Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

System restore disappears after reboot


  • This topic is locked This topic is locked
15 replies to this topic

#1 mitch2011

mitch2011

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:01:38 PM

Posted 19 December 2013 - 11:37 PM

A system restore point has been created many times but after each reboot with Windows 7 there is no system restore point. I have turned system restore off and on, run chkdsk, sfc /scannow, disc cleanup.  I have run malwarebytes, superantispyware, ccleaner, jrt, adw, tdsskiller and even combofix and still no restore point after rebooting. I have read that some malware can cause system restore issues. Thank you for the antisipated help.

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 11.0.9600.16428  BrowserJavaVersion: 1.6.0_15
Run by Win7-245 at 20:16:30 on 2013-12-19
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.3327.2143 [GMT -8:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\ASUS\EPU-4 Engine\FourEngine.exe
C:\Program Files\ASUS\Turbo Key\TurboKey.exe
C:\Windows\vVX3000.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Windows\system32\spool\drivers\w32x86\3\NetFaxServer.exe
C:\Program Files\Sling Media\SlingAgent\SlingAgentService.exe
C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\SearchIndexer.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\AUDIODG.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\System32\svchost.exe -k WerSvcGroup
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://www.google.com/
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
mRun: [Turbo Key] "c:\program files\asus\turbo key\TurboKey.exe"
mRun: [VX3000] c:\windows\vVX3000.exe
mRun: [LifeCam] "c:\program files\microsoft lifecam\LifeExp.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [CDAServer] c:\program files\common files\common desktop agent\CDASrv.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:91
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
TCP: NameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{78574AD6-E050-4A34-B814-2378F0DEF57C} : DHCPNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{B5C9630F-0E8C-42F1-A437-89EB1EB30065} : DHCPNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{B5C9630F-0E8C-42F1-A437-89EB1EB30065}\14D6075646D4 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{B5C9630F-0E8C-42F1-A437-89EB1EB30065}\14D6075646F525130303030374 : DHCPNameServer = 192.168.3.1
TCP: Interfaces\{B5C9630F-0E8C-42F1-A437-89EB1EB30065}\C696E6B6379737D6 : DHCPNameServer = 209.18.47.61 209.18.47.62
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\wpdshserviceobj.dll
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\31.0.1650.63\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\win7-245\appdata\roaming\mozilla\firefox\profiles\mgxnnyp9.default\
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\google\update\1.3.22.3\npGoogleUpdate3.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\win7-245\appdata\local\google\update\1.3.22.3\npGoogleUpdate3.dll
FF - plugin: c:\users\win7-245\appdata\roaming\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\users\win7-245\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\users\win7-245\appdata\roaming\mozilla\plugins\npo1d.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_9_900_170.dll
FF - plugin: c:\windows\system32\wat\npWatWeb.dll
FF - ExtSQL: !HIDDEN! 2009-12-05 21:44; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
.
============= SERVICES / DRIVERS ===============
.
R0 hotcore3;hc3ServiceName;c:\windows\system32\drivers\hotcore3.sys [2010-1-11 40560]
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2013-9-27 214696]
R0 tdrpman258;Acronis Try&Decide and Restore Points filter (build 258);c:\windows\system32\drivers\tdrpm258.sys [2013-7-7 911680]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2013-5-23 119056]
R2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files\common files\abbyy\finereadersprint\9.00\licensing\NetworkLicenseServer.exe [2009-4-13 759072]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-9-19 172032]
R2 AsSysCtrlService;ASUS System Control Service;c:\program files\asus\assysctrlservice\1.00.02\AsSysCtrlService.exe [2009-12-4 90112]
R2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2010-10-24 104768]
R2 Samsung Network Fax Server;Samsung Network Fax Server;c:\windows\system32\spool\drivers\w32x86\3\NetFaxServer.exe [2013-5-26 181760]
R2 SlingAgentService;SlingAgentService;c:\program files\sling media\slingagent\SlingAgentService.exe [2009-9-25 93960]
R2 SSPORT;SSPORT;c:\windows\system32\drivers\SSPORT.SYS [2012-2-15 5120]
R2 TeamViewer9;TeamViewer 9;c:\program files\teamviewer\version9\TeamViewer_Service.exe [2013-12-11 5316448]
R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\drivers\nx6000.sys [2009-7-24 30560]
R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2013-10-23 280288]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-12-4 167936]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2009-12-7 1077760]
R3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\drivers\WSDScan.sys [2009-7-13 20480]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 havasvc;HAVA Service;c:\program files\monsoon multimedia\hava\common\havasvc.exe [2009-7-8 145408]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-2-28 161384]
S3 afcdp;afcdp;c:\windows\system32\drivers\afcdp.sys [2013-7-7 160704]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 BrYNSvc;BrYNSvc;c:\program files\browny02\BrYNSvc.exe [2011-3-6 245760]
S3 chromoting;Chrome Remote Desktop Service;c:\program files\google\chrome remote desktop\30.0.1599.56\remoting_host.exe [2013-9-23 50128]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2010-11-4 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2011-5-13 1492840]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\ieetwcollector.exe [2013-12-11 108032]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-7-23 52224]
S3 ubohci;Unibrain 1394 OHCI Driver;c:\windows\system32\drivers\ubohci.sys [2010-2-26 116224]
S3 vpcuxd;USB Virtualization Stub Service;c:\windows\system32\drivers\vpcuxd.sys [2011-7-23 12800]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-3-22 1343400]
S4 afcdpsrv;Acronis Nonstop Backup service;c:\program files\common files\acronis\cdp\afcdpsrv.exe [2013-7-7 2480048]
.
=============== File Associations ===============
.
ShellExec: FRONTPG.EXE: edit=c:\progra~1\mife82~1\web2~1\webdes~1\EXPRWD.EXE /dde
.
=============== Created Last 30 ================
.
2013-12-20 00:45:47    7760024    ----a-w-    c:\programdata\microsoft\microsoft antimalware\definition updates\{71909bd8-58b7-4cf4-adc6-f091305f3b49}\mpengine.dll
2013-12-20 00:42:13    --------    d-sh--w-    C:\$RECYCLE.BIN
2013-12-19 06:31:07    --------    d-----w-    C:\AdwCleaner
2013-12-19 05:56:46    7760024    ----a-w-    c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2013-12-11 21:35:54    12625408    ----a-w-    c:\windows\system32\wmploc.DLL
2013-12-11 21:35:52    164864    ----a-w-    c:\program files\windows media player\wmplayer.exe
2013-12-11 21:35:04    163840    ----a-w-    c:\windows\system32\scrrun.dll
2013-12-11 21:35:04    141824    ----a-w-    c:\windows\system32\wscript.exe
2013-12-11 21:35:04    126976    ----a-w-    c:\windows\system32\cscript.exe
2013-12-11 21:35:04    121856    ----a-w-    c:\windows\system32\wshom.ocx
2013-12-11 21:35:03    417792    ----a-w-    c:\windows\system32\WMPhoto.dll
2013-12-11 21:35:02    159232    ----a-w-    c:\windows\system32\imagehlp.dll
2013-12-11 21:35:01    301568    ----a-w-    c:\windows\system32\msieftp.dll
2013-12-11 21:35:00    2048    ----a-w-    c:\windows\system32\tzres.dll
2013-12-11 21:34:57    2349056    ----a-w-    c:\windows\system32\win32k.sys
2013-12-11 21:34:49    81408    ----a-w-    c:\windows\system32\drivers\drmk.sys
2013-12-11 21:34:49    177152    ----a-w-    c:\windows\system32\drivers\portcls.sys
2013-12-07 06:54:34    719224    ------w-    c:\programdata\microsoft\microsoft antimalware\definition updates\{560835b7-4dae-4c16-b6a1-6fc36e6f1223}\gapaengine.dll
2013-12-02 06:34:46    --------    d-----w-    c:\windows\Migration
.
==================== Find3M  ====================
.
2013-12-11 22:35:29    692616    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2013-12-11 22:35:28    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2013-11-26 09:23:02    2724864    ----a-w-    c:\windows\system32\mshtml.tlb
2013-11-26 09:22:11    4096    ----a-w-    c:\windows\system32\ieetwcollectorres.dll
2013-11-26 08:53:56    61952    ----a-w-    c:\windows\system32\iesetup.dll
2013-11-26 08:52:26    51200    ----a-w-    c:\windows\system32\ieetwproxystub.dll
2013-11-26 08:29:55    112128    ----a-w-    c:\windows\system32\ieUnatt.exe
2013-11-26 08:29:52    108032    ----a-w-    c:\windows\system32\ieetwcollector.exe
2013-11-26 08:28:16    553472    ----a-w-    c:\windows\system32\jscript9diag.dll
2013-11-26 08:16:12    4243968    ----a-w-    c:\windows\system32\jscript9.dll
2013-11-26 07:32:06    1928192    ----a-w-    c:\windows\system32\inetcpl.cpl
2013-11-26 06:33:33    1820160    ----a-w-    c:\windows\system32\wininet.dll
2013-11-19 10:21:30    230048    ------w-    c:\windows\system32\MpSigStub.exe
2013-10-12 02:03:08    656896    ----a-w-    c:\windows\system32\nshwfp.dll
2013-10-12 02:01:41    679424    ----a-w-    c:\windows\system32\IKEEXT.DLL
2013-10-12 02:01:25    216576    ----a-w-    c:\windows\system32\FWPUCLNT.DLL
2013-10-05 19:57:25    1168384    ----a-w-    c:\windows\system32\crypt32.dll
2013-10-04 01:58:50    152576    ----a-w-    c:\windows\system32\SmartcardCredentialProvider.dll
2013-10-04 01:56:25    168960    ----a-w-    c:\windows\system32\credui.dll
2013-10-04 01:56:00    1796096    ----a-w-    c:\windows\system32\authui.dll
2013-10-03 01:58:07    305152    ----a-w-    c:\windows\system32\gdi32.dll
2013-09-27 17:53:06    214696    ----a-w-    c:\windows\system32\drivers\MpFilter.sys
2013-09-27 17:53:06    104768    ----a-w-    c:\windows\system32\drivers\NisDrvWFP.sys
2013-09-25 02:01:08    136640    ----a-w-    c:\windows\system32\drivers\ksecpkg.sys
2013-09-25 02:01:06    67520    ----a-w-    c:\windows\system32\drivers\ksecdd.sys
2013-09-25 01:57:46    99840    ----a-w-    c:\windows\system32\sspicli.dll
2013-09-25 01:57:26    22016    ----a-w-    c:\windows\system32\secur32.dll
2013-09-25 01:57:24    247808    ----a-w-    c:\windows\system32\schannel.dll
2013-09-25 01:56:42    220160    ----a-w-    c:\windows\system32\ncrypt.dll
2013-09-25 01:56:02    1038848    ----a-w-    c:\windows\system32\lsasrv.dll
2013-09-25 00:49:20    22016    ----a-w-    c:\windows\system32\lsass.exe
2013-09-25 00:49:18    15872    ----a-w-    c:\windows\system32\sspisrv.dll
.
============= FINISH: 20:17:20.52 ===============
 


Edited by mitch2011, 19 December 2013 - 11:40 PM.


BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:38 PM

Posted 24 December 2013 - 11:40 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/518021 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 mitch2011

mitch2011
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:01:38 PM

Posted 25 December 2013 - 02:00 AM

I have also run a full scan with MSE and no issues were found.

 

New DDS log below:

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 11.0.9600.16428  BrowserJavaVersion: 1.6.0_15
Run by Win7-245 at 22:57:07 on 2013-12-24
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.3327.2205 [GMT -8:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
C:\Program Files\ASUS\EPU-4 Engine\FourEngine.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\ASUS\Turbo Key\TurboKey.exe
C:\Windows\vVX3000.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Windows\system32\spool\drivers\w32x86\3\NetFaxServer.exe
C:\Program Files\Sling Media\SlingAgent\SlingAgentService.exe
C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\SearchIndexer.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbengine.exe
C:\Windows\System32\vds.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\servicing\TrustedInstaller.exe
c:\Program Files\Microsoft Security Client\MpCmdRun.exe
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://www.google.com/
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
mRun: [Turbo Key] "c:\program files\asus\turbo key\TurboKey.exe"
mRun: [VX3000] c:\windows\vVX3000.exe
mRun: [LifeCam] "c:\program files\microsoft lifecam\LifeExp.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [CDAServer] c:\program files\common files\common desktop agent\CDASrv.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:91
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
TCP: NameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{78574AD6-E050-4A34-B814-2378F0DEF57C} : DHCPNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{B5C9630F-0E8C-42F1-A437-89EB1EB30065} : DHCPNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{B5C9630F-0E8C-42F1-A437-89EB1EB30065}\14D6075646D4 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{B5C9630F-0E8C-42F1-A437-89EB1EB30065}\14D6075646F525130303030374 : DHCPNameServer = 192.168.3.1
TCP: Interfaces\{B5C9630F-0E8C-42F1-A437-89EB1EB30065}\C696E6B6379737D6 : DHCPNameServer = 209.18.47.61 209.18.47.62
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\wpdshserviceobj.dll
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\31.0.1650.63\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\win7-245\appdata\roaming\mozilla\firefox\profiles\mgxnnyp9.default\
FF - prefs.js: browser.search.selectedEngine - eBay
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\google\update\1.3.22.3\npGoogleUpdate3.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\win7-245\appdata\local\google\update\1.3.22.3\npGoogleUpdate3.dll
FF - plugin: c:\users\win7-245\appdata\roaming\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\users\win7-245\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\users\win7-245\appdata\roaming\mozilla\plugins\npo1d.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_9_900_170.dll
FF - plugin: c:\windows\system32\wat\npWatWeb.dll
FF - ExtSQL: !HIDDEN! 2009-12-05 21:44; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
.
============= SERVICES / DRIVERS ===============
.
R0 hotcore3;hc3ServiceName;c:\windows\system32\drivers\hotcore3.sys [2010-1-11 40560]
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2013-9-27 214696]
R0 tdrpman258;Acronis Try&Decide and Restore Points filter (build 258);c:\windows\system32\drivers\tdrpm258.sys [2013-7-7 911680]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2013-5-23 119056]
R2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files\common files\abbyy\finereadersprint\9.00\licensing\NetworkLicenseServer.exe [2009-4-13 759072]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-9-19 172032]
R2 AsSysCtrlService;ASUS System Control Service;c:\program files\asus\assysctrlservice\1.00.02\AsSysCtrlService.exe [2009-12-4 90112]
R2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2010-10-24 104768]
R2 Samsung Network Fax Server;Samsung Network Fax Server;c:\windows\system32\spool\drivers\w32x86\3\NetFaxServer.exe [2013-5-26 181760]
R2 SlingAgentService;SlingAgentService;c:\program files\sling media\slingagent\SlingAgentService.exe [2009-9-25 93960]
R2 SSPORT;SSPORT;c:\windows\system32\drivers\SSPORT.SYS [2012-2-15 5120]
R2 TeamViewer9;TeamViewer 9;c:\program files\teamviewer\version9\TeamViewer_Service.exe [2013-12-11 5316448]
R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\drivers\nx6000.sys [2009-7-24 30560]
R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2013-10-23 280288]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-12-4 167936]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2009-12-7 1077760]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 havasvc;HAVA Service;c:\program files\monsoon multimedia\hava\common\havasvc.exe [2009-7-8 145408]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-2-28 161384]
S3 afcdp;afcdp;c:\windows\system32\drivers\afcdp.sys [2013-7-7 160704]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 BrYNSvc;BrYNSvc;c:\program files\browny02\BrYNSvc.exe [2011-3-6 245760]
S3 chromoting;Chrome Remote Desktop Service;c:\program files\google\chrome remote desktop\30.0.1599.56\remoting_host.exe [2013-9-23 50128]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2010-11-4 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2011-5-13 1492840]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\ieetwcollector.exe [2013-12-11 108032]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-7-23 52224]
S3 ubohci;Unibrain 1394 OHCI Driver;c:\windows\system32\drivers\ubohci.sys [2010-2-26 116224]
S3 vpcuxd;USB Virtualization Stub Service;c:\windows\system32\drivers\vpcuxd.sys [2011-7-23 12800]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-3-22 1343400]
S3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\drivers\WSDScan.sys [2009-7-13 20480]
S4 afcdpsrv;Acronis Nonstop Backup service;c:\program files\common files\acronis\cdp\afcdpsrv.exe [2013-7-7 2480048]
.
=============== File Associations ===============
.
ShellExec: FRONTPG.EXE: edit=c:\progra~1\mife82~1\web2~1\webdes~1\EXPRWD.EXE /dde
.
=============== Created Last 30 ================
.
2013-12-25 05:43:51    7760024    ----a-w-    c:\programdata\microsoft\microsoft antimalware\definition updates\{43ded515-073a-4c8d-9e10-416807431e0c}\mpengine.dll
2013-12-25 05:33:14    --------    d-----w-    c:\users\win7-245\appdata\local\{37D60302-A81A-4E01-BC89-CB9B2D921D1B}
2013-12-24 05:21:38    7760024    ------w-    c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2013-12-24 05:10:37    --------    d-----w-    c:\users\win7-245\appdata\local\{D87F6D0E-141C-456D-84DC-0F66F82B15C7}
2013-12-22 07:02:04    --------    d-----w-    c:\program files\Product Key Finder
2013-12-22 05:48:11    --------    d-----w-    c:\users\win7-245\appdata\local\{A9EFE785-5128-4D6B-8E69-2AF791DB7ABA}
2013-12-21 05:39:49    --------    d-----w-    c:\users\win7-245\appdata\local\{34D3FF11-B5F1-4F5E-8952-42A7D977C867}
2013-12-20 00:42:13    --------    d-sh--w-    C:\$RECYCLE.BIN
2013-12-19 06:31:07    --------    d-----w-    C:\AdwCleaner
2013-12-11 21:35:54    12625408    ----a-w-    c:\windows\system32\wmploc.DLL
2013-12-11 21:35:52    164864    ----a-w-    c:\program files\windows media player\wmplayer.exe
2013-12-11 21:35:04    163840    ----a-w-    c:\windows\system32\scrrun.dll
2013-12-11 21:35:04    141824    ----a-w-    c:\windows\system32\wscript.exe
2013-12-11 21:35:04    126976    ----a-w-    c:\windows\system32\cscript.exe
2013-12-11 21:35:04    121856    ----a-w-    c:\windows\system32\wshom.ocx
2013-12-11 21:35:03    417792    ----a-w-    c:\windows\system32\WMPhoto.dll
2013-12-11 21:35:02    159232    ----a-w-    c:\windows\system32\imagehlp.dll
2013-12-11 21:35:01    301568    ----a-w-    c:\windows\system32\msieftp.dll
2013-12-11 21:35:00    2048    ----a-w-    c:\windows\system32\tzres.dll
2013-12-11 21:34:57    2349056    ----a-w-    c:\windows\system32\win32k.sys
2013-12-11 21:34:49    81408    ----a-w-    c:\windows\system32\drivers\drmk.sys
2013-12-11 21:34:49    177152    ----a-w-    c:\windows\system32\drivers\portcls.sys
2013-12-07 06:54:34    719224    ------w-    c:\programdata\microsoft\microsoft antimalware\definition updates\{560835b7-4dae-4c16-b6a1-6fc36e6f1223}\gapaengine.dll
2013-12-02 06:34:46    --------    d-----w-    c:\windows\Migration
.
==================== Find3M  ====================
.
2013-12-11 22:35:29    692616    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2013-12-11 22:35:28    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2013-11-26 09:23:02    2724864    ----a-w-    c:\windows\system32\mshtml.tlb
2013-11-26 09:22:11    4096    ----a-w-    c:\windows\system32\ieetwcollectorres.dll
2013-11-26 08:53:56    61952    ----a-w-    c:\windows\system32\iesetup.dll
2013-11-26 08:52:26    51200    ----a-w-    c:\windows\system32\ieetwproxystub.dll
2013-11-26 08:29:55    112128    ----a-w-    c:\windows\system32\ieUnatt.exe
2013-11-26 08:29:52    108032    ----a-w-    c:\windows\system32\ieetwcollector.exe
2013-11-26 08:28:16    553472    ----a-w-    c:\windows\system32\jscript9diag.dll
2013-11-26 08:16:12    4243968    ----a-w-    c:\windows\system32\jscript9.dll
2013-11-26 07:32:06    1928192    ----a-w-    c:\windows\system32\inetcpl.cpl
2013-11-26 06:33:33    1820160    ----a-w-    c:\windows\system32\wininet.dll
2013-11-19 10:21:30    230048    ------w-    c:\windows\system32\MpSigStub.exe
2013-10-12 02:03:08    656896    ----a-w-    c:\windows\system32\nshwfp.dll
2013-10-12 02:01:41    679424    ----a-w-    c:\windows\system32\IKEEXT.DLL
2013-10-12 02:01:25    216576    ----a-w-    c:\windows\system32\FWPUCLNT.DLL
2013-10-05 19:57:25    1168384    ----a-w-    c:\windows\system32\crypt32.dll
2013-10-04 01:58:50    152576    ----a-w-    c:\windows\system32\SmartcardCredentialProvider.dll
2013-10-04 01:56:25    168960    ----a-w-    c:\windows\system32\credui.dll
2013-10-04 01:56:00    1796096    ----a-w-    c:\windows\system32\authui.dll
2013-10-03 01:58:07    305152    ----a-w-    c:\windows\system32\gdi32.dll
2013-09-27 17:53:06    214696    ----a-w-    c:\windows\system32\drivers\MpFilter.sys
2013-09-27 17:53:06    104768    ----a-w-    c:\windows\system32\drivers\NisDrvWFP.sys
.
============= FINISH: 22:57:39.17 ===============
 



#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,586 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:38 PM

Posted 25 December 2013 - 09:02 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


#5 mitch2011

mitch2011
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:01:38 PM

Posted 25 December 2013 - 08:36 PM

Thank you for you help.

 

Farbar Service Scanner Version: 05-12-2013
Ran by Win7-245 (administrator) on 25-12-2013 at 17:35:03
Running from "C:\Users\Win7-245\Desktop"
Microsoft Windows 7 Professional  Service Pack 1 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcore.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys
[2013-10-09 19:55] - [2013-09-13 16:48] - 0338944 ____A (Microsoft Corporation) F81BB7E487EDCEAB630A7EE66CF23913

C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys
[2013-10-09 19:55] - [2013-09-07 18:07] - 1294272 ____A (Microsoft Corporation) CA59F7C570AF70BC174F477CFE2D9EE3

C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll
[2013-08-13 16:09] - [2013-07-08 20:46] - 0140288 ____A (Microsoft Corporation) 7CA1BECEA5DE2643ADDAD32670E7A4C9

C:\Program Files\Windows Defender\MpSvc.dll
[2013-07-10 07:42] - [2013-05-26 20:57] - 0680960 ____A (Microsoft Corporation) 082CF481F659FAE0DE51AD060881EB47

C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****



#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,586 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:38 PM

Posted 26 December 2013 - 08:37 AM

Nothing suspicious was found.

Try this fix.

System Restore Points deleted in Windows 7 – Troubleshoot and Fix!

http://www.thewindowsclub.com/system-restore-points-deleted-in-windows-7-troubleshoot-and-fix

Keep me posted.

#7 mitch2011

mitch2011
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:01:38 PM

Posted 26 December 2013 - 09:03 PM

Thanks for the link. I tried all the sugested ideas and still the same issue. Any other ideas?



#8 nasdaq

nasdaq

  • Malware Response Team
  • 39,586 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:38 PM

Posted 27 December 2013 - 09:20 AM

Run the DDS tool one more time. The scan will also create this Attach.txt log I would also like to see the content of the file.

===

Please download MiniToolBox to Desktop and run it.

Check mark the following boxes:
  • List last 10 Event Viewer log
  • Click Go and copy/paste the log (Result.txt) into your next post.


#9 mitch2011

mitch2011
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:01:38 PM

Posted 28 December 2013 - 12:08 AM

Thanks for your continued help!

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 11.0.9600.16428  BrowserJavaVersion: 1.6.0_15
Run by Win7-245 at 20:58:26 on 2013-12-27
#Option MBR scan  is disabled.
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.3327.1706 [GMT -8:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
C:\Program Files\ASUS\EPU-4 Engine\FourEngine.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\ASUS\Turbo Key\TurboKey.exe
C:\Windows\vVX3000.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Windows\system32\spool\drivers\w32x86\3\NetFaxServer.exe
C:\Program Files\Sling Media\SlingAgent\SlingAgentService.exe
C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Program Files\Windows Live\Mail\wlmail.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://www.google.com/
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
mRun: [Turbo Key] "c:\program files\asus\turbo key\TurboKey.exe"
mRun: [VX3000] c:\windows\vVX3000.exe
mRun: [LifeCam] "c:\program files\microsoft lifecam\LifeExp.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [CDAServer] c:\program files\common files\common desktop agent\CDASrv.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:91
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
TCP: NameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{78574AD6-E050-4A34-B814-2378F0DEF57C} : DHCPNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{B5C9630F-0E8C-42F1-A437-89EB1EB30065} : DHCPNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{B5C9630F-0E8C-42F1-A437-89EB1EB30065}\14D6075646D4 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{B5C9630F-0E8C-42F1-A437-89EB1EB30065}\14D6075646F525130303030374 : DHCPNameServer = 192.168.3.1
TCP: Interfaces\{B5C9630F-0E8C-42F1-A437-89EB1EB30065}\C696E6B6379737D6 : DHCPNameServer = 209.18.47.61 209.18.47.62
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\wpdshserviceobj.dll
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\31.0.1650.63\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\win7-245\appdata\roaming\mozilla\firefox\profiles\mgxnnyp9.default\
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\google\update\1.3.22.3\npGoogleUpdate3.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\win7-245\appdata\local\google\update\1.3.22.3\npGoogleUpdate3.dll
FF - plugin: c:\users\win7-245\appdata\roaming\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\users\win7-245\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\users\win7-245\appdata\roaming\mozilla\plugins\npo1d.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_9_900_170.dll
FF - plugin: c:\windows\system32\wat\npWatWeb.dll
FF - ExtSQL: !HIDDEN! 2009-12-05 21:44; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
.
============= SERVICES / DRIVERS ===============
.
R0 hotcore3;hc3ServiceName;c:\windows\system32\drivers\hotcore3.sys [2010-1-11 40560]
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2013-9-27 214696]
R0 tdrpman258;Acronis Try&Decide and Restore Points filter (build 258);c:\windows\system32\drivers\tdrpm258.sys [2013-7-7 911680]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2013-5-23 119056]
R2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files\common files\abbyy\finereadersprint\9.00\licensing\NetworkLicenseServer.exe [2009-4-13 759072]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-9-19 172032]
R2 AsSysCtrlService;ASUS System Control Service;c:\program files\asus\assysctrlservice\1.00.02\AsSysCtrlService.exe [2009-12-4 90112]
R2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2010-10-24 104768]
R2 Samsung Network Fax Server;Samsung Network Fax Server;c:\windows\system32\spool\drivers\w32x86\3\NetFaxServer.exe [2013-5-26 181760]
R2 SlingAgentService;SlingAgentService;c:\program files\sling media\slingagent\SlingAgentService.exe [2009-9-25 93960]
R2 SSPORT;SSPORT;c:\windows\system32\drivers\SSPORT.SYS [2012-2-15 5120]
R2 TeamViewer9;TeamViewer 9;c:\program files\teamviewer\version9\TeamViewer_Service.exe [2013-12-11 5341536]
R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\drivers\nx6000.sys [2009-7-24 30560]
R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2013-10-23 280288]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-12-4 167936]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2009-12-7 1077760]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 havasvc;HAVA Service;c:\program files\monsoon multimedia\hava\common\havasvc.exe [2009-7-8 145408]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-2-28 161384]
S3 afcdp;afcdp;c:\windows\system32\drivers\afcdp.sys [2013-7-7 160704]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 BrYNSvc;BrYNSvc;c:\program files\browny02\BrYNSvc.exe [2011-3-6 245760]
S3 chromoting;Chrome Remote Desktop Service;c:\program files\google\chrome remote desktop\30.0.1599.56\remoting_host.exe [2013-9-23 50128]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2010-11-4 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2011-5-13 1492840]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\ieetwcollector.exe [2013-12-11 108032]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-7-23 52224]
S3 ubohci;Unibrain 1394 OHCI Driver;c:\windows\system32\drivers\ubohci.sys [2010-2-26 116224]
S3 vpcuxd;USB Virtualization Stub Service;c:\windows\system32\drivers\vpcuxd.sys [2011-7-23 12800]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-3-22 1343400]
S3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\drivers\WSDScan.sys [2009-7-13 20480]
S4 afcdpsrv;Acronis Nonstop Backup service;c:\program files\common files\acronis\cdp\afcdpsrv.exe [2013-7-7 2480048]
S4 PuranDefrag;PuranDefrag;c:\windows\system32\PuranDefragS.exe [2013-12-26 260992]
.
=============== File Associations ===============
.
ShellExec: FRONTPG.EXE: edit=c:\progra~1\mife82~1\web2~1\webdes~1\EXPRWD.EXE /dde
.
=============== Created Last 30 ================
.
2013-12-27 22:51:46    7760024    ----a-w-    c:\programdata\microsoft\microsoft antimalware\definition updates\{d986241e-7c13-4f64-b429-d2c13563971f}\mpengine.dll
2013-12-27 22:37:13    --------    d-----w-    c:\users\win7-245\appdata\local\{BDB04592-ABE7-4E94-A226-CF1F4A9BA6CF}
2013-12-27 07:14:31    --------    d-----w-    C:\Stacy Converted PDF's to JPG's
2013-12-27 07:13:46    --------    d-----w-    c:\program files\Pdf2Jpg
2013-12-27 05:51:54    --------    d-----w-    c:\users\win7-245\appdata\local\{066E5301-3A80-4F46-B8C7-348FD9CCA9A6}
2013-12-26 19:02:46    257408    ----a-w-    c:\windows\system32\PuranDC.exe
2013-12-26 19:02:46    219520    ----a-w-    c:\windows\system32\PuranDefrag.dll
2013-12-26 19:02:46    109952    ----a-w-    c:\windows\system32\PuranDefragBT.exe
2013-12-26 19:02:45    260992    ----a-w-    c:\windows\system32\PuranDefragS.exe
2013-12-26 19:02:44    1136512    ----a-w-    c:\windows\system32\PuranFD.exe
2013-12-26 19:02:44    --------    d-----w-    c:\program files\Puran Defrag
2013-12-26 17:51:25    --------    d-----w-    c:\users\win7-245\appdata\local\{51AB089F-EABC-4A66-9A84-328DA84640FE}
2013-12-26 06:01:46    7760024    ------w-    c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2013-12-26 05:58:53    --------    d-----w-    C:\WindowsXPmodeForWindows7
2013-12-26 05:51:08    --------    d-----w-    c:\users\win7-245\appdata\local\{242B3A65-F6C0-48E9-9062-C441FE504788}
2013-12-25 17:33:44    --------    d-----w-    c:\users\win7-245\appdata\local\{B4299AB7-AA91-4789-BCF3-D67E78F1FC11}
2013-12-25 05:33:14    --------    d-----w-    c:\users\win7-245\appdata\local\{37D60302-A81A-4E01-BC89-CB9B2D921D1B}
2013-12-24 05:10:37    --------    d-----w-    c:\users\win7-245\appdata\local\{D87F6D0E-141C-456D-84DC-0F66F82B15C7}
2013-12-22 07:02:04    --------    d-----w-    c:\program files\Product Key Finder
2013-12-22 05:48:11    --------    d-----w-    c:\users\win7-245\appdata\local\{A9EFE785-5128-4D6B-8E69-2AF791DB7ABA}
2013-12-21 05:39:49    --------    d-----w-    c:\users\win7-245\appdata\local\{34D3FF11-B5F1-4F5E-8952-42A7D977C867}
2013-12-20 00:42:13    --------    d-sh--w-    C:\$RECYCLE.BIN
2013-12-19 06:31:07    --------    d-----w-    C:\AdwCleaner
2013-12-11 21:35:54    12625408    ----a-w-    c:\windows\system32\wmploc.DLL
2013-12-11 21:35:52    164864    ----a-w-    c:\program files\windows media player\wmplayer.exe
2013-12-11 21:35:04    163840    ----a-w-    c:\windows\system32\scrrun.dll
2013-12-11 21:35:04    141824    ----a-w-    c:\windows\system32\wscript.exe
2013-12-11 21:35:04    126976    ----a-w-    c:\windows\system32\cscript.exe
2013-12-11 21:35:04    121856    ----a-w-    c:\windows\system32\wshom.ocx
2013-12-11 21:35:03    417792    ----a-w-    c:\windows\system32\WMPhoto.dll
2013-12-11 21:35:02    159232    ----a-w-    c:\windows\system32\imagehlp.dll
2013-12-11 21:35:01    301568    ----a-w-    c:\windows\system32\msieftp.dll
2013-12-11 21:35:00    2048    ----a-w-    c:\windows\system32\tzres.dll
2013-12-11 21:34:57    2349056    ----a-w-    c:\windows\system32\win32k.sys
2013-12-11 21:34:49    81408    ----a-w-    c:\windows\system32\drivers\drmk.sys
2013-12-11 21:34:49    177152    ----a-w-    c:\windows\system32\drivers\portcls.sys
2013-12-07 06:54:34    719224    ------w-    c:\programdata\microsoft\microsoft antimalware\definition updates\{560835b7-4dae-4c16-b6a1-6fc36e6f1223}\gapaengine.dll
2013-12-02 06:34:46    --------    d-----w-    c:\windows\Migration
.
==================== Find3M  ====================
.
2013-12-11 22:35:29    692616    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2013-12-11 22:35:28    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2013-11-26 09:23:02    2724864    ----a-w-    c:\windows\system32\mshtml.tlb
2013-11-26 09:22:11    4096    ----a-w-    c:\windows\system32\ieetwcollectorres.dll
2013-11-26 08:53:56    61952    ----a-w-    c:\windows\system32\iesetup.dll
2013-11-26 08:52:26    51200    ----a-w-    c:\windows\system32\ieetwproxystub.dll
2013-11-26 08:29:55    112128    ----a-w-    c:\windows\system32\ieUnatt.exe
2013-11-26 08:29:52    108032    ----a-w-    c:\windows\system32\ieetwcollector.exe
2013-11-26 08:28:16    553472    ----a-w-    c:\windows\system32\jscript9diag.dll
2013-11-26 08:16:12    4243968    ----a-w-    c:\windows\system32\jscript9.dll
2013-11-26 07:32:06    1928192    ----a-w-    c:\windows\system32\inetcpl.cpl
2013-11-26 06:33:33    1820160    ----a-w-    c:\windows\system32\wininet.dll
2013-11-19 10:21:30    230048    ------w-    c:\windows\system32\MpSigStub.exe
2013-10-12 02:03:08    656896    ----a-w-    c:\windows\system32\nshwfp.dll
2013-10-12 02:01:41    679424    ----a-w-    c:\windows\system32\IKEEXT.DLL
2013-10-12 02:01:25    216576    ----a-w-    c:\windows\system32\FWPUCLNT.DLL
2013-10-05 19:57:25    1168384    ----a-w-    c:\windows\system32\crypt32.dll
2013-10-04 01:58:50    152576    ----a-w-    c:\windows\system32\SmartcardCredentialProvider.dll
2013-10-04 01:56:25    168960    ----a-w-    c:\windows\system32\credui.dll
2013-10-04 01:56:00    1796096    ----a-w-    c:\windows\system32\authui.dll
2013-10-03 01:58:07    305152    ----a-w-    c:\windows\system32\gdi32.dll
.
============= FINISH: 20:59:21.18 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 12/3/2009 10:05:29 PM
System Uptime: 12/27/2013 4:47:07 PM (4 hours ago)
.
Motherboard: ASUSTeK Computer INC. |  | M4A785-M
Processor: AMD Athlon™ II X2 245 Processor | AM2 | 2900/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 311 GiB total, 196.514 GiB free.
D: is FIXED (NTFS) - 140 GiB total, 55.669 GiB free.
E: is CDROM ()
K: is FIXED (NTFS) - 14 GiB total, 11.039 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {6bdd1fc1-810f-11d0-bec7-08002be2092f}
Description: Texas Instruments 1394 OHCI Compliant Host Controller
Device ID: PCI\VEN_104C&DEV_8024&SUBSYS_00399005&REV_00\4&2966AB86&0&2BA4
Manufacturer: Texas Instruments
Name: Texas Instruments 1394 OHCI Compliant Host Controller
PNP Device ID: PCI\VEN_104C&DEV_8024&SUBSYS_00399005&REV_00\4&2966AB86&0&2BA4
Service: 1394ohci
.
==== System Restore Points ===================
.
RP669: 12/27/2013 2:51:11 PM - Windows Update
.
==== Installed Programs ======================
.
 Update for Microsoft Office 2007 (KB2508958)
3GP Player 2008
7-Zip 9.22beta
A-one 3GP Video Converter 5.70
ABBYY FineReader 9.0 Express Edition
Acronis True Image Home
Adobe AIR
Adobe Download Manager
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
Adobe Media Player
Adobe Photoshop 7.0
Adobe Reader XI (11.0.05)
Adobe Shockwave Player 11.5
Adventures in Typing
Advertising Center
AIM 7
Amazing Slow Downer (remove only)
Amazon MP3 Downloader 1.0.5
AnalogX Vocal Remover
AnalogX Vocal Remover (WinAmp)
AnswerWorks 5.0 English Runtime
AOL Instant Messenger
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Arthur's Computer Adventure
ASUSUpdate
ATI - Software Uninstall Utility
ATI Catalyst Install Manager
ATI Control Panel
ATI Multimedia Center 7.7.0.0
Audacity 1.3.7 (Unicode)
AudibleManager
BitPim 1.0.6
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
ccc-utility
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CCleaner
Chrome Remote Desktop Host
Common Desktop Agent
Compatibility Pack for the 2007 Office system
Cool & Quiet
Core FTP LE 2.0
CutePDF Writer 2.8
D3DX10
davehope.co.uk Product Key Finder
Disney Motion
DolbyFiles
Drive Image
DVD Decrypter (Remove Only)
DVD Flick 1.3.0.7
DVD Shrink 3.2
EA Download Manager
eFax Messenger 4.3
EPU-4 Engine
Ethereal 0.99.0
Express Burn Disc Burning Software
Express Scribe
ExtractNow
FastStone Image Viewer 4.8
FileZilla Client 3.7.3
Google Chrome
Google Earth
Google Talk Plugin
Google Update Helper
Google Updater
Gordian Knot Rip Pack 0.28.5
HamsterFreeVideoConverter
HAVA Software
HL-2240
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB932716-v2)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
HP Memories Disc
HP Photo and Imaging 2.0 - All-in-One
HP Photo and Imaging 2.0 - All-in-One Drivers
HP Photo and Imaging 2.0 - hp psc 1200 series
hp psc 1200 series
ImagXpress
InCD Help
iPod for Windows 2005-11-17
iPod Updater 2004-11-15
iSEEK AnswerWorks English Runtime
iTunes
Junk Mail filter update
KONICA MINOLTA magicolor 2430DL
LightScribe System Software
Linksys Wireless-G PCI Network Adapter with SpeedBooster
LiveReg (Symantec Corporation)
LiveUpdate
LiveUpdate 3.2 (Symantec Corporation)
Logitech ImageStudio
LogViewer
Magical Jelly Bean KeyFinder
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4.5.1
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Corporation
Microsoft Data Access Components KB870669
Microsoft Expression Blend 2
Microsoft Expression Design 2
Microsoft Expression Encoder 2
Microsoft Expression Media 2 SP2
Microsoft Expression Studio 2
Microsoft Expression Web 2
Microsoft Expression Web 2 MUI (English)
Microsoft LifeCam
Microsoft Mouse and Keyboard Center
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Live Add-in 1.5
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office XP Professional with FrontPage
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft Software Update for Web Folders  (English) 12
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Store Download Manager
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
ML-1710 Series
Move Networks Media Player for Internet Explorer
Movie2x 3GP Converter Shareware Version 2.5
Mozilla Firefox 26.0 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSXML 6.0 Parser (KB933579)
MyDVD
Nero 9 Essentials
Nero BurnRights
Nero BurnRights Help
Nero ControlCenter
Nero CoverDesigner
Nero CoverDesigner Help
Nero Disc Copy Gadget
Nero Disc Copy Gadget Help
Nero DiscSpeed
Nero DiscSpeed Help
Nero DriveSpeed
Nero DriveSpeed Help
Nero Express Help
Nero InfoTool
Nero InfoTool Help
Nero Installer
Nero Online Upgrade
Nero PhotoSnap
Nero PhotoSnap Help
Nero Recode
Nero Recode Help
Nero ShowTime
Nero StartSmart
Nero StartSmart Help
Nero StartSmart OEM
Nero Vision
Nero Vision Help
NeroExpress
neroxml
NetLab for Win95/NT
NetZero Internet
Nickelodeon™ Party Blast
Norton Ghost
Opera 10.10
Oregon Trail® 5
Paragon Partition Manager™ 10.0 Personal
PC Probe II
PCmover Professional
Pdf2Jpg version 1.2
PDFCreator
PDFCreator Toolbar
Platform
Plus Pack for Acronis True Image Home 2010
PowerQuest Drive Image 2002
Puran Defrag 7.7
Quicken 2012
QuickTime
Reader Rabbit's Kindergarten
RealPlayer
Realtek 8136 8168 8169 Ethernet Driver
Realtek High Definition Audio Driver
Rugrats Go Wild
Rugrats Munchin Land
Rugrats™  Munchin Land
Rugrats™ Movie Activity Challenge
Samsung Easy Document Creator
Samsung Easy Printer Manager
Samsung ML-2510 Series
Samsung Network PC Fax
Samsung OCR Software
Samsung Printer Live Update
Samsung Scan Process Machine
Samsung SCX-3400 Series
Screencast-O-Matic
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760415) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2817641) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2827329) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2850022) 32-Bit Edition
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Media Encoder (KB954156)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953155)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Segoe UI
Shockwave
Skype™ 6.3
SlingPlayer
SNS Upload for Easy Document Creator
SUPERAntiSpyware
TeamViewer 9
The Cat in the Hat™
The Sims 2
The Sims 2 Family Fun Stuff
The Sims 2 Nightlife
The Sims 2 Open For Business
The Sims 2 Pets
The Sims 2 University
The Sims™ 2 Apartment Life
The Sims™ 2 Bon Voyage
The Sims™ 2 FreeTime
The Sims™ 2 Seasons
The Sims™ 3
TMusic1.00
TrueCrypt
Truly FE101 Multimedia Player
TuneUp Utilities 2008
Turbo Key
TurboTax 2005
TurboTax 2008
TurboTax 2008 wcaiper
TurboTax 2008 WinPerFedFormset
TurboTax 2008 WinPerProgramHelp
TurboTax 2008 WinPerReleaseEngine
TurboTax 2008 WinPerTaxSupport
TurboTax 2008 WinPerUserEducation
TurboTax 2008 wrapper
TurboTax Deluxe 2004
TurboTax Deluxe 2007
TurboTax Deluxe Deduction Maximizer 2006
TurboTax ItsDeductible 2005
ubCore 5.70
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Expression Web 2 (KB957827)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Windows Internet Explorer 8 (KB975364)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows XP (KB942763)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update Service
USBPHONE 2.5.0.5
USDA-HealtheTech Search SR-17
USDA-HealtheTech Search SR-20
VIA Platform Device Manager
VobSub v2.23 (Remove Only)
Wal-Mart Music Downloads Store
WAP11 Utility
WebFldrs XP
WexTech AnswerWorks
Winamp
Windows 7 USB/DVD Download Tool
Windows Essentials Media Codec Pack 3.1
Windows Internet Explorer 8
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Encoder 9 Series
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player Firefox Plugin
Windows XP Mode
Windows XP Service Pack 3
WinMX
WinPcap 3.1
WinSCP 4.1.7
WinZip 12.1
WM Converter 2.0
XML Paper Specification Shared Components Pack 1.0
Yahoo! Messenger
Zoo Tycoon: Complete Collection
.
==== Event Viewer Messages From Past Week ========
.
12/26/2013 5:58:09 PM, Error: volsnap [25]  - The shadow copies of volume C: were deleted because the shadow copy storage could not grow in time.  Consider reducing the IO load on the system or choose a shadow copy storage volume that is not being shadow copied.
12/26/2013 11:26:31 PM, Error: Microsoft-Windows-DistributedCOM [10016]  - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID  {C97FCC79-E628-407D-AE68-A06AD6D8B4D1}  and APPID  {344ED43D-D086-4961-86A6-1106F4ACAD9B}  to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
12/26/2013 11:25:20 PM, Error: Microsoft-Windows-DistributedCOM [10016]  - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {D215781D-019E-4FA0-903D-0CDCDE13A4F5}  and APPID  {D215781D-019E-4FA0-903D-0CDCDE13A4F5}  to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
12/26/2013 11:25:00 PM, Error: Service Control Manager [7000]  - The ASCTRM service failed to start due to the following error:  The system cannot find the file specified.
12/26/2013 11:24:33 PM, Error: volmgr [46]  - Crash dump initialization failed!
12/26/2013 10:33:27 PM, Error: srv [2011]  - The server's configuration parameter "irpstacksize" is too small for the server to use a local device.  Please increase the value of this parameter.
12/25/2013 9:18:19 PM, Error: Ntfs [137]  - The default transaction resource manager on volume Q: encountered a non-retryable error and could not start.  The data contains the error code.
12/25/2013 11:45:22 AM, Error: Disk [11]  - The driver detected a controller error on \Device\Harddisk1\DR2.
.
==== End Of File ===========================

MiniToolBox by Farbar  Version: 18-12-2013
Ran by Win7-245 (administrator) on 27-12-2013 at 21:06:18
Running from "C:\Users\Win7-245\Desktop"
Microsoft Windows 7 Professional  Service Pack 1 (X86)
Boot Mode: Normal
***************************************************************************

========================= Event log errors: ===============================

Application errors:
==================
Error: (12/26/2013 10:28:22 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (12/26/2013 10:26:36 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762"1".
Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (12/19/2013 07:30:37 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (12/19/2013 07:28:33 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762"1".
Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762" could not be found.
Please use sxstrace.exe for detailed diagnosis.


System errors:
=============
Error: (12/26/2013 11:26:31 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (12/26/2013 11:25:20 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D215781D-019E-4FA0-903D-0CDCDE13A4F5}{D215781D-019E-4FA0-903D-0CDCDE13A4F5}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (12/26/2013 11:25:00 PM) (Source: Service Control Manager) (User: )
Description: The ASCTRM service failed to start due to the following error:
%%2

Error: (12/26/2013 11:24:33 PM) (Source: volmgr) (User: )
Description: Crash dump initialization failed!

Error: (12/26/2013 11:24:25 PM) (Source: volmgr) (User: )
Description: Crash dump initialization failed!

Error: (12/26/2013 10:33:27 PM) (Source: srv) (User: )
Description: The server's configuration parameter "irpstacksize" is too small for the server to use a local device.  Please increase the value of this parameter.

Error: (12/26/2013 10:33:27 PM) (Source: srv) (User: )
Description: The server's configuration parameter "irpstacksize" is too small for the server to use a local device.  Please increase the value of this parameter.

Error: (12/26/2013 10:33:27 PM) (Source: srv) (User: )
Description: The server's configuration parameter "irpstacksize" is too small for the server to use a local device.  Please increase the value of this parameter.

Error: (12/26/2013 10:33:27 PM) (Source: srv) (User: )
Description: The server's configuration parameter "irpstacksize" is too small for the server to use a local device.  Please increase the value of this parameter.

Error: (12/26/2013 10:33:27 PM) (Source: srv) (User: )
Description: The server's configuration parameter "irpstacksize" is too small for the server to use a local device.  Please increase the value of this parameter.


Microsoft Office Sessions:
=========================

**** End of log ****

 



#10 nasdaq

nasdaq

  • Malware Response Team
  • 39,586 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:38 PM

Posted 28 December 2013 - 10:53 AM

quoted from this article.
http://support.microsoft.com/kb/948247

To view the restore point, repeat step 2. Then, in the Welcome to System Restore page of the System Restore Wizard, select Restore my computer to an earlier time, and then click Next. Then select the date when the restore point was created from the calendar on the Select a Restore Point page. All the restore points that were created on the selected date are listed by name in the list box on the right side of the calendar.


Look at your Restore point Calendar an see if you have a restore point for dates other then the current date.

Let me know.

#11 mitch2011

mitch2011
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:01:38 PM

Posted 28 December 2013 - 12:07 PM

I had not rebooted my system for a few days and there was only one restore point. Now there is no restore point after rebooting.



#12 mitch2011

mitch2011
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:01:38 PM

Posted 28 December 2013 - 10:06 PM

I found the fix at http://support.microsoft.com/kb/2506576

"Corrupted ACLs for pagefiles.sys and hiberfil.sys can also cause the issue. To test for this issue, disable pagefile and hiberfil on your system, defrag the drive to verify that these files have been deleted and then enable pagefile and hiberfil. Reboot the computer and create restore points and verify that restore points are not deleted over the next few days."

 

One of the first suggested fixes had me delete and restore the page file which was very close to the solution for me. The fix that worked for me was to delete and re-enable the hibernation file (hiberfil.sys) http://support.microsoft.com/kb/920730

 

Thanks for your help!



#13 nasdaq

nasdaq

  • Malware Response Team
  • 39,586 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:38 PM

Posted 29 December 2013 - 08:37 AM

Good catch. I'm documenting this.

One last scan.

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

#14 mitch2011

mitch2011
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:01:38 PM

Posted 29 December 2013 - 01:44 PM

Thanks again.

 

Results of screen317's Security Check version 0.99.77  
 Windows 7 Service Pack 1 x86 (UAC is disabled!)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
Microsoft Security Essentials   
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:`````````
 SUPERAntiSpyware     
 Norton Ghost    
 Malwarebytes Anti-Malware version 1.75.0.1300  
 TuneUp Utilities 2008   
 CCleaner     
 Adobe Flash Player     11.9.900.170  
 Adobe Reader XI  
 Mozilla Firefox (26.0)
 Google Chrome 31.0.1650.57  
 Google Chrome 31.0.1650.63  
````````Process Check: objlist.exe by Laurent````````  
 Microsoft Security Essentials MSMpEng.exe
 Microsoft Security Essentials msseces.exe
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 1%
````````````````````End of Log``````````````````````
 



#15 nasdaq

nasdaq

  • Malware Response Team
  • 39,586 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:38 PM

Posted 30 December 2013 - 07:52 AM

Looking good.

If all is well:

Time for some housekeeping
  • The following will implement some cleanup procedures as well as reset System Restore points:
  • Click Start > Run and copy/paste the following bold text into the Run box and click OK:
  • ComboFix /Uninstall
===


Please consider using these ideas to help secure your computer. While there is no way to guarantee safety when you use a computer, these steps will make it much less likely that you will need to endure another infection. While we really like to help people, we would rather help you protect yourself so that you won't need that help in the future.

Please either enable Automatic Updates under Start -> Control Panel -> Automatic Updates or get into the habit of checking Windows Update regularly. They usually have security updates every month. You can set Windows to notify you of Updates so that you can choose, but only do this if you believe you are able to understand which ones are needed. This is a crucial security measure.

Having an effective antivirus is a must for everyone.
In addition to many excellent commercial products there are plenty of good free antivirus programs available. I can recommend:

If you are satisfied with your current protection programs you can ignore the instructions on Antivirus or Firewall listed below.In addition to an antivirus I recommend using a firewall. A software firewall is a software program that helps screen out hackers, viruses, and worms that try to reach your computer over the Internet. I can recommend one of the following free products:Please note: Many installer offer third-party downloads that are installed automatically when you do not uncheck certain checkboxes. While most of the time not being malicious you usually do not want these on your computer. Be careful during the installation process and you will avoid seeing tons of new unwanted toolbars in your favorite web browser.

Please consider installing and running some of the following programs; they are either free or have free versions of commercial programs:

Malwarebytes Anti-Malware (MBAM)
The free version of MBAM can be used to scan the system for traces of malware. Scanning your system regularly will make it harder for malware to reside on your system.
A tutorial on using MBAM can be found here.
Please Note: Only the paid for version has real time capabilities.

SpywareBlaster
A tutorial on using SpywareBlaster to prevent malware from ever installing on your computer may be found here.

Please keep these programs up-to-date and run them whenever you suspect a problem to prevent malware problems. A number of programs have resident protection and it is a good idea to run the resident protection of one of each type of program to maintain protection. However, it is important to run only one resident program of each type since they can conflict and become less effective. That means only one antivirus, firewall and scanning anti-spyware program at a time. Passive protectors, like SpywareBlaster can be run with any of them.

Note that there are a lot of rogue programs out there that want to scare you into giving them your money and some malware actually claims to be security programs. If you get a popup for a security program that you did not install yourself, do NOT click on it and ask for help immediately. It is very important to run an antivirus and firewall, but you can't always rely on reviews and ads for information. Ask in a security forum that you trust if you are not sure. If you are unsure and looking for anti-spyware programs, you can find out if it is a rogue here:A similar category of programs is now called "scareware." Scareware programs are active infections that will pop-up on your computer and tell you that you are infected. If you look closely, it will usually have a name that looks like it might be legitimate, but it is NOT one of the programs you installed. It tells you to click and install it right away. If you click on any part of it, including the 'X' to close it, you may actually help it infect your computer further. Keeping protection updated and running resident protection can help prevent these infections. If it happens anyway, get offline as quickly as you can. Pull the internet connection cable or shut down the computer if you have to. Contact someone to help by using another computer if possible. These programs are also sometimes called 'rogues', but they are different than the older version of rogues mentioned above.

Please keep your programs up to date. This applies to Java, Adobe Flashplayer, Adobe Reader and your Internet Browsers in particular. Vulnerabilities in these programs are often exploited in order to install malware on your PC. Visiting a prepared web page suffices to infect your system.

In general Firefox, Opera and Google Chrome are considered to be more secure than Internet Explorer. In addition there are many useful add-ons that can protect you from possible risks:
  • WOT will warn you when you try to visit sites with poor reputation. The reputation is based on user ratings and is usually very accurate.
  • Script Blocker can help blocking many attempts to infect your system via malicious websites by only allowing scripts at sites you trust.
  • NoScript is a popular Firefox addon,
  • ScriptNo a popular Google Chrome addon.
For much more useful information, please also read Tony Klein's excellent article: How did I get infected in the first place

Hopefully these steps will help to keep you error free. If you run into more difficulty, we will certainly do what we can to help.
===




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users