Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

redirect problem--resisdual items?


  • Please log in to reply
24 replies to this topic

#1 skeeterbyte

skeeterbyte

  • Members
  • 67 posts
  • OFFLINE
  •  
  • Local time:03:35 AM

Posted 22 February 2014 - 01:27 PM

Hi all,

 

Thanks in advance for any help you provide. It's so great to have BC to turn to.

 

My issue began a few days ago with mulitple tabs automatically opening when I went to any YouTube video within Mozilla Firefox. After closing the browser immediately, I ran Rkill. I then ran a full Malwarebytes scan without it finding anything. I followed that with an Eset scan. It found and cleaned 2 items. Don't recall the exact verbage it showed but do remember it was something like Win32/Conduit. I ran tdssKiller with it reporting nothing found. Also ran AdwCleaner for good measure. It only found one Firefox item which was deleted. After those steps, it appears that the issue of multiple tabs opening in Firefox when going to YouTube was resolved. However my browser still seemed significantly slower. I now have Firefox set to warn me if a site tries to redirect or reload a page. With that, I have noticed that on most every page I go to, I received that warning. When initially coming to BC, for instance, it says it's been prevented from redirecting to another page. I ran MiniToolBox and JRT. Advise what of these logs, if any, you'd like to see. I want to make sure my computer is clean and would like help with that. There are a few items in Rkill that caught my eye and concern me. One is the process Rkill stopped which is

"Checking for processes to terminate:

 * c:\windows\system\hpsysdrv.exe (PID: 1320) [WD-HEUR]

1 proccess terminated!"

 

and it reports under "Checking Windows Service Integrity"

 * MSDTC [Missing Service]

is this an item to be concerned about? And, if so, what will repair it?

 

My computer is running Windows XP SP3. I run Microsoft Security Essentials and Malwarebytes PRO as my protection. My default browser and most routinely used is Firefox. I should also add that when the issue first occurred in Firefox, I did try the same URL in Chrome and did not have it open multiple tabs. I have checked all the Firefox plug-ins to ensure they are up-to-date.

 

Hopefully I have provided the necessary info but let me know what else you'd like me to post.

Skeet

 

 



BC AdBot (Login to Remove)

 


#2 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,086 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:09:35 AM

Posted 22 February 2014 - 01:53 PM

Hi,
 

I now have Firefox set to warn me if a site tries to redirect or reload a page

That option shows you all redirects; good and bad. Most websites, even BleepingComputer use redirects, no need to worry about that since it's legitimate. Personally I wouldn't bother keeping the option on since it will warn you on just about every website. If you were being redirected maliciously, you would probably know since you would end up on a completely different website.
 

 * c:\windows\system\hpsysdrv.exe (PID: 1320) [WD-HEUR]

See hpsysdrv.exe here, it's not malicious and the rkill detection is heuristic too.
 


and it reports under "Checking Windows Service Integrity"

 * MSDTC [Missing Service]
is this an item to be concerned about? And, if so, what will repair it?

It's not really an important service, but is default on XP I believe so it should be repaired.
Download the file from here and save it to your desktop. Double click on the file and allow it to merge with your registry.
Please re-run rkill after this and copy the file into your next reply.
 
------------
 
Lets run a few more tools to be sure you are clean:
Download Emsisoft Emergency Kit and save it to your desktop. Right-click on EmsisoftEmergencyKit.zip and select Extract All.... Leave all settings as they are and click Extract. You will now have a folder named EmsisoftEmergencyKit on your desktop.

  • Open the EmsisoftEmergencyKit folder and double-click Start.exe.
  • A new window will open. Under "Run Directly:" click Emergency Kit Scanner.
  • When asked to run an online update, click Yes.
  • When the update is finished, click the Back to Security Status link in the left corner. On the main screen click the Scan Now button.
  • Select the Deep Scan option and click the SCAN button.
  • When the scan is finished click the Quarantine selected objects button. Note, this option is only available if malicious objects were detected during the scan.
  • Click the View Report button and in the Reports window double-click on the most recent log. Note, logs are named as follows: a2scan_<date>-<time>.txt.
  • Copy/paste the report contents in your next reply.

 

------------
 
Please download MiniToolBox, save it to your desktop and run it.
Checkmark the following checkboxes:

  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices
  • List Users, Partitions and Memory size.
  • List Minidump Files
  • List Restore Points

Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.
 
Note: When using "Reset FF Proxy Settings" option Firefox should be closed.

 

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#3 skeeterbyte

skeeterbyte
  • Topic Starter

  • Members
  • 67 posts
  • OFFLINE
  •  
  • Local time:03:35 AM

Posted 22 February 2014 - 02:40 PM

Hi Toffee,

 

Thanks for helping on this.

On the first item you list, I downloaded the file as instructed but after I told it to merge with the registry, I get an error message. The first of the line says "Cannot inport" followed by the file path, then "Error accessing the registry". Please advise how you'd like me to proceed. Is this something you'd prefer to see the logs you requested before pursuing the registry fix?

 

Skeet



#4 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,086 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:09:35 AM

Posted 22 February 2014 - 02:45 PM

Hi,

No, please carry on. I'll look into that error whilst you provide the extra logs.

Edit: Is the account you are running the reg file from administator?

xXToffeeXx~

Edited by xXToffeeXx, 22 February 2014 - 02:47 PM.

~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#5 skeeterbyte

skeeterbyte
  • Topic Starter

  • Members
  • 67 posts
  • OFFLINE
  •  
  • Local time:03:35 AM

Posted 22 February 2014 - 02:50 PM

To help you as you look into that, here's the log from Rkill that I just ran. I did notice that the process ID changed this time. Same verbage but different process indicated, for what's it's worth.

 

Rkill 2.6.5 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2014 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 02/22/2014 02:47:14 PM in x86 mode.
Windows Version: Microsoft Windows XP Service Pack 3

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * c:\windows\system\hpsysdrv.exe (PID: 3628) [WD-HEUR]

1 proccess terminated!

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * Reparse Point/Junctions Found (Most likely legitimate)!

     * C:\WINDOWS\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a => C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29b51492 [Dir]

Checking Windows Service Integrity:

 * MSDTC [Missing Service]

Searching for Missing Digital Signatures:

 * No issues found.

Checking HOSTS File:

 * HOSTS file entries found:

  127.0.0.1       localhost
  127.0.0.1       localhost

Program finished at: 02/22/2014 02:48:41 PM
Execution time: 0 hours(s), 1 minute(s), and 26 seconds(s)



#6 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,086 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:09:35 AM

Posted 22 February 2014 - 03:06 PM

Hi,

Edit: Is the account you are running the reg file from administator?

Don't miss this.

Don't worry about PID change either.

xXToffeeXx~

Edited by xXToffeeXx, 22 February 2014 - 03:07 PM.

~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#7 skeeterbyte

skeeterbyte
  • Topic Starter

  • Members
  • 67 posts
  • OFFLINE
  •  
  • Local time:03:35 AM

Posted 22 February 2014 - 03:10 PM

yes, it's with an administrator account.

Running the Emsisoft scan now.

 

Edit: as the scan is running, it's found 2 items so far. It may help with the registry file question you're researching to note that one of the items reads:

"Setting.DisableRegistryTools(A)" and indicates "1 registry item" under the details column. Maybe we can tell more once this scan finishes and I can send

that report.


Edited by skeeterbyte, 22 February 2014 - 03:28 PM.


#8 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,086 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:09:35 AM

Posted 22 February 2014 - 03:41 PM

Hi,

 

Okay, good to know.

 

Yes, that report should be most helpful. Once it has finished, I would like you to delete the current reg file, redownload from that link and try that one. Hopefully it will work this time, otherwise I might have to look at permissions.

 

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#9 skeeterbyte

skeeterbyte
  • Topic Starter

  • Members
  • 67 posts
  • OFFLINE
  •  
  • Local time:03:35 AM

Posted 22 February 2014 - 10:36 PM

Hi Toffee,

 

The scan finally finished. Gotta love the full, deep scans that take forever...lol....but that's what they should do.

Here's the report from the Emsisoft scan:

 

Emsisoft Emergency Kit - Version 4.0
Last update: 2/22/2014 3:01:00 PM
User account: AL-NERDSPECIAL\Compaq_Administrator

Scan settings:

Scan type: Deep Scan
Objects: Rootkits, Memory, Traces, C:\, D:\, F:\

Detect PUPs: On
Scan archives: On
ADS Scan: On
File extension filter: Off
Advanced caching: On
Direct disk access: Off

Scan start:    2/22/2014 3:02:01 PM
Value: HKEY_USERS\S-1-5-21-52170820-2566425520-3352924208-1007\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR     detected: Setting.DisableTaskMgr (A)
Value: HKEY_USERS\S-1-5-21-52170820-2566425520-3352924208-1007\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS     detected: Setting.DisableRegistryTools (A)

Scanned    565466
Found    2

Scan end:    2/22/2014 10:29:07 PM
Scan time:    7:27:06

Value: HKEY_USERS\S-1-5-21-52170820-2566425520-3352924208-1007\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS    Quarantined Setting.DisableRegistryTools (A)
Value: HKEY_USERS\S-1-5-21-52170820-2566425520-3352924208-1007\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR    Quarantined Setting.DisableTaskMgr (A)

Quarantined    2
 

 

After that scan finished, I did attempt the registry item again. Deleted the previous file and downloaded a "fresh" one as you directed. However it's still giving me the same error. Since It was the same as before, I didn't run Rkill again. Of course I will be glad to if needed.

I'll send the MiniToolBox Results log shortly.

 

Thanks,

Skeet



#10 skeeterbyte

skeeterbyte
  • Topic Starter

  • Members
  • 67 posts
  • OFFLINE
  •  
  • Local time:03:35 AM

Posted 22 February 2014 - 10:44 PM

Here is the report from MiniToolBox:

 

MiniToolBox by Farbar  Version: 23-01-2014
Ran by Compaq_Administrator (administrator) on 22-02-2014 at 22:38:29
Running from "C:\Documents and Settings\Compaq_Administrator\Desktop\repair work"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

127.0.0.1       localhost
127.0.0.1       localhost
127.0.0.1       localhost

========================= IP Configuration: ================================

NVIDIA nForce Networking Controller = Local Area Connection (Connected)


# ----------------------------------
# Interface IP Configuration         
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



        Host Name . . . . . . . . . . . . : AL-nerdSpecial

        Primary Dns Suffix  . . . . . . . :

        Node Type . . . . . . . . . . . . : Hybrid

        IP Routing Enabled. . . . . . . . : No

        WINS Proxy Enabled. . . . . . . . : No



Ethernet adapter Local Area Connection:



        Connection-specific DNS Suffix  . :

        Description . . . . . . . . . . . : NVIDIA nForce Networking Controller

        Physical Address. . . . . . . . . : 00-18-F3-D2-CC-6F

        Dhcp Enabled. . . . . . . . . . . : Yes

        Autoconfiguration Enabled . . . . : Yes

        IP Address. . . . . . . . . . . . : 192.168.1.103

        Subnet Mask . . . . . . . . . . . : 255.255.255.0

        Default Gateway . . . . . . . . . : 192.168.1.1

        DHCP Server . . . . . . . . . . . : 192.168.1.1

        DNS Servers . . . . . . . . . . . : 97.81.22.195

                                            71.92.29.130

                                            24.217.201.67

        Lease Obtained. . . . . . . . . . : Saturday, February 22, 2014 12:49:34 PM

        Lease Expires . . . . . . . . . . : Sunday, February 23, 2014 12:49:34 PM

Server:  vip03sghlga.sghl.ga.charter.com
Address:  97.81.22.195

Name:    google.com
Addresses:  74.125.137.138, 74.125.137.101, 74.125.137.139, 74.125.137.113
      74.125.137.100, 74.125.137.102



Pinging google.com [74.125.196.100] with 32 bytes of data:



Reply from 74.125.196.100: bytes=32 time=10ms TTL=42

Reply from 74.125.196.100: bytes=32 time=10ms TTL=42



Ping statistics for 74.125.196.100:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 10ms, Maximum = 10ms, Average = 10ms

Server:  vip03sghlga.sghl.ga.charter.com
Address:  97.81.22.195

Name:    yahoo.com
Addresses:  206.190.36.45, 98.139.183.24, 98.138.253.109



Pinging yahoo.com [98.138.253.109] with 32 bytes of data:



Reply from 98.138.253.109: bytes=32 time=66ms TTL=47

Reply from 98.138.253.109: bytes=32 time=71ms TTL=47



Ping statistics for 98.138.253.109:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 66ms, Maximum = 71ms, Average = 68ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 18 f3 d2 cc 6f ...... NVIDIA nForce Networking Controller - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1   192.168.1.103      20
        127.0.0.0        255.0.0.0        127.0.0.1       127.0.0.1      1
      169.254.0.0      255.255.0.0    192.168.1.103   192.168.1.103      20
      192.168.1.0    255.255.255.0    192.168.1.103   192.168.1.103      20
    192.168.1.103  255.255.255.255        127.0.0.1       127.0.0.1      20
    192.168.1.255  255.255.255.255    192.168.1.103   192.168.1.103      20
        224.0.0.0        240.0.0.0    192.168.1.103   192.168.1.103      20
  255.255.255.255  255.255.255.255    192.168.1.103   192.168.1.103      1
Default Gateway:       192.168.1.1
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================

Catalog5 01 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\WINDOWS\system32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\WINDOWS\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 05 C:\WINDOWS\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 06 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 15 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 16 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 17 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 18 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 19 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 20 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 21 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 22 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 23 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 24 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 25 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 26 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 27 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 28 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 29 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (02/19/2014 00:03:26 AM) (Source: Application Hang) (User: )
Description: Hanging application firefox.exe, version 27.0.1.5156, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (02/19/2014 00:03:23 AM) (Source: Application Hang) (User: )
Description: Hanging application firefox.exe, version 27.0.1.5156, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (02/13/2014 01:30:20 PM) (Source: Bonjour Service) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding   22 103.1.168.192.in-addr.arpa. PTR AL-nerdSpecial.local.

Error: (02/13/2014 01:30:20 PM) (Source: Bonjour Service) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.1.103:5353   24 103.1.168.192.in-addr.arpa. PTR AL-nerdSpecial-2.local.

Error: (02/12/2014 08:04:06 PM) (Source: Bonjour Service) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding   22 103.1.168.192.in-addr.arpa. PTR AL-nerdSpecial.local.

Error: (02/12/2014 08:04:06 PM) (Source: Bonjour Service) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.1.103:5353   24 103.1.168.192.in-addr.arpa. PTR AL-nerdSpecial-2.local.

Error: (02/12/2014 01:56:09 PM) (Source: .NET Runtime Optimization Service) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown

Error: (01/15/2014 04:16:25 PM) (Source: Application Hang) (User: )
Description: Hanging application Mediahub.exe, version 2.6.21.1, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (01/15/2014 02:12:04 PM) (Source: Application Error) (User: )
Description: Faulting application audacity.exe, version 2.0.2.0, faulting module unknown, version 0.0.0.0, fault address 0x0000004b.
Processing media-specific event for [audacity.exe!ws!]

Error: (01/05/2014 00:07:25 PM) (Source: MPSampleSubmission) (User: )
Description: EventType avsubmit, P1 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P2 1.1.10201.0, P3 1.165.1189.0, P4 1.165.1189.0, P5 unknown, P6 NIL, P7 NIL, P8 NIL, P9 avsubmit0, P10 avsubmit1.


System errors:
=============
Error: (02/22/2014 00:50:03 PM) (Source: Service Control Manager) (User: )
Description: The NVIDIA Display Driver Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (02/22/2014 10:50:02 AM) (Source: Service Control Manager) (User: )
Description: The NVIDIA Display Driver Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (02/19/2014 01:41:11 AM) (Source: Service Control Manager) (User: )
Description: The NVIDIA Display Driver Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (02/18/2014 10:28:45 PM) (Source: Service Control Manager) (User: )
Description: The NVIDIA Display Driver Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (02/12/2014 11:47:26 AM) (Source: Service Control Manager) (User: )
Description: The NVIDIA Display Driver Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (02/12/2014 11:46:57 AM) (Source: Dhcp) (User: )
Description: The IP address lease 192.168.1.106 for the Network Card with network address 0018F3D2CC6F has been
denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

Error: (02/09/2014 07:43:08 PM) (Source: 0) (User: )
Description: \Device\LanmanDatagramReceiverMACBOOK-PRO-2NetBT_Tcpip_{98844EED-C547-

Error: (02/05/2014 10:45:27 PM) (Source: 0) (User: )
Description: WORKGROUP      :1d192.168.1.106192.168.1.105

Error: (02/05/2014 10:45:03 PM) (Source: Dhcp) (User: )
Description: The IP address lease 192.168.1.101 for the Network Card with network address 0018F3D2CC6F has been
denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

Error: (02/04/2014 10:19:03 PM) (Source: 0) (User: )
Description: WORKGROUP      :1d192.168.1.101192.168.1.102


Microsoft Office Sessions:
=========================
Error: (02/19/2014 00:03:26 AM) (Source: Application Hang)(User: )
Description: firefox.exe27.0.1.5156hungapp0.0.0.000000000

Error: (02/19/2014 00:03:23 AM) (Source: Application Hang)(User: )
Description: firefox.exe27.0.1.5156hungapp0.0.0.000000000

Error: (02/13/2014 01:30:20 PM) (Source: Bonjour Service)(User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding   22 103.1.168.192.in-addr.arpa. PTR AL-nerdSpecial.local.

Error: (02/13/2014 01:30:20 PM) (Source: Bonjour Service)(User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.1.103:5353   24 103.1.168.192.in-addr.arpa. PTR AL-nerdSpecial-2.local.

Error: (02/12/2014 08:04:06 PM) (Source: Bonjour Service)(User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding   22 103.1.168.192.in-addr.arpa. PTR AL-nerdSpecial.local.

Error: (02/12/2014 08:04:06 PM) (Source: Bonjour Service)(User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.1.103:5353   24 103.1.168.192.in-addr.arpa. PTR AL-nerdSpecial-2.local.

Error: (02/12/2014 01:56:09 PM) (Source: .NET Runtime Optimization Service)(User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown

Error: (01/15/2014 04:16:25 PM) (Source: Application Hang)(User: )
Description: Mediahub.exe2.6.21.1hungapp0.0.0.000000000

Error: (01/15/2014 02:12:04 PM) (Source: Application Error)(User: )
Description: audacity.exe2.0.2.0unknown0.0.0.00000004b

Error: (01/05/2014 00:07:25 PM) (Source: MPSampleSubmission)(User: )
Description: avsubmitmicrosoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094)1.1.10201.01.165.1189.01.165.1189.0unknownNILNILNILNILNIL


=========================== Installed Programs ============================

ABBYY FineReader 6.0 Sprint (Version: 6.00.1395.4512)
Acrobat.com (Version: 0.0.0)
Acrobat.com (Version: 1.2.443)
Adobe Acrobat 9 Pro - English, Français, Deutsch (Version: 9.5.5)
Adobe Acrobat 9.5.5 - CPSID_83708
Adobe After Effects CS4 (Version: 9)
Adobe After Effects CS4 Presets (Version: 9)
Adobe After Effects CS4 Third Party Content (Version: 9)
Adobe AIR (Version: 3.7.0.2090)
Adobe Anchor Service CS4 (Version: 2.0)
Adobe Asset Services CS4 (Version: 4)
Adobe Bridge CS4 (Version: 3)
Adobe CMaps CS4 (Version: 2.0)
Adobe Color - Photoshop Specific CS4 (Version: 2.0)
Adobe Color EU Extra Settings CS4 (Version: 2.0)
Adobe Color JA Extra Settings CS4 (Version: 2.0)
Adobe Color NA Recommended Settings CS4 (Version: 2.0)
Adobe Color Video Profiles AE CS4 (Version: 2.0)
Adobe Color Video Profiles CS CS4 (Version: 2.0)
Adobe Community Help (Version: 3.2.1)
Adobe Community Help (Version: 3.2.1.650)
Adobe Contribute CS4 (Version: 5.0)
Adobe Creative Suite 4 Master Collection (Version: 4.0)
Adobe CS4 American English Speech Analysis Models (Version: 1)
Adobe CSI CS4 (Version: 1)
Adobe Default Language CS4 (Version: 2.0)
Adobe Device Central CS4 (Version: 2)
Adobe Dreamweaver CS4 (Version: 10.0)
Adobe Drive CS4 (Version: 1)
Adobe Dynamiclink Support (Version: 1)
Adobe Encore CS4 (Version: 4)
Adobe Encore CS4 Codecs (Version: 4)
Adobe ExtendScript Toolkit CS4 (Version: 3.0.0)
Adobe Extension Manager CS4 (Version: 2.0)
Adobe Fireworks CS4 (Version: 10.0)
Adobe Flash CS4 (Version: 10.0)
Adobe Flash CS4 Extension - Flash Lite STI en (Version: 3.0)
Adobe Flash CS4 STI-en (Version: 10.0)
Adobe Flash Player 12 ActiveX (Version: 12.0.0.70)
Adobe Flash Player 12 Plugin (Version: 12.0.0.70)
Adobe Fonts All (Version: 2.0)
Adobe Illustrator CS4 (Version: 14.0)
Adobe InDesign CS4 (Version: 6.0)
Adobe InDesign CS4 Application Feature Set Files (Roman) (Version: 6.0)
Adobe InDesign CS4 Common Base Files (Version: 6.0)
Adobe InDesign CS4 Icon Handler (Version: 6.0)
Adobe Linguistics CS4 (Version: 4.0.0)
Adobe Media Encoder CS4 (Version: 1.0)
Adobe Media Encoder CS4 Additional Exporter (Version: 1.0)
Adobe Media Encoder CS4 Dolby (Version: 1.0)
Adobe Media Encoder CS4 Exporter (Version: 1.0)
Adobe Media Encoder CS4 Importer (Version: 1.0)
Adobe Media Player (Version: 0.0.0)
Adobe Media Player (Version: 1.1)
Adobe MotionPicture Color Files CS4 (Version: 2.0)
Adobe OnLocation CS4 (Version: 4)
Adobe Output Module (Version: 2.0)
Adobe PDF Library Files CS4 (Version: 9.0)
Adobe Photoshop CS4 (Version: 11.0)
Adobe Photoshop CS4 Support (Version: 11.0)
Adobe Photoshop Elements 9 (Version: 9.0.3.0)
Adobe Photoshop.com Inspiration Browser (Version: 3.07)
Adobe Premiere Pro CS4 (Version: 4)
Adobe Premiere Pro CS4 Functional Content (Version: 4)
Adobe Premiere Pro CS4 Third Party Content (Version: 4)
Adobe Reader XI (11.0.06) (Version: 11.0.06)
Adobe Search for Help (Version: 1.0)
Adobe Service Manager Extension (Version: 1.0)
Adobe Setup (Version: 2.0)
Adobe SGM CS4 (Version: 3.0)
Adobe SING CS4 (Version: 2.0)
Adobe Soundbooth CS4 (Version: 2)
Adobe Soundbooth CS4 Codecs (Version: 2)
Adobe Type Support CS4 (Version: 9.0)
Adobe Update Manager CS4 (Version: 6.0.0)
Adobe Version Cue CS4 Server (Version: 4.0)
Adobe Widget Browser (Version: 2.0 Build 230)
Adobe Widget Browser (Version: 2.0.230)
Adobe WinSoft Linguistics Plugin (Version: 1.1)
Adobe XMP Panels CS4 (Version: 2.0)
AdobeColorCommonSetCMYK (Version: 2.0)
AdobeColorCommonSetRGB (Version: 2.0)
Advertising Center (Version: 0.0.0.1)
Apple Application Support (Version: 2.3.6)
Apple Mobile Device Support (Version: 7.0.0.117)
Apple Software Update (Version: 2.1.3.127)
ArcSoft MediaImpression
Audacity 2.0.2 (Version: 2.0.2)
Autodesk SketchBookExpress 2011 (Version: 5.00.0000)
Bamboo (Version: 5.3.0-3)
Bamboo Dock (Version: 4.0)
Bamboo Dock (Version: 4.1.0)
Bonjour (Version: 3.0.0.10)
BufferChm (Version: 70.0.170.000)
Color Efex Pro 3.0 Wacom Edition 3 (Version: 3.0.0.1)
Compact Wireless-G USB Adapter
Compaq Connections (remove only)
Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000)
Connect (Version: 1.0.0.1)
Corel Painter Essentials 4
Corel Painter Essentials 4 (Version: 4.2)
CorelDRAW Graphics Suite X3
CorelDRAW Graphics Suite X3 (Version: 13.2)
CP_AtenaShokunin1Config (Version: 70.0.170.000)
CP_CalendarTemplates1 (Version: 70.0.170.000)
cp_LightScribeConfig (Version: 70.0.170.000)
cp_OnlineProjectsConfig (Version: 70.0.170.000)
CP_Package_Basic1 (Version: 70.0.170.000)
CP_Package_Variety1 (Version: 70.0.170.000)
CP_Package_Variety2 (Version: 70.0.170.000)
CP_Package_Variety3 (Version: 70.0.170.000)
CP_Panorama1Config (Version: 70.0.170.000)
cp_PosterPrintConfig (Version: 70.0.170.000)
cp_UpdateProjectsConfig (Version: 70.0.170.000)
CueTour (Version: 70.0.170.000)
Customer Experience Enhancement (Version: Customer Experience Enhancement -1.0.0.1680)
CyberLink PhotoNow (Version: 1.1.0.6904)
CyberLink PowerDirector (Version: 9.0.0.3305)
CyberLink PowerProducer (Version: 5.0.2.2415)
CyberLink WaveEditor (Version: 1.0.1.2821)
Data Fax SoftModem with SmartCP
Destinations (Version: 70.0.170.000)
DeviceManagementQFolder (Version: 1.00.0000)
DISCover (Version: 3.33)
Elements 9 Organizer (Version: 9.0)
Elements STI Installer (Version: 1.0)
EN (Version: 13.1)
Epson Copy Utility 3.5 (Version: 3.5.0.0)
EPSON Perfection V30/V300 Photo Scanner Driver Update
EPSON Scan
Family Tree Maker 7.0
FileZilla Client 3.7.3 (Version: 3.7.3)
FontNav (Version: 5.0)
FullDPAppQFolder (Version: 1.00.0000)
GemMaster Mystic
Google Chrome (Version: 33.0.1750.117)
High Definition Audio Driver Package - KB888111 (Version: 20040219.000000)
HP Boot Optimizer (Version: 3.0.0)
HP DVD Play 2.1
HP Imaging Device Functions 7.0 (Version: 7.0)
HP Photosmart Premier Software 6.5 (Version: 6.5)
HP Support Overview (Version: 1.0.0)
HP Update (Version: 5.005.000.002)
HP Web Helper
HPPhotoSmartExpress (Version: 70.0.170.000)
HpSdpAppCoreApp (Version: 3.00.0000)
ImagXpress (Version: 7.0.74.0)
InstantShareAlert (Version: 1.00.0000)
InstantShareDevices (Version: 70.0.170.000)
iTunes (Version: 11.1.3.8)
kuler (Version: 2.0)
LAME v3.98.3 for Audacity
LightScribe System Software (Version: 1.18.6.1)
LP Recorder
LP Ripper
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
Microsoft .NET Framework 1.0 Hotfix (KB2572066)
Microsoft .NET Framework 1.0 Hotfix (KB2604042)
Microsoft .NET Framework 1.0 Hotfix (KB2656378)
Microsoft .NET Framework 1.0 Security Update (KB2698035)
Microsoft .NET Framework 1.0 Security Update (KB2742607)
Microsoft .NET Framework 1.0 Security Update (KB2833951)
Microsoft .NET Framework 1.0 Security Update (KB2904878)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2698023)
Microsoft .NET Framework 1.1 Security Update (KB2833941)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Away Mode (Version: 6.0.0160.0)
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft IntelliPoint 6.01 (Version: 6.01.250.0)
Microsoft IntelliType Pro 6.01 (Version: 6.01.250.0)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft National Language Support Downlevel APIs
Microsoft Office XP Professional (Version: 10.0.6626.0)
Microsoft Security Client (Version: 4.4.0304.0)
Microsoft Security Essentials (Version: 4.4.304.0)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Works (Version: 08.04.0623)
Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86 (Version: 8.0.50727.4053)
Microsoft_VC90_CRT_x86 (Version: 1.00.0000)
MotoHelper MergeModules (Version: 1.2.0)
Mozilla Firefox 27.0.1 (x86 en-US) (Version: 27.0.1)
Mozilla Maintenance Service (Version: 27.0.1)
Mozilla Thunderbird 17.0.8 (x86 en-US) (Version: 17.0.8)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 6.0 Parser (Version: 6.00.3883.8)
My HP Games (Version: HPCMPQ1404)
Nero 9 Essentials
Nero BurnRights (Version: 3.4.7.100)
Nero BurnRights Help (Version: 3.4.4.100)
Nero ControlCenter (Version: 9.0.0.1)
Nero CoverDesigner (Version: 4.4.7.100)
Nero CoverDesigner Help (Version: 4.4.9.100)
Nero DiscSpeed (Version: 5.4.7.100)
Nero DiscSpeed Help (Version: 5.4.4.100)
Nero DriveSpeed (Version: 4.4.4.100)
Nero DriveSpeed Help (Version: 4.4.4.100)
Nero Express Help (Version: 9.6.2.101)
Nero InfoTool (Version: 6.4.7.100)
Nero InfoTool Help (Version: 6.4.4.100)
Nero Installer (Version: 4.4.8.1)
Nero Online Upgrade (Version: 1.3.0.0)
Nero StartSmart (Version: 9.4.11.208)
Nero StartSmart Help (Version: 9.4.1.100)
Nero StartSmart OEM (Version: 9.4.10.100)
NeroExpress (Version: 9.4.10.505)
neroxml (Version: 1.0.0)
NVIDIA Drivers
OptionalContentQFolder (Version: 1.00.0000)
Otto
PC-Doctor 5 for Windows (Version: 5.00.4060.15)
PDF Settings CS4 (Version: 9.0)
PhotoGallery (Version: 70.0.170.000)
Photoshop Camera Raw (Version: 5.0)
Pixel Bender Toolkit (Version: 1.0)
Python 2.2 pywin32 extensions (build 203)
Python 2.2.3 (Version: 2.2.3)
QuickTime (Version: 7.74.80.86)
RandMap (Version: 70.0.170.000)
Realtek High Definition Audio Driver
Rhapsody
Rosewill Wireless N USB Adapter (Version: 1.5.5.0)
Safari (Version: 5.34.57.2)
SAMSUNG USB Driver for Mobile Phones (Version: 1.3.2200.0)
Seagate Dashboard (Version: 1.1.0.1421)
SkinsHP1 (Version: 70.0.170.000)
SlideShow (Version: 70.0.170.000)
SlideShowMusic (Version: 70.0.170.000)
SmartSound Quicktracks 5 (Version: 5.1.8)
SmartSound Quicktracks Plugin (Version: 3.0.3.0)
Sonic Express Labeler (Version: 2.1.0)
Sonic MyDVD Plus (Version: 6.2.0)
Sonic RecordNow Audio (Version: 2.0.6)
Sonic RecordNow Copy (Version: 2.0.6)
Sonic RecordNow Data (Version: 2.0.6)
Sonic Update Manager (Version: 3.0.0)
Sonic_PrimoSDK (Version: 70.0.170.000)
Sony PC Companion 2.10.094 (Version: 2.10.094)
Suite Shared Configuration CS4 (Version: 1.0)
TeamViewer 9 (Version: 9.0.25942)
Unload (Version: 7.0.0)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Windows Internet Explorer 8 (KB2447568) (Version: 1)
Update for Windows Internet Explorer 8 (KB2598845) (Version: 1)
Update for Windows Internet Explorer 8 (KB2632503) (Version: 1)
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB2141007) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2467659) (Version: 1)
Update for Windows XP (KB2492386) (Version: 1)
Update for Windows XP (KB2541763) (Version: 1)
Update for Windows XP (KB2607712) (Version: 1)
Update for Windows XP (KB2616676) (Version: 1)
Update for Windows XP (KB2641690) (Version: 1)
Update for Windows XP (KB2661254-v2) (Version: 2)
Update for Windows XP (KB2718704) (Version: 1)
Update for Windows XP (KB2736233) (Version: 1)
Update for Windows XP (KB2749655) (Version: 1)
Update for Windows XP (KB2863058) (Version: 1)
Update for Windows XP (KB2904266) (Version: 1)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB967715) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB971737) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
Update Manager (Version: 4.60)
Update Rollup 2 for Windows XP Media Center Edition 2005
Video2Go Driver
WampServer 2.1
Wave Corrector DeClick version 1.1
WebFldrs XP (Version: 9.50.7523)
WebTablet FB Plugin 32 bit (Version: 2.1.0.2)
WebTablet IE Plugin (Version: 1.1.0.12)
WebTablet Netscape Plugin (Version: 1.1.0.10)
WildTangent Web Driver
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)
Windows Internet Explorer 7 (Version: 20070813.185237)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Media Center Edition 2005 KB2502898
Windows XP Media Center Edition 2005 KB2619340
Windows XP Media Center Edition 2005 KB2628259
Windows XP Media Center Edition 2005 KB908246
Windows XP Media Center Edition 2005 KB925766
Windows XP Media Center Edition 2005 KB973768
Windows XP Service Pack 3 (Version: 20080414.031525)

========================= Devices: ================================


========================= Memory info: ===================================

Percentage of memory in use: 42%
Total physical RAM: 1982.48 MB
Available physical RAM: 1135.44 MB
Total Pagefile: 3269.25 MB
Available Pagefile: 2174.89 MB
Total Virtual: 2047.88 MB
Available Virtual: 1978.44 MB

========================= Partitions: =====================================

1 Drive c: (PRESARIO) (Fixed) (Total:140.48 GB) (Free:28.03 GB) NTFS
2 Drive d: (PRESARIO_RP) (Fixed) (Total:8.56 GB) (Free:0.58 GB) FAT32
4 Drive f: (FreeAgent GoFlex Drive) (Fixed) (Total:1397.26 GB) (Free:888.18 GB) NTFS

========================= Users: ========================================

User accounts for \\AL-NERDSPECIAL

Administrator            Compaq_Administrator     ealStdby                 
Guest                    HelpAssistant            SUPPORT_388945a0         
SUPPORT_fddfa904         

========================= Minidump Files ==================================

No minidump file found

========================= Restore Points ==================================

25-11-2013 17:25:25 Software Distribution Service 3.0
26-11-2013 20:04:34 Software Distribution Service 3.0
28-11-2013 16:18:22 Software Distribution Service 3.0
29-11-2013 17:04:21 Software Distribution Service 3.0
30-11-2013 23:36:32 System Checkpoint
01-12-2013 15:47:48 Software Distribution Service 3.0
02-12-2013 15:56:36 Software Distribution Service 3.0
03-12-2013 16:11:50 Software Distribution Service 3.0
04-12-2013 17:27:41 System Checkpoint
05-12-2013 17:50:02 Software Distribution Service 3.0
06-12-2013 18:41:10 System Checkpoint
07-12-2013 16:53:05 Software Distribution Service 3.0
09-12-2013 15:26:29 Software Distribution Service 3.0
10-12-2013 17:18:48 Software Distribution Service 3.0
12-12-2013 00:25:30 System Checkpoint
12-12-2013 07:44:12 Software Distribution Service 3.0
12-12-2013 16:33:36 Software Distribution Service 3.0
13-12-2013 16:19:47 Software Distribution Service 3.0
14-12-2013 16:49:54 Software Distribution Service 3.0
15-12-2013 07:27:15 Software Distribution Service 3.0
16-12-2013 08:24:13 System Checkpoint
16-12-2013 15:57:26 Software Distribution Service 3.0
17-12-2013 16:17:35 Software Distribution Service 3.0
18-12-2013 16:39:53 Software Distribution Service 3.0
19-12-2013 16:12:47 Software Distribution Service 3.0
20-12-2013 16:39:33 Software Distribution Service 3.0
21-12-2013 19:12:15 Installed Nero 9 Essentials 4.4.8.1
22-12-2013 07:15:18 Software Distribution Service 3.0
22-12-2013 08:00:17 Software Distribution Service 3.0
23-12-2013 17:24:07 Software Distribution Service 3.0
24-12-2013 19:13:06 System Checkpoint
25-12-2013 16:20:21 Software Distribution Service 3.0
26-12-2013 16:36:48 Software Distribution Service 3.0
28-12-2013 14:23:46 Software Distribution Service 3.0
29-12-2013 17:35:43 Software Distribution Service 3.0
31-12-2013 15:22:21 Software Distribution Service 3.0
01-01-2014 16:34:56 Software Distribution Service 3.0
02-01-2014 17:17:53 Software Distribution Service 3.0
04-01-2014 15:58:23 Software Distribution Service 3.0
05-01-2014 17:09:14 Software Distribution Service 3.0
06-01-2014 23:56:13 System Checkpoint
07-01-2014 17:08:15 Software Distribution Service 3.0
09-01-2014 15:06:29 Software Distribution Service 3.0
10-01-2014 16:03:41 Software Distribution Service 3.0
11-01-2014 16:39:53 Software Distribution Service 3.0
13-01-2014 16:51:40 Software Distribution Service 3.0
14-01-2014 17:05:39 Software Distribution Service 3.0
14-01-2014 18:23:49 Software Distribution Service 3.0
15-01-2014 16:53:12 Software Distribution Service 3.0
15-01-2014 17:18:37 Software Distribution Service 3.0
17-01-2014 00:13:30 System Checkpoint
17-01-2014 02:18:31 Software Distribution Service 3.0
18-01-2014 16:54:23 Software Distribution Service 3.0
19-01-2014 19:17:23 System Checkpoint
20-01-2014 15:34:28 Software Distribution Service 3.0
21-01-2014 05:05:39 Installed Java 7 Update 51
21-01-2014 17:04:59 Software Distribution Service 3.0
23-01-2014 15:32:48 Software Distribution Service 3.0
24-01-2014 17:01:26 Software Distribution Service 3.0
26-01-2014 15:44:01 Software Distribution Service 3.0
27-01-2014 16:59:02 Software Distribution Service 3.0
28-01-2014 17:23:20 Software Distribution Service 3.0
30-01-2014 17:49:23 Software Distribution Service 3.0
31-01-2014 21:32:43 System Checkpoint
01-02-2014 17:16:06 Software Distribution Service 3.0
02-02-2014 06:37:14 Software Distribution Service 3.0
03-02-2014 17:42:18 Software Distribution Service 3.0
04-02-2014 18:44:06 System Checkpoint
05-02-2014 15:56:11 Software Distribution Service 3.0
06-02-2014 19:50:49 System Checkpoint
07-02-2014 17:07:16 Software Distribution Service 3.0
08-02-2014 18:28:02 System Checkpoint
09-02-2014 06:31:53 Software Distribution Service 3.0
10-02-2014 16:59:23 Software Distribution Service 3.0
12-02-2014 16:57:46 Software Distribution Service 3.0
12-02-2014 18:28:37 Software Distribution Service 3.0
13-02-2014 19:55:36 System Checkpoint
14-02-2014 17:20:54 Software Distribution Service 3.0
15-02-2014 19:16:47 System Checkpoint
16-02-2014 16:24:35 Software Distribution Service 3.0
17-02-2014 16:28:18 Software Distribution Service 3.0
18-02-2014 17:15:49 System Checkpoint
19-02-2014 02:57:34 Software Distribution Service 3.0
19-02-2014 03:18:23 Removed Java 7 Update 25
19-02-2014 15:39:06 Software Distribution Service 3.0
20-02-2014 15:49:21 Software Distribution Service 3.0
21-02-2014 16:56:56 Software Distribution Service 3.0
22-02-2014 17:16:45 Software Distribution Service 3.0

**** End of log ****
 



#11 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,086 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:09:35 AM

Posted 24 February 2014 - 12:16 PM

Hi,

 

Press the start button and click on the run button. Type regedit into the box that appears and press enter. Please navigate to this key via the drop down arrows: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services. Right-click on services and then permissions. Click advanced, then Effective Permissions tab at the top. Click Select and in the box with "Enter the object name to select (examples):" you need to enter your username of the account you are using, then press OK. On the Effective Permissions box make sure all of the boxes are checked. Press OK to both boxes and then close the Registry Editor.

 

Try merging the reg file now. If you have any problems, please state them as this can be complicated.

 

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#12 skeeterbyte

skeeterbyte
  • Topic Starter

  • Members
  • 67 posts
  • OFFLINE
  •  
  • Local time:03:35 AM

Posted 24 February 2014 - 12:40 PM

Thanks Toffee.

 

Changed the permissions in the registry as directed...no problems.

However, it still won't allow me to merge the file. Gives the same error message "can not import the file" with file path and "error accessing the registry"

 

 

Skeet



#13 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,086 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:09:35 AM

Posted 24 February 2014 - 02:10 PM

Hi,

 

Right, I'm going to be so mad with myself if this works (my own fault it would be), but please try this file.

 

Thank you for being so patient.

 

xXToffeeXx~


Edited by xXToffeeXx, 24 February 2014 - 02:11 PM.

~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#14 skeeterbyte

skeeterbyte
  • Topic Starter

  • Members
  • 67 posts
  • OFFLINE
  •  
  • Local time:03:35 AM

Posted 24 February 2014 - 02:20 PM

Well, Toffee....yep....that worked :clapping:

Don't be too hard on yourself...it happens to the best of us ;-)

 

Here's the Rkill log after completing the merge....

 

Rkill 2.6.5 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2014 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 02/24/2014 02:16:38 PM in x86 mode.
Windows Version: Microsoft Windows XP Service Pack 3

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * c:\windows\system\hpsysdrv.exe (PID: 4016) [WD-HEUR]

1 proccess terminated!

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * Reparse Point/Junctions Found (Most likely legitimate)!

     * C:\WINDOWS\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a => C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29b51492 [Dir]

Checking Windows Service Integrity:

 * No issues found.

Searching for Missing Digital Signatures:

 * No issues found.

Checking HOSTS File:

 * HOSTS file entries found:

  127.0.0.1       localhost
  127.0.0.1       localhost

Program finished at: 02/24/2014 02:18:01 PM
Execution time: 0 hours(s), 1 minute(s), and 22 seconds(s)
 

 

Let me know what we need to do next, if anything.

Thanks!!

Skeet



#15 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,086 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:09:35 AM

Posted 24 February 2014 - 02:25 PM

Hi,
 
Thanks for the rkill log. I should explain what happened; we have a repository of Windows services, and I linked the legacy version rather than the actual one. That's why it wouldn't merge, I even checked the contents of the legacy to see if it was a proper reg file. It's more that it's so stupid that annoys me ;)
 
One last check and then we can clear up the tools used:

Download Security Check from here or here and save it to your Desktop.

  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

 

xXToffeeXx~


Edited by xXToffeeXx, 24 February 2014 - 02:26 PM.

~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users