Jump to content

Trojan.Zaccess HKLM\SYSTEM\CurrentControlSet\Services\gupdate... again


Sym7
 Share

Recommended Posts

Hey guys. I've recently cleaned my computer with the help of the amazing forum members and admins, but out of nowhere I seem to have caught another Trojan Zero access bug. Can someone please run me through the steps of removing it?

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
 
Database version: v2013.09.01.02
 
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16660
Bob Feng :: PETERFENG-PC [limited]
 
9/5/2013 8:45:00 PM
MBAM-log-2013-09-05 (20-54-21).txt
 
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 191995
Time elapsed: 6 minute(s), 1 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 1
HKLM\SYSTEM\CurrentControlSet\Services\‮etadpug (Trojan.Zaccess) -> No action taken.
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
(end)
Link to post
Share on other sites

DDS

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 

Internet Explorer: 10.0.9200.16660  BrowserJavaVersion: 10.25.2

Run by Peter Feng at 21:23:18 on 2013-09-05

Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.6071.2723 [GMT -7:00]

.

AV: AVG Anti-Virus Free *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

SP: AVG Anti-Virus Free *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Acer\Registration\GregHSRW.exe

C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe

C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe

C:\Windows\system32\taskhost.exe

C:\Program Files (x86)\AVG\AVG9\avgnsa.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

C:\Windows\system32\Dwm.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe

C:\Windows\Explorer.EXE

C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe

C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files (x86)\Sendori\sndappv2.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Acer\Acer Updater\UpdaterService.exe

C:\OEM\USBDECTION\USBS3S4Detection.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files (x86)\Sendori\SendoriSvc.exe

C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe

C:\Program Files (x86)\AVG\AVG9\avgemc.exe

C:\Program Files (x86)\AVG\AVG9\avgchsva.exe

C:\Program Files (x86)\AVG\AVG9\avgrsa.exe

C:\Program Files (x86)\AVG\AVG9\avgcsrva.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files (x86)\i-Funbox DevTeam\ifb_conn.exe

C:\Program Files (x86)\W3i\InstallIQUpdater\InstallIQUpdater.exe

C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

C:\Program Files (x86)\AVG\AVG9\avgtray.exe

C:\Program Files (x86)\Sendori\Sendori.Service.exe

C:\Program Files (x86)\Sendori\SendoriTray.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\AVG\AVG9\avgcsrvx.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files (x86)\Sendori\SendoriUp.exe

C:\Users\Bob Feng\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Bob Feng\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\System32\WUDFHost.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Users\Bob Feng\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Users\Bob Feng\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Bob Feng\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Bob Feng\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\AVG\AVG9\avgui.exe

C:\Program Files (x86)\AVG\AVG9\avgscana.exe

C:\Program Files (x86)\AVG\AVG9\avgcsrva.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.


uURLSearchHooks: YTNavAssistPlugin Class: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll

dURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>

BHO: MSS+ Identifier: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

BHO: BuzzSocialPoints_DNS_IE: {8BD7501A-5166-4036-BB01-5FC63C68EFEB} - C:\Program Files (x86)\BuzzSocialPoints_DNS_IE\ScriptHost.dll

BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll

TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

uRun: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe

uRun: [AVG-Secure-Search-Update_JUNE2013_TB] "C:\Program Files (x86)\AVG Secure Search\AVG-Secure-Search-Update_JUNE2013_TB.exe"  /PROMPT /CMPID=JUNE2013_TB

uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun

uRunOnce: [Report] \AdwCleaner\AdwCleaner[s0].txt

mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

mRun: [AVG9_TRAY] C:\PROGRA~2\AVG\AVG9\avgtray.exe

mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [sendori Tray] "C:\Program Files (x86)\Sendori\SendoriTray.exe"

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [VMM Mode Selection] C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

mRunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript

mRunOnce: [Malwarebytes Anti-Rootkit (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes' Anti-Malware (portable)\cleanup.dll",ProcessCleanupScript "C:\ProgramData\Malwarebytes' Anti-Malware (portable)"

mRunOnce: [ (A0)] cmd /c "C:\Users\Peter Feng\Desktop\mbar\mbar.exe" /rdv /s

dRunOnce: [sPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MICROS~1.LNK - C:\Program Files (x86)\Microsoft Office\Office\OSA9.EXE

uPolicies-Explorer: NoDrives = dword:0

mPolicies-Explorer: NoDrives = dword:0

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

TCP: NameServer = 192.168.1.1

TCP: Interfaces\{0B2E6D0B-F517-4659-B266-077FA53F474D} : DHCPNameServer = 192.168.1.1

TCP: Interfaces\{F118797A-7FB8-48E4-B6F4-6C641CC22348} : DHCPNameServer = 192.168.1.1

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgpp.dll

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

SSODL: WebCheck - <orphaned>

x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll

x64-BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg64.dll

x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll

x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s

x64-Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon

x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe

x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe

x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe

x64-RunOnce: [*WerKernelReporting] C:\Windows\System32\WerFault.exe -k -rq

x64-RunOnce: [NoIE4StubProcessing] C:\Windows\System32\reg.exe DELETE "HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components" /v "NoIE4StubProcessing" /f

x64-RunOnce: [MSPCLOCK] rundll32.exe streamci,StreamingDeviceSetup {97ebaacc-95bd-11d0-a3ea-00a0c9223196},{53172480-4791-11D0-A5D6-28DB04C10000},{53172480-4791-11D0-A5D6-28DB04C10000}

x64-RunOnce: [MSPQM] rundll32.exe streamci,StreamingDeviceSetup {DDF4358E-BB2C-11D0-A42F-00A0C9223196},{97EBAACB-95BD-11D0-A3EA-00A0C9223196},{97EBAACB-95BD-11D0-A3EA-00A0C9223196}

x64-RunOnce: [MSKSSRV] rundll32.exe streamci,StreamingDeviceSetup {96E080C7-143C-11D1-B40F-00A0C9223196},{3C0D501A-140B-11D1-B40F-00A0C9223196},{3C0D501A-140B-11D1-B40F-00A0C9223196}

x64-RunOnce: [MSTEE.CxTransform] rundll32.exe streamci,StreamingDeviceSetup {cfd669f1-9bc2-11d0-8299-0000f822fe8a},{CF1DDA2C-9743-11D0-A3EE-00A0C9223196},{CF1DDA2C-9743-11D0-A3EE-00A0C9223196},C:\Windows\inf\ksfilter.inf,MSTEE.Interface.Install

x64-RunOnce: [MSTEE.Splitter] rundll32.exe streamci,StreamingDeviceSetup {cfd669f1-9bc2-11d0-8299-0000f822fe8a},{0A4252A0-7E70-11D0-A5D6-28DB04C10000},{0A4252A0-7E70-11D0-A5D6-28DB04C10000},C:\Windows\inf\ksfilter.inf,MSTEE.Interface.Install

x64-RunOnce: [WDM_DRMKAUD] rundll32.exe streamci,StreamingDeviceSetup {EEC12DB6-AD9C-4168-8658-B03DAEF417FE},{ABD61E00-9350-47e2-A632-4438B90C6641},{FFBB6E3F-CCFE-4D84-90D9-421418B03A8E},C:\Windows\inf\WDMAUDIO.inf,WDM_DRMKAUD.Interface.Install

x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - <orphaned>

x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgppa.dll

x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll

x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>

x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>

x64-Notify: igfxcui - igfxdev.dll

x64-SSODL: WebCheck - <orphaned>

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Peter Feng\AppData\Roaming\Mozilla\Firefox\Profiles\t9p5z273.default\

FF - prefs.js: browser.search.selectedEngine - Mixi.DJ Search

.

============= SERVICES / DRIVERS ===============

.

R1 AvgLdx64;AVG Free AVI Loader Driver x64;C:\Windows\System32\drivers\avgldx64.sys [2010-12-16 282976]

R1 AvgMfx64;AVG Free On-access Scanner Minifilter Driver x64;C:\Windows\System32\drivers\avgmfx64.sys [2010-12-16 35664]

R1 AvgTdiA;AVG Free Network Redirector x64;C:\Windows\System32\drivers\avgtdia.sys [2010-12-16 317520]

R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2012-9-3 45856]

R1 mwlPSDFilter;mwlPSDFilter;C:\Windows\System32\drivers\mwlPSDFilter.sys [2009-6-2 22576]

R1 mwlPSDNServ;mwlPSDNServ;C:\Windows\System32\drivers\mwlPSDNserv.sys [2009-6-2 20016]

R1 mwlPSDVDisk;mwlPSDVDisk;C:\Windows\System32\drivers\mwlPSDVDisk.sys [2009-6-2 60464]

R2 Application Sendori;Application Sendori;C:\Program Files (x86)\Sendori\SendoriSvc.exe [2013-7-1 119072]

R2 avg9emc;AVG Free E-mail Scanner;C:\Program Files (x86)\AVG\AVG9\avgemc.exe [2010-12-16 921952]

R2 avg9wd;AVG Free WatchDog;C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe [2010-12-16 308136]

R2 Greg_Service;GRegService;C:\Program Files (x86)\Acer\Registration\GregHSRW.exe [2009-8-28 1150496]

R2 HTCMonitorService;HTCMonitorService;C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [2013-4-12 87368]

R2 IHA_MessageCenter;IHA_MessageCenter;C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [2011-12-12 346696]

R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-2-4 418376]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-2-4 701512]

R2 PassThru Service;Internet Pass-Through Service;C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2012-12-7 167424]

R2 Service Sendori;Service Sendori;C:\Program Files (x86)\Sendori\Sendori.Service.exe [2013-7-1 22304]

R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-8-14 3291008]

R2 sndappv2;sndappv2;C:\Program Files (x86)\Sendori\sndappv2.exe [2013-7-1 3623200]

R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-2-4 25928]

R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\System32\drivers\netr28x.sys [2010-4-6 712704]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-4-6 346144]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-4-6 13336]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-6-21 162408]

S3 AVG Security Toolbar Service;AVG Security Toolbar Service;C:\Program Files (x86)\AVG\AVG9\Toolbar\ToolbarBroker.exe [2011-5-9 167264]

S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2013-5-19 57840]

S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2013-2-5 1512448]

S3 Gun;Gun;C:\Game\SoftnyxGame\GunboundIS\Gun64.sys [2011-11-11 45176]

S3 HTCAND64;HTC Device Driver;C:\Windows\System32\drivers\ANDROIDUSB.sys [2009-11-2 33736]

S3 htcnprot;HTC NDIS Protocol Driver;C:\Windows\System32\drivers\htcnprot.sys [2012-12-7 36928]

S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [2013-2-5 235216]

S3 MWLService;MyWinLocker Service;C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [2010-2-1 305520]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-9-1 59392]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]

.

=============== Created Last 30 ================

.

2013-09-04 06:08:52 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll

2013-09-04 06:08:52 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll

2013-09-03 10:49:31 1643520 ----a-w- C:\Windows\System32\DWrite.dll

2013-09-03 10:49:30 1247744 ----a-w- C:\Windows\SysWow64\DWrite.dll

2013-09-03 07:42:35 9728 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll

2013-09-02 17:56:14 983400 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys

2013-09-02 17:56:14 265064 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys

2013-09-02 17:56:14 144384 ----a-w- C:\Windows\System32\cdd.dll

2013-09-02 17:56:05 55296 ----a-w- C:\Windows\System32\dhcpcsvc6.dll

2013-09-02 17:56:05 44032 ----a-w- C:\Windows\SysWow64\dhcpcsvc6.dll

2013-09-02 17:56:05 226816 ----a-w- C:\Windows\System32\dhcpcore6.dll

2013-09-02 17:56:05 193536 ----a-w- C:\Windows\SysWow64\dhcpcore6.dll

2013-09-02 17:56:02 1472512 ----a-w- C:\Windows\System32\crypt32.dll

2013-09-02 17:56:00 224256 ----a-w- C:\Windows\System32\wintrust.dll

2013-09-02 17:56:00 184320 ----a-w- C:\Windows\System32\cryptsvc.dll

2013-09-02 17:56:00 1166848 ----a-w- C:\Windows\SysWow64\crypt32.dll

2013-09-02 17:54:48 3153920 ----a-w- C:\Windows\System32\win32k.sys

2013-09-02 17:47:53 86528 ----a-w- C:\Windows\SysWow64\SearchFilterHost.exe

2013-09-02 07:34:55 9728 ----a-w- C:\Windows\System32\Wdfres.dll

2013-09-02 07:34:55 785512 ----a-w- C:\Windows\System32\drivers\Wdf01000.sys

2013-09-02 07:34:55 54376 ----a-w- C:\Windows\System32\drivers\WdfLdr.sys

2013-09-02 07:34:55 2560 ----a-w- C:\Windows\System32\drivers\en-US\wdf01000.sys.mui

2013-09-02 07:26:33 -------- d-----w- C:\Windows\System32\MRT

2013-09-02 07:10:30 -------- d-----w- C:\Windows\System32\SPReview

2013-09-02 07:09:54 -------- d-----w- C:\Windows\System32\EventProviders

2013-09-02 07:05:25 46080 ----a-w- C:\Windows\System32\atmlib.dll

2013-09-02 07:05:25 367616 ----a-w- C:\Windows\System32\atmfd.dll

2013-09-02 07:05:25 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll

2013-09-02 07:05:25 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll

2013-09-02 07:04:33 87040 ----a-w- C:\Windows\System32\drivers\WUDFPf.sys

2013-09-02 07:04:33 198656 ----a-w- C:\Windows\System32\drivers\WUDFRd.sys

2013-09-02 07:04:32 84992 ----a-w- C:\Windows\System32\WUDFSvc.dll

2013-09-02 07:04:32 744448 ----a-w- C:\Windows\System32\WUDFx.dll

2013-09-02 07:04:32 45056 ----a-w- C:\Windows\System32\WUDFCoinstaller.dll

2013-09-02 07:04:32 229888 ----a-w- C:\Windows\System32\WUDFHost.exe

2013-09-02 07:04:32 194048 ----a-w- C:\Windows\System32\WUDFPlatform.dll

2013-09-02 06:57:55 81408 ----a-w- C:\Windows\System32\imagehlp.dll

2013-09-02 06:57:55 5120 ----a-w- C:\Windows\SysWow64\wmi.dll

2013-09-02 06:57:55 5120 ----a-w- C:\Windows\System32\wmi.dll

2013-09-02 06:57:55 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys

2013-09-02 06:57:55 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll

2013-09-01 22:17:19 -------- d-----w- C:\ProgramData\McAfee Security Scan

2013-09-01 22:17:18 -------- d-----w- C:\Program Files (x86)\McAfee Security Scan

2013-09-01 22:15:27 -------- d-----w- C:\Users\Peter Feng\AppData\Local\Adobe

2013-09-01 21:06:44 -------- d-----w- C:\AdwCleaner

2013-09-01 20:48:54 -------- d-sh--w- C:\$RECYCLE.BIN

2013-09-01 20:48:50 -------- d-----w- C:\Users\Peter Feng\AppData\Local\temp

2013-09-01 19:12:59 488448 ----a-w- C:\Windows\System32\secproc.dll

2013-09-01 19:11:59 84992 ----a-w- C:\Windows\System32\Mcx2Svc.dll

2013-09-01 19:10:38 529408 ----a-w- C:\Windows\System32\wbemcomn.dll

2013-09-01 19:10:38 244736 ----a-w- C:\Program Files\Windows Portable Devices\sqmapi.dll

2013-09-01 19:10:38 1225216 ----a-w- C:\Windows\System32\wbem\wbemcore.dll

2013-09-01 19:10:37 524288 ----a-w- C:\Windows\System32\wmicmiplugin.dll

2013-09-01 19:10:35 244736 ----a-w- C:\Windows\System32\sqmapi.dll

2013-09-01 19:10:34 933376 ----a-w- C:\Windows\System32\SmiEngine.dll

2013-09-01 19:10:33 199168 ----a-w- C:\Windows\System32\PkgMgr.exe

2013-09-01 19:10:27 422912 ----a-w- C:\Windows\System32\drvstore.dll

2013-09-01 19:10:27 399872 ----a-w- C:\Windows\System32\dpx.dll

2013-09-01 18:55:58 509952 ----a-w- C:\Windows\System32\ntshrui.dll

2013-09-01 18:54:42 478208 ----a-w- C:\Windows\System32\dpnet.dll

2013-09-01 18:53:59 3216384 ----a-w- C:\Windows\System32\msi.dll

2013-09-01 18:52:58 5550424 ----a-w- C:\Windows\System32\ntoskrnl.exe

2013-09-01 18:47:59 77312 ----a-w- C:\Windows\System32\packager.dll

2013-09-01 18:47:59 67072 ----a-w- C:\Windows\SysWow64\packager.dll

2013-09-01 18:47:14 -------- d-----w- C:\mbar

2013-09-01 18:44:35 1031680 ----a-w- C:\Windows\System32\rdpcore.dll

2013-09-01 18:44:34 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll

2013-09-01 18:44:34 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys

2013-09-01 18:05:37 -------- d-----w- C:\ProgramData\Malwarebytes' Anti-Malware (portable)

2013-08-29 23:10:40 -------- d-sh--w- C:\Windows\System32\%APPDATA%

2013-08-29 01:33:31 -------- d-----w- C:\ProgramData\Motorola

2013-08-29 01:33:04 -------- d-----w- C:\Program Files (x86)\Spirent Communications

2013-08-29 01:32:26 -------- d-----w- C:\Users\Peter Feng\AppData\Local\Downloaded Installations

2013-08-29 01:32:24 -------- d-----w- C:\Program Files\HTC

2013-08-29 01:31:51 -------- d-----w- C:\Program Files (x86)\HTC

2013-08-29 01:31:09 -------- d-----w- C:\ProgramData\HTC

2013-08-29 01:31:00 -------- d-----w- C:\Temp

2013-08-14 18:11:04 4774272 ----a-w- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll

2013-08-14 18:11:04 4774272 ----a-w- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll

.

==================== Find3M  ====================

.

2013-09-03 07:42:35 9728 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll

2013-09-02 17:25:19 175616 ----a-w- C:\Windows\System32\msclmd.dll

2013-09-02 17:25:19 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll

2013-08-21 00:41:11 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2013-08-21 00:41:11 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2013-08-21 00:41:07 17737608 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe

2013-08-15 08:45:50 45856 ----a-w- C:\Windows\System32\drivers\avgtpx64.sys

2013-07-25 09:25:54 1888768 ----a-w- C:\Windows\System32\WMVDECOD.DLL

2013-07-25 08:57:27 1620992 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL

2013-07-19 01:58:42 2048 ----a-w- C:\Windows\System32\tzres.dll

2013-07-19 01:41:01 2048 ----a-w- C:\Windows\SysWow64\tzres.dll

2013-07-10 00:04:27 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll

2013-07-10 00:04:26 867240 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll

2013-07-10 00:04:26 789416 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2013-07-09 05:51:16 1217024 ----a-w- C:\Windows\System32\rpcrt4.dll

2013-07-09 05:46:20 139776 ----a-w- C:\Windows\System32\cryptnet.dll

2013-07-09 04:52:33 663552 ----a-w- C:\Windows\SysWow64\rpcrt4.dll

2013-07-09 04:52:10 175104 ----a-w- C:\Windows\SysWow64\wintrust.dll

2013-07-09 04:46:31 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll

2013-07-09 04:46:31 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll

2013-07-06 06:03:53 1910208 ----a-w- C:\Windows\System32\drivers\tcpip.sys

2013-07-01 19:28:10 325920 ----a-w- C:\Windows\SysWow64\Sendori.dll

2013-06-15 04:32:16 39936 ----a-w- C:\Windows\System32\drivers\tssecsrv.sys

.

============= FINISH: 21:33:07.04 ===============

 

 

ATTACH

 

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Home Premium 

Boot Device: \Device\HarddiskVolume2

Install Date: 12/16/2010 1:25:09 PM

System Uptime: 9/5/2013 8:55:26 PM (1 hours ago)

.

Motherboard: Acer |  | Aspire M5910

Processor: Intel® Core i5 CPU         650  @ 3.20GHz | CPU 1 | 1184/133mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 911 GiB total, 781.691 GiB free.

D: is CDROM (CDFS)

F: is Removable

G: is Removable

H: is Removable

I: is Removable

J: is Removable

.

==== Disabled Device Manager Items =============

.

Class GUID: {4d36e96f-e325-11ce-bfc1-08002be10318}

Description: Microsoft PS/2 Mouse

Device ID: ACPI\PNP0F03\4&DC382E&0

Manufacturer: Microsoft

Name: Microsoft PS/2 Mouse

PNP Device ID: ACPI\PNP0F03\4&DC382E&0

Service: i8042prt

.

==== System Restore Points ===================

.

RP147: 9/2/2013 12:10:24 AM - Windows 7 Service Pack 1

RP148: 9/3/2013 12:26:44 AM - Windows Update

RP149: 9/3/2013 6:29:36 AM - Windows Update

RP150: 9/4/2013 12:15:54 AM - Windows Update

.

==== Installed Programs ======================

.

7-Zip 9.20

ACDSee Pro

Acer Arcade Deluxe

Acer Arcade Movie

Acer eRecovery Management

Acer Game Console

Acer Games

Acer Registration

Acer ScreenSaver

Acer Updater

Acrobat.com

Adobe AIR

Adobe Flash Player 10 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader XI (11.0.03)

Advertising Center

Apple Application Support

Apple Mobile Device Support

Apple Software Update

AVG Free 9.0

Bejeweled 2 Deluxe

Blackhawk Striker 2

Bob the Builder Can-Do-Zoo

Bonjour

Build-a-lot 2

BuzzSocialPoints_DNS version 1.0

BuzzSocialPoints_DNS_IE

Canon MX310 series

Canon MX310 series User Registration

Canon My Printer

CCleaner

Combat Arms

Compatibility Pack for the 2007 Office system

D3DX10

Diablo III

Escape Rosecliff Island

eSobi v2

Faerie Solitaire

FATE - The Traitor Soul

Google Drive

Google Toolbar for Internet Explorer

Google Update Helper

Haali Media Splitter

Hotkey Utility

HTC Driver Installer

HTC Sync Manager

iCloud

Identity Card

IHA_MessageCenter

ImagXpress

InstallIQ Updater

Intel® Control Center

Intel® Graphics Media Accelerator Driver

Intel® Rapid Storage Technology

IPTInstaller

iTunes

Java 7 Update 25

Java Auto Updater

Jewel Quest Solitaire 3

Junk Mail filter update

League of Legends

Malwarebytes Anti-Malware version 1.75.0.1300

MapleStory

McAfee Security Scan Plus

MediaShow Espresso

Microsoft .NET Framework 4 Client Profile

Microsoft Application Error Reporting

Microsoft Office 2000 Professional

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319

Microsoft Works

MobileMe Control Panel

Monopoly

Movie Maker

Mozilla Firefox (3.6.15)

MSVCRT

MSVCRT_amd64

MSVCRT110

MSVCRT110_amd64

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

Mystery P.I. - Lost in Los Angeles

MyWinLocker

MyWinLocker Suite

Nero 9 Essentials

Nero ControlCenter

Nero DiscSpeed

Nero DiscSpeed Help

Nero DriveSpeed

Nero DriveSpeed Help

Nero Express Help

Nero InfoTool

Nero InfoTool Help

Nero Installer

Nero Online Upgrade

Nero StartSmart

Nero StartSmart Help

Nero StartSmart OEM

NeroExpress

neroxml

Nexon Game Manager

Pando Media Booster

PDFCreator

Penguins!

Photo Common

Photo Gallery

Plants vs. Zombies

Polar Bowler

Polar Golfer

QuickTime

Realtek Ethernet Controller Driver For Windows 7

Realtek High Definition Audio Driver

REALTEK Wireless LAN Driver

Safari

Scrabble Plus

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)

Sendori

Shredder

Skype Click to Call

Skype™ 6.6

The Price is Right

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Virtual Families

Virtual Villagers - A New Home

Visual C++ 8.0 Runtime Setup Package (x64)

Vz In-Home Agent

Vz In Home Agent

Welcome Center

Windows Live Communications Platform

Windows Live Essentials

Windows Live Family Safety

Windows Live ID Sign-in Assistant

Windows Live Installer

Windows Live Mail

Windows Live Messenger

Windows Live MIME IFilter

Windows Live Photo Common

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live Sync

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

WinRAR 4.20 (32-bit)

WModem Driver Installer

Yahoo! Toolbar

Yahtzee

Zuma Deluxe

.

==== Event Viewer Messages From Past Week ========

.

9/5/2013 8:56:29 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Intel® Rapid Storage Technology service to connect.

9/5/2013 8:56:29 PM, Error: Service Control Manager [7000]  - The Intel® Rapid Storage Technology service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.

9/5/2013 8:55:57 PM, Error: Service Control Manager [7000]  - The vToolbarUpdater15.5.0 service failed to start due to the following error:  The system cannot find the file specified.

9/5/2013 8:55:53 PM, Error: Service Control Manager [7003]  - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.

9/5/2013 8:55:49 PM, Error: Service Control Manager [7023]  - The Computer Browser service terminated with the following error:  The specified service does not exist as an installed service.

9/5/2013 8:55:35 PM, Error: Application Popup [1060]  - \SystemRoot\SysWow64\drivers\pfc.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

9/5/2013 8:44:14 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the MBAMScheduler service to connect.

9/5/2013 8:44:14 PM, Error: Service Control Manager [7000]  - The MBAMScheduler service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.

9/5/2013 7:30:50 PM, Error: Service Control Manager [7031]  - The Service Sendori service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

9/5/2013 3:29:48 PM, Error: Service Control Manager [7023]  - The WinDefend service terminated with the following error:  %%-2147024891

9/4/2013 6:04:58 PM, Error: Service Control Manager [7034]  - The sndappv2 service terminated unexpectedly.  It has done this 1 time(s).

9/4/2013 6:04:58 PM, Error: Service Control Manager [7022]  - The Service Sendori service hung on starting.

9/3/2013 6:30:47 AM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft Visual C++ 2008 Service Pack 1 Redistributable Package (KB2538243).

9/3/2013 3:47:20 AM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80242016: Update for Windows 7 for x64-based Systems (KB2834140).

9/3/2013 3:35:35 AM, Error: Service Control Manager [7023]  - The WinDefend service terminated with the following error:  Access is denied.

9/3/2013 10:59:53 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the IHA_MessageCenter service to connect.

9/3/2013 10:59:53 PM, Error: Service Control Manager [7000]  - The IHA_MessageCenter service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.

9/2/2013 2:56:50 PM, Error: Service Control Manager [7034]  - The IHA_MessageCenter service terminated unexpectedly.  It has done this 1 time(s).

9/2/2013 12:54:58 AM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x8024200d: Update for Windows 7 for x64-based Systems (KB2547666).

9/2/2013 12:34:54 AM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x8024200d: Update for Windows 7 for x64-based Systems (KB2545698).

9/2/2013 12:31:02 AM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x8024200d: Update for Windows 7 for x64-based Systems (KB2603229).

9/2/2013 10:41:45 AM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80242016: Update for Windows 7 for x64-based Systems (KB2748349).

9/2/2013 10:41:45 AM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80242016: Update for Internet Explorer 8 Compatibility View List for Windows 7 for x64-based Systems (KB2598845).

9/2/2013 10:41:45 AM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80242016: Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2 for x64-based Systems (KB2789644).

9/2/2013 10:41:45 AM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80242016: Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2 for x64-based Systems (KB2756920).

9/2/2013 10:41:45 AM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80242016: Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2 for x64-based Systems (KB2742598).

9/2/2013 10:41:45 AM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80242016: Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2 for x64-based Systems (KB2736418).

9/2/2013 10:41:45 AM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80242016: Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2 for x64-based Systems (KB2729451).

9/2/2013 10:41:45 AM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80242016: Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2 for x64-based Systems (KB2656410).

9/2/2013 10:41:45 AM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80242016: Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2 for x64-based Systems (KB2656355).

9/2/2013 10:41:45 AM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80242016: Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2 for x64-based Systems (KB2604114).

9/2/2013 10:22:00 AM, Error: Service Control Manager [7022]  - The Windows Update service hung on starting.

9/1/2013 11:19:31 AM, Error: Service Control Manager [7000]  - The Security Center service failed to start due to the following error:  A required privilege is not held by the client.

9/1/2013 11:19:28 AM, Error: Service Control Manager [7001]  - The Windows Firewall service depends on the Base Filtering Engine service which failed to start because of the following error:  The service start failed since one or more services in the same process have an incompatible service SID type setting. A service with restricted service SID type can only coexist in the same process with other services with a restricted SID type. If the service SID type for this service was just configured, the hosting process must be restarted in order to start this service.

9/1/2013 11:19:28 AM, Error: Service Control Manager [7000]  - The Base Filtering Engine service failed to start due to the following error:  The service start failed since one or more services in the same process have an incompatible service SID type setting. A service with restricted service SID type can only coexist in the same process with other services with a restricted SID type. If the service SID type for this service was just configured, the hosting process must be restarted in order to start this service.

9/1/2013 11:19:27 AM, Error: Service Control Manager [7001]  - The IKE and AuthIP IPsec Keying Modules service depends on the Base Filtering Engine service which failed to start because of the following error:  The service start failed since one or more services in the same process have an incompatible service SID type setting. A service with restricted service SID type can only coexist in the same process with other services with a restricted SID type. If the service SID type for this service was just configured, the hosting process must be restarted in order to start this service.

9/1/2013 10:33:58 AM, Error: Service Control Manager [7024]  - The Background Intelligent Transfer Service service terminated with service-specific error %%-2147024846.

9/1/2013 10:33:58 AM, Error: Microsoft-Windows-Bits-Client [16392]  - The BITS service failed to start.  Error 0x80070032.

9/1/2013 1:46:55 PM, Error: Service Control Manager [7030]  - The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

9/1/2013 1:46:17 PM, Error: Application Popup [1060]  - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

9/1/2013 1:37:46 PM, Error: Service Control Manager [7034]  - The Skype C2C Service service terminated unexpectedly.  It has done this 1 time(s).

9/1/2013 1:05:55 PM, Error: mbamchameleon [61703]  - 

8/30/2013 10:42:51 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the lmhosts service.

.
Link to post
Share on other sites

Hello Sym7! My name is Borislav and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
  • Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.
  • One or more of the identified infections is related to a nasty rootkit component which is difficult to remove. Rootkits and backdoor Trojans are very dangerous because they use advanced techniques (backdoors) as a means of accessing a computer system that bypasses security mechanisms and steal sensitive information which they send back to the hacker. Many rootkits can hook into the Windows 32-bit kernel, and patch several APIs to hide new registry keys and files they install. Remote attackers use backdoor Trojans and rootkits as part of an exploit to gain unauthorized access to a computer and take control of it without your knowledge.

    If your computer was used for online banking, has credit card information or other sensitive data on it, you should immediately disconnect from the Internet until your system is cleaned. All passwords should be changed immediately to include those used for banking, email, eBay, paypal and online forums from a CLEAN COMPUTER. You should consider them to be compromised. You should change each password by using a different computer and not the infected one. If not, an attacker may get the new passwords and transaction information. If using a router, you need to reset it with a strong logon/password so the malware cannot gain control before connecting again. Banking and credit card institutions should be notified of the possible security breach. Because your computer was compromised please read How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

    Although the rootkit has been identified and may be removed, your PC has likely been compromised and there is no way to be sure the computer can ever be trusted again. It is dangerous and incorrect to assume that because this malware has been removed the computer is now secure. In some instances an infection may have caused so much damage to your system that it cannot be completely cleaned or repaired. The malware may leave so many remnants behind that security tools cannot find them. Many experts in the security community believe that once infected with this type of malware, the best course of action is to wipe the drive clean, delete the partition, reformat and reinstall the Operating System.

    Please read:

    Should you decide not to follow this advice, we will do our best to help clean the computer of any infections but we cannot guarantee it to be trustworthy or that the removal will be successful. If you wish to proceed, disinfection will require more time and more advanced tools.

    Please let us know how you would like to proceed.

Link to post
Share on other sites

  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.