Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Security Shield; forum guide failed to solve problem


  • Please log in to reply
9 replies to this topic

#1 CTM162

CTM162

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:12 AM

Posted 21 March 2012 - 09:44 AM

Hello. My computer was recently infected with Security Shield. I don't know what version it is; it simply identifies itself as "Security Shield" whenever its warnings pop up, so perhaps it's the original.

Whatever it is, the forum guide did not work. I have Windows 7 Home Premium and I followed the appropriate steps given on the forums for Windows 7 for removing Security Shield to the letter. However, Malwarebytes did not remove it. In fact, it didn't even show up when I ran a full scan. (My version was outdated so I had to update it first, but after that the scan took about an hour and a half, and I feel I should note that Security Shield also made no attempt to stop it as the guide warned it might. Additionally, when I ran RKill beforehand it didn't detect any processes to terminate or remove; nothing showed up in the log.) It did detect 13 other threats though, and I figured that perhaps the malware was labeled differently, so I went ahead and took care of them. I then restarted my computer as per Malwarebytes' instructions (and which the guide said to do) so that it could finish and I could move on to the next set of steps (which I believe was to download a program to allow me to access my HOSTS file and delete it). Imagine my dismay, then, when Security Shield almost immediately booted up afterward, and the same insidious messages from it kept popping up, as well as blocking me from accessing executable files or using the Internet as it did before.

I did exactly as the guide told me to up until step 21, because, as I said above, I wasn't able to continue due to Security Shield's continued presence blocking me from running programs or accessing the Internet. (I should also perhaps note that step 20 mentions that Malwarebytes automatically opens a scan log in Notepad when it finishes. It didn't for me.)

I'm considering doing the whole thing all over again, but since it is time-consuming (and that it didn't work) I was wondering if perhaps someone here might be able to tell me what else I can do. Should I just continue on with the guide where I left off, and go back to Safe Mode? (I can run programs and access internet in Safe Mode, obviously.) I didn't because I'm pretty sure the guide assumes Security Shield is gone at this point, and I didn't want to just go ahead and delete my HOSTS file if it was still around, because I have no idea what said file is or what might happen if I attempted it.

Edit: I see another user posted a problem pretty much identical to mine (except he went ahead and deleted his HOSTS file); wasn't there when I originally came to this forum. Should I follow his responder's suggestion?

Edited by CTM162, 21 March 2012 - 10:26 AM.


BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,735 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:09:12 AM

Posted 21 March 2012 - 11:15 AM

Welcome aboard Posted Image

Download Security Check from HERE, and save it to your Desktop.

* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.

=============================================================================

Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

====================================================================================

Please download MiniToolBox and run it.

Checkmark following boxes:
  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices (do NOT change any settings here)
  • List Users, Partitions and Memory size
Click Go and post the result.

=============================================================================

Download Malwarebytes' Anti-Malware (aka MBAM): https://www.bleepingcomputer.com/download/malwarebytes-anti-malware/ to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

=============================================================================

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#3 CTM162

CTM162
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:12 AM

Posted 21 March 2012 - 04:08 PM

Results:

Security Check

Results of screen317's Security Check version 0.99.24
Windows 7 x64 (UAC is enabled)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:

Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Enabled!
McAfee Security Scan Plus
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Java™ 6 Update 29
Mozilla Firefox (3.6.28) Firefox Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent

``````````End of Log````````````



Farbar Service Scanner

Farbar Service Scanner Version: 01-03-2012
Ran by Chris (administrator) on 21-03-2012 at 15:18:50
Running from "C:\Users\Chris\Downloads"
Microsoft Windows 7 Home Premium (X64)
Boot Mode: Nerwork
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============
SDRSVC Service is not running. Checking service configuration:
The start type of SDRSVC service is OK.
The ImagePath of SDRSVC service is OK.
The ServiceDll of SDRSVC service is OK.

VSS Service is not running. Checking service configuration:
The start type of VSS service is OK.
The ImagePath of VSS service is OK.


System Restore Disabled Policy:
========================


Action Center:
============
wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.

BITS Service is not running. Checking service configuration:
The start type of BITS service is set to Demand. The default start type is Auto.
The ImagePath of BITS service is OK.
The ServiceDll of BITS service is OK.

EventSystem Service is not running. Checking service configuration:
The start type of EventSystem service is OK.
The ImagePath of EventSystem service is OK.
The ServiceDll of EventSystem service is OK.


Windows Defender:
==============

File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys
[2012-02-15 17:26] - [2011-12-27 23:59] - 0499200 ____A (Microsoft Corporation) DB9D6C6B2CD95A9CA414D045B627422E

C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll
[2009-07-13 20:09] - [2009-07-13 21:41] - 0824832 ____A (Microsoft Corporation) AECAB449567D1846DAD63ECE49E893E3

C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll
[2009-07-13 19:36] - [2009-07-13 21:41] - 0170496 ____A (Microsoft Corporation) 765A27C3279CE11D14CB9E4F5869FCA5

C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll
[2009-07-13 20:36] - [2009-07-13 21:41] - 2418176 ____A (Microsoft Corporation) 38340204A2D0228F1E87740FC5E554A7

C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****



MiniToolBox

MiniToolBox by Farbar Version: 18-01-2012
Ran by Chris (administrator) on 21-03-2012 at 15:20:54
Microsoft Windows 7 Home Premium (X64)
Boot Mode: Nerwork
***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

========================= FF Proxy Settings: ==============================

========================= Hosts content: =================================



========================= IP Configuration: ================================

Atheros AR9285 Wireless Network Adapter = Wireless Network Connection (Connected)
Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller = Local Area Connection (Media disconnected)
Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 2 (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : Chris-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Wireless LAN adapter Wireless Network Connection 2:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter
Physical Address. . . . . . . . . : 1A-4B-D6-EE-8D-E7
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller
Physical Address. . . . . . . . . : 48-5B-39-7C-08-F6
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Atheros AR9285 Wireless Network Adapter
Physical Address. . . . . . . . . : 1C-4B-D6-EE-8D-E7
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::e9be:a33:db59:c0d8%11(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.164(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Wednesday, March 21, 2012 3:11:36 PM
Lease Expires . . . . . . . . . . : Thursday, March 22, 2012 3:11:36 PM
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 236735446
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-13-8F-82-49-1C-4B-D6-EE-8D-E7
DNS Servers . . . . . . . . . . . : 192.168.1.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.{8205083F-C8F0-4C32-BE72-7CAF7E58DC30}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Reusable ISATAP Interface {358B881F-5991-42DC-8E0B-3018B978CC9A}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter 6TO4 Adapter:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{F267E281-36F2-4B64-8D9C-5B513A0F042B}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #4
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: UnKnown
Address: 192.168.1.1

Name: google.com
Addresses: 74.125.225.101
74.125.225.96
74.125.225.103
74.125.225.105
74.125.225.99
74.125.225.102
74.125.225.100
74.125.225.110
74.125.225.97
74.125.225.98
74.125.225.104


Pinging google.com [74.125.225.35] with 32 bytes of data:
Reply from 74.125.225.35: bytes=32 time=40ms TTL=54
Reply from 74.125.225.35: bytes=32 time=45ms TTL=54

Ping statistics for 74.125.225.35:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 40ms, Maximum = 45ms, Average = 42ms
Server: UnKnown
Address: 192.168.1.1

Name: yahoo.com
Addresses: 98.139.183.24
209.191.122.70
72.30.38.140


Pinging yahoo.com [98.139.183.24] with 32 bytes of data:
Reply from 98.139.183.24: bytes=32 time=87ms TTL=50
Reply from 98.139.183.24: bytes=32 time=82ms TTL=50

Ping statistics for 98.139.183.24:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 82ms, Maximum = 87ms, Average = 84ms
Server: UnKnown
Address: 192.168.1.1

Name: bleepingcomputer.com
Address: 208.43.87.2


Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:
Reply from 208.43.87.2: Destination host unreachable.
Reply from 208.43.87.2: Destination host unreachable.

Ping statistics for 208.43.87.2:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
14...1a 4b d6 ee 8d e7 ......Microsoft Virtual WiFi Miniport Adapter
12...48 5b 39 7c 08 f6 ......Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller
11...1c 4b d6 ee 8d e7 ......Atheros AR9285 Wireless Network Adapter
1...........................Software Loopback Interface 1
17...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
13...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
18...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
15...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter
20...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #4
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.164 25
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.164 281
192.168.1.164 255.255.255.255 On-link 192.168.1.164 281
192.168.1.255 255.255.255.255 On-link 192.168.1.164 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.164 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.164 281
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
11 281 fe80::/64 On-link
11 281 fe80::e9be:a33:db59:c0d8/128
On-link
1 306 ff00::/8 On-link
11 281 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [51712] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 09 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70144] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)
x64-Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)
x64-Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (03/20/2012 08:51:12 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5834

Error: (03/20/2012 08:51:12 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 5834

Error: (03/20/2012 08:51:12 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (03/20/2012 08:51:11 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4805

Error: (03/20/2012 08:51:11 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4805

Error: (03/20/2012 08:51:11 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (03/20/2012 08:51:10 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3541

Error: (03/20/2012 08:51:10 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 3541

Error: (03/20/2012 08:51:10 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (03/20/2012 08:51:09 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2496


System errors:
=============
Error: (03/21/2012 03:20:59 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (03/21/2012 03:20:59 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (03/21/2012 03:20:59 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (03/21/2012 03:20:19 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (03/21/2012 03:20:19 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (03/21/2012 03:20:19 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (03/21/2012 03:18:51 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (03/21/2012 03:18:51 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (03/21/2012 03:18:51 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (03/21/2012 03:18:21 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068


Microsoft Office Sessions:
=========================

=========================== Installed Programs ============================

Update for Microsoft Office 2007 (KB2508958)
µTorrent (Version: 2.0.4)
ÊÍÏíË áÜ Microsoft Office Excel 2007 Help (KB963678)
ÊÍÏíË áÜ Microsoft Office Powerpoint 2007 Help (KB963669)
ÊÍÏíË áÜ Microsoft Office Word 2007 Help (KB963665)
2007 Microsoft Office system (Version: 12.0.6612.1000)
4500_G510nz_Help (Version: 000.0.439.000)
4500G510nz (Version: 000.0.439.000)
4500G510nz_Software_Min (Version: 000.0.423.000)
64 Bit HP CIO Components Installer (Version: 6.2.1)
Acrobat.com (Version: 1.6.65)
Activation Assistant for the 2007 Microsoft Office suites
Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0)
Actualização do Microsoft Office Excel 2007 Help (KB963678)
Actualização do Microsoft Office Powerpoint 2007 Help (KB963669)
Actualização do Microsoft Office Word 2007 Help (KB963665)
Adobe AIR (Version: 1.5.3.9130)
Adobe Flash Player 10 ActiveX (Version: 10.1.85.3)
Adobe Flash Player 11 Plugin 64-bit (Version: 11.1.102.62)
Adobe Reader 9.1 MUI (Version: 9.1.0)
Age of Empires Online (Version: 1.0.0000.129)
AIM 7
Alcor Micro USB Card Reader (Version: 1.5.17.25482)
Alice Greenfingers
Amazon Kindle For PC v1.0
Apple Application Support (Version: 2.1.5)
Apple Mobile Device Support (Version: 4.0.0.97)
Apple Software Update (Version: 2.1.3.127)
ASUS AI Recovery (Version: 1.0.8)
ASUS AP Bank (Version: 1.0.0.0)
ASUS CopyProtect (Version: 1.0.0015)
ASUS Data Security Manager (Version: 1.00.0014)
ASUS FancyStart (Version: 1.0.8)
ASUS LifeFrame3 (Version: 3.0.20)
ASUS Live Update (Version: 2.5.9)
ASUS MultiFrame (Version: 1.0.0019)
ASUS Power4Gear Hybrid (Version: 1.1.28)
ASUS SmartLogon (Version: 1.0.0008)
ASUS Splendid Video Enhancement Technology (Version: 1.02.0028)
ASUS Virtual Camera (Version: 1.0.19)
ASUS WebStorage (Version: 3.0.108.222)
ASUS_Screensaver
ATK Generic Function Service (Version: 1.00.0008)
ATK Hotkey (Version: 1.0.0052)
ATK Media (Version: 2.0.0006)
ATKOSD2 (Version: 7.0.0006)
Atualização do produto Microsoft Office Excel 2007 Help (KB963678)
Atualização do produto Microsoft Office Outlook 2007 Help (KB963677)
Atualização do produto Microsoft Office Powerpoint 2007 Help (KB963669)
Atualização do produto Microsoft Office Word 2007 Help (KB963665)
BFlix Toolbar (Version: 1.0.0.0)
Bing Bar (Version: 7.0.609.0)
Boingo Wi-Fi (Version: 1.7.0048)
Bonjour (Version: 3.0.0.10)
BufferChm (Version: 130.0.331.000)
CameraHelperMsi (Version: 13.00.1774.0)
Celebrity Toolbar (Version: 1.0.4)
Chicken Invaders 2
ControlDeck (Version: 1.0.5)
CyberLink LabelPrint (Version: 2.5.1908)
CyberLink Power2Go (Version: 6.1.3602c)
D3DX10 (Version: 15.4.2368.0902)
Destinations (Version: 140.0.77.000)
DeviceDiscovery (Version: 130.0.372.000)
DocMgr (Version: 130.0.000.000)
DocProc (Version: 13.0.0.0)
Download Updater (AOL LLC)
Dream Day Wedding Married in Manhattan
Driver Whiz (Version: 8.0.1)
eMule
erLT (Version: 1.20.138.34)
ETDWare PS/2-x64 7.0.5.9_WHQL
Fast Boot (Version: 1.0.5)
Fax (Version: 130.0.418.000)
Game Park Console (Version: 6.2.0.2)
Google Chrome (Version: 17.0.963.79)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Update Helper (Version: 1.3.21.99)
GPBaseService2 (Version: 130.0.371.000)
HP Customer Participation Program 13.0 (Version: 13.0)
HP Document Manager 2.0 (Version: 2.0)
HP Imaging Device Functions 13.0 (Version: 13.0)
HP Officejet 4500 G510n-z (Version: 13.0)
HP Smart Web Printing 4.5 (Version: 4.5)
HP Solution Center 13.0 (Version: 13.0)
HP Update (Version: 4.000.011.006)
HPDiagnosticAlert (Version: 1.00.0000)
HPProductAssistant (Version: 130.0.371.000)
HPSSupply (Version: 130.0.371.000)
Intel® Control Center (Version: 1.2.1.1007)
Intel® Graphics Media Accelerator Driver (Version: 8.15.10.2021)
iTunes (Version: 10.5.1.42)
Java Auto Updater (Version: 2.0.6.1)
Java™ 6 Update 29 (Version: 6.0.290)
Junk Mail filter update (Version: 15.4.3502.0922)
LG USB Modem driver
Logitech Vid HD (Version: 7.2 (7240))
Logitech Webcam Software (Version: 2.0)
LWS Facebook (Version: 13.00.1777.0)
LWS Gallery (Version: 13.00.1778.0)
LWS Help_main (Version: 13.00.1783.0)
LWS Launcher (Version: 13.00.1776.0)
LWS Motion Detection (Version: 13.00.1778.0)
LWS Pictures And Video (Version: 13.00.1778.0)
LWS Video Mask Maker (Version: 13.00.1774.0)
LWS VideoEffects (Version: 13.00.1774.0)
LWS Webcam Software (Version: 13.00.1774.0)
LWS WLM Plugin (Version: 1.00.1774.0)
LWS YouTube Plugin (Version: 13.00.1777.0)
Malwarebytes Anti-Malware version 1.60.1.1000 (Version: 1.60.1.1000)
MarketResearch (Version: 130.0.374.000)
McAfee Security Scan Plus (Version: 2.0.181.2)
Mesh Runtime (Version: 15.4.5722.2)
Messenger Companion (Version: 15.4.3502.0922)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Age of Empires Gold
Microsoft Age of Empires II
Microsoft Age of Empires II: The Conquerors Expansion
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Default Manager (Version: 2.1.54.0)
Microsoft Games for Windows - LIVE Redistributable (Version: 3.5.88.0)
Microsoft Games for Windows Marketplace (Version: 3.5.50.0)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (Arabic) 2007 (Version: 12.0.6612.1000)
Microsoft Office Access MUI (Chinese (Simplified)) 2007 (Version: 12.0.6612.1000)
Microsoft Office Access MUI (Chinese (Traditional)) 2007 (Version: 12.0.6612.1000)
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Access MUI (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Access MUI (Portuguese (Brazil)) 2007 (Version: 12.0.6612.1000)
Microsoft Office Access MUI (Portuguese (Portugal)) 2007 (Version: 12.0.6612.1000)
Microsoft Office Access MUI (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Access MUI (Thai) 2007 (Version: 12.0.6612.1000)
Microsoft Office Access MUI (Turkish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Excel 2007 Help ©ºÑºÍѾഷ (KB963678)
Microsoft Office Excel 2007 Help ¸üР(KB963678)
Microsoft Office Excel 2007 Help Actualización (KB963678)
Microsoft Office Excel 2007 Help Güncelleþtirmesi (KB963678)
Microsoft Office Excel 2007 Help §ó·sµ{¦¡ (KB963678)
Microsoft Office Excel MUI (Arabic) 2007 (Version: 12.0.6612.1000)
Microsoft Office Excel MUI (Chinese (Simplified)) 2007 (Version: 12.0.6612.1000)
Microsoft Office Excel MUI (Chinese (Traditional)) 2007 (Version: 12.0.6612.1000)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Excel MUI (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Excel MUI (Portuguese (Brazil)) 2007 (Version: 12.0.6612.1000)
Microsoft Office Excel MUI (Portuguese (Portugal)) 2007 (Version: 12.0.6612.1000)
Microsoft Office Excel MUI (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Excel MUI (Thai) 2007 (Version: 12.0.6612.1000)
Microsoft Office Excel MUI (Turkish) 2007 (Version: 12.0.6612.1000)
Microsoft Office IME (Chinese (Simplified)) 2007 (Version: 12.0.6612.1000)
Microsoft Office IME (Chinese (Traditional)) 2007 (Version: 12.0.6612.1000)
Microsoft Office Live Add-in 1.5 (Version: 2.0.4024.1)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)
Microsoft Office Outlook 2007 Help ¸üР(KB963677)
Microsoft Office Outlook 2007 Help Actualización (KB963677)
Microsoft Office Outlook Connector (Version: 14.0.5118.5000)
Microsoft Office Outlook MUI (Arabic) 2007 (Version: 12.0.6612.1000)
Microsoft Office Outlook MUI (Chinese (Simplified)) 2007 (Version: 12.0.6612.1000)
Microsoft Office Outlook MUI (Chinese (Traditional)) 2007 (Version: 12.0.6612.1000)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Outlook MUI (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Outlook MUI (Portuguese (Brazil)) 2007 (Version: 12.0.6612.1000)
Microsoft Office Outlook MUI (Portuguese (Portugal)) 2007 (Version: 12.0.6612.1000)
Microsoft Office Outlook MUI (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Outlook MUI (Thai) 2007 (Version: 12.0.6612.1000)
Microsoft Office Outlook MUI (Turkish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Powerpoint 2007 Help ©ºÑºÍѾഷ (KB963669)
Microsoft Office Powerpoint 2007 Help ¸üР(KB963669)
Microsoft Office Powerpoint 2007 Help Actualización (KB963669)
Microsoft Office Powerpoint 2007 Help Güncelleþtirmesi (KB963669)
Microsoft Office Powerpoint 2007 Help §ó·sµ{¦¡ (KB963669)
Microsoft Office PowerPoint 2007 §ó·sµ{¦¡ (KB963669)
Microsoft Office PowerPoint MUI (Arabic) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (Chinese (Simplified)) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (Chinese (Traditional)) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (Portuguese (Portugal)) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (Thai) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (Turkish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Professional Hybrid 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Arabic) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Basque) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Catalan) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Chinese (Simplified)) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Chinese (Traditional)) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Dutch) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Galician) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Portuguese (Brazil)) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Portuguese (Portugal)) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Thai) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Turkish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (Arabic) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing (Chinese (Simplified)) 2007 (Version: 12.0.4518.1016)
Microsoft Office Proofing (Chinese (Traditional)) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing (Chinese (Traditional)) 2007 (Version: 12.0.4518.1016)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing (French) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing (Portuguese (Brazil)) 2007 (Version: 12.0.4518.1019)
Microsoft Office Proofing (Portuguese (Portugal)) 2007 (Version: 12.0.4518.1029)
Microsoft Office Proofing (Spanish) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing (Thai) 2007 (Version: 12.0.4518.1019)
Microsoft Office Proofing (Turkish) 2007 (Version: 12.0.4518.1027)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (Arabic) 2007 (Version: 12.0.6612.1000)
Microsoft Office Publisher MUI (Chinese (Simplified)) 2007 (Version: 12.0.6612.1000)
Microsoft Office Publisher MUI (Chinese (Traditional)) 2007 (Version: 12.0.6612.1000)
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Publisher MUI (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Publisher MUI (Portuguese (Brazil)) 2007 (Version: 12.0.6612.1000)
Microsoft Office Publisher MUI (Portuguese (Portugal)) 2007 (Version: 12.0.6612.1000)
Microsoft Office Publisher MUI (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Publisher MUI (Thai) 2007 (Version: 12.0.6612.1000)
Microsoft Office Publisher MUI (Turkish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit MUI (Arabic) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit MUI (Chinese (Simplified)) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit MUI (Chinese (Traditional)) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit MUI (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit MUI (Portuguese (Brazil)) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit MUI (Portuguese (Portugal)) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit MUI (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit MUI (Thai) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit MUI (Turkish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (Arabic) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (Chinese (Simplified)) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (Chinese (Traditional)) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (Portuguese (Brazil)) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (Portuguese (Portugal)) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (Thai) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (Turkish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Word 2007 Help ©ºÑºÍѾഷ (KB963665)
Microsoft Office Word 2007 Help ¸üР(KB963665)
Microsoft Office Word 2007 Help Actualización (KB963665)
Microsoft Office Word 2007 Help Güncelleþtirmesi (KB963665)
Microsoft Office Word 2007 Help §ó·sµ{¦¡ (KB963665)
Microsoft Office Word 2007 §ó·sµ{¦¡ (KB963665)
Microsoft Office Word MUI (Arabic) 2007 (Version: 12.0.6612.1000)
Microsoft Office Word MUI (Chinese (Simplified)) 2007 (Version: 12.0.6612.1000)
Microsoft Office Word MUI (Chinese (Traditional)) 2007 (Version: 12.0.6612.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Word MUI (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Word MUI (Portuguese (Brazil)) 2007 (Version: 12.0.6612.1000)
Microsoft Office Word MUI (Portuguese (Portugal)) 2007 (Version: 12.0.6612.1000)
Microsoft Office Word MUI (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Word MUI (Thai) 2007 (Version: 12.0.6612.1000)
Microsoft Office Word MUI (Turkish) 2007 (Version: 12.0.6612.1000)
Microsoft Silverlight (Version: 4.1.10111.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
mIRC (Version: 7.22)
Mise à jour Microsoft Office Excel 2007 Help (KB963678)
Mise à jour Microsoft Office Outlook 2007 Help (KB963677)
Mise à jour Microsoft Office Powerpoint 2007 Help (KB963669)
Mise à jour Microsoft Office Word 2007 Help (KB963665)
Mozilla Firefox (3.6.28) (Version: 3.6.28 (en-US))
MS Access 97 SP2
MSVCRT (Version: 15.4.2862.0708)
MSVCRT_amd64 (Version: 15.4.2862.0708)
MSXML 4.0 SP3 Parser (KB973685) (Version: 4.30.2107.0)
Network64 (Version: 130.0.374.000)
Network64 (Version: 140.0.221.000)
Norton Security Scan (Version: 3.5.1.6)
OCR Software by I.R.I.S. 13.0 (Version: 13.0)
Orb (Version: 3.15.0044.27289)
Orb Mini Controller (Version: 2.2.0)
Orb Runtime libraries (Version: 1.0.0)
Piggly FREE
Planetfall v15
Platform (Version: 1.34)
QuickTime (Version: 7.69.80.9)
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0)
RealPlayer
RealUpgrade 1.1 (Version: 1.1.0)
Risk
Scan (Version: 140.0.80.000)
Shop for HP Supplies (Version: 13.0)
Sid Meier's Alpha Centauri
SimCity 3000 Unlimited
SmartWebPrinting (Version: 130.0.373.000)
Smileyville FREE
SolutionCenter (Version: 130.0.373.000)
SRS Premium Sound Control Panel (Version: 1.8.2300)
Status (Version: 130.0.373.000)
Times Reader (Version: 2.055)
TomTom HOME 2.8.1.2218 (Version: 2.8.1.2218)
TomTom HOME Visual Studio Merge Modules (Version: 1.0.2)
Toolbox (Version: 130.0.648.000)
TrayApp (Version: 130.0.376.000)
Trend Micro Internet Security (Version: 17.50)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2597970) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
USB 2.0 1.3M UVC WebCam
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0)
VIA Platform Device Manager (Version: 1.34)
Viewpoint Media Player
VLC media player 1.1.11 (Version: 1.1.11)
Voobly (Version: Voobly)
WebReg (Version: 130.0.132.017)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3538.0513)
Windows Live Family Safety (Version: 15.4.3538.0513)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3538.0513)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Mesh (Version: 15.4.3502.0922)
Windows Live Mesh ActiveX Control for Remote Connections (Version: 15.4.5722.2)
Windows Live Messenger (Version: 15.4.3538.0513)
Windows Live Messenger Companion Core (Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live Sync (Version: 14.0.8050.1202)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)
WinFlash (Version: 2.29.0)
WinRAR 4.00 beta 1 (32-bit) (Version: 4.00.1)
WinRAR 4.00 beta 1 (64-bit) (Version: 4.00.1)
Wireless Console 3 (Version: 3.0.15)
Xvid Video Codec (Version: 1.3.2)

========================= Devices: ================================

Name: Officejet 4500 G510n-z
Description: Officejet 4500 G510n-z
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: HP
Service: StillCam
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Security Processor Loader Driver
Description: Security Processor Loader Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: spldr
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Officejet 4500 G510n-z
Description: Officejet 4500 G510n-z
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


========================= Memory info: ===================================

Percentage of memory in use: 16%
Total physical RAM: 4061.09 MB
Available physical RAM: 3386.66 MB
Total Pagefile: 8120.31 MB
Available Pagefile: 7487.73 MB
Total Virtual: 4095.88 MB
Available Virtual: 3962.45 MB

========================= Partitions: =====================================

1 Drive c: (OS) (Fixed) (Total:74.52 GB) (Free:8.36 GB) NTFS
2 Drive d: (DATA) (Fixed) (Total:206.97 GB) (Free:195.93 GB) NTFS
3 Drive e: (EDUCATING_ELAINIA) (CDROM) (Total:3.88 GB) (Free:0 GB) UDF

========================= Users: ========================================

User accounts for \\CHRIS-PC

Administrator Chris Guest
Mcx1-CHRIS-PC


**** End of log ****



Malwarebytes (these are the results of the second scan I performed as per your request)

Malwarebytes Anti-Malware (Trial) 1.60.1.1000
www.malwarebytes.org

Database version: v2012.03.21.02

Windows 7 x64 NTFS (Safe Mode/Networking)
Internet Explorer 9.0.8112.16421
Chris :: CHRIS-PC [administrator]

Protection: Disabled

3/21/2012 4:21:48 PM
mbam-log-2012-03-21 (16-26-21).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 216245
Time elapsed: 3 minute(s), 53 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 2
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce|cewdjbtkr (Trojan.FakeAlert) -> Data: C:\Users\Chris\AppData\Local\cewdjbtkr.exe -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce|GrpConv (Trojan.Agent.Gen) -> Data: grpconv -o -> No action taken.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 3
C:\Users\Chris\AppData\Local\cewdjbtkr.exe (Trojan.FakeAlert) -> No action taken.
C:\Users\Chris\Local Settings\cewdjbtkr.exe (Trojan.FakeAlert) -> No action taken.
C:\Users\Chris\Local Settings\Application Data\cewdjbtkr.exe (Trojan.FakeAlert) -> No action taken.

(end)



Here are the results of the first, full scan I performed before:

Malwarebytes Anti-Malware (Trial) 1.60.1.1000
www.malwarebytes.org

Database version: v2012.03.21.01

Windows 7 x64 NTFS (Safe Mode/Networking)
Internet Explorer 9.0.8112.16421
Chris :: CHRIS-PC [administrator]

Protection: Disabled

3/20/2012 10:49:54 PM
mbam-log-2012-03-20 (22-49-54).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 445546
Time elapsed: 1 hour(s), 8 minute(s), 27 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 2
HKCR\AppID\{D2083641-E57F-4eab-BB85-0582424F4A29} (Adware.HotBar.CP) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\EasyDownloads (Adware.EasyDownloads) -> Quarantined and deleted successfully.

Registry Values Detected: 1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce|GrpConv (Trojan.Agent.Gen) -> Data: grpconv -o -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 10
C:\Program Files (x86)\Easy Downloads\uninstall.exe (Adware.EasyDownloads) -> Quarantined and deleted successfully.
C:\Users\Chris\AppData\Local\Temp\Addons\31147973\zugo.exe (PUP.Zugo) -> Quarantined and deleted successfully.
C:\Users\Chris\AppData\Local\Temp\{A6A7CA77-FB30-1E7E-FC95-B3127D44E881}\zugo.exe (PUP.Zugo) -> Quarantined and deleted successfully.
C:\Users\Chris\AppData\Local\Temp\{B34D9990-37CE-F68A-1461-7FEC68AEBB66}\zugo.exe (PUP.Zugo) -> Quarantined and deleted successfully.
C:\Users\Chris\Downloads\Airplane_1980_DVDRip_XviD_DEViSE_downloader.exe (Adware.EasyDownloads) -> Quarantined and deleted successfully.
C:\Users\Chris\Downloads\DownloadSetup.exe (Affiliate.Downloader) -> Quarantined and deleted successfully.
C:\Users\Chris\Downloads\FLVBlaster.exe (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Users\Chris\Downloads\MPLSetup.exe (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Users\Chris\Downloads\setup (48).exe (Affiliate.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\grpconv.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.

(end)



aswMBR

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-03-21 15:25:07
-----------------------------
15:25:07.974 OS Version: Windows x64 6.1.7600
15:25:07.974 Number of processors: 2 586 0x170A
15:25:07.974 ComputerName: CHRIS-PC UserName: Chris
15:25:08.504 Initialize success
15:25:48.877 AVAST engine defs: 12032000
15:25:59.656 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
15:25:59.656 Disk 0 Vendor: WDC_WD32 01.0 Size: 305245MB BusType: 3
15:25:59.672 Disk 0 MBR read successfully
15:25:59.672 Disk 0 MBR scan
15:25:59.688 Disk 0 Windows VISTA default MBR code
15:25:59.703 Disk 0 Partition 1 00 1C Hidd FAT32 LBA MSDOS5.0 16997 MB offset 2048
15:25:59.719 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 76308 MB offset 34812855
15:25:59.719 Disk 0 Partition - 00 0F Extended LBA 211935 MB offset 191093175
15:25:59.750 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 211935 MB offset 191093238
15:25:59.766 Disk 0 scanning C:\Windows\system32\drivers
15:26:11.294 Service scanning
15:26:35.802 Modules scanning
15:26:35.802 Disk 0 trace - called modules:
15:26:35.864 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll
15:26:35.864 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004a01060]
15:26:35.880 3 CLASSPNP.SYS[fffff880013a543f] -> nt!IofCallDriver -> [0xfffffa8003cdfdb0]
15:26:35.895 5 ACPI.sys[fffff88000f9c781] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8003ce5050]
15:26:36.769 AVAST engine scan C:\Windows
15:26:39.015 AVAST engine scan C:\Windows\system32
15:29:35.842 AVAST engine scan C:\Windows\system32\drivers
15:29:46.294 AVAST engine scan C:\Users\Chris
15:36:50.926 AVAST engine scan C:\ProgramData
15:38:06.852 Scan finished successfully
16:20:54.290 Disk 0 MBR has been saved successfully to "C:\Users\Chris\Desktop\MBR.dat"
16:20:54.290 The log file has been saved successfully to "C:\Users\Chris\Desktop\aswMBR log.txt"


There you have it.

#4 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,735 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:09:12 AM

Posted 21 March 2012 - 05:03 PM

Uninstall McAfee Security Scan Plus, typical foistware.

What are the current issues?

You're not running any AV program.
Install ONE of these:
- Avast! free antivirus: http://www.avast.com/eng/download-avast-home.html
- free Microsoft Security Essentials: http://windows.microsoft.com/en-GB/windows/products/security-essentials
- free Comodo Antivirus: http://www.comodo.com/home/internet-security/antivirus.php
Update, run full scan, report on any findings.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#5 CTM162

CTM162
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:12 AM

Posted 21 March 2012 - 10:49 PM

It might be foistware, but I don't use it. That program's been on my computer since I got it (and I've had it for some time). It should be harmless.

I'm not sure what you mean by the current issues. Are you asking me to boot up my computer in normal operating mode and see what happens? (I've kept it in Safe Mode with Networking when I don't have it shut off.) Besides running those programs you asked me to, I haven't taken any direct action against Security Shield. Unless said programs helped in that endeavor, the only issues would be as I said before (i.e. I can't run any executable files or access internet). Did you want me to be more specific?

Of those three anti-virus programs you listed, only Avast worked. (Microsoft Security Essentials won't run in Safe Mode, and I ran into an error I got over and over again whenever I tried installing Comodo.) Ran a quick scan, turned up nothing. Ran a full scan, and it found one file...a plugin of some sort in my Temp folder (directory reads "...AppData\Local\Temp\plugtmp-85\plugin-2fdp.php"). It doesn't look like anything related to Security Shield, though.

One thing Avast recommends is to run a boot-time scan, which runs as soon as computer reboots. I'm thinking of doing that--letting it reboot in normal mode--and hope it runs before Security Shield tries shooting it down, but won't do anything blindly. In the meantime, I'm going to leave it on in safe mode, and keep Avast on. (I haven't deleted the file I mentioned; just kept the scan results up after it was over.)

Edited by CTM162, 21 March 2012 - 10:54 PM.


#6 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,735 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:09:12 AM

Posted 21 March 2012 - 10:56 PM

Yes I want you to start in normal mode and let me know what the issues are.
MBAM removed some stuff.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#7 CTM162

CTM162
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:12 AM

Posted 21 March 2012 - 11:26 PM

Well, you appear to be correct. I can access the Internet, and successfully ran a few programs with no issues. I didn't even see Security Shield boot up.

Should I still complete the process the forum guide outlines? I didn't delete that HOSTS file, for instance, or anything that came after that. The guide says that Security Shield rewrites it, so I probably should, yes?

#8 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,735 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:09:12 AM

Posted 22 March 2012 - 12:13 AM

Your "hosts" file is fine.

Let's run couple more checks....

Download Temp File Cleaner (TFC)
Double click on TFC.exe to run the program.
Click on Start button to begin cleaning process.
TFC will close all running programs, and it may ask you to restart computer.

=============================================================================

Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click on List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    NOTE. If Eset doesn't find any threats it'll NOT produce any log.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#9 CTM162

CTM162
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:12 AM

Posted 22 March 2012 - 09:13 AM

Wiped my Temp folder.

ESET Online Scanner reports no threats found. I hope that means Security Shield is gone for good, yes? If so, thanks a lot for the help, Broni. I appreciate your speedy assistance.

Edited by CTM162, 22 March 2012 - 09:18 AM.


#10 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,735 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:09:12 AM

Posted 22 March 2012 - 07:04 PM

Your computer is clean Posted Image

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll remove all old restore points and create fresh, clean restore point.

Turn system restore off.
Restart computer.
Turn system restore back on.

If you don't know how to do it...
Windows XP: http://support.microsoft.com/kb/310405
Vista and Windows 7: http://www.howtogeek.com/howto/windows-vista/disable-system-restore-in-windows-vista/

2. Make sure, Windows Updates are current.

3. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

4. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

5. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

6. Run Temporary File Cleaner (TFC) weekly.

7. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

8. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

9. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

10. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

11. Except for MBAM and TFC, which are keepers you can simply delete all other tools we used as they don't install.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users