Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Laptop Infected, did system restore, need help checking


  • Please log in to reply
No replies to this topic

#1 davidolson255

davidolson255

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:06:24 PM

Posted 30 November 2013 - 03:42 AM

My mother is in town and since I've had infection issues, I didn't allow her to put her laptop on my network without checking/scanning it first.  I used Dr Web and found the following:

 

Adware.BGuard.38

Adware.Conduit.15

Adware.MyWebSearch.43

Adware.MyWebSearch.47

Tool.InstallToolbar.5

Trojan.DownLoader7.18616

Trojan.DownLoader8.58173

Trojan.MulDrop4.22900

Win32.HLLM.Graz

Win32.HLLM.Reset.427

 

I allowed Dr Web to remove all the threats, 187 files.  After that, I lost the ability to see my Network settings and unable to connect to the Internet.  Wasn't sure what else to do, so I did a system restore back 1 week ago.  I'm on the Internet now, but not sure if these threats still exists.  I don't feel comfortable using Dr Web again and really don't want to tackle this alone.  There's a lot of garbage installs and files.  She had someone remove some viruses about 2 months ago, but that person didn't clean up after themselves, so I've been trying to do that as well.  In the Internet Settings, I am unable to place a tick for Automatically Detect Network Settings in the tab where you would set a proxy (if needed).  If I place a tick there, clicking OK does nothing.  If I take the tick out, I am able to click OK.  :(

 

This is a HP G60 Notebook PC, running Windows 7 Home Premium SP1 64 Bit.  4 GB RAM.  Penitium Dual Core @ 2.20 GHz.  She has paid version of McAfee and is running SUPERAntiSpyware. There's LOTS of McAfee files running (not sure if that's normal) and of course lots of HP files/drivers running (not sure whats legit and what isn't).

 

I just started the normal requested software installations of SecurityCheck, FSS, MiniToolbox, Malwarebytes Anti-Malware.  I"m including these log files.

 

 

 Results of screen317's Security Check version 0.99.77  

 Windows 7 Service Pack 1 x64 (UAC is enabled)  

 Internet Explorer 10 Out of date! 

``````````````Antivirus/Firewall Check:`````````````` 

 Windows Firewall Enabled!  

McAfee Anti-Virus and Anti-Spyware   

 WMI entry may not exist for antivirus; attempting automatic update. 

`````````Anti-malware/Other Utilities Check:````````` 

 Java™ 6 Update 20  

 Java 7 Update 45  

 Mozilla Firefox (25.0.1) 

 Google Chrome 30.0.1599.101  

 Google Chrome 31.0.1650.57  

````````Process Check: objlist.exe by Laurent````````  

 McAfee Online Backup MOBKbackup.exe   

`````````````````System Health check````````````````` 

 Total Fragmentation on Drive C: 1% 

````````````````````End of Log`````````````````````` 

 
 
 

Farbar Service Scanner Version: 23-11-2013
Ran by Dave (administrator) on 30-11-2013 at 03:13:43
Running from "C:\Users\Dave\Desktop"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************
 
Internet Services:
============
 
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.
 
 
Windows Firewall:
=============
 
Firewall Disabled Policy: 
==================
 
 
System Restore:
============
 
System Restore Disabled Policy: 
========================
 
 
Action Center:
============
 
 
Windows Update:
============
 
Windows Autoupdate Disabled Policy: 
============================
 
 
Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
 
 
Other Services:
==============
 
 
File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
 
 
**** End of log ****
 
 
 
 

MiniToolBox by Farbar  Version: 13-07-2013
Ran by Dave (administrator) on 30-11-2013 at 03:15:26
Running from "C:\Users\Dave\Desktop"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
No Proxy Server is set.
========================= Hosts content: =================================
 
127.0.0.1       localhost
 
========================= IP Configuration: ================================
 
Qualcomm Atheros AR9285 802.11b/g/n WiFi Adapter = Wireless Network Connection (Connected)
Realtek PCIe FE Family Controller = Local Area Connection (Media disconnected)
Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 2 (Media disconnected)
 
 
# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4
 
reset
set global icmpredirects=enabled
 
 
popd
# End of IPv4 configuration
 
 
 
Windows IP Configuration
 
   Host Name . . . . . . . . . . . . : Karen-PC
   Primary Dns Suffix  . . . . . . . : 
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : home
 
Wireless LAN adapter Wireless Network Connection 2:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter
   Physical Address. . . . . . . . . : 22-4C-E5-8B-E3-E0
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Wireless LAN adapter Wireless Network Connection:
 
   Connection-specific DNS Suffix  . : home
   Description . . . . . . . . . . . : Qualcomm Atheros AR9285 802.11b/g/n WiFi Adapter
   Physical Address. . . . . . . . . : 90-4C-E5-8B-E3-E0
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::61a5:9686:db11:8037%12(Preferred) 
   IPv4 Address. . . . . . . . . . . : 192.168.1.8(Preferred) 
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Saturday, November 30, 2013 3:05:04 AM
   Lease Expires . . . . . . . . . . : Sunday, December 01, 2013 3:05:03 AM
   Default Gateway . . . . . . . . . : 192.168.1.1
   DHCP Server . . . . . . . . . . . : 192.168.1.1
   DHCPv6 IAID . . . . . . . . . . . : 328223973
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-12-E6-85-98-00-26-2D-B6-8F-03
   DNS Servers . . . . . . . . . . . : 192.168.1.1
   NetBIOS over Tcpip. . . . . . . . : Enabled
 
Ethernet adapter Local Area Connection:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Realtek PCIe FE Family Controller
   Physical Address. . . . . . . . . : 00-26-2D-B6-8F-03
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter isatap.gateway.2wire.net:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter isatap.{62D383FF-1E19-431D-A937-403682F76045}:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter Teredo Tunneling Pseudo-Interface:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
Server:  Wireless_Broadband_Router.home
Address:  192.168.1.1
 
Name:    google.com
Addresses:  2607:f8b0:4004:801::1003
 74.125.228.46
 74.125.228.38
 74.125.228.32
 74.125.228.35
 74.125.228.34
 74.125.228.33
 74.125.228.37
 74.125.228.40
 74.125.228.39
 74.125.228.41
 74.125.228.36
 
 
Pinging google.com [74.125.228.32] with 32 bytes of data:
Reply from 74.125.228.32: bytes=32 time=18ms TTL=57
Reply from 74.125.228.32: bytes=32 time=44ms TTL=57
 
Ping statistics for 74.125.228.32:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 18ms, Maximum = 44ms, Average = 31ms
Server:  Wireless_Broadband_Router.home
Address:  192.168.1.1
 
Name:    yahoo.com
Addresses:  206.190.36.45
 98.139.183.24
 98.138.253.109
 
 
Pinging yahoo.com [98.139.183.24] with 32 bytes of data:
Reply from 98.139.183.24: bytes=32 time=42ms TTL=51
Reply from 98.139.183.24: bytes=32 time=41ms TTL=51
 
Ping statistics for 98.139.183.24:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 41ms, Maximum = 42ms, Average = 41ms
 
Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
 
Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 18...22 4c e5 8b e3 e0 ......Microsoft Virtual WiFi Miniport Adapter
 12...90 4c e5 8b e3 e0 ......Qualcomm Atheros AR9285 802.11b/g/n WiFi Adapter
 10...00 26 2d b6 8f 03 ......Realtek PCIe FE Family Controller
  1...........................Software Loopback Interface 1
 15...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
 14...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
 13...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================
 
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1      192.168.1.8     25
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.1.0    255.255.255.0         On-link       192.168.1.8    281
      192.168.1.8  255.255.255.255         On-link       192.168.1.8    281
    192.168.1.255  255.255.255.255         On-link       192.168.1.8    281
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link       192.168.1.8    281
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link       192.168.1.8    281
===========================================================================
Persistent Routes:
  None
 
IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  1    306 ::1/128                  On-link
 12    281 fe80::/64                On-link
 12    281 fe80::61a5:9686:db11:8037/128
                                    On-link
  1    306 ff00::/8                 On-link
 12    281 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================
 
Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 11 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 12 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 13 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 14 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 15 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 16 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 17 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 18 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 19 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 20 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)
x64-Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (11/30/2013 02:51:35 AM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {e8f50880-bea7-4ed8-9687-f8b03f37a866}
 
Error: (11/30/2013 02:27:29 AM) (Source: Application Error) (User: )
Description: Faulting application name: rundll32.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc637
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea8e7
Exception code: 0xc015000f
Fault offset: 0x0008482b
Faulting process id: 0xeb4
Faulting application start time: 0xrundll32.exe0
Faulting application path: rundll32.exe1
Faulting module path: rundll32.exe2
Report Id: rundll32.exe3
 
Error: (11/30/2013 02:27:07 AM) (Source: Application Error) (User: )
Description: Faulting application name: rundll32.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc637
Faulting module name: iertutil.dll, version: 10.0.9200.16736, time stamp: 0x5258dbec
Exception code: 0xc0000005
Fault offset: 0x00003c30
Faulting process id: 0xeb4
Faulting application start time: 0xrundll32.exe0
Faulting application path: rundll32.exe1
Faulting module path: rundll32.exe2
Report Id: rundll32.exe3
 
Error: (11/30/2013 01:00:09 AM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {6e192651-4f89-47d6-b93d-04401c37ff53}
 
Error: (11/29/2013 11:53:07 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.
 
Error: (11/29/2013 09:02:04 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {ecd305cb-8193-4f79-910e-c4bed6712b61}
 
Error: (11/29/2013 08:59:57 PM) (Source: AVLogEvent) (User: NT AUTHORITY)
Description: Content is missing.
Error Code:a7f42014
 
Error: (11/27/2013 05:11:22 AM) (Source: MsiInstaller) (User: Karen-PC)
Description: Product: Microsoft Security Client -- Error 1712. One or more of the files required to restore your computer to its previous state could not be found.  Restoration will not be possible.
 
Error: (11/27/2013 05:11:22 AM) (Source: MsiInstaller) (User: Karen-PC)
Description: Product: Microsoft Security Client -- Error 1101. Error reading from file: C:\Config.Msi\19a5e30.rbs.  System error 2.  Verify that the file exists and that you can access it.
 
Error: (11/27/2013 05:11:22 AM) (Source: MsiInstaller) (User: Karen-PC)
Description: Product: Microsoft Security Client -- Error 1704. An installation for Sophos Virus Removal Tool is currently suspended.  You must undo the changes made by that installation to continue.  Do you want to undo those changes?
 
 
System errors:
=============
Error: (11/30/2013 02:48:56 AM) (Source: Service Control Manager) (User: )
Description: The Internet Connection Sharing (ICS) service depends on the Remote Access Connection Manager service which failed to start because of the following error: 
%%1058
 
Error: (11/30/2013 00:57:27 AM) (Source: Microsoft Antimalware) (User: )
Description: %%8604.4.0304.0%%886%%8920x80070002The system cannot find the file specified. 9
 
Error: (11/30/2013 00:57:10 AM) (Source: Service Control Manager) (User: )
Description: The Internet Connection Sharing (ICS) service depends on the Remote Access Connection Manager service which failed to start because of the following error: 
%%1058
 
Error: (11/30/2013 00:56:47 AM) (Source: EventLog) (User: )
Description: The previous system shutdown at 12:54:34 AM on ?11/?30/?2013 was unexpected.
 
Error: (11/29/2013 09:37:21 PM) (Source: DCOM) (User: )
Description: {209500FC-6B45-4693-8871-6296C4843751}
 
Error: (11/29/2013 09:16:06 PM) (Source: DCOM) (User: )
Description: {211EBA3A-EA5A-496B-A021-5C6BEB365E4C}
 
Error: (11/29/2013 09:13:35 PM) (Source: Microsoft Antimalware) (User: )
Description: %%8604.4.0304.0%%886%%8920x80070002The system cannot find the file specified. 9
 
Error: (11/29/2013 09:05:52 PM) (Source: Microsoft Antimalware) (User: )
Description: %%8604.4.0304.00.0.0.07%%859NT AUTHORITYSYSTEMS-1-5-181%%8001%%8030.0.0.00x8024402cAn unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 1%%852http://www.microsoft.com
 
Error: (11/29/2013 09:00:50 PM) (Source: Microsoft Antimalware) (User: )
Description: %%8604.4.0304.00.0.0.06%%851NT AUTHORITYNETWORK SERVICES-1-5-201%%8001%%8030.0.0.00x80072ee7The server name or address could not be resolved 1%%852http://go.microsoft.com/fwlink/?LinkID=260974&clcid=0x409&NRI=true&arch=x64&eng=0.0.0.0&sig=0.0.0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094
 
Error: (11/29/2013 09:00:50 PM) (Source: Microsoft Antimalware) (User: )
Description: %%8604.4.0304.00.0.0.06%%851NT AUTHORITYNETWORK SERVICES-1-5-203%%8861%%8030.0.0.00x80072ee7The server name or address could not be resolved 1%%852http://go.microsoft.com/fwlink/?LinkID=260974&clcid=0x409&NRI=true&arch=x64&eng=0.0.0.0&sig=0.0.0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094
 
 
Microsoft Office Sessions:
=========================
Error: (11/30/2013 02:51:35 AM) (Source: VSS)(User: )
Description: 0x80070005, Access is denied.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {e8f50880-bea7-4ed8-9687-f8b03f37a866}
 
Error: (11/30/2013 02:27:29 AM) (Source: Application Error)(User: )
Description: rundll32.exe6.1.7600.163854a5bc637ntdll.dll6.1.7601.18247521ea8e7c015000f0008482beb401ceed9c8e8ef9a7C:\Windows\SysWOW64\rundll32.exeC:\Windows\SysWOW64\ntdll.dllde2a4542-5990-11e3-8293-00262db68f03
 
Error: (11/30/2013 02:27:07 AM) (Source: Application Error)(User: )
Description: rundll32.exe6.1.7600.163854a5bc637iertutil.dll10.0.9200.167365258dbecc000000500003c30eb401ceed9c8e8ef9a7C:\Windows\SysWOW64\rundll32.exeC:\Windows\syswow64\iertutil.dlld0e26afa-5990-11e3-8293-00262db68f03
 
Error: (11/30/2013 01:00:09 AM) (Source: VSS)(User: )
Description: 0x80070005, Access is denied.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {6e192651-4f89-47d6-b93d-04401c37ff53}
 
Error: (11/29/2013 11:53:07 PM) (Source: SideBySide)(User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3
 
Error: (11/29/2013 09:02:04 PM) (Source: VSS)(User: )
Description: 0x80070005, Access is denied.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {ecd305cb-8193-4f79-910e-c4bed6712b61}
 
Error: (11/29/2013 08:59:57 PM) (Source: AVLogEvent)(User: NT AUTHORITY)
Description: a7f42014
 
Error: (11/27/2013 05:11:22 AM) (Source: MsiInstaller)(User: Karen-PC)
Description: Product: Microsoft Security Client -- Error 1712. One or more of the files required to restore your computer to its previous state could not be found.  Restoration will not be possible.(NULL)(NULL)(NULL)(NULL)(NULL)
 
Error: (11/27/2013 05:11:22 AM) (Source: MsiInstaller)(User: Karen-PC)
Description: Product: Microsoft Security Client -- Error 1101. Error reading from file: C:\Config.Msi\19a5e30.rbs.  System error 2.  Verify that the file exists and that you can access it.(NULL)(NULL)(NULL)(NULL)(NULL)
 
Error: (11/27/2013 05:11:22 AM) (Source: MsiInstaller)(User: Karen-PC)
Description: Product: Microsoft Security Client -- Error 1704. An installation for Sophos Virus Removal Tool is currently suspended.  You must undo the changes made by that installation to continue.  Do you want to undo those changes?(NULL)(NULL)(NULL)(NULL)(NULL)
 
 
CodeIntegrity Errors:
===================================
  Date: 2013-11-26 06:50:46.162
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-11-26 06:50:45.678
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-09-12 03:14:00.028
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-09-12 03:13:59.575
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-09-11 22:46:08.496
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\McAfee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-09-11 22:46:08.493
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\McAfee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-09-11 22:46:08.490
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\McAfee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-09-11 22:46:08.487
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\McAfee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-09-02 00:08:45.154
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\McAfee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-09-02 00:08:45.150
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\McAfee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.
 
 
=========================== Installed Programs ============================
 
64 Bit HP CIO Components Installer (Version: 7.2.8)
Adobe AIR (Version: 1.5.0.7220)
Adobe Shockwave Player (Version: 11.0)
Atheros Driver Installation Program (Version: 9.0)
Bing Rewards Client Installer (Version: 16.0.345.0)
BufferChm (Version: 130.0.331.000)
C4600 (Version: 130.0.425.000)
CCleaner (Version: 4.05)
Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000)
Conexant HD Audio (Version: 4.98.60.50)
D3DX10 (Version: 15.4.2368.0902)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Destinations (Version: 140.0.77.000)
DeviceDiscovery (Version: 130.0.372.000)
Google Chrome (Version: 31.0.1650.57)
Google Earth (Version: 7.1.1.1888)
Google Update Helper (Version: 1.3.21.165)
GPBaseService2 (Version: 130.0.371.000)
HDAUDIO Soft Data Fax Modem with SmartCP (Version: 7.80.4.50)
Hewlett-Packard ACLM.NET v1.2.1.1 (Version: 1.00.0000)
HP Advisor (Version: 3.3.9512.3162)
HP Customer Experience Enhancements (Version: 6.0.1.7)
HP Customer Participation Program 13.0 (Version: 13.0)
HP Deskjet 3050 J610 series Basic Device Software (Version: 22.50.231.0)
HP Deskjet 3050 J610 series Product Improvement Study (Version: 22.50.231.0)
HP Imaging Device Functions 13.0 (Version: 13.0)
HP Photo Creations (Version: 1.0.0.3781)
HP Photosmart C4600 All-In-One Driver Software 13.0 Rel .5 (Version: 13.0)
HP Print Projects 1.0 (Version: 1.0)
HP Quick Launch Buttons (Version: 6.50.16.1)
HP Setup (Version: 1.2.3560.3170)
HP Smart Web Printing 4.60 (Version: 4.60)
HP Solution Center 13.0 (Version: 13.0)
HP Support Assistant (Version: 7.0.39.15)
HP Update (Version: 5.003.001.001)
HP User Guides 0156 (Version: 1.02.0001)
HP Wireless Assistant (Version: 3.50.11.2)
HPDiagnosticAlert (Version: 1.00.0000)
HPPhotoGadget (Version: 130.0.282.000)
hpPrintProjects (Version: 130.0.303.000)
HPProductAssistant (Version: 130.0.371.000)
HPSSupply (Version: 130.0.371.000)
hpWLPGInstaller (Version: 130.0.303.000)
Intel® Graphics Media Accelerator Driver (Version: 8.15.10.2202)
Internet TV for Windows Media Center (Version: 4.2.2.0)
Java 7 Update 45 (Version: 7.0.450)
Java Auto Updater (Version: 2.1.9.8)
Java™ 6 Update 20 (Version: 6.0.200)
Junk Mail filter update (Version: 15.4.3502.0922)
MarketResearch (Version: 130.0.374.000)
McAfee Internet Security (Version: 12.8.856)
McAfee Online Backup (Version: 1.16.4.0)
McAfee Security Scan Plus (Version: 3.8.130.10)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office Access MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Home and Student 2010 (Version: 14.0.7015.1000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000)
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office PowerPoint Viewer 2007 (English) (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.7015.1000)
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.7015.1000)
Microsoft Office Proofing (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Single Image 2010 (Version: 14.0.7015.1000)
Microsoft Office Suite Activation Assistant (Version: 2.9)
Microsoft Office Word MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable - KB2467175 (Version: 8.0.51011)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Web Publishing Wizard 1.52
Microsoft Works (Version: 9.7.0621)
Mozilla Firefox 25.0.1 (x86 en-US) (Version: 25.0.1)
Mozilla Maintenance Service (Version: 25.0.1)
MSVCRT (Version: 15.4.2862.0708)
MSVCRT_amd64 (Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
PrintMaster 12
PS_AIO_05_C4600_Software_Min (Version: 130.0.425.000)
QLBCASL (Version: 6.40.17.2)
Realtek 8136 8168 8169 Ethernet Driver (Version: 1.00.0007)
Realtek USB 2.0 Card Reader (Version: 6.1.7100.30093)
Recovery Manager (Version: 5.5.2202)
Scan (Version: 140.0.80.000)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition
Shared C Run-time for x64 (Version: 10.0.0)
Shop for HP Supplies (Version: 13.0)
Skype™ 6.3 (Version: 6.3.105)
SmartWebPrinting (Version: 140.0.186.000)
SolutionCenter (Version: 130.0.373.000)
Status (Version: 130.0.373.000)
SUPERAntiSpyware (Version: 5.6.1040)
Synaptics Pointing Device Driver (Version: 13.2.2.0)
Toolbox (Version: 130.0.648.000)
TrayApp (Version: 130.0.376.000)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (Version: 3)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition
Update for Microsoft Office 2010 (KB2826026) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition
Update for Microsoft Word 2010 (KB2827323) 32-Bit Edition
Visual Studio 2010 x64 Redistributables (Version: 13.0.0.1)
WebReg (Version: 130.0.132.017)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3555.0308)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3555.0308)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Messenger (Version: 15.4.3538.0513)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)
Windows Media Center Add-in for Flash (Version: 4.1.2.0)
Windows Media Center Add-in for Silverlight (Version: 4.7.3.0)
Yahoo! Detect
 
========================= Devices: ================================
 
 
========================= Memory info: ===================================
 
Percentage of memory in use: 41%
Total physical RAM: 3999.19 MB
Available physical RAM: 2326.91 MB
Total Pagefile: 7996.56 MB
Available Pagefile: 5994.96 MB
Total Virtual: 4095.88 MB
Available Virtual: 3965.89 MB
 
========================= Partitions: =====================================
 
1 Drive c: () (Fixed) (Total:285.51 GB) (Free:210.56 GB) NTFS
2 Drive d: (RECOVERY) (Fixed) (Total:12.38 GB) (Free:2.04 GB) NTFS
 
========================= Users: ========================================
 
User accounts for \\KAREN-PC
 
Administrator            Dave                     Guest                    
Jim                      Karen                    
 
 
**** End of log ****
 
 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
 
Database version: v2013.11.30.03
 
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16736
Dave :: KAREN-PC [administrator]
 
11/30/2013 3:25:42 AM
mbam-log-2013-11-30 (03-25-42).txt
 
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 260033
Time elapsed: 9 minute(s), 23 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
(end)
 
 

 



BC AdBot (Login to Remove)

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users