Service Control Manager [7031]  - The User Profile Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
6/20/2013 12:08:20 PM, Error: Service Control Manager [7031]  - The Themes service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
6/20/2013 12:08:20 PM, Error: Service Control Manager [7031]  - The Task Scheduler service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
6/20/2013 12:08:20 PM, Error: Service Control Manager [7031]  - The System Event Notification Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
6/20/2013 12:08:20 PM, Error: Service Control Manager [7031]  - The Shell Hardware Detection service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
6/20/2013 12:08:20 PM, Error: Service Control Manager [7031]  - The Server service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
6/20/2013 12:08:20 PM, Error: Service Control Manager [7031]  - The Multimedia Class Scheduler service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
6/20/2013 12:08:20 PM, Error: Service Control Manager [7031]  - The IP Helper service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
6/20/2013 12:08:20 PM, Error: Service Control Manager [7031]  - The IKE and AuthIP IPsec Keying Modules service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
6/20/2013 12:08:20 PM, Error: Service Control Manager [7031]  - The Group Policy Client service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
6/20/2013 12:08:20 PM, Error: Service Control Manager [7031]  - The Extensible Authentication Protocol service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
6/20/2013 12:08:20 PM, Error: Service Control Manager [7031]  - The Computer Browser service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
6/20/2013 12:08:20 PM, Error: Service Control Manager [7031]  - The Application Experience service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
6/20/2013 12:05:24 PM, Error: Service Control Manager [7023]  -
6/20/2013 12:01:08 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Intel® Rapid Storage Technology service to connect.
6/20/2013 12:01:08 PM, Error: Service Control Manager [7000]  - The Intel® Rapid Storage Technology service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
6/20/2013 12:01:06 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the HP Support Assistant Service service to connect.
6/20/2013 12:01:06 PM, Error: Service Control Manager [7000]  - The HP Support Assistant Service service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
6/20/2013 12:00:53 PM, Error: Service Control Manager [7031]  - The Print Spooler service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
6/19/2013 9:33:38 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001]  - The computer has rebooted from a bugcheck.  The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffffa800721c3ef, 0x0000000000000000, 0x000007fffffa003c). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 061913-42884-01.
6/19/2013 9:12:42 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the HPAuto service.
6/19/2013 8:15:38 PM, Error: Service Control Manager [7000]  - The Application Experience service failed to start due to the following error:  The client of a component requested an operation which is not valid given the state of the component instance.
6/19/2013 6:55:05 PM, Error: Service Control Manager [7034]  - The Server service terminated unexpectedly.  It has done this 6 time(s).
6/19/2013 6:55:05 PM, Error: Service Control Manager [7034]  - The Computer Browser service terminated unexpectedly.  It has done this 4 time(s).
6/19/2013 6:55:05 PM, Error: Service Control Manager [7034]  - The Application Experience service terminated unexpectedly.  It has done this 4 time(s).
6/19/2013 6:50:28 PM, Error: Service Control Manager [7034]  - The Server service terminated unexpectedly.  It has done this 5 time(s).
6/19/2013 6:50:28 PM, Error: Service Control Manager [7034]  - The Computer Browser service terminated unexpectedly.  It has done this 3 time(s).
6/19/2013 6:46:44 PM, Error: Service Control Manager [7034]  - The Server service terminated unexpectedly.  It has done this 4 time(s).
6/19/2013 6:43:26 PM, Error: Service Control Manager [7034]  - The Windows Management Instrumentation service terminated unexpectedly.  It has done this 3 time(s).
6/19/2013 6:43:26 PM, Error: Service Control Manager [7034]  - The User Profile Service service terminated unexpectedly.  It has done this 3 time(s).
6/19/2013 6:43:26 PM, Error: Service Control Manager [7034]  - The Themes service terminated unexpectedly.  It has done this 3 time(s).
6/19/2013 6:43:26 PM, Error: Service Control Manager [7034]  - The Task Scheduler service terminated unexpectedly.  It has done this 3 time(s).
6/19/2013 6:43:26 PM, Error: Service Control Manager [7034]  - The System Event Notification Service service terminated unexpectedly.  It has done this 3 time(s).
6/19/2013 6:43:26 PM, Error: Service Control Manager [7034]  - The Server service terminated unexpectedly.  It has done this 3 time(s).
6/19/2013 6:43:26 PM, Error: Service Control Manager [7034]  - The IP Helper service terminated unexpectedly.  It has done this 3 time(s).
6/19/2013 6:43:26 PM, Error: Service Control Manager [7034]  - The IKE and AuthIP IPsec Keying Modules service terminated unexpectedly.  It has done this 3 time(s).
6/19/2013 6:43:26 PM, Error: Service Control Manager [7034]  - The Group Policy Client service terminated unexpectedly.  It has done this 3 time(s).
6/19/2013 6:43:26 PM, Error: Service Control Manager [7034]  - The Extensible Authentication Protocol service terminated unexpectedly.  It has done this 3 time(s).
6/19/2013 6:43:26 PM, Error: Service Control Manager [7034]  - The Background Intelligent Transfer Service service terminated unexpectedly.  It has done this 3 time(s).
6/19/2013 6:43:26 PM, Error: Service Control Manager [7034]  - The Application Information service terminated unexpectedly.  It has done this 2 time(s).
6/19/2013 6:43:26 PM, Error: Service Control Manager [7034]  - The Application Experience service terminated unexpectedly.  It has done this 3 time(s).
6/19/2013 6:34:11 PM, Error: Service Control Manager [7034]  - The HPWMISVC service terminated unexpectedly.  It has done this 1 time(s).
6/19/2013 5:29:05 PM, Error: Service Control Manager [7031]  - The User Profile Service service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 300000 milliseconds: Restart the service.
6/19/2013 5:29:05 PM, Error: Service Control Manager [7031]  - The System Event Notification Service service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 300000 milliseconds: Restart the service.
6/19/2013 5:29:05 PM, Error: Service Control Manager [7031]  - The IP Helper service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 300000 milliseconds: Restart the service.
6/19/2013 5:29:05 PM, Error: Service Control Manager [7031]  - The Group Policy Client service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 300000 milliseconds: Restart the service.
6/19/2013 5:29:05 PM, Error: Service Control Manager [7031]  - The Extensible Authentication Protocol service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
6/19/2013 5:29:05 PM, Error: Service Control Manager [7031]  - The Background Intelligent Transfer Service service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
6/19/2013 5:25:46 PM, Error: Service Control Manager [7031]  - The Background Intelligent Transfer Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
.
==== End Of File ===========================

Thank you :)  Tiffany

dds.txt

attach.txt

Link to post
Share on other sites

  • Root Admin

I'm going to be out of town for most of the night but please go ahead and run the following and I'll check on you either later tonight or some time tomorrow.

 

 

STEP 01

Backup the Registry:

Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.

  • Please download ERUNT from one of the following links: Link1 | Link2 | Link3
  • ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.
  • Double click on erunt-setup.exe to Install ERUNT by following the prompts.
  • Start ERUNT either by double clicking on the desktop icon or choosing to start the program at the end of the setup process.
  • Choose a location for the backup.
    • Note: the default location is C:\Windows\ERDNT which is acceptable.

    [*]Make sure that at least the first two check boxes are selected. [*]Click on OK [*]Then click on YES to create the folder.



Note: if it is necessary to restore the registry, open the backup folder and start ERDNT.exe


STEP 02

Please download Malwarebytes Anti-Rootkit from HERE

  • Unzip the contents to a folder in a convenient location.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • When done, please post the two logs produced they will be in the MBAR folder... mbar-log.txt and system-log.txt



STEP 03

Please download Junkware Removal Tool to your desktop.
  • Shutdown your antivirus to avoid any conflicts.
  • Right click over JRT.exe and select Run as administrator on Windows Vista or Windows 7, double-click on XP.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next reply message
  • When completed make sure to re-enable your antivirus





STEP 04

Please download AdwCleaner by Xplode to your desktop.

  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • If prompted by the User Account Control click Yes to allow it to run.
  • Under Actions click on the Delete button.
  • Click OK on all prompts.
  • You will be prompted to restart your computer. A text file will open after the restart.
  • Please post the entire contents of that logfile to your next reply.
  • You can find the logfile at C:\AdwCleaner[s1].txt where the number in brackets indicates how often it was run.



STEP 05

button_eos.gif

Please go here to run the online antivirus scannner from ESET.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology

    [*]Click Scan [*]Wait for the scan to finish [*]If any threats were found, click the 'List of found threats' , then click Export to text file.... [*]Save it to your desktop, then please copy and paste that log as a reply to this topic.


 

Link to post
Share on other sites

  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.