Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with latest ZeroAccess rootkit


  • This topic is locked This topic is locked
37 replies to this topic

#1 jwilldavis

jwilldavis

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:08:28 AM

Posted 01 June 2013 - 06:00 PM

Here are my DDS files (attached).  My diagnosis was performed here. http://www.bleepingcomputer.com/forums/t/495535/windows-7-hp-laptop-infected/

 

My computer has random talking in the background (ads) while no applications are running. It takes longer to start up and when I try to reset it to install updates it gets hung up at the restart screen, making me turn it off and turn it back on. MSE, windows defender, Windows update are all disabled.

 

 

 

Attached Files



BC AdBot (Login to Remove)

 


#2 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,696 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:02:28 PM

Posted 01 June 2013 - 07:31 PM

Hi jwilldavis,

 

Welcome to the forum.

 

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 



#3 jwilldavis

jwilldavis
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:08:28 AM

Posted 02 June 2013 - 01:07 PM

Hello, thanks for your assistance.  Here are the FRST logs.

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-06-2013 02
Ran by Owner (administrator) on 02-06-2013 14:01:36
Running from C:\Users\Owner\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(IDT, Inc.) C:\Program Files\IDT\WDM\STacSV64.exe
(Hewlett-Packard Company) C:\Windows\system32\Hpservice.exe
(Validity Sensors, Inc.) C:\Windows\system32\vcsFPService.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(DigitalPersona, Inc.) C:\Program Files\DigitalPersona\Bin\DpHostW.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Juniper Networks) C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Roxio) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
(Intel® Corporation) C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Red Bend Ltd.) C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(DigitalPersona, Inc.) C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Intel® Corporation) C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe
() C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
(DigitalPersona, Inc.) C:\Program Files\DigitalPersona\Bin\DPAgent.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(SecureW2 B.V.) C:\Program Files (x86)\SecureW2\sw2_tray.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Hewlett-Packard Development Company L.P.) C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\System32\wscript.exe
(Microsoft Corporation) C:\Windows\System32\wscript.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\system32\Macromed\Flash\FlashUtil64_11_7_700_202_ActiveX.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated)
HKLM\...\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe [487424 2010-07-22] (IDT, Inc.)
HKLM\...\Run: [IntelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray [1931024 2010-07-19] (Intel® Corporation)
HKLM\...\Run: [IntelWirelessWiMAX] "C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe" /tasktray /nosplash [1441792 2010-06-08] (Intel® Corporation)
HKLM\...\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe /background [611896 2010-08-31] ()
HKLM\...\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe 120 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe /hidden [363064 2010-07-21] (Hewlett-Packard Company)
HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\mssecex.exe" -hide -runkey [x]
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe, [739664 2010-09-15] (DigitalPersona, Inc.)
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox]  ATTENTION! ====> ZeroAccess
HKCU\...\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden [2736128 2010-08-16] (Hewlett-Packard Company)
HKCU\...\Run: [Facebook Update] "C:\Users\Owner\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver [138096 2012-07-11] (Facebook Inc.)
HKCU\...\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe [x]
HKLM-x32\...\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-01] (Symantec Corporation)
HKLM-x32\...\Run: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume [439568 2010-05-10] (Microsoft Corporation)
HKLM-x32\...\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [584760 2010-09-28] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2011-07-05] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2010-06-09] (Hewlett-Packard)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59720 2013-01-28] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [946352 2012-12-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [SecureW2 Tray] C:\Program Files (x86)\SecureW2\sw2_tray.exe [211880 2012-11-02] (SecureW2 B.V.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [152392 2013-02-20] (Apple Inc.)
HKU\Administrator\...\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden [2736128 2010-08-16] (Hewlett-Packard Company)
Lsa: [Notification Packages] DPPassFilter scecli
Startup: C:\ProgramData\Start Menu\Programs\Startup\Snapfish PictureMover.lnk
ShortcutTarget: Snapfish PictureMover.lnk -> C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe (Hewlett-Packard Company)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKLM - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM - {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = http://rover.ebay.com/rover/1/711-111092-2357-0/4?satitle={searchTerms}&mfe=Notebooks
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKLM-x32 - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM-x32 - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 - {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = http://rover.ebay.com/rover/1/711-111092-2357-0/4?satitle={searchTerms}&mfe=Notebooks
SearchScopes: HKCU - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKCU - {5BEF13D4-ECFA-4CE6-BCCB-4BD337AD405B} URL = http://search.babylon.com/?q={searchTerms}&affID=110790&tt=3612_5&babsrc=SP_ss&mntrId=76c3d29900000000000000ff10c05c08
SearchScopes: HKCU - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKCU - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKCU - {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = http://rover.ebay.com/rover/1/711-111092-2357-0/4?satitle={searchTerms}&mfe=Notebooks
SearchScopes: HKCU - {E27E4A95-B8BD-4DCB-80D8-28134BC8F0DB} URL = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=OSJ000&apn_uid=2B34CF97-2AC0-40E1-87CF-AFBAE6A12B9F&apn_sauid=6ADBB16E-8797-4D5E-8035-FCE4F3445E35
SearchScopes: HKCU - {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL =
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: No Name - {2EECD738-5844-4a99-B4B6-146BF802613B} -  No File
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Bing Bar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll No File
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM-x32 - @C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll No File
Toolbar: HKLM-x32 - No Name - {98889811-442D-49dd-99D7-DC866BE87DBC} -  No File
PDF: HKLM-x32 {05B8E43F-311C-4B30-A913-C8C50FB8162A} http://www.worldstarhiphop.com/tools/xc_loader_activex.ocx
PDF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://vpn.gwu.edu/dana-cached/sc/JuniperSetupClient.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\8mey19hw.default
FF SelectedSearchEngine: Ask.com
FF Homepage: hxxp://search.babylon.com/?affID=110790&tt=3612_5&babsrc=HP_ss&mntrId=76c3d29900000000000000ff10c05c08
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll ()
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=1.6.0_33 - C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpWinExt,version=5.0 - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll No File
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: SearchReset - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\8mey19hw.default\Extensions\searchreset@gavinsharp.com
FF Extension: searchreset - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\8mey19hw.default\Extensions\searchreset@gavinsharp.com.xpi

==================== Services (Whitelisted) =================

S2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22056 2013-01-27] ()
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2010-07-19] ()
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [379360 2013-01-27] ()
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] ()

==================== Drivers (Whitelisted) ====================

R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [230320 2013-01-20] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [130008 2013-01-20] (Microsoft Corporation)
S1 vjwncqmw; C:\Windows\system32\drivers\vjwncqmw.sys [49872 2013-05-13] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-06-02 14:01 - 2013-06-02 14:01 - 00000000 ____D C:\FRST
2013-06-02 14:00 - 2013-06-02 10:57 - 01916600 ____A (Farbar) C:\Users\Owner\Desktop\FRST64.exe
2013-06-01 18:47 - 2013-06-01 18:50 - 00020484 ____A C:\Users\Owner\Desktop\dds.txt
2013-06-01 18:47 - 2013-06-01 18:49 - 00018501 ____A C:\Users\Owner\Desktop\attach.txt
2013-05-24 19:05 - 2013-05-24 19:05 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Malwarebytes
2013-05-24 19:04 - 2013-05-24 19:04 - 00001109 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-05-24 19:04 - 2013-05-24 19:04 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-05-24 19:04 - 2013-05-24 19:04 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-05-24 19:04 - 2013-04-04 14:50 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2013-05-24 18:58 - 2013-05-24 18:58 - 00002711 ____A C:\Users\Owner\Desktop\FSS.txt
2013-05-24 18:57 - 2013-05-24 15:33 - 00354299 ____A (Farbar) C:\Users\Owner\Desktop\FSS.exe
2013-05-24 18:47 - 2013-05-24 18:47 - 00000722 ____A C:\Users\Owner\Desktop\mbam-setup-1.75.0.1300 - Shortcut.lnk
2013-05-24 18:47 - 2013-05-24 18:47 - 00000704 ____A C:\Users\Owner\Desktop\mbar-1.05.0.1001 - Shortcut.lnk
2013-05-24 18:47 - 2013-05-24 18:47 - 00000662 ____A C:\Users\Owner\Desktop\Reason_601 - Shortcut.lnk
2013-05-24 18:47 - 2013-05-24 18:47 - 00000645 ____A C:\Users\Owner\Desktop\MiniToolBox - Shortcut.lnk
2013-05-24 18:47 - 2013-05-24 18:47 - 00000624 ____A C:\Users\Owner\Desktop\iExplore - Shortcut.lnk
2013-05-24 18:47 - 2013-05-24 18:47 - 00000599 ____A C:\Users\Owner\Desktop\rkill - Shortcut.lnk
2013-05-24 18:47 - 2013-05-24 18:47 - 00000320 ____A C:\Users\Owner\Desktop\SecurityCheck - Shortcut.lnk
2013-05-23 14:59 - 2013-05-23 14:59 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\PictureMover
2013-05-23 14:58 - 2013-05-23 14:58 - 00114384 ____A C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2013-05-23 14:58 - 2013-05-23 14:58 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Intel
2013-05-23 14:58 - 2013-05-23 14:58 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\hpqLog
2013-05-23 14:58 - 2013-05-23 14:58 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Apple Computer
2013-05-23 14:57 - 2013-05-23 14:57 - 00000020 ___SH C:\Users\Administrator\ntuser.ini
2013-05-23 14:57 - 2013-05-23 14:57 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Stardock
2013-05-23 14:57 - 2013-05-23 14:57 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\DigitalPersona
2013-05-23 14:57 - 2013-05-23 14:57 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Adobe
2013-05-23 14:57 - 2013-05-23 14:57 - 00000000 ____D C:\Users\Administrator\AppData\Local\DigitalPersona
2013-05-23 14:56 - 2013-05-23 14:57 - 00000000 ____D C:\users\Administrator
2013-05-23 14:56 - 2011-10-10 20:53 - 00000000 ____D C:\Users\Administrator\AppData\Local\Microsoft Help
2013-05-23 14:56 - 2011-02-08 05:05 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Macromedia
2013-05-21 02:38 - 2013-05-21 02:39 - 00279552 ____A C:\Windows\Minidump\052113-54647-01.dmp
2013-05-21 00:41 - 2013-05-21 00:41 - 00279592 ____A C:\Windows\Minidump\052113-68687-01.dmp
2013-05-21 00:24 - 2013-04-05 02:52 - 02242048 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-05-21 00:24 - 2013-04-05 02:52 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-05-21 00:24 - 2013-04-05 02:52 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-05-21 00:24 - 2013-04-05 02:50 - 19231232 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-05-21 00:24 - 2013-04-05 02:50 - 15404032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-05-21 00:24 - 2013-04-05 02:50 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-05-21 00:24 - 2013-04-05 02:50 - 02647552 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-05-21 00:24 - 2013-04-05 02:50 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-05-21 00:24 - 2013-04-05 02:50 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-05-21 00:24 - 2013-04-05 02:50 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-05-21 00:24 - 2013-04-05 02:50 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-05-21 00:24 - 2013-04-05 02:50 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-05-21 00:24 - 2013-04-05 02:50 - 00053248 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-05-21 00:24 - 2013-04-05 02:50 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-05-21 00:24 - 2013-04-05 01:28 - 01767424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-05-21 00:24 - 2013-04-05 01:28 - 01130496 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-05-21 00:24 - 2013-04-05 01:26 - 14323712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-05-21 00:24 - 2013-04-05 01:26 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-05-21 00:24 - 2013-04-05 01:26 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-05-21 00:24 - 2013-04-05 01:26 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-05-21 00:24 - 2013-04-05 01:26 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-05-21 00:24 - 2013-04-05 01:26 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-05-21 00:24 - 2013-04-05 01:26 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-05-21 00:24 - 2013-04-05 01:26 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-05-21 00:24 - 2013-04-05 01:26 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-05-21 00:24 - 2013-04-05 01:26 - 00039424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-05-21 00:24 - 2013-04-05 01:26 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-05-21 00:24 - 2013-04-05 00:43 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-05-21 00:24 - 2013-04-05 00:29 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-05-21 00:24 - 2013-04-04 23:51 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-05-21 00:24 - 2013-04-04 23:38 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-05-21 00:15 - 2013-05-21 00:15 - 00279568 ____A C:\Windows\Minidump\052113-32463-01.dmp
2013-05-21 00:03 - 2013-05-21 00:03 - 00279560 ____A C:\Windows\Minidump\052113-27799-01.dmp
2013-05-20 23:40 - 2013-05-20 23:41 - 00279488 ____A C:\Windows\Minidump\052013-32167-01.dmp
2013-05-17 15:33 - 2013-04-10 02:01 - 00983400 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys
2013-05-17 15:33 - 2013-04-10 02:01 - 00265064 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgmms1.sys
2013-05-17 15:33 - 2013-04-09 23:30 - 03153920 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-05-17 15:33 - 2013-03-19 01:53 - 00230400 ____A (Microsoft Corporation) C:\Windows\System32\wwansvc.dll
2013-05-17 15:33 - 2013-03-19 01:53 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\wwanprotdim.dll
2013-05-17 15:33 - 2013-02-27 02:02 - 00111448 ____A (Microsoft Corporation) C:\Windows\System32\consent.exe
2013-05-17 15:33 - 2013-02-27 01:52 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2013-05-17 15:33 - 2013-02-27 01:52 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\shdocvw.dll
2013-05-17 15:33 - 2013-02-27 01:48 - 01930752 ____A (Microsoft Corporation) C:\Windows\System32\authui.dll
2013-05-17 15:33 - 2013-02-27 01:47 - 00070144 ____A (Microsoft Corporation) C:\Windows\System32\appinfo.dll
2013-05-17 15:33 - 2013-02-27 00:55 - 12872704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2013-05-17 15:33 - 2013-02-27 00:55 - 00180224 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2013-05-17 15:33 - 2013-02-27 00:49 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-05-17 15:33 - 2011-02-03 07:25 - 00144384 ____A (Microsoft Corporation) C:\Windows\System32\cdd.dll
2013-05-17 15:23 - 2013-05-17 15:23 - 00279944 ____A C:\Windows\Minidump\051713-37206-01.dmp
2013-05-13 14:12 - 2013-05-13 14:12 - 00049872 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\vjwncqmw.sys
2013-05-11 17:05 - 2013-05-12 01:49 - 00000332 ____A C:\Windows\Tasks\HPCeeScheduleForOwner.job
2013-05-08 15:20 - 2013-05-08 15:21 - 00279560 ____A C:\Windows\Minidump\050813-34101-01.dmp

==================== One Month Modified Files and Folders =======

2013-06-02 14:01 - 2013-06-02 14:01 - 00000000 ____D C:\FRST
2013-06-02 10:57 - 2013-06-02 14:00 - 01916600 ____A (Farbar) C:\Users\Owner\Desktop\FRST64.exe
2013-06-01 18:58 - 2009-07-14 01:08 - 00032558 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2013-06-01 18:51 - 2011-08-19 01:19 - 00000928 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2033160431-533565791-1852887576-1000UA.job
2013-06-01 18:51 - 2011-08-19 01:19 - 00000906 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2033160431-533565791-1852887576-1000Core.job
2013-06-01 18:50 - 2013-06-01 18:47 - 00020484 ____A C:\Users\Owner\Desktop\dds.txt
2013-06-01 18:49 - 2013-06-01 18:47 - 00018501 ____A C:\Users\Owner\Desktop\attach.txt
2013-06-01 18:38 - 2012-05-05 12:24 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-06-01 18:17 - 2009-07-14 01:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-06-01 18:05 - 2011-02-08 04:40 - 01862046 ____A C:\Windows\WindowsUpdate.log
2013-06-01 18:03 - 2011-06-17 15:36 - 00000000 ____D C:\Users\Owner\AppData\Local\CrashDumps
2013-06-01 17:53 - 2009-07-14 00:45 - 00023248 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-06-01 17:53 - 2009-07-14 00:45 - 00023248 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-06-01 17:42 - 2011-02-08 04:48 - 00000050 ____A C:\Windows\System32\SupplicantTest.log
2013-06-01 17:42 - 2009-07-14 00:51 - 00065668 ____A C:\Windows\setupact.log
2013-05-24 19:14 - 2011-02-08 04:50 - 00316326 ____A C:\Windows\PFRO.log
2013-05-24 19:05 - 2013-05-24 19:05 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Malwarebytes
2013-05-24 19:04 - 2013-05-24 19:04 - 00001109 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-05-24 19:04 - 2013-05-24 19:04 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-05-24 19:04 - 2013-05-24 19:04 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-05-24 18:58 - 2013-05-24 18:58 - 00002711 ____A C:\Users\Owner\Desktop\FSS.txt
2013-05-24 18:47 - 2013-05-24 18:47 - 00000722 ____A C:\Users\Owner\Desktop\mbam-setup-1.75.0.1300 - Shortcut.lnk
2013-05-24 18:47 - 2013-05-24 18:47 - 00000704 ____A C:\Users\Owner\Desktop\mbar-1.05.0.1001 - Shortcut.lnk
2013-05-24 18:47 - 2013-05-24 18:47 - 00000662 ____A C:\Users\Owner\Desktop\Reason_601 - Shortcut.lnk
2013-05-24 18:47 - 2013-05-24 18:47 - 00000645 ____A C:\Users\Owner\Desktop\MiniToolBox - Shortcut.lnk
2013-05-24 18:47 - 2013-05-24 18:47 - 00000624 ____A C:\Users\Owner\Desktop\iExplore - Shortcut.lnk
2013-05-24 18:47 - 2013-05-24 18:47 - 00000599 ____A C:\Users\Owner\Desktop\rkill - Shortcut.lnk
2013-05-24 18:47 - 2013-05-24 18:47 - 00000320 ____A C:\Users\Owner\Desktop\SecurityCheck - Shortcut.lnk
2013-05-24 18:44 - 2009-07-14 01:13 - 00726444 ____A C:\Windows\System32\PerfStringBackup.INI
2013-05-24 15:33 - 2013-05-24 18:57 - 00354299 ____A (Farbar) C:\Users\Owner\Desktop\FSS.exe
2013-05-23 14:59 - 2013-05-23 14:59 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\PictureMover
2013-05-23 14:58 - 2013-05-23 14:58 - 00114384 ____A C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2013-05-23 14:58 - 2013-05-23 14:58 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Intel
2013-05-23 14:58 - 2013-05-23 14:58 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\hpqLog
2013-05-23 14:58 - 2013-05-23 14:58 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Apple Computer
2013-05-23 14:57 - 2013-05-23 14:57 - 00000020 ___SH C:\Users\Administrator\ntuser.ini
2013-05-23 14:57 - 2013-05-23 14:57 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Stardock
2013-05-23 14:57 - 2013-05-23 14:57 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\DigitalPersona
2013-05-23 14:57 - 2013-05-23 14:57 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Adobe
2013-05-23 14:57 - 2013-05-23 14:57 - 00000000 ____D C:\Users\Administrator\AppData\Local\DigitalPersona
2013-05-23 14:57 - 2013-05-23 14:56 - 00000000 ____D C:\users\Administrator
2013-05-23 14:45 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-05-23 14:10 - 2013-03-16 13:42 - 00041049 ____A C:\Users\Owner\Downloads\Banner Secured Area_P_ViewTran.htm
2013-05-21 02:39 - 2013-05-21 02:38 - 00279552 ____A C:\Windows\Minidump\052113-54647-01.dmp
2013-05-21 02:38 - 2011-08-11 19:20 - 593485536 ____A C:\Windows\MEMORY.DMP
2013-05-21 02:38 - 2011-08-11 19:20 - 00000000 ____D C:\Windows\Minidump
2013-05-21 02:33 - 2009-07-14 00:45 - 00427816 ____A C:\Windows\System32\FNTCACHE.DAT
2013-05-21 02:24 - 2011-07-08 15:55 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-05-21 02:22 - 2011-04-13 16:55 - 75016696 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-05-21 02:00 - 2011-06-15 02:40 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Skype
2013-05-21 02:00 - 2011-06-15 02:39 - 00000000 ____D C:\ProgramData\Skype
2013-05-21 00:41 - 2013-05-21 00:41 - 00279592 ____A C:\Windows\Minidump\052113-68687-01.dmp
2013-05-21 00:15 - 2013-05-21 00:15 - 00279568 ____A C:\Windows\Minidump\052113-32463-01.dmp
2013-05-21 00:03 - 2013-05-21 00:03 - 00279560 ____A C:\Windows\Minidump\052113-27799-01.dmp
2013-05-20 23:41 - 2013-05-20 23:40 - 00279488 ____A C:\Windows\Minidump\052013-32167-01.dmp
2013-05-17 19:20 - 2013-04-22 19:20 - 00000000 ____D C:\Windows\en
2013-05-17 19:20 - 2013-04-22 19:16 - 00000000 ____D C:\Program Files\Windows Live
2013-05-17 19:20 - 2011-02-08 05:09 - 00000000 ____D C:\ProgramData\RoxioNow
2013-05-17 19:20 - 2010-10-16 11:19 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2013-05-17 19:20 - 2010-10-16 11:18 - 00000000 ____D C:\Program Files (x86)\Windows Live
2013-05-17 19:20 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\registration
2013-05-17 19:20 - 2009-07-13 23:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2013-05-17 16:38 - 2012-05-05 12:24 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-05-17 16:38 - 2011-12-02 21:53 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-05-17 15:30 - 2011-04-13 15:30 - 00000000 ____D C:\users\Owner
2013-05-17 15:23 - 2013-05-17 15:23 - 00279944 ____A C:\Windows\Minidump\051713-37206-01.dmp
2013-05-13 16:44 - 2011-06-18 23:31 - 00000000 ____D C:\Users\Owner\AppData\Local\Windows Live
2013-05-13 14:12 - 2013-05-13 14:12 - 00049872 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\vjwncqmw.sys
2013-05-12 14:30 - 2012-06-23 12:44 - 00000000 ____D C:\Firefox
2013-05-12 01:49 - 2013-05-11 17:05 - 00000332 ____A C:\Windows\Tasks\HPCeeScheduleForOwner.job
2013-05-11 14:54 - 2011-02-08 05:25 - 00000000 ___RD C:\Users\Public\Recorded TV
2013-05-11 14:54 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\AppCompat
2013-05-11 14:53 - 2011-07-08 15:54 - 00000000 __RHD C:\MSOCache
2013-05-08 15:21 - 2013-05-08 15:20 - 00279560 ____A C:\Windows\Minidump\050813-34101-01.dmp

ZeroAccess:
C:\$Recycle.Bin\S-1-5-21-2033160431-533565791-1852887576-1000\$ea862fa9f0256ac5ef9f2a8a40c50e2a

ZeroAccess:
C:\$Recycle.Bin\S-1-5-18\$ea862fa9f0256ac5ef9f2a8a40c50e2a

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
C:\Program Files\Windows Defender\mpsvc.dll => ATTENTION: ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Windows Defender
C:\Program Files\Microsoft Security Client\MsMpEng.exe => ATTENTION: ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Microsoft Security Client

Last Boot: 2013-05-09 16:49

==================== End Of Log ============================

 

 

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-06-2013 02
Ran by Owner at 2013-06-02 14:02:29 Run:
Running from C:\Users\Owner\Desktop
Boot Mode: Normal
==========================================================

==================== Installed Programs =======================

ActiveCheck component for HP Active Support Library (Version: 3.0.0.3)
Adobe AIR (Version: 2.0.2.12610)
Adobe Flash Player 11 ActiveX (Version: 11.7.700.202)
Adobe Flash Player 11 Plugin (Version: 11.7.700.202)
Adobe Reader X (10.1.6) (Version: 10.1.6)
Adobe Shockwave Player 11.5 (Version: 11.5.8.612)
Agatha Christie - Peril at End House (Version: 2.2.0.95)
Apple Application Support (Version: 2.3.3)
Apple Mobile Device Support (Version: 6.1.0.13)
Apple Software Update (Version: 2.1.3.127)
Bejeweled 2 Deluxe (Version: 2.2.0.95)
Bing Bar (Version: 6.0.2282.0)
Bing Bar Platform (Version: 6.0.2282.0)
Bing Rewards Client Installer (Version: 16.0.345.0)
Blackhawk Striker 2 (Version: 2.2.0.95)
Blasterball 3 (Version: 2.2.0.95)
Blio (Version: 2.0.5350)
Bonjour (Version: 3.0.0.10)
Bounce Symphony (Version: 2.2.0.95)
Build-a-lot 2 (Version: 2.2.0.95)
Cake Mania (Version: 2.2.0.95)
Chuzzle Deluxe (Version: 2.2.0.95)
Cisco Connect (Version: 1.3.11069.2)
Coupon Printer for Windows (Version: 5.0.0.0)
CyberLink DVD Suite (Version: 7.0.3320)
D3DX10 (Version: 15.4.2368.0902)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Diner Dash 2 Restaurant Rescue (Version: 2.2.0.95)
Dora's World Adventure (Version: 2.2.0.95)
DVD Menu Pack for HP MediaSmart Video (Version: 4.2.4412)
Energy Star Digital Logo (Version: 1.0.1)
Escape Rosecliff Island (Version: 2.2.0.95)
ESU for Microsoft Windows 7 (Version: 1.0.0)
Facebook Video Calling 1.2.0.287 (Version: 1.2.287)
Farm Frenzy (Version: 2.2.0.95)
FATE (Version: 2.2.0.95)
Fences Pro (Version: 1.0.1.312)
Fences Pro (Version: 1.0.1.312.19219)
Final Drive Nitro (Version: 2.2.0.95)
Heroes of Hellas 2 - Olympia (Version: 2.2.0.95)
HP 3D DriveGuard (Version: 4.0.10.1)
HP Auto (Version: 1.0.12494.3472)
HP Client Services (Version: 1.0.12656.3472)
HP CloudDrive
HP Customer Experience Enhancements (Version: 6.0.1.7)
HP Deskjet 2050 J510 series Basic Device Software (Version: 22.50.231.0)
HP Deskjet 2050 J510 series Help (Version: 140.0.61.61)
HP Deskjet 2050 J510 series Product Improvement Study (Version: 22.50.231.0)
HP Documentation (Version: 1.2.0.0)
HP DVB-T TV Tuner 8.0.64.43 (Version: 8.0.64.43)
HP Game Console
HP Games (Version: 1.0.1.5)
HP MediaSmart DVD (Version: 4.2.4521)
HP MediaSmart Movies and TV (Version: 1.0.1.2)
HP MediaSmart Music (Version: 4.2.4604)
HP MediaSmart Photo (Version: 4.2.4513)
HP MediaSmart SmartMenu (Version: 3.1.2.2)
HP MediaSmart Video (Version: 4.2.4522)
HP MediaSmart Webcam (Version: 4.2.3303)
HP MediaSmart/TouchSmart Netflix (Version: 1.0.4.0)
HP MovieStore (Version: 1.0.023)
HP MovieStore (Version: 2.0.2)
HP Photo Creations (Version: 1.0.0.4042)
HP Power Manager (Version: 1.1.2)
HP Quick Launch (Version: 2.2.7)
HP Setup (Version: 8.4.4400.3525)
HP Setup Manager (Version: 1.0.12844.3519)
HP SimplePass Identity Protection (Version: 5.20.205)
HP Software Framework (Version: 4.0.70.1)
HP Support Assistant (Version: 5.1.8.12)
HP Update (Version: 5.002.006.003)
HP Wireless Assistant (Version: 4.0.10.0)
HPAsset component for HP Active Support Library (Version: 3.0.0.3)
Hulu Desktop (Version: 0.9.13)
iCloud (Version: 2.1.0.39)
IDT Audio (Version: 1.0.6292.0)
Intel PROSet Wireless
Intel WiMAX Tutorial (Version: 1.5.3.1)
Intel® Graphics Media Accelerator Driver (Version: 8.15.10.2189)
Intel® Management Engine Components (Version: 6.0.0.1179)
Intel® PROSet/Wireless WiFi Software (Version: 13.03.0000)
Intel® Rapid Storage Technology (Version: 9.6.2.1001)
Intel® Wireless Display (Version: 1.2.21.0)
Intel® PROSet/Wireless WiMAX Software (Version: 2.03.0005)
iTunes (Version: 11.0.2.26)
Java Auto Updater (Version: 2.0.7.1)
Java™ 6 Update 21 (64-bit) (Version: 6.0.210)
Java™ 6 Update 33 (Version: 6.0.330)
Jewel Quest Solitaire 2 (Version: 2.2.0.95)
Juniper Networks Network Connect 7.0.0 (Version: 7.0.0.16899)
Juniper Networks Network Connect 7.1.0 (Version: 7.1.0.18671)
Juniper Networks UAC Host Checker (Version: 4.1.0.17665)
Juniper Networks, Inc. Setup Client (Version: 7.1.3.11013)
Junk Mail filter update (Version: 16.4.3505.0912)
LabelPrint (Version: 2.5.3220)
LightScribe System Software (Version: 1.18.18.1)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Default Manager (Version: 2.2.114.0)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Professional 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proofing (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Single Image 2010 (Version: 14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Security Client (Version: 4.2.0223.1)
Microsoft Security Essentials (Version: 4.2.223.1)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft WSE 3.0 Runtime (Version: 3.0.5305.0)
Movie Maker (Version: 16.4.3505.0912)
Movie Theme Pack for HP MediaSmart Video (Version: 4.2.4412)
Mozilla Firefox 20.0.1 (x86 en-US) (Version: 20.0.1)
Mozilla Maintenance Service (Version: 20.0.1)
MSVCRT (Version: 15.4.2862.0708)
MSVCRT_amd64 (Version: 15.4.2862.0708)
MSVCRT110 (Version: 16.4.1108.0727)
MSVCRT110_amd64 (Version: 16.4.1109.0912)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
Mystery P.I. - The London Caper (Version: 2.2.0.95)
Norton Online Backup (Version: 2.1.17869)
PDF Creator
Penguins! (Version: 2.2.0.95)
Photo Gallery (Version: 16.4.3505.0912)
PhotoNow! (Version: 1.1.7717)
PictureMover (Version: 3.5.0.33)
Plants vs. Zombies (Version: 2.2.0.95)
PlayReady PC Runtime x86 (Version: 1.3.0)
Poker Superstars III (Version: 2.2.0.95)
Polar Bowler (Version: 2.2.0.95)
Polar Golfer (Version: 2.2.0.95)
Power2Go (Version: 6.1.4419)
PowerDirector (Version: 8.0.3320)
QuickTime (Version: 7.70.80.34)
Realtek Ethernet Controller Driver For Windows 7 (Version: 7.23.623.2010)
Realtek USB 2.0 Card Reader (Version: 6.1.7600.30111)
Recovery Manager (Version: 5.5.3223)
RoxioNow Player (Version: 1.9.5.101)
SecureW2 Enterprise Client 3.5.9
Synaptics Pointing Device Driver (Version: 15.3.29.0)
Times Reader (Version: 2.055)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition
Validity Sensors DDK (Version: 4.1.139.0)
Virtual Families (Version: 2.2.0.95)
Virtual Villagers 4 - The Tree of Life (Version: 2.2.0.95)
Wheel of Fortune 2 (Version: 2.2.0.95)
Windows Live Communications Platform (Version: 16.4.3505.0912)
Windows Live Essentials (Version: 16.4.3505.0912)
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0)
Windows Live Installer (Version: 16.4.3505.0912)
Windows Live Mail (Version: 16.4.3505.0912)
Windows Live Messenger (Version: 16.4.3505.0912)
Windows Live MIME IFilter (Version: 16.4.3505.0912)
Windows Live Photo Common (Version: 16.4.3505.0912)
Windows Live PIMT Platform (Version: 16.4.3505.0912)
Windows Live SOXE (Version: 16.4.3505.0912)
Windows Live SOXE Definitions (Version: 16.4.3505.0912)
Windows Live UX Platform (Version: 16.4.3505.0912)
Windows Live UX Platform Language Pack (Version: 16.4.3505.0912)
Windows Live Writer (Version: 16.4.3505.0912)
Windows Live Writer Resources (Version: 16.4.3505.0912)
Zuma Deluxe (Version: 2.2.0.95)

==================== Restore Points  =========================

13-05-2013 00:10:29 Windows Backup
13-05-2013 20:23:41 Removed Microsoft Silverlight
13-05-2013 20:41:55 Windows Live Essentials
13-05-2013 20:42:08 WLSetup
21-05-2013 04:21:59 Windows Update
21-05-2013 05:01:27 Windows Update
21-05-2013 05:59:38 Removed Skype™ 6.3
21-05-2013 06:00:21 Removed Skype Click to Call
21-05-2013 06:16:52 Windows Update
21-05-2013 07:12:38 Windows Update
23-05-2013 18:17:48 Windows Update
23-05-2013 18:21:54 Windows Update
23-05-2013 18:35:23 Removed Microsoft Silverlight
23-05-2013 18:38:18 Removed Microsoft Silverlight
01-06-2013 21:52:25 Windows Backup

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (06/01/2013 06:57:51 PM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
Faulting module name: MSHTML.dll, version: 10.0.9200.16576, time stamp: 0x515e3be5
Exception code: 0xc0000005
Fault offset: 0x00000000005d0e49
Faulting process id: 0x2228
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3

Error: (06/01/2013 06:15:59 PM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
Faulting module name: MSHTML.dll, version: 10.0.9200.16576, time stamp: 0x515e3be5
Exception code: 0xc0000005
Fault offset: 0x00000000005d0e49
Faulting process id: 0xc60
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3

Error: (06/01/2013 06:03:28 PM) (Source: Application Error) (User: )
Description: Faulting application name: HPMSGSVC.exe, version: 2.2.6.0, time stamp: 0x4ca1bd0f
Faulting module name: HPMSGSVC.exe, version: 2.2.6.0, time stamp: 0x4ca1bd0f
Exception code: 0xc0000005
Fault offset: 0x00003b5f
Faulting process id: 0x1034
Faulting application start time: 0xHPMSGSVC.exe0
Faulting application path: HPMSGSVC.exe1
Faulting module path: HPMSGSVC.exe2
Report Id: HPMSGSVC.exe3

Error: (06/01/2013 06:02:16 PM) (Source: Application Error) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 10.0.9200.16576, time stamp: 0x515e30fe
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00000000
Faulting process id: 0x18e8
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3

Error: (06/01/2013 06:01:15 PM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
Faulting module name: MSHTML.dll, version: 10.0.9200.16576, time stamp: 0x515e3be5
Exception code: 0xc0000005
Fault offset: 0x00000000005d0e49
Faulting process id: 0x1f4
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3

Error: (05/24/2013 06:09:10 PM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x0000000000016479
Faulting process id: 0xce4
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3

Error: (05/24/2013 06:05:27 PM) (Source: Application Error) (User: )
Description: Faulting application name: HPMSGSVC.exe, version: 2.2.6.0, time stamp: 0x4ca1bd0f
Faulting module name: HPMSGSVC.exe, version: 2.2.6.0, time stamp: 0x4ca1bd0f
Exception code: 0xc0000005
Fault offset: 0x00003b5f
Faulting process id: 0x1b4
Faulting application start time: 0xHPMSGSVC.exe0
Faulting application path: HPMSGSVC.exe1
Faulting module path: HPMSGSVC.exe2
Report Id: HPMSGSVC.exe3

Error: (05/24/2013 06:04:51 PM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
Faulting module name: ntdll.dll, version: 6.1.7601.17725, time stamp: 0x4ec4aa8e
Exception code: 0xc0000005
Fault offset: 0x000000000004e4b4
Faulting process id: 0x200
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3

Error: (05/23/2013 02:11:58 PM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
Faulting module name: ntdll.dll, version: 6.1.7601.17725, time stamp: 0x4ec4aa8e
Exception code: 0xc0000005
Fault offset: 0x000000000004e4b4
Faulting process id: 0x3b3c
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3

Error: (05/23/2013 02:01:18 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 48097807

System errors:
=============
Error: (06/01/2013 06:58:56 PM) (Source: Service Control Manager) (User: )
Description: The Windows Management Instrumentation service terminated unexpectedly.  It has done this 3 time(s).

Error: (06/01/2013 06:58:56 PM) (Source: Service Control Manager) (User: )
Description: The Themes service terminated unexpectedly.  It has done this 3 time(s).

Error: (06/01/2013 06:58:56 PM) (Source: Service Control Manager) (User: )
Description: The System Event Notification Service service terminated unexpectedly.  It has done this 3 time(s).

Error: (06/01/2013 06:58:56 PM) (Source: Service Control Manager) (User: )
Description: The Task Scheduler service terminated unexpectedly.  It has done this 3 time(s).

Error: (06/01/2013 06:58:56 PM) (Source: Service Control Manager) (User: )
Description: The User Profile Service service terminated unexpectedly.  It has done this 3 time(s).

Error: (06/01/2013 06:58:56 PM) (Source: Service Control Manager) (User: )
Description: The Multimedia Class Scheduler service terminated unexpectedly.  It has done this 3 time(s).

Error: (06/01/2013 06:58:56 PM) (Source: Service Control Manager) (User: )
Description: The Server service terminated unexpectedly.  It has done this 3 time(s).

Error: (06/01/2013 06:58:56 PM) (Source: Service Control Manager) (User: )
Description: The IP Helper service terminated unexpectedly.  It has done this 3 time(s).

Error: (06/01/2013 06:58:56 PM) (Source: Service Control Manager) (User: )
Description: The IKE and AuthIP IPsec Keying Modules service terminated unexpectedly.  It has done this 3 time(s).

Error: (06/01/2013 06:58:56 PM) (Source: Service Control Manager) (User: )
Description: The Group Policy Client service terminated unexpectedly.  It has done this 3 time(s).

Microsoft Office Sessions:
=========================
Error: (06/01/2013 06:57:51 PM) (Source: Application Error)(User: )
Description: svchost.exe6.1.7600.163854a5bc3c1MSHTML.dll10.0.9200.16576515e3be5c000000500000000005d0e49222801ce5f15c2946fe2C:\Windows\system32\svchost.exeC:\Windows\system32\MSHTML.dllaf6f35e5-cb0e-11e2-8cb2-f361bfc1b78c

Error: (06/01/2013 06:15:59 PM) (Source: Application Error)(User: )
Description: svchost.exe6.1.7600.163854a5bc3c1MSHTML.dll10.0.9200.16576515e3be5c000000500000000005d0e49c6001ce5f13e98ba2f2C:\Windows\system32\svchost.exeC:\Windows\system32\MSHTML.dlld6204651-cb08-11e2-8cb2-f361bfc1b78c

Error: (06/01/2013 06:03:28 PM) (Source: Application Error)(User: )
Description: HPMSGSVC.exe2.2.6.04ca1bd0fHPMSGSVC.exe2.2.6.04ca1bd0fc000000500003b5f103401ce5f1132a89634C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exeC:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe1632d711-cb07-11e2-8cb2-f361bfc1b78c

Error: (06/01/2013 06:02:16 PM) (Source: Application Error)(User: )
Description: IEXPLORE.EXE10.0.9200.16576515e30feunknown0.0.0.000000000c00000050000000018e801ce5f1256a37020C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEunknowneb4af55d-cb06-11e2-8cb2-f361bfc1b78c

Error: (06/01/2013 06:01:15 PM) (Source: Application Error)(User: )
Description: svchost.exe6.1.7600.163854a5bc3c1MSHTML.dll10.0.9200.16576515e3be5c000000500000000005d0e491f401ce5f10dc935116C:\Windows\system32\svchost.exeC:\Windows\system32\MSHTML.dllc74b16ce-cb06-11e2-8cb2-f361bfc1b78c

Error: (05/24/2013 06:09:10 PM) (Source: Application Error)(User: )
Description: svchost.exe6.1.7600.163854a5bc3c1unknown0.0.0.000000000c00000050000000000016479ce401ce58cac960f629C:\Windows\system32\svchost.exeunknown8f0d4696-c4be-11e2-aa2c-983105e469b3

Error: (05/24/2013 06:05:27 PM) (Source: Application Error)(User: )
Description: HPMSGSVC.exe2.2.6.04ca1bd0fHPMSGSVC.exe2.2.6.04ca1bd0fc000000500003b5f1b401ce57e8b13dd4f5C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exeC:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe09f68fbf-c4be-11e2-aa2c-983105e469b3

Error: (05/24/2013 06:04:51 PM) (Source: Application Error)(User: )
Description: svchost.exe6.1.7600.163854a5bc3c1ntdll.dll6.1.7601.177254ec4aa8ec0000005000000000004e4b420001ce57e73d600811C:\Windows\system32\svchost.exeC:\Windows\SYSTEM32\ntdll.dllf4a696bb-c4bd-11e2-aa2c-983105e469b3

Error: (05/23/2013 02:11:58 PM) (Source: Application Error)(User: )
Description: svchost.exe6.1.7600.163854a5bc3c1ntdll.dll6.1.7601.177254ec4aa8ec0000005000000000004e4b43b3c01ce57dfa888f38bC:\Windows\system32\svchost.exeC:\Windows\SYSTEM32\ntdll.dll41741844-c3d4-11e2-95e4-9f9a2f9dacb5

Error: (05/23/2013 02:01:18 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 48097807

CodeIntegrity Errors:
===================================
  Date: 2013-06-02 13:59:28.505
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-06-02 13:52:10.171
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-06-02 12:52:57.547
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-06-02 12:47:38.301
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-06-01 18:49:31.632
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-06-01 17:53:08.093
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-06-01 17:42:14.885
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-05-24 19:24:40.432
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-05-24 19:15:08.176
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-05-24 19:11:11.326
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Percentage of memory in use: 72%
Total physical RAM: 3893.86 MB
Available physical RAM: 1055.68 MB
Total Pagefile: 7785.9 MB
Available Pagefile: 4354.24 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:436.37 GB) (Free:337.86 GB) NTFS (Disk=0 Partition=2) ==>[System with boot components (obtained from reading drive)]
Drive d: (RECOVERY) (Fixed) (Total:29.1 GB) (Free:4.17 GB) NTFS (Disk=0 Partition=3) ==>[System with boot components (obtained from reading drive)]
Drive f: (HP v125w) (Removable) (Total:14.91 GB) (Free:9.86 GB) FAT32 (Disk=1 Partition=1)

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 466 GB) (Disk ID: DE1C2D32)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=436 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=29 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=103 MB) - (Type=0C)

========================================================
Disk: 1 (Size: 15 GB) (Disk ID: 0C172103)
Partition 1: (Not Active) - (Size=15 GB) - (Type=0C)

==================== End Of Log ============================



#4 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,696 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:02:28 PM

Posted 02 June 2013 - 02:04 PM

Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST/FRST64 and press the Fix button just once and wait.
If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

Note: If the tool warned you about the outdated version please download and run the updated version.

Attached Files



#5 jwilldavis

jwilldavis
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:08:28 AM

Posted 02 June 2013 - 03:25 PM

Here is the  Fixlog.  Please note that my computer does not allow me to download any of the tools required for this.  I have been downloading everything to a family PC and copying to mine via flash drive.  Thus, I could not update the FRST version (the family PC is 32 bit and wouldn't allow me to update the 64 bit version needed here).

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 02-06-2013 02
Ran by Owner at 2013-06-02 16:15:36 Run:1
Running from C:\Users\Owner\Desktop\Malware Removal
Boot Mode: Normal
==============================================

HKLM\Software\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InprocServer32\\Default => Value was restored successfully.
C:\$Recycle.Bin\S-1-5-21-2033160431-533565791-1852887576-1000\$ea862fa9f0256ac5ef9f2a8a40c50e2a => Moved successfully.
C:\$Recycle.Bin\S-1-5-18\$ea862fa9f0256ac5ef9f2a8a40c50e2a => Moved successfully.
C:\Program Files\Windows Defender => Moved successfully.
C:\Program Files\Microsoft Security Client => Moved successfully.

==== End of Fixlog ====



#6 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,696 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:02:28 PM

Posted 02 June 2013 - 03:32 PM

Thank you for the feedback.

 

  1. Please reboot the computer once.
     
  2. Please download Farbar Service Scanner and run it on the computer with the issue.
    • Check all the boxes.
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.


#7 jwilldavis

jwilldavis
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:08:28 AM

Posted 02 June 2013 - 06:31 PM

Here is the FSS log:

 

Farbar Service Scanner Version: 14-04-2013
Ran by Owner (administrator) on 02-06-2013 at 19:27:44
Running from "C:\Users\Owner\Desktop\Malware Removal"
Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Attempt to access Yahoo IP returned error. Yahoo IP is offline
Yahoo.com is accessible.

Windows Firewall:
=============

Firewall Disabled Policy:
==================

System Restore:
============

System Restore Disabled Policy:
========================

Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================

Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.

Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1

Other Services:
==============

File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit

ATTENTION!=====> C:\Program Files\Windows Defender\MpSvc.dll FILE IS MISSING AND SHOULD BE RESTORED.

C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit

**** End of log ****



#8 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,696 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:02:28 PM

Posted 03 June 2013 - 01:05 AM

The log surprises me. Could you please tell me what is going on at the other end? Have you been doing any fix by yourself?

 

We had the Windows defender file on the system:

 

From the FRST log:


S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] ()

....

C:\Program Files\Windows Defender\mpsvc.dll => ATTENTION: ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Windows Defender

 

And now from FSS log:

 


ATTENTION!=====> C:\Program Files\Windows Defender\MpSvc.dll FILE IS MISSING AND SHOULD BE RESTORED.

 

Please give me feedback about all the changes you have made by yourself since we are working together.



#9 jwilldavis

jwilldavis
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:08:28 AM

Posted 03 June 2013 - 01:25 AM

I haven't change/ tried to fix anything. I've only followed your directions. Please advise ,

thanks!

#10 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,696 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:02:28 PM

Posted 03 June 2013 - 02:10 AM

So the file is mysteriously gone.

 

Are you able to run Microsoft Security Essentials now?

 

Please download TDSSKiller.zip and and extract it.

  • Run TDSSKiller.exe.
  • Click Start scan.
  • When it is finished the utility outputs a list of detected objects with description.
    The utility automatically selects an action (Cure or Delete) for malicious objects.
    The utility prompts the user to select an action to apply to suspicious objects (Skip, by default). Let the options as it is and click Continue
  • Let reboot if needed and tell me if the tool needed a reboot.
  • Click on Report and post the contents of the text file that will open.

    Note: By default, the utility outputs the log into system disk (it is usually the disk with installed operating system, C:\) root folder. The Log have a name like: TDSSKiller.Version_Date_Time_log.txt.

 



#11 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,696 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:02:28 PM

Posted 03 June 2013 - 03:55 AM

Please disregard my last post. My apologies for the wrong query and the mistake I made in my script. You did exactly what was instructed. It was me made the mistake.

 

 Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST/FRST64 and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

Note: If the tool warned you about the outdated version please download and run the updated version.

Attached Files



#12 jwilldavis

jwilldavis
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:08:28 AM

Posted 03 June 2013 - 10:28 AM

Good morning.  FRST64 has been running (fixing) for over 45 minutes.  Is that normal?



#13 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,696 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:02:28 PM

Posted 03 June 2013 - 11:00 AM

No it should not take more than a couple of minutes. Please right-click on FRST icon in the system tray area and close it. Alternatively bring up Task Manager (right-click on the status bar down the desktop and select Task Manger). From there select FRST64.exe and select End Process.



#14 jwilldavis

jwilldavis
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:08:28 AM

Posted 03 June 2013 - 11:09 AM

Ok, I ended it.  This log was created, I think.  There was an existing Fixlog on the desktop - did it get overwritten, or should I have deleted the existing one?  Looks incomplete...

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 02-06-2013 03
Ran by Owner at 2013-06-03 10:52:40 Run:2
Running from C:\Users\Owner\Desktop\Malware Removal
Boot Mode: Normal
==============================================



#15 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,696 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:02:28 PM

Posted 03 June 2013 - 11:15 AM

The old log will be overwritten, you didn't have to remove it. :thumbup2:

 

Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST/FRST64 and press the Fix button just once and wait.
If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

Note: If the tool warned you about the outdated version please download and run the updated version.

Attached Files






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users