Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

No Internet after Win 7 Antivirus 2012


  • Please log in to reply
1 reply to this topic

#1 akshatm

akshatm

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:11:53 AM

Posted 14 January 2012 - 12:48 PM

My computer was infected with Win7 Antivirus 2012 malware. I could not access the internet on the PC anymore. I downloaded Malware Bytes (on another PC) and transferred the SW to infected PC. After running Malware Bytes in safe mode, I was able to get rid of it (At least I hope so, I am no longer getting the Antivirus errors and Malware Bytes full scan is not showing anything new). Everything is back to normal BUT I still do not have internet. I was previously connected to home wifi but it shows up as "Limited Connectivity" now. Connecting through wired LAN also shows the limited connectivity error. I connect to the network but no internet.

I noticed someone else had a similar problem on Win Vista and it was fixed by replacing tdx.sys file. In my case, FSS does not point to any missing files.

I collected FSS,DDS, and GMER logs in hopes that someone can point out what is wrong. I am posting them below. Not sure how to proceed. Please help.

Farbar Service Scanner
Ran by yousuf (administrator) on 13-01-2012 at 23:49:53
Microsoft Windows 7 Starter (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
There is no connection to network.
Google IP is accessible.
Yahoo IP is accessible.


Windows Firewall:
=============
MpsSvc Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open MpsSvc registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open MpsSvc registry key. The service key does not exist.
Checking ServiceDll: Attention! Unable to open MpsSvc registry key. The service key does not exist.

bfe Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open bfe registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open bfe registry key. The service key does not exist.
Checking ServiceDll: Attention! Unable to open bfe registry key. The service key does not exist.

mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.


Firewall Disabled Policy:
==================


System Restore:
============
SDRSVC Service is not running. Checking service configuration:
The start type of SDRSVC service is OK.
The ImagePath of SDRSVC service is OK.
The ServiceDll of SDRSVC service is OK.

VSS Service is not running. Checking service configuration:
The start type of VSS service is OK.
The ImagePath of VSS service is OK.


System Restore Disabled Policy:
========================


Security Center:
============
wscsvc Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: Attention! Unable to open wscsvc registry key. The service key does not exist.


Windows Update:
===========
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.

BITS Service is not running. Checking service configuration:
The start type of BITS service is OK.
The ImagePath of BITS service is OK.
The ServiceDll of BITS service is OK.


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcore.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys
[2011-06-16 19:28] - [2011-04-24 20:35] - 0338944 ____A () 438B535B55F0FD05544EE5FB277FF32F

C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys
[2011-11-21 20:24] - [2011-09-29 09:43] - 1285488 ____A (Microsoft Corporation) 56C198AC82EFA622DD93E9E43575F79C

C:\Windows\system32\dnsrslvr.dll
[2011-04-12 18:26] - [2011-03-02 23:29] - 0132608 ____A (Microsoft Corporation) B15BE77A2BACF9C3177D27518AFE26A9

C:\Windows\system32\mpssvc.dll
[2009-07-13 17:53] - [2009-07-13 19:15] - 0565760 ____A (Microsoft Corporation) 5CD996CECF45CBC3E8D109C86B82D69E

C:\Windows\system32\bfe.dll
[2009-07-13 17:54] - [2009-07-13 19:14] - 0493568 ____A (Microsoft Corporation) 85AC71C045CEB054ED48A7841AAE0C11

C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll
[2009-07-13 17:23] - [2009-07-13 19:16] - 0125952 ____A (Microsoft Corporation) 5FD90ABDBFAEE85986802622CBB03446

C:\Windows\system32\vssvc.exe
[2009-07-13 17:24] - [2009-07-13 19:14] - 1025536 ____A (Microsoft Corporation) 7EA2BCD94D9CFAF4C556F5CC94532A6C

C:\Windows\system32\wscsvc.dll
[2011-02-22 11:55] - [2010-12-20 23:38] - 0073728 ____A (Microsoft Corporation) A661A76333057B383A06E65F0073222F

C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll
[2009-07-13 18:15] - [2009-07-13 19:16] - 1912832 ____A (Microsoft Corporation) A33408CC036F9C08142B11BE5E93F0A1

C:\Windows\system32\qmgr.dll
[2009-07-13 17:30] - [2009-07-13 19:16] - 0589312 ____A (Microsoft Corporation) 53F476476F55A27F580661BDE09C4EC4

C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll
[2009-07-13 17:33] - [2009-07-13 19:15] - 0135680 ____A (Microsoft Corporation) 9C231178CE4FB385F4B54B0A9080B8A4

C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****



DDS
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_24
Run by yousuf at 10:23:16 on 2012-01-14
Microsoft Windows 7 Starter 6.1.7600.0.1252.1.1033.18.1013.209 [GMT -6:00]
.
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Launch Manager\dsiwmis.exe
C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
C:\Program Files\Acer\Acer VCM\RS_Service.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Windows\system32\UI0Detect.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe
C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Windows\PLFSetI.exe
C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Real\RealPlayer\Update\realsched.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Users\yousuf\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Program Files\Acer\Acer VCM\AcerVCM.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Lavasoft\Ad-Aware\AWSC.exe
C:\Program Files\Lavasoft\Ad-Aware\AWSC.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=ao532h&r=27b50710w915l03f4ww25w59l2r743
mDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=ao532h&r=27b50710w915l03f4ww25w59l2r743
uInternet Settings,ProxyServer = wwwgate0.mot.com:1080
uInternet Settings,ProxyOverride = *.mot.com;*.mot-mobility.com;*.mot-solutions.com;<local>
uURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Download Guard for Internet Explorer: {20c1a7f0-528e-444f-bac5-5804a61cca7f} - c:\program files\lavasoft\download guard for internet explorer\DownloadGuardBHO.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office14\GROOVEEX.DLL
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
uRun: [Google Update] "c:\users\yousuf\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun
uRun: [cacaoweb] "c:\users\yousuf\appdata\roaming\cacaoweb\cacaoweb.exe" -noplayer
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
mRun: [Acer ePower Management] c:\program files\acer\acer epower management\ePowerTray.exe
mRun: [EgisTecLiveUpdate] "c:\program files\egistec egis software update\EgisUpdate.exe"
mRun: [mwlDaemon] c:\program files\egistec\mywinlocker 3\x86\mwlDaemon.exe
mRun: [NortonOnlineBackupReminder] "c:\program files\symantec\norton online backup\activation\NobuActivation.exe" UNATTENDED
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [LManager] c:\program files\launch manager\LManager.exe
mRun: [Apoint] c:\program files\apoint2k\Apoint.exe
mRun: [PLFSetI] c:\windows\PLFSetI.exe
mRun: [Acer Assist Launcher] c:\program files\acer\acer assist\launcher.exe
mRun: [googletalk] c:\program files\google\google talk\googletalk.exe /autostart
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\acervc~1.lnk - c:\program files\acer\acer vcm\AcerVCM.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
Trusted Zone: intuit.com\ttlc
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} - hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://access.motorola.com/dana-cached/sc/JuniperSetupClient.cab
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\acer\acer vcm\Skype4COM.dll
Notify: igfxcui - igfxdev.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office14\GROOVEEX.DLL
.
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-12-13 64288]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2012-1-13 263888]
R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [2012-1-13 338880]
R0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [2012-1-13 656320]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-3-25 165648]
R1 MpKsl53cfc833;MpKsl53cfc833;c:\programdata\microsoft\microsoft antimalware\definition updates\{0092af6e-1a5b-40e0-bf51-9f5cbbc92836}\MpKsl53cfc833.sys [2012-1-13 29904]
R1 MpKsl72968566;MpKsl72968566;c:\programdata\microsoft\microsoft antimalware\definition updates\{0092af6e-1a5b-40e0-bf51-9f5cbbc92836}\MpKsl72968566.sys [2012-1-14 29904]
R1 MpKslac1aca4f;MpKslac1aca4f;c:\programdata\microsoft\microsoft antimalware\definition updates\{0092af6e-1a5b-40e0-bf51-9f5cbbc92836}\MpKslac1aca4f.sys [2012-1-14 29904]
R1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\drivers\mwlPSDFilter.sys [2009-6-2 18992]
R1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\drivers\mwlPSDNserv.sys [2009-6-2 16432]
R1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\drivers\mwlPSDVDisk.sys [2009-6-2 60976]
R1 PCTSD;PC Tools Spyware Doctor Driver;c:\windows\system32\drivers\PCTSD.sys [2012-1-13 233976]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\drivers\L1C62x86.sys [2012-1-13 66600]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-1-13 20464]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2010-10-24 65024]
S1 MpKsl076ab1fd;MpKsl076ab1fd;c:\programdata\microsoft\microsoft antimalware\definition updates\{0092af6e-1a5b-40e0-bf51-9f5cbbc92836}\MpKsl076ab1fd.sys [2012-1-11 29904]
S1 MpKsl7897acdc;MpKsl7897acdc;c:\programdata\microsoft\microsoft antimalware\definition updates\{0092af6e-1a5b-40e0-bf51-9f5cbbc92836}\MpKsl7897acdc.sys [2012-1-11 29904]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\drivers\motfilt.sys [2009-1-29 6016]
S3 EUCR;EUCR;c:\windows\system32\drivers\EUCR6SK.sys [2009-11-5 102784]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2010-12-3 15232]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-1-13 40776]
S3 motandroidusb;Mot ADB Interface Driver;c:\windows\system32\drivers\motoandroid.sys [2009-7-10 25856]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2010-12-3 20352]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2009-1-29 8320]
S3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\drivers\Motousbnet.sys [2010-4-1 23424]
S3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\drivers\motusbdevice.sys [2011-2-7 9472]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2010-3-25 43392]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 14336]
.
=============== File Associations ===============
.
.com=com_auto_file
.exe=
.
=============== Created Last 30 ================
.
2012-01-14 14:48:42 29904 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{0092af6e-1a5b-40e0-bf51-9f5cbbc92836}\MpKsl72968566.sys
2012-01-14 13:57:17 29904 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{0092af6e-1a5b-40e0-bf51-9f5cbbc92836}\MpKslac1aca4f.sys
2012-01-14 04:57:28 29904 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{0092af6e-1a5b-40e0-bf51-9f5cbbc92836}\MpKsl53cfc833.sys
2012-01-14 04:57:23 56200 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{0092af6e-1a5b-40e0-bf51-9f5cbbc92836}\offreg.dll
2012-01-14 04:48:39 66600 ----a-w- c:\windows\system32\drivers\L1C62x86.sys
2012-01-14 04:45:37 1227776 ----a-w- c:\windows\system32\drivers\athr.sys
2012-01-14 04:45:37 1227776 ----a-w- c:\windows\system32\athr.sys
2012-01-14 04:45:36 -------- d-----w- c:\program files\Atheros
2012-01-14 04:44:14 -------- d-----w- c:\programdata\Atheros
2012-01-14 04:37:03 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-01-14 02:47:43 -------- d-----w- c:\users\yousuf\appdata\roaming\Malwarebytes
2012-01-14 02:47:35 -------- d-----w- c:\programdata\Malwarebytes
2012-01-14 02:47:33 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-01-14 02:47:33 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-01-14 02:18:33 -------- d-----w- c:\users\yousuf\appdata\local\ElevatedDiagnostics
2012-01-14 01:44:44 656320 ----a-w- c:\windows\system32\drivers\pctEFA.sys
2012-01-14 01:44:44 338880 ----a-w- c:\windows\system32\drivers\pctDS.sys
2012-01-14 01:44:33 251560 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2012-01-14 01:44:33 105280 ----a-w- c:\windows\system32\drivers\pctwfpfilter.sys
2012-01-14 01:43:51 263888 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2012-01-14 01:43:51 160576 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2012-01-14 01:43:31 233976 ----a-w- c:\windows\system32\drivers\PCTSD.sys
2012-01-14 01:42:57 70664 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2012-01-14 01:40:03 -------- d-----w- c:\program files\common files\PC Tools
2012-01-14 01:40:02 -------- d-----w- c:\programdata\PC Tools
2012-01-14 01:40:02 -------- d-----w- c:\program files\PC Tools Security
2012-01-12 04:36:28 315904 ----a-w- c:\users\yousuf\appdata\local\iji.exe
2012-01-12 04:29:17 6823496 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{0092af6e-1a5b-40e0-bf51-9f5cbbc92836}\mpengine.dll
.
==================== Find3M ====================
.
2011-11-24 04:23:31 2340352 ----a-w- c:\windows\system32\win32k.sys
2011-11-05 04:35:50 981504 ----a-w- c:\windows\system32\wininet.dll
2011-11-05 04:34:15 44544 ----a-w- c:\windows\system32\licmgr10.dll
2011-11-05 04:30:11 2048 ----a-w- c:\windows\system32\tzres.dll
2011-11-05 03:28:41 386048 ----a-w- c:\windows\system32\html.iec
2011-11-05 02:55:38 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-10-26 04:42:38 3901808 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-26 04:42:37 3957104 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-10-26 04:25:28 38912 ----a-w- c:\windows\system32\csrsrv.dll
.
============= FINISH: 10:26:35.53 ===============


GMER ark.txt


GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-01-14 10:21:43
Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 Hitachi_ rev.PBBO
Running: gmer.exe; Driver: C:\Users\yousuf\AppData\Local\Temp\kwdiapoc.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcess [0x871B90CC]
SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcessEx [0x871B9394]
SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateUserProcess [0x871B9690]
SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwTerminateProcess [0x871B8B3C]

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!ZwSaveKeyEx + 13B1 81C728A9 1 Byte [06]
.text ntoskrnl.exe!KiDispatchInterrupt + 5A2 81C922F2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntoskrnl.exe!KeRemoveQueueEx + 14A3 81C99670 8 Bytes [CC, 90, 1B, 87, 94, 93, 1B, ...] {INT 3 ; NOP ; SBB EAX, [EDI-0x78e46c6c]}
.text ntoskrnl.exe!KeRemoveQueueEx + 14DB 81C996A8 4 Bytes [90, 96, 1B, 87]
.text ntoskrnl.exe!KeRemoveQueueEx + 192F 81C99AFC 4 Bytes [3C, 8B, 1B, 87]
? System32\Drivers\spsk.sys The system cannot find the path specified. !
.text USBPORT.SYS!DllUnload 8DBB9D18 5 Bytes JMP 858B91D8
.text a8lyq4zi.SYS 8CC79000 12 Bytes [44, B8, C0, 81, EE, B6, C0, ...]
.text a8lyq4zi.SYS 8CC7900D 9 Bytes [97, C0, 81, 48, BB, C0, 81, ...]
.text a8lyq4zi.SYS 8CC79017 85 Bytes [00, DE, 77, F2, 86, E6, 75, ...]
.text a8lyq4zi.SYS 8CC7906D 84 Bytes [F0, C6, 81, 90, 10, C9, 81, ...]
.text a8lyq4zi.SYS 8CC790C3 8 Bytes [00, 00, 00, 00, 00, 00, 00, ...] {ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL}
.text ...
? C:\Users\yousuf\AppData\Local\Temp\mbr.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Windows\Explorer.EXE[2080] SHELL32.dll!SHEvaluateSystemCommandTemplate + 58A6 7604E284 4 Bytes [80, 1B, 00, 10]
.text C:\Program Files\Real\RealPlayer\Update\realsched.exe[3776] kernel32.dll!SetUnhandledExceptionFilter 75C630E2 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 83A5D1F8
Device \FileSystem\fastfat \FatCdrom A661C1F8
Device \Driver\volmgr \Device\VolMgrControl 83A581F8
Device \Driver\usbuhci \Device\USBPDO-0 858B81F8
Device \Driver\usbuhci \Device\USBPDO-1 858B81F8
Device \Driver\ACPI_HAL \Device\00000052 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
Device \Driver\usbuhci \Device\USBPDO-2 858B81F8
Device \Driver\usbuhci \Device\USBPDO-3 858B81F8
Device \Driver\usbehci \Device\USBPDO-4 858E4500
Device \Driver\sptd \Device\2190008283 spsk.sys
Device \Driver\volmgr \Device\HarddiskVolume1 83A581F8

AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device \Driver\volmgr \Device\HarddiskVolume2 83A581F8

AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device \Driver\cdrom \Device\CdRom0 861C21F8
Device \Driver\volmgr \Device\HarddiskVolume3 83A581F8

AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device \Driver\iaStor \Device\Ide\iaStor0 [870D5360] \SystemRoot\system32\DRIVERS\iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\iaStor \Device\Ide\IAAStorageDevice-0 [870D5360] \SystemRoot\system32\DRIVERS\iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\volmgr \Device\HarddiskVolume4 83A581F8

AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device \Driver\USBSTOR \Device\00000075 854731F8
Device \Driver\USBSTOR \Device\00000076 854731F8
Device \Driver\NetBT \Device\NetBt_Wins_Export 854111F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{9500FF84-99BD-4DF0-ADBD-29521C1E93F4} 854111F8
Device \Driver\PCI_PNP0276 \Device\0000005e spsk.sys
Device \Driver\usbuhci \Device\USBFDO-0 858B81F8
Device \Driver\usbuhci \Device\USBFDO-1 858B81F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{F5CB2DF9-41BE-4845-BFBF-1DB52D3BE8E9} 854111F8
Device \Driver\usbuhci \Device\USBFDO-2 858B81F8
Device \Driver\usbuhci \Device\USBFDO-3 858B81F8
Device \Driver\usbehci \Device\USBFDO-4 858E4500
Device \Driver\NetBT \Device\NetBT_Tcpip_{9AF5D869-F1F0-4C1C-89D9-549D91346BC9} 854111F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{F56E3E09-E5F3-4E11-B1DD-D441A18D225C} 854111F8
Device \Driver\a8lyq4zi \Device\Scsi\a8lyq4zi1 858631F8
Device \Driver\a8lyq4zi \Device\Scsi\a8lyq4zi1Port1Path0Target0Lun0 858631F8
Device \FileSystem\fastfat \Fat A661C1F8

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \Driver\00000961 \GLOBAL??\382cfad0 857CF880

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x7D 0x31 0xA8 0x3A ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x1E 0x52 0x4D 0xE7 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x43 0x10 0xF5 0x66 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x95 0x1D 0x64 0xC0 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x1E 0x52 0x4D 0xE7 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x43 0x10 0xF5 0x66 ...

---- Files - GMER 1.0.15 ----

File C:\Windows\$NtUninstallKB49916$\2327962271 0 bytes
File C:\Windows\$NtUninstallKB49916$\942471888 0 bytes
File C:\Windows\$NtUninstallKB49916$\942471888\L 0 bytes
File C:\Windows\$NtUninstallKB49916$\942471888\U 0 bytes

---- EOF - GMER 1.0.15 ----

GMER attach.txt


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Starter
Boot Device: \Device\HarddiskVolume2
Install Date: 7/23/2010 6:05:12 PM
System Uptime: 1/14/2012 8:47:54 AM (2 hours ago)
.
Motherboard: Acer | | AO532h
Processor: Intel® Atom™ CPU N450 @ 1.66GHz | CPU | 1666/667mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 137 GiB total, 52.188 GiB free.
D: is CDROM ()
E: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Description: FlashDisk
Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_USB2.0&PROD_FLASHDISK&REV_1100#2000000040871&0#
Manufacturer: USB2.0
Name: E:\
PNP Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_USB2.0&PROD_FLASHDISK&REV_1100#2000000040871&0#
Service: WUDFRd
.
==== System Restore Points ===================
.
RP351: 12/3/2011 10:26:10 PM - Windows Update
RP352: 12/6/2011 6:22:41 PM - Windows Update
RP353: 12/7/2011 9:30:17 PM - Windows Update
RP354: 12/9/2011 7:32:58 PM - Windows Update
RP355: 12/10/2011 9:19:29 PM - Windows Update
RP356: 12/11/2011 9:57:00 PM - Windows Update
RP357: 12/12/2011 10:31:43 PM - Windows Update
RP358: 12/14/2011 8:05:57 PM - Windows Update
RP359: 12/16/2011 10:16:51 PM - Windows Update
RP360: 12/17/2011 11:31:56 PM - Windows Update
RP361: 12/19/2011 5:37:12 PM - Windows Update
RP362: 12/21/2011 9:20:54 PM - Windows Update
RP363: 12/27/2011 9:00:53 PM - Windows Update
RP364: 12/27/2011 10:16:40 PM - Windows Update
RP365: 1/10/2012 9:17:00 PM - Windows Update
RP366: 1/11/2012 10:27:45 PM - Windows Update
RP368: 1/13/2012 10:53:27 PM - Configured Atheros Communications Inc.® AR81Family Gigabit/FasĪŌƒ
.
==== Installed Programs ======================
.
.
Acer Assist
Acer Crystal Eye Webcam
Acer ePower Management
Acer eRecovery Management
Acer Registration
Acer ScreenSaver
Acer Updater
Acer VCM
Acrobat.com
Ad-Aware
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.4.2
ALPS Touch Pad Driver
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver
Atheros Driver Installation Program
Compatibility Pack for the 2007 Office system
Definition update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Download Guard for Internet Explorer
Google Earth Plug-in
Google Talk (remove only)
Google Talk Plugin
Google Update Helper
GoToMeeting 4.5.0.457
Identity Card
Intel® Graphics Media Accelerator Driver
IntelŪ Matrix Storage Manager
Java Auto Updater
Java™ 6 Update 24
Juniper Networks Host Checker
Juniper Networks Network Connect 6.5.0
Juniper Networks Setup Client
Junk Mail filter update
Launch Manager
Malwarebytes Anti-Malware version 1.60.0.1800
Microsoft .NET Framework 4 Client Profile
Microsoft Antimalware
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2010
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Works
Motorola Mobile Drivers PreRelease 4.9.2
MSVCRT
MyWinLocker
Norton Online Backup
OGA Notifier 2.0.0048.0
Picasa 3
QuickTime
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
Realtek High Definition Audio Driver
RealUpgrade 1.1
RSA SecurID Software Token
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553353) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
Spyware Doctor 8.0
TurboTax 2010
TurboTax 2010 widiper
TurboTax 2010 wiliper
TurboTax 2010 WinPerFedFormset
TurboTax 2010 WinPerReleaseEngine
TurboTax 2010 WinPerTaxSupport
TurboTax 2010 wrapper
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft Excel 2010 (KB2553439) 32-Bit Edition
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553455) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553323) 32-Bit Edition
Update for Microsoft Outlook Social Connector (KB2583935)
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VLC media player 1.1.5
Welcome Center
Windows Driver Package - ENE (EUCR) USB (10/09/2009 5.89.0.59)
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
Windows Media Player Firefox Plugin
Windows Mobile Device Center
WinRAR archiver
.
==== Event Viewer Messages From Past Week ========
.
1/14/2012 9:00:17 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.117.2695.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7903.0 Error code: 0x80080005 Error description: Server execution failed
1/14/2012 8:59:47 AM, Error: Service Control Manager [7023] - The Windows Update service terminated with the following error: %%-2147014846
1/14/2012 8:51:09 AM, Error: Service Control Manager [7024] - The Background Intelligent Transfer Service service terminated with service-specific error %%-2147014846.
1/14/2012 8:51:09 AM, Error: Microsoft-Windows-Bits-Client [16392] - The BITS service failed to start. Error 0x80072742.
1/14/2012 8:49:37 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
1/14/2012 8:49:09 AM, Error: Service Control Manager [7001] - The Server SMB 1.xxx Driver service depends on the Server SMB 2.xxx Driver service which failed to start because of the following error: The dependency service or group failed to start.
1/14/2012 8:49:09 AM, Error: Service Control Manager [7001] - The Server service depends on the Server SMB 1.xxx Driver service which failed to start because of the following error: The dependency service or group failed to start.
1/14/2012 8:49:08 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Updater Service service to connect.
1/14/2012 8:49:08 AM, Error: Service Control Manager [7001] - The Server SMB 2.xxx Driver service depends on the srvnet service which failed to start because of the following error: The device does not recognize the command.
1/14/2012 8:49:08 AM, Error: Service Control Manager [7000] - The Updater Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
1/14/2012 8:48:38 AM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
1/14/2012 8:48:38 AM, Error: Service Control Manager [7000] - The srvnet service failed to start due to the following error: The device does not recognize the command.
1/14/2012 8:48:36 AM, Error: Service Control Manager [7001] - The Function Discovery Resource Publication service depends on the HTTP service which failed to start because of the following error: The device does not recognize the command.
1/14/2012 8:48:35 AM, Error: Service Control Manager [7001] - The Workstation service depends on the SMB 2.0 MiniRedirector service which failed to start because of the following error: The dependency service or group failed to start.
1/14/2012 8:48:35 AM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The device does not recognize the command.
1/14/2012 8:48:35 AM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The device does not recognize the command.
1/14/2012 8:48:35 AM, Error: Service Control Manager [7001] - The Print Spooler service depends on the HTTP service which failed to start because of the following error: The device does not recognize the command.
1/14/2012 8:48:35 AM, Error: Service Control Manager [7000] - The SMB MiniRedirector Wrapper and Engine service failed to start due to the following error: The device does not recognize the command.
1/14/2012 8:08:36 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.117.2695.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7903.0 Error code: 0x80080005 Error description: Server execution failed
1/14/2012 7:58:43 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
1/14/2012 7:57:00 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000d1 (0x00000034, 0x00000002, 0x00000000, 0x870c61f9). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 011412-29718-01.
1/14/2012 10:22:39 AM, Error: Service Control Manager [7001] - The SSDP Discovery service depends on the HTTP service which failed to start because of the following error: The device does not recognize the command.
1/14/2012 10:22:39 AM, Error: Service Control Manager [7000] - The HTTP service failed to start due to the following error: The device does not recognize the command.
1/14/2012 10:22:38 AM, Error: Service Control Manager [7001] - The Function Discovery Provider Host service depends on the HTTP service which failed to start because of the following error: The device does not recognize the command.
1/14/2012 10:22:38 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F}
1/14/2012 10:22:37 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
1/13/2012 8:43:57 PM, Error: Service Control Manager [7034] - The PC Tools Security Service service terminated unexpectedly. It has done this 1 time(s).
1/13/2012 8:24:47 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.117.2695.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7903.0 Error code: 0x8007043c Error description: This service cannot be started in Safe Mode
1/13/2012 8:24:46 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
1/13/2012 8:19:50 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
1/13/2012 8:15:10 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
1/13/2012 8:15:10 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
1/13/2012 8:15:03 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
1/13/2012 8:14:55 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
1/13/2012 8:14:35 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: cdrom discache MpFilter mwlPSDFilter mwlPSDNServ mwlPSDVDisk PCTSD spldr sptd Wanarpv6
1/13/2012 8:13:59 PM, Error: sptd [4] - Driver detected an internal error in its data structures for .
1/13/2012 7:11:51 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.117.2695.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7903.0 Error code: 0x80080005 Error description: Server execution failed
1/13/2012 7:01:36 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
1/13/2012 6:47:27 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.117.2695.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7903.0 Error code: 0x80080005 Error description: Server execution failed
1/13/2012 6:37:16 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
1/13/2012 11:08:31 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.117.2695.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7903.0 Error code: 0x80080005 Error description: Server execution failed
1/13/2012 10:58:41 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
1/13/2012 10:42:31 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.117.2695.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7903.0 Error code: 0x80080005 Error description: Server execution failed
1/13/2012 10:32:29 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
1/13/2012 10:22:26 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.117.2695.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7903.0 Error code: 0x80080005 Error description: Server execution failed
1/13/2012 10:12:30 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
1/11/2012 11:08:11 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
1/11/2012 10:50:46 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
1/10/2012 7:48:55 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.117.1814.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID=187316&clcid=0x409&arch=x86&eng=2.0.7707.0&sig=10.7.0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.7903.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
1/10/2012 7:48:55 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.117.1814.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID=187316&clcid=0x409&arch=x86&eng=2.0.7707.0&sig=10.7.0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.7903.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
1/10/2012 7:48:55 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.117.1814.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID=187316&clcid=0x409&arch=x86&eng=2.0.7707.0&sig=10.7.0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.7903.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
1/10/2012 7:48:55 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.117.1814.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID=187316&clcid=0x409&arch=x86&eng=2.0.7707.0&sig=10.7.0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.7903.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
1/10/2012 7:48:55 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.117.1814.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=1.1.7903.0&avdelta=1.117.1814.0&asdelta=1.117.1814.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.7903.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
1/10/2012 7:48:55 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.117.1814.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=1.1.7903.0&avdelta=1.117.1814.0&asdelta=1.117.1814.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.7903.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
1/10/2012 7:48:55 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.117.1814.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=1.1.7903.0&avdelta=1.117.1814.0&asdelta=1.117.1814.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.7903.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
1/10/2012 7:48:55 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.117.1814.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=1.1.7903.0&avdelta=1.117.1814.0&asdelta=1.117.1814.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.7903.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
1/10/2012 7:48:54 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.117.1814.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7903.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
1/10/2012 10:51:52 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
.
==== End Of File ===========================

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:12:53 PM

Posted 14 January 2012 - 01:10 PM

Hi

You have already created a topic here

http://www.bleepingcomputer.com/forums/topic438054.html

experts will assist you soon

Good luck

Edited by narenxp, 14 January 2012 - 02:07 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users