Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

MSE tells me I have two rovnix Trojans...


  • This topic is locked This topic is locked
14 replies to this topic

#1 reaper61

reaper61

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:03:10 PM

Posted 30 March 2014 - 02:40 PM

I noticed that my machine was running really slow and hitting the HDD constantly so I ran a manual virus check. The results were that two rovnix Trojans were on my machine along with a number of others. I allowed MSE to clean the threats, but DOS/Rovnix.W would not clear. Also, Win32/Rovnix.gen!C would clean, but return later.

 

 

How do I remove these?

 



BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,323 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:10 PM

Posted 30 March 2014 - 05:28 PM

Hello and welcome reaper

Lets see how it is after these.

Please download MiniToolBox, save it to your desktop and run it.
Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.
  • Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.
    Note: When using "Reset FF Proxy Settings" option Firefox should be closed.
  • ----------
    • Download Malwarebytes Anti-Malware Free and save it to your desktop
    • Double click the desktop icon, click Run, then OK
    • Click Next
    • Select I accept the agreement then continue to click Next then finally click Install
    • Uncheck Enable free trial of Malwarebytes Anti-Malware Premium if you do not want the free trial of the paid version, then click Finish
    • If you are notified the Database is out of date click Update Now
    • Click Scan Now >>
    ----------
    • Note: If Malwarebytes will not launch please do the following to launch Malwarebytes Chameleon:
    • Click Start (Start, Search, All files and folders for Windows XP) then type mbam
    • Double click one of the four following files (if one does not work try the next one, and so on) - A black command window will open. Follow those instructions until the Malwarebytes program starts the scan

    mbam-chameleon.scr
    mbam-chameleon
    mbam-chameleon.exe
    mbam-chameleon.com

    ----------
    • When completed click the down arrow on Export Log and select Text file (*.txt)
    • Save the file to your desktop as MBAM
    • Click Apply Actions then restart your computer if requested
    • Copy and past the contents of MBAM.txt in your reply
    >>>
  • Last run ESET.
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
  • Scan potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
  • NOTE:Sometimes if ESET finds no infections it will not create a log.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 reaper61

reaper61
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:03:10 PM

Posted 01 April 2014 - 06:23 PM

MiniToolBox by Farbar  Version: 23-01-2014
Ran by Bryan (administrator) on 01-04-2014 at 18:16:08
Running from "C:\Users\Bryan\Downloads"
Microsoft Windows 7 Home Premium  Service Pack 1 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is enabled.
ProxyServer: localhost:21320

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================

"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

127.0.0.1 localhost
127.0.0.1 3dns.adobe.com 3dns-1.adobe.com 3dns-2.adobe.com 3dns-3.adobe.com 3dns-4.adobe.com activate.adobe.com activate-sea.adobe.com activate-sjc0.adobe.com activate.wip.adobe.com
127.0.0.1 activate.wip1.adobe.com activate.wip2.adobe.com activate.wip3.adobe.com activate.wip4.adobe.com adobe-dns.adobe.com adobe-dns-1.adobe.com adobe-dns-2.adobe.com adobe-dns-3.adobe.com adobe-dns-4.adobe.com
127.0.0.1 adobeereg.com practivate.adobe practivate.adobe.com practivate.adobe.newoa practivate.adobe.ntp practivate.adobe.ipp ereg.adobe.com ereg.wip.adobe.com ereg.wip1.adobe.com
127.0.0.1 ereg.wip2.adobe.com ereg.wip3.adobe.com ereg.wip4.adobe.com hl2rcv.adobe.com wip.adobe.com wip1.adobe.com wip2.adobe.com wip3.adobe.com wip4.adobe.com
127.0.0.1 www.adobeereg.com wwis-dubc1-vip60.adobe.com www.wip.adobe.com www.wip1.adobe.com
127.0.0.1 www.wip2.adobe.com www.wip3.adobe.com www.wip4.adobe.com wwis-dubc1-vip60.adobe.com crl.verisign.net CRL.VERISIGN.NET ood.opsource.net
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com

There are 15479 more lines starting with "127.0.0.1"

========================= IP Configuration: ================================

NVIDIA nForce 10/100/1000 Mbps Ethernet  = Local Area Connection (Disconnected)
NETGEAR WNDA3100v2 N600 Wireless Dual Band USB Adapter = Wireless Network Connection (Connected)
Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 5 (Hardware not present)

# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled

popd
# End of IPv4 configuration

 

Windows IP Configuration

   Host Name . . . . . . . . . . . . : HAL
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No

Wireless LAN adapter Wireless Network Connection:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : NETGEAR WNDA3100v2 N600 Wireless Dual Band USB Adapter #2
   Physical Address. . . . . . . . . : 4C-60-DE-89-7D-AE
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::29aa:6734:12a9:8712%17(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.0.11(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Sunday, March 30, 2014 5:16:05 PM
   Lease Expires . . . . . . . . . . : Tuesday, April 01, 2014 7:03:08 PM
   Default Gateway . . . . . . . . . : 192.168.0.1
   DHCP Server . . . . . . . . . . . : 192.168.0.1
   DHCPv6 IAID . . . . . . . . . . . : 424435934
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-15-04-4D-CA-00-24-8C-C2-17-28
   DNS Servers . . . . . . . . . . . : 209.18.47.61
                                       209.18.47.62
   NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : NVIDIA nForce 10/100/1000 Mbps Ethernet
   Physical Address. . . . . . . . . : 00-24-8C-C2-17-28
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{7C3F2CD6-4C10-4B44-8537-A052DE5C3B39}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 11:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:9d38:6ab8:1836:2df3:b344:c6(Preferred)
   Link-local IPv6 Address . . . . . : fe80::1836:2df3:b344:c6%23(Preferred)
   Default Gateway . . . . . . . . . : ::
   NetBIOS over Tcpip. . . . . . . . : Disabled
Server:  dns-cac-lb-01.rr.com
Address:  209.18.47.61

Name:    google.com
Addresses:  74.125.227.137
   74.125.227.142
   74.125.227.128
   74.125.227.129
   74.125.227.130
   74.125.227.131
   74.125.227.132
   74.125.227.133
   74.125.227.134
   74.125.227.135
   74.125.227.136

Pinging google.com [173.194.115.14] with 32 bytes of data:
Reply from 173.194.115.14: bytes=32 time=12ms TTL=52
Reply from 173.194.115.14: bytes=32 time=12ms TTL=52

Ping statistics for 173.194.115.14:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 12ms, Maximum = 12ms, Average = 12ms
Server:  dns-cac-lb-01.rr.com
Address:  209.18.47.61

Name:    yahoo.com
Addresses:  206.190.36.45
   98.138.253.109
   98.139.183.24

Pinging yahoo.com [98.138.253.109] with 32 bytes of data:
Reply from 98.138.253.109: bytes=32 time=64ms TTL=47
Reply from 98.138.253.109: bytes=32 time=67ms TTL=47

Ping statistics for 98.138.253.109:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 64ms, Maximum = 67ms, Average = 65ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 17...4c 60 de 89 7d ae ......NETGEAR WNDA3100v2 N600 Wireless Dual Band USB Adapter #2
 10...00 24 8c c2 17 28 ......NVIDIA nForce 10/100/1000 Mbps Ethernet
  1...........................Software Loopback Interface 1
 24...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
 23...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.0.1     192.168.0.11     25
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.0.0    255.255.255.0         On-link      192.168.0.11    281
     192.168.0.11  255.255.255.255         On-link      192.168.0.11    281
    192.168.0.255  255.255.255.255         On-link      192.168.0.11    281
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link      192.168.0.11    281
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link      192.168.0.11    281
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
 23     58 ::/0                     On-link
  1    306 ::1/128                  On-link
 23     58 2001::/32                On-link
 23    306 2001:0:9d38:6ab8:1836:2df3:b344:c6/128
                                    On-link
 17    281 fe80::/64                On-link
 23    306 fe80::/64                On-link
 23    306 fe80::1836:2df3:b344:c6/128
                                    On-link
 17    281 fe80::29aa:6734:12a9:8712/128
                                    On-link
  1    306 ff00::/8                 On-link
 23    306 ff00::/8                 On-link
 17    281 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\system32\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\system32\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\system32\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\system32\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog5 06 C:\Windows\system32\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll [268832] (NVIDIA)
Catalog9 02 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll [268832] (NVIDIA)
Catalog9 03 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll [268832] (NVIDIA)
Catalog9 04 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll [268832] (NVIDIA)
Catalog9 05 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll [268832] (NVIDIA)
Catalog9 06 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll [268832] (NVIDIA)
Catalog9 07 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 17 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll [268832] (NVIDIA)
Catalog9 18 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll [268832] (NVIDIA)
Catalog9 19 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 20 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 21 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 22 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 23 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 24 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 25 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 26 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 27 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 28 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 29 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 30 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 31 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 32 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 33 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 34 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 35 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 36 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 37 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 38 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 39 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 40 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 41 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 42 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 43 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 44 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 45 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 46 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 47 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 48 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 49 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 50 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 51 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 52 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 53 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 54 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 55 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 56 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 57 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 58 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (04/01/2014 05:28:19 PM) (Source: System Restore) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\svchost.exe -k netsvcs; Description = Windows Update; Error = 0x80042306).

Error: (04/01/2014 05:28:14 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error DeviceIoControl(\\?\Volume{62cc4462-4762-11e0-a4e6-806e6f6e6963} - 00000188,0x0053c06c,00DA1A80,0,0042CFF0,4096,[0]).  hr = 0x8007045d, The request could not be performed because of an I/O device error.
.

Operation:
   Automatically choosing a diff-area volume
   Processing EndPrepareSnapshots

Context:
   Execution Context: System Provider

Error: (04/01/2014 05:28:04 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error DeviceIoControl(\\?\Volume{62cc4462-4762-11e0-a4e6-806e6f6e6963} - 00000180,0x0053c06c,0042DFF8,0,0042CFF0,4096,[0]).  hr = 0x8007045d, The request could not be performed because of an I/O device error.
.

Operation:
   Automatically choosing a diff-area volume
   Processing EndPrepareSnapshots

Context:
   Execution Context: System Provider

Error: (04/01/2014 05:27:54 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error DeviceIoControl(\\?\Volume{62cc4462-4762-11e0-a4e6-806e6f6e6963} - 00000188,0x0053c06c,0042DFF8,0,0042CFF0,4096,[0]).  hr = 0x8007045d, The request could not be performed because of an I/O device error.
.

Operation:
   Automatically choosing a diff-area volume
   Processing EndPrepareSnapshots

Context:
   Execution Context: System Provider

Error: (04/01/2014 05:27:45 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error DeviceIoControl(\\?\Volume{62cc4462-4762-11e0-a4e6-806e6f6e6963} - 00000140,0x0053c06c,0042DFF8,0,0042CFF0,4096,[0]).  hr = 0x8007045d, The request could not be performed because of an I/O device error.
.

Operation:
   Automatically choosing a diff-area volume
   Processing EndPrepareSnapshots

Context:
   Execution Context: System Provider

Error: (04/01/2014 05:27:35 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error DeviceIoControl(\\?\Volume{62cc4462-4762-11e0-a4e6-806e6f6e6963} - 0000013C,0x0053c06c,0042AFF0,0,00427FE8,4096,[0]).  hr = 0x8007045d, The request could not be performed because of an I/O device error.
.

Operation:
   Automatically choosing a diff-area volume
   Processing EndPrepareSnapshots

Context:
   Execution Context: System Provider

Error: (04/01/2014 02:21:28 PM) (Source: System Restore) (User: )
Description: The scheduled restore point could not be created.  Additional information: (0x80042306).

Error: (04/01/2014 02:21:28 PM) (Source: System Restore) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation; Description = Scheduled Checkpoint; Error = 0x80042306).

Error: (04/01/2014 02:21:23 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error DeviceIoControl(\\?\Volume{62cc4462-4762-11e0-a4e6-806e6f6e6963} - 00000184,0x0053c06c,0021DF70,0,0021CF68,4096,[0]).  hr = 0x8007045d, The request could not be performed because of an I/O device error.
.

Operation:
   Automatically choosing a diff-area volume
   Processing EndPrepareSnapshots

Context:
   Execution Context: System Provider

Error: (04/01/2014 02:21:13 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error DeviceIoControl(\\?\Volume{62cc4462-4762-11e0-a4e6-806e6f6e6963} - 0000014C,0x0053c06c,0021DF70,0,0021CF68,4096,[0]).  hr = 0x8007045d, The request could not be performed because of an I/O device error.
.

Operation:
   Automatically choosing a diff-area volume
   Processing EndPrepareSnapshots

Context:
   Execution Context: System Provider

System errors:
=============
Error: (04/01/2014 05:28:14 PM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.

Error: (04/01/2014 05:28:14 PM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.

Error: (04/01/2014 05:28:14 PM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.

Error: (04/01/2014 05:28:14 PM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.

Error: (04/01/2014 05:28:14 PM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.

Error: (04/01/2014 05:28:14 PM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.

Error: (04/01/2014 05:28:14 PM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.

Error: (04/01/2014 05:28:14 PM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.

Error: (04/01/2014 05:28:14 PM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.

Error: (04/01/2014 05:28:04 PM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.

Microsoft Office Sessions:
=========================
Error: (04/01/2014 05:28:19 PM) (Source: System Restore)(User: )
Description: C:\Windows\system32\svchost.exe -k netsvcsWindows Update0x80042306

Error: (04/01/2014 05:28:14 PM) (Source: VSS)(User: )
Description: DeviceIoControl(\\?\Volume{62cc4462-4762-11e0-a4e6-806e6f6e6963} - 00000188,0x0053c06c,00DA1A80,0,0042CFF0,4096,[0])0x8007045d, The request could not be performed because of an I/O device error.

Operation:
   Automatically choosing a diff-area volume
   Processing EndPrepareSnapshots

Context:
   Execution Context: System Provider

Error: (04/01/2014 05:28:04 PM) (Source: VSS)(User: )
Description: DeviceIoControl(\\?\Volume{62cc4462-4762-11e0-a4e6-806e6f6e6963} - 00000180,0x0053c06c,0042DFF8,0,0042CFF0,4096,[0])0x8007045d, The request could not be performed because of an I/O device error.

Operation:
   Automatically choosing a diff-area volume
   Processing EndPrepareSnapshots

Context:
   Execution Context: System Provider

Error: (04/01/2014 05:27:54 PM) (Source: VSS)(User: )
Description: DeviceIoControl(\\?\Volume{62cc4462-4762-11e0-a4e6-806e6f6e6963} - 00000188,0x0053c06c,0042DFF8,0,0042CFF0,4096,[0])0x8007045d, The request could not be performed because of an I/O device error.

Operation:
   Automatically choosing a diff-area volume
   Processing EndPrepareSnapshots

Context:
   Execution Context: System Provider

Error: (04/01/2014 05:27:45 PM) (Source: VSS)(User: )
Description: DeviceIoControl(\\?\Volume{62cc4462-4762-11e0-a4e6-806e6f6e6963} - 00000140,0x0053c06c,0042DFF8,0,0042CFF0,4096,[0])0x8007045d, The request could not be performed because of an I/O device error.

Operation:
   Automatically choosing a diff-area volume
   Processing EndPrepareSnapshots

Context:
   Execution Context: System Provider

Error: (04/01/2014 05:27:35 PM) (Source: VSS)(User: )
Description: DeviceIoControl(\\?\Volume{62cc4462-4762-11e0-a4e6-806e6f6e6963} - 0000013C,0x0053c06c,0042AFF0,0,00427FE8,4096,[0])0x8007045d, The request could not be performed because of an I/O device error.

Operation:
   Automatically choosing a diff-area volume
   Processing EndPrepareSnapshots

Context:
   Execution Context: System Provider

Error: (04/01/2014 02:21:28 PM) (Source: System Restore)(User: )
Description: 0x80042306

Error: (04/01/2014 02:21:28 PM) (Source: System Restore)(User: )
Description: C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreationScheduled Checkpoint0x80042306

Error: (04/01/2014 02:21:23 PM) (Source: VSS)(User: )
Description: DeviceIoControl(\\?\Volume{62cc4462-4762-11e0-a4e6-806e6f6e6963} - 00000184,0x0053c06c,0021DF70,0,0021CF68,4096,[0])0x8007045d, The request could not be performed because of an I/O device error.

Operation:
   Automatically choosing a diff-area volume
   Processing EndPrepareSnapshots

Context:
   Execution Context: System Provider

Error: (04/01/2014 02:21:13 PM) (Source: VSS)(User: )
Description: DeviceIoControl(\\?\Volume{62cc4462-4762-11e0-a4e6-806e6f6e6963} - 0000014C,0x0053c06c,0021DF70,0,0021CF68,4096,[0])0x8007045d, The request could not be performed because of an I/O device error.

Operation:
   Automatically choosing a diff-area volume
   Processing EndPrepareSnapshots

Context:
   Execution Context: System Provider

=========================== Installed Programs ============================

µTorrent (Version: 3.4.1.30740)
3ivx MPEG-4 5.0.2 (remove only) (Version: 5.0.2)
ActiveLink Connect (Version: 5.8.0.17220)
Adobe AIR (Version: 3.2.0.2070)
Adobe Community Help (Version: 3.4.980)
Adobe Download Assistant (Version: 1.2.6)
Adobe Dreamweaver CS5.5 (Version: 11.5)
Adobe Flash Player 12 ActiveX (Version: 12.0.0.77)
Adobe Flash Player 12 Plugin (Version: 12.0.0.77)
Adobe Reader X (10.0.1) (Version: 10.0.1)
Adobe Shockwave Player 11.5 (Version: 11.5.9.620)
Adobe Widget Browser (Version: 2.0 Build 230)
Adobe Widget Browser (Version: 2.0.230)
aioprnt (Version: 5.3.1.0)
Akamai NetSession Interface Service
Amazon Cloud Drive (Version: 2.4.2013.3290)
Apple Application Support (Version: 3.0.1)
Apple Mobile Device Support (Version: 7.1.1.3)
Apple Software Update (Version: 2.1.3.127)
Ask Toolbar (Version: 12.10.2.4291)
ASUSUpdate
AutoCAD Electrical 2009 (Version: 6.0.50.0)
AutoCAD Electrical 2011 (Version: 8.0.51.0)
AutoCAD Electrical 2011 Language Pack - English (Version: 8.0.51.0)
Autodesk Design Review 2011 (Version: 11.0.0.86)
Autodesk Inventor View 2009 (Version: 13.0.0000.23000)
Autodesk Inventor View 2011 (Version: 15.0.0000.23900)
Autodesk Inventor View 2011 English (Version: 15.0.0000.23900)
Autodesk Inventor View 2011 English Language Pack (Version: 15.0.0000.23900)
Autodesk Material Library 2011 (Version: 2.0.0.49)
Autodesk Material Library 2011 Base Image library (Version: 2.0.0.49)
Autodesk Material Library 2011 Medium Image library (Version: 2.0.0.49)
Autodesk Vault 2011 (Client) (Version: 15.0.58.0)
Autodesk Vault 2011 (Client) English Language Pack (Version: 15.0.58.0)
Bing Ads Intelligence (Version: 9.0.12133.121)
Blue Coat K9 Web Protection (Version: 4.4.268)
Bonjour (Version: 3.0.0.10)
Conduit Engine (Version: )
Cool & Quiet
Crystal Reports for Visual Studio (Version: 12.51.0.240)
CuteFTP 8 Professional (Version: 8.3.4)
D3DX10 (Version: 15.4.2368.0902)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Dotfuscator Software Services - Community Edition (Version: 5.0.2500.0)
Dungeonland
DWG TrueView 2009 (Version: 17.2.56.0)
DWG TrueView 2011 (Version: 18.1.49.0)
DwimPerl version 0.07 (Version: 0.07)
Express Gate (Version: 1.4.10.4)
FARO LS 1.1.406.58 (Version: 4.6.58.2)
FileZilla Client 3.0.9.3 (Version: 3.0.9.3)
Free PDF Tablet (Version: 0.1)
GDR 2550 for SQL Server 2008 R2 (KB2716440) (Version: 10.51.2550.0)
GIMP 2.6.4
Google Chrome (Version: 33.0.1750.154)
Google Earth (Version: 7.1.2.2041)
Google Update Helper (Version: 1.3.23.9)
Internet TV for Windows Media Center (Version: 4.2.2.0)
iTunes (Version: 11.1.5.5)
Java 7 Update 51 (Version: 7.0.510)
Java Auto Updater (Version: 2.1.9.8)
Junk Mail filter update (Version: 15.4.3502.0922)
Korean Fonts Support For Adobe Reader X (Version: 10.0.0)
Lame ACM MP3 Codec
MagicDisc 2.7.106
Mesh Runtime (Version: 15.4.5722.2)
Messenger Companion (Version: 15.4.3502.0922)
Microsoft .NET Framework 4 Multi-Targeting Pack (Version: 4.0.30319)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools (Version: 2.0.50217.0)
Microsoft ASP.NET MVC 2 (Version: 2.0.50217.0)
Microsoft Help Viewer 1.1 (Version: 1.1.40219)
Microsoft Office 2003 Web Components (Version: 12.0.6213.1000)
Microsoft Office Access MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000)
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Groove MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Home and Business 2010 - English (Version: 14.0.5130.5001)
Microsoft Office InfoPath MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Outlook Connector (Version: 14.0.5118.5000)
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Professional Plus 2010 (Version: 14.0.7015.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.7015.1000)
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.7015.1000)
Microsoft Office Proofing (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Word MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit (Version: 14.0.5120.5000)
Microsoft Report Viewer Redistributable 2008 (KB971119) (Version: 9.0.30731)
Microsoft Report Viewer Redistributable 2008 SP1
Microsoft Security Client (Version: 4.5.0216.0)
Microsoft Security Essentials (Version: 4.5.216.0)
Microsoft Silverlight (Version: 5.1.30214.0)
Microsoft Silverlight 3 SDK (Version: 3.0.40818.0)
Microsoft Silverlight 4 SDK (Version: 4.0.50826.0)
Microsoft SQL Server 2008 R2
Microsoft SQL Server 2008 R2 Books Online (Version: 10.50.1600.1)
Microsoft SQL Server 2008 R2 Native Client (Version: 10.51.2500.0)
Microsoft SQL Server 2008 R2 Policies (Version: 10.50.1600.1)
Microsoft SQL Server 2008 R2 RsFx Driver (Version: 10.51.2500.0)
Microsoft SQL Server 2008 R2 Setup (English) (Version: 10.51.2550.0)
Microsoft SQL Server 2008 Setup Support Files  (Version: 10.1.2731.0)
Microsoft SQL Server Browser (Version: 10.51.2500.0)
Microsoft SQL Server Compact 3.5 SP2 ENU (Version: 3.5.8080.0)
Microsoft SQL Server Compact 3.5 SP2 Query Tools ENU (Version: 3.5.8080.0)
Microsoft SQL Server System CLR Types (Version: 10.51.2500.0)
Microsoft SQL Server VSS Writer (Version: 10.51.2500.0)
Microsoft Sync Framework Runtime v1.0 SP1 (x86) (Version: 1.0.3010.0)
Microsoft Sync Framework SDK v1.0 SP1 (Version: 1.0.3010.0)
Microsoft Sync Framework Services v1.0 SP1 (x86) (Version: 1.0.3010.0)
Microsoft Sync Services for ADO.NET v2.0 SP1 (x86) (Version: 2.0.3010.0)
Microsoft Team Foundation Server 2010 Object Model - ENU (Version: 10.0.40219)
Microsoft Visual C++  Compilers 2010 Standard - enu - x86 (Version: 10.0.40219)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.50727.42)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Runtime - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual F# 2.0 Runtime (Version: 10.0.40219)
Microsoft Visual Studio 2008 Shell (integrated mode) - ENU (Version: 9.0.30729)
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools (Version: 10.0.40219)
Microsoft Visual Studio 2010 Office Developer Tools (x86) (Version: 10.0.40219)
Microsoft Visual Studio 2010 Performance Collection Tools SP1 - ENU (Version: 10.0.40219)
Microsoft Visual Studio 2010 Service Pack 1 (Version: 10.0.40219)
Microsoft Visual Studio 2010 SharePoint Developer Tools (Version: 10.0.40219)
Microsoft Visual Studio 2010 Shell (Isolated) - ENU (Version: 10.0.40219)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (Version: 10.0.40303)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (Version: 10.0.40308)
Microsoft Visual Studio 2010 Ultimate - ENU (Version: 10.0.30319)
Microsoft Visual Studio 2010 Ultimate - ENU (Version: 10.0.40219)
Microsoft Visual Studio Macro Tools (Version: 9.0.30729)
Microsoft Visual Studio Tools for Applications 2.0 - ENU (Version: 9.0.35191)
Microsoft WSE 3.0 Runtime (Version: 3.0.5305.0)
Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86 (Version: 8.0.50727.4053)
Microsoft_VC90_ATL_x86 (Version: 1.00.0000)
Microsoft_VC90_CRT_x86 (Version: 1.00.0000)
Microsoft_VC90_MFC_x86 (Version: 1.00.0000)
Microsoft_VC90_MFCLOC_x86 (Version: 1.00.0000)
MSVCRT (Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 4.0 SP2 Parser and SDK (Version: 4.20.9818.0)
Neat ADF Scanner 2008 Driver (Version: 2.0.0.61)
Neat ADF Scanner Driver (Version: 2.0.0.56)
Neat Mobile Scanner (Silver) Driver (Version: 2.0.0.63)
Neat Mobile Scanner 2008 Driver (Version: 2.0.0.69)
Neat Mobile Scanner Driver (Version: 2.0.0.122)
NeatWorks (Version: 4.9.5.5)
NeatWorks Core Files (Version: 4.9.5.5)
NETGEAR WNDA3100v2 wireless USB 2.0 adapter (Version: 1.03.000)
NVIDIA 3D Vision Driver 331.65 (Version: 331.65)
NVIDIA Control Panel 331.65 (Version: 331.65)
NVIDIA Display Control Panel (Version: 6.14.12.5896)
NVIDIA Drivers (Version: 1.4)
NVIDIA ForceWare Network Access Manager (Version: 1.00.7313)
NVIDIA Graphics Driver 331.65 (Version: 331.65)
NVIDIA HD Audio Driver 1.3.26.4 (Version: 1.3.26.4)
NVIDIA Install Application (Version: 2.1002.133.889)
NVIDIA Stereoscopic 3D Driver (Version: 7.17.13.3165)
NVIDIA Update 1.11.3 (Version: 1.11.3)
NVIDIA Update Components (Version: 1.15.2)
Pandora (Version: 2.0.8)
PC Probe II (Version: 1.04.72)
PreReq (Version: 6.2.3.0)
PVSonyDll (Version: 1.00.0001)
QuickBooks (Version: 20.0.4015.807)
QuickBooks Pro 2010 (Version: 20.0.4015.807)
QuickTime 7 (Version: 7.75.80.95)
RegServe (Version: 7.1.3.7)
RoboForm 7-8-5-7 (All Users) (Version: 7-8-5-7)
SAMSUNG USB Driver for Mobile Phones (Version: 1.5.9.0)
Search Protect (Version: 2.12.11.11)
Service Pack 1 for SQL Server 2008 R2 (KB2528583) (Version: 10.51.2500.0)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition
Sid Meier's Civilization V
Skype Click to Call (Version: 6.13.13771)
Skype™ 6.11 (Version: 6.11.102)
SmartFTP Client (Version: 4.1.1282.0)
SmartFTP Client 4.1 Setup Files (remove only) (Version: 4.1)
Spybot - Search & Destroy (Version: 2.2.25)
SQL Server 2008 R2 Reporting Services (Version: 10.50.1600.1)
SQL Server 2008 R2 SP1 Analysis Services (Version: 10.51.2500.0)
SQL Server 2008 R2 SP1 BI Development Studio (Version: 10.51.2500.0)
SQL Server 2008 R2 SP1 Client Tools (Version: 10.51.2500.0)
SQL Server 2008 R2 SP1 Common Files (Version: 10.51.2500.0)
SQL Server 2008 R2 SP1 Database Engine Services (Version: 10.51.2500.0)
SQL Server 2008 R2 SP1 Database Engine Shared (Version: 10.51.2500.0)
SQL Server 2008 R2 SP1 Full text search (Version: 10.51.2500.0)
SQL Server 2008 R2 SP1 Integration Services (Version: 10.51.2500.0)
SQL Server 2008 R2 SP1 Management Studio (Version: 10.51.2500.0)
SQL Server 2008 R2 SP1 Reporting Services (Version: 10.51.2500.0)
Sql Server Customer Experience Improvement Program (Version: 10.50.1600.1)
Steam (Version: 1.0.0.0)
SUABnR (Version: 1.1.0.13103_1)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition
Update for Microsoft Filter Pack 2.0 (KB2837594) 32-Bit Edition
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition
Update for Microsoft InfoPath 2010 (KB2817396) 32-Bit Edition
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition
Update for Microsoft Office 2010 (KB2863818) 32-Bit Edition
Update for Microsoft Office 2010 (KB2878225) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2775360) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition
Update for Microsoft Visio 2010 (KB2878227) 32-Bit Edition
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition
Update for Microsoft Word 2010 (KB2837593) 32-Bit Edition
USB Enhanced Performance Keyboard Software (Version: 2.0.1.7)
uTorrentBar Toolbar (Version: 6.2.7.3)
VBA (2627.01) (Version: 6.03.00.9402)
Verizon Wireless Software Upgrade Assistant - Samsung(ar) (Version: 2.13.1103)
Verizon Wireless Software Utility Application for Android - Samsung (Version: 2.14.0106)
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU (Version: 4.0.8080.0)
WCF RIA Services V1.0 SP1 (Version: 4.1.60114.0)
Web Deployment Tool (Version: 1.1.0618)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3555.0308)
Windows Live Family Safety (Version: 15.4.3555.0308)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Mesh (Version: 15.4.3502.0922)
Windows Live Mesh ActiveX Control for Remote Connections (Version: 15.4.5722.2)
Windows Live Messenger (Version: 15.4.3538.0513)
Windows Live Messenger Companion Core (Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)
Windows Media Center Add-in for Flash (Version: 4.1.2.0)
WinRAR 4.00 (32-bit) (Version: 4.00.0)
WinSCP 5.1 (Version: 5.1)
Yahoo! Software Update
Yahoo! Toolbar

========================= Memory info: ===================================

Percentage of memory in use: 56%
Total physical RAM: 3327.18 MB
Available physical RAM: 1434.59 MB
Total Pagefile: 6654.35 MB
Available Pagefile: 3508.57 MB
Total Virtual: 2047.88 MB
Available Virtual: 1940.5 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:465.75 GB) (Free:288.25 GB) NTFS

========================= Users: ========================================

User accounts for \\HAL

Administrator            Bryan                    Chasity                 
cody                     Guest                    Kenny                   
Rebekah                  Sandy                    UpdatusUser             

**** End of log ****



#4 reaper61

reaper61
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:03:10 PM

Posted 01 April 2014 - 06:24 PM

I see that Minitoolbox is reporting about 3GB of ram. I actually have 8MB installed.



#5 reaper61

reaper61
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:03:10 PM

Posted 01 April 2014 - 06:52 PM

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 4/1/2014
Scan Time: 6:49:57 PM
Logfile: mbam.txt
Administrator: Yes

Version: 2.00.0.1000
Malware Database: v2014.04.01.10
Rootkit Database: v2014.03.27.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Chameleon: Disabled

OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: Bryan

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 495143
Time Elapsed: 21 min, 50 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Shuriken: Enabled
PUP: Enabled
PUM: Enabled

Processes: 1
PUP.Optional.Spigot.A, C:\Users\Bryan\AppData\Local\Temp\Offercast2802_IJBME_.exe, 153944, , [a28c28fd601b7eb8a0176eae6b962ed2]

Modules: 0
(No malicious items detected)

Registry Keys: 11
PUP.Optional.Conduit.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\CltMngSvc, , [ed41d3526c0f9f97d970ea2ca65b0cf4],
PUP.Optional.SearchProtect.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\SearchProtect, , [e14d41e4760564d28661a3e727dcea16],
PUP.Optional.Iminent.A, HKLM\SOFTWARE\Iminent, , [919d240137449a9c5612d59669990ef2],
PUP.Optional.SweetIM.A, HKLM\SOFTWARE\SWEETIM, , [ae8036ef48331422019e018033d07090],
PUP.Optional.DataMngr.A, HKU\S-1-5-21-1178965750-4173072479-2815618880-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\DataMngr, , [ca649c89f2893bfb5436d2aed92a9070],
PUP.Optional.DataMngr.A, HKU\S-1-5-21-1178965750-4173072479-2815618880-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\DataMngr_Toolbar, , [d25cb86d3348033339507b050bf8e719],
PUP.Optional.PriceGong.A, HKU\S-1-5-21-1178965750-4173072479-2815618880-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\PriceGong, , [79b5e144760573c3179a99cb79890af6],
PUP.Optional.PriceGong.A, HKU\S-1-5-21-1178965750-4173072479-2815618880-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\PriceGong, , [f13dd84da4d76ec881306df74fb3629e],
PUP.Optional.PriceGong.A, HKU\S-1-5-21-1178965750-4173072479-2815618880-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\PriceGong, , [9d91fa2b6912d066f7bae97bcc369d63],
PUP.Optional.PriceGong.A, HKU\S-1-5-21-1178965750-4173072479-2815618880-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\PriceGong, , [1c121f06671450e6d6db9aca679b728e],
PUP.Optional.PriceGong.A, HKU\S-1-5-21-1178965750-4173072479-2815618880-1018-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\PriceGong, , [b777988d08730432159c471dab57eb15],

Registry Values: 6
PUP.Optional.HomePageProtector.A, HKLM\SOFTWARE\MOZILLA\FIREFOX\EXTENSIONS\{336D0C35-8A85-403a-B9D2-65C292C39087}, , [60ce7da89cdffd39ad4da16728da847c],
PUP.Optional.HomePageProtector.A, HKLM\SOFTWARE\MOZILLA\FIREFOX\EXTENSIONS|{336D0C35-8A85-403A-B9D2-65C292C39087}, C:\Program Files\IB Updater\Firefox, , [60ce7da89cdffd39ad4da16728da847c]
PUP.Optional.HomePageProtector.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS|{336D0C35-8A85-403A-B9D2-65C292C39087}, C:\Program Files\IB Updater\Firefox, , [60ce7da89cdffd39ad4da16728da847c]
PUP.Optional.HomePageProtector.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS\{336D0C35-8A85-403a-B9D2-65C292C39087}, , [18163aeb2e4d84b2c733e4248082e917],
PUP.Optional.SweetIM.A, HKLM\SOFTWARE\SWEETIM|simapp_id, 11111111, , [ae8036ef48331422019e018033d07090]
PUP.Optional.BProtector, HKU\S-1-5-21-1178965750-4173072479-2815618880-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|BrowserMngr Start Page, about:blank, , [36f8d1547209102606b5cfbeae55a45c]

Registry Data: 1
PUP.Optional.Conduit.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS|AppInit_DLLs, C:\PROGRA~1\SearchProtect\SearchProtect\bin\SPVC32Loader.dll, Good: (), Bad: (C:\PROGRA~1\SearchProtect\SearchProtect\bin\SPVC32Loader.dll),,[d15d998cd6a5c175f158f422ed149e62]

Folders: 18
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect, , [e14d41e4760564d28661a3e727dcea16],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\Main, , [e14d41e4760564d28661a3e727dcea16],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\Main\bin, , [e14d41e4760564d28661a3e727dcea16],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\Main\rep, , [e14d41e4760564d28661a3e727dcea16],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\SearchProtect, , [e14d41e4760564d28661a3e727dcea16],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\SearchProtect\bin, , [e14d41e4760564d28661a3e727dcea16],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\SearchProtect\rep, , [e14d41e4760564d28661a3e727dcea16],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI, , [e14d41e4760564d28661a3e727dcea16],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\bin, , [e14d41e4760564d28661a3e727dcea16],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs, , [e14d41e4760564d28661a3e727dcea16],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\bubble, , [e14d41e4760564d28661a3e727dcea16],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\Images, , [e14d41e4760564d28661a3e727dcea16],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\libs, , [e14d41e4760564d28661a3e727dcea16],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\protection, , [e14d41e4760564d28661a3e727dcea16],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\protectionDS, , [e14d41e4760564d28661a3e727dcea16],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\settings, , [e14d41e4760564d28661a3e727dcea16],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\uninstall, , [e14d41e4760564d28661a3e727dcea16],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\rep, , [e14d41e4760564d28661a3e727dcea16],

Files: 82
PUP.Optional.Conduit.A, C:\Program Files\SearchProtect\Main\bin\CltMngSvc.exe, , [ed41d3526c0f9f97d970ea2ca65b0cf4],
PUP.Optional.Conduit.A, C:\Program Files\SearchProtect\SearchProtect\bin\SPVC32Loader.dll, , [d15d998cd6a5c175f158f422ed149e62],
PUP.Optional.Spigot.A, C:\Users\Bryan\AppData\Local\Temp\Offercast2802_IJBME_.exe, , [a28c28fd601b7eb8a0176eae6b962ed2],
PUP.Optional.InstallIQ.A, C:\RECYCLER\S-1-5-21-854245398-1604221776-839522115-1007\Dc24.exe, , [0925e5409be0f3439c9c42cce918d42c],
PUP.Optional.Conduit.A, C:\Users\Sandy\AppData\Local\Temp\SPSetup.exe, , [2905b76ed1aa96a0f455c74f6e937d83],
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsq13B2.exe, , [d65883a297e4290d1445db465da4c63a],
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsq2ED1.exe, , [be705fc602791c1a0851140d5aa741bf],
PUP.Optional.Spigot.A, C:\Users\Bryan\Downloads\FreePDFTabletInstall.exe, , [9c923ee7b8c38aac11a6988498692bd5],
PUP.Optional.AirAdInstaller, C:\Users\Bryan\Downloads\Spybot-Search-Destroy.exe, , [ac8226ff5229f83e3bcf37031ae648b8],
PUP.Optional.AirInstaller, C:\Users\Bryan\Downloads\java.exe, , [e44a10157cff1d196fe573bb709107f9],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\EULA.txt, , [e14d41e4760564d28661a3e727dcea16],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\Main\bin\SPTool.dll, , [e14d41e4760564d28661a3e727dcea16],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\Main\bin\uninstall.exe, , [e14d41e4760564d28661a3e727dcea16],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\Main\rep\SystemRepository.dat, , [e14d41e4760564d28661a3e727dcea16],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\SearchProtect\bin\cltmng.exe, , [e14d41e4760564d28661a3e727dcea16],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\SearchProtect\bin\SPTool64.exe, , [e14d41e4760564d28661a3e727dcea16],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\SearchProtect\bin\SPVC32.dll, , [e14d41e4760564d28661a3e727dcea16],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\SearchProtect\bin\SPVC32Loader.dll_1396318446491, , [e14d41e4760564d28661a3e727dcea16],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\SearchProtect\bin\SPVC64.dll, , [e14d41e4760564d28661a3e727dcea16],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\SearchProtect\bin\SPVC64Loader.dll, , [e14d41e4760564d28661a3e727dcea16],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\bin\cltmngui.exe, , [e14d41e4760564d28661a3e727dcea16],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\settings.html, , [e14d41e4760564d28661a3e727dcea16],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\style.css, , [e14d41e4760564d28661a3e727dcea16],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\bubble\bubble.css, , [e14d41e4760564d28661a3e727dcea16],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\bubble\bubble.html, , [e14d41e4760564d28661a3e727dcea16],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\bubble\bubble.js, , [e14d41e4760564d28661a3e727dcea16],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\bubble\defaults.js, , [e14d41e4760564d28661a3e727dcea16],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\Images\btnClose.png, , [e14d41e4760564d28661a3e727dcea16],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\Images\info-icon.png, , [e14d41e4760564d28661a3e727dcea16],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\Images\Apply-default.png, , [e14d41e4760564d28661a3e727dcea16],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\Images\Apply-onclick.png, , [e14d41e4760564d28661a3e727dcea16],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\Images\Apply-Rollover.png, , [e14d41e4760564d28661a3e727dcea16],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\Images\bg-with-logo.png, , [e14d41e4760564d28661a3e727dcea16],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\Images\bg.png, , [e14d41e4760564d28661a3e727dcea16],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\Images\bgNotif.png, , [e14d41e4760564d28661a3e727dcea16],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\Images\bgSettings.png, , [e14d41e4760564d28661a3e727dcea16],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\Images\bgSettingsDS.png, , [e14d41e4760564d28661a3e727dcea16],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\Images\bgUninstall.png, , [e14d41e4760564d28661a3e727dcea16],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\Images\btnBlue.png, , [e14d41e4760564d28661a3e727dcea16],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\Images\btnSilver.png, , [e14d41e4760564d28661a3e727dcea16],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\Images\checkbox.png, , [e14d41e4760564d28661a3e727dcea16],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\Images\checkbox_checked.png, , [e14d41e4760564d28661a3e727dcea16],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\Images\checkbox_def.png, , [e14d41e4760564d28661a3e727dcea16],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\Images\close-win-def.png, , [e14d41e4760564d28661a3e727dcea16],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\Images\close-win-over-click.png, , [e14d41e4760564d28661a3e727dcea16],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\Images\gray-bg.png, , [e14d41e4760564d28661a3e727dcea16],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\Images\hez-def.png, , [e14d41e4760564d28661a3e727dcea16],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\Images\hez-selected.png, , [e14d41e4760564d28661a3e727dcea16],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\Images\hez.png, , [e14d41e4760564d28661a3e727dcea16],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\Images\icon-win.png, , [e14d41e4760564d28661a3e727dcea16],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\Images\menu-rollover.png, , [e14d41e4760564d28661a3e727dcea16],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\Images\menu-selected.png, , [e14d41e4760564d28661a3e727dcea16],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\Images\radio-button-def.png, , [e14d41e4760564d28661a3e727dcea16],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\Images\radio-button-selected.png, , [e14d41e4760564d28661a3e727dcea16],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\Images\radio-button.png, , [e14d41e4760564d28661a3e727dcea16],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\Images\radio-button2.png, , [e14d41e4760564d28661a3e727dcea16],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\Images\Settings-icon.png, , [e14d41e4760564d28661a3e727dcea16],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\Images\text-field.png, , [e14d41e4760564d28661a3e727dcea16],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\Images\v.png, , [e14d41e4760564d28661a3e727dcea16],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\Images\x.png, , [e14d41e4760564d28661a3e727dcea16],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\libs\defaults.js, , [e14d41e4760564d28661a3e727dcea16],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\libs\dialogUtils.js, , [e14d41e4760564d28661a3e727dcea16],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\libs\jquery.1.7.1.min.js, , [e14d41e4760564d28661a3e727dcea16],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\libs\json2.min.js, , [e14d41e4760564d28661a3e727dcea16],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\libs\main.js, , [e14d41e4760564d28661a3e727dcea16],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\libs\SPDialogAPI.js, , [e14d41e4760564d28661a3e727dcea16],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\protection\defaults.js, , [e14d41e4760564d28661a3e727dcea16],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\protection\protection.css, , [e14d41e4760564d28661a3e727dcea16],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\protection\protection.html, , [e14d41e4760564d28661a3e727dcea16],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\protection\protection.js, , [e14d41e4760564d28661a3e727dcea16],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\protectionDS\defaults.js, , [e14d41e4760564d28661a3e727dcea16],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\protectionDS\protectionDS.css, , [e14d41e4760564d28661a3e727dcea16],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\protectionDS\protectionDS.html, , [e14d41e4760564d28661a3e727dcea16],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\protectionDS\protectionDS.js, , [e14d41e4760564d28661a3e727dcea16],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\settings\defaults.js, , [e14d41e4760564d28661a3e727dcea16],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\settings\settings.css, , [e14d41e4760564d28661a3e727dcea16],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\settings\settings.html, , [e14d41e4760564d28661a3e727dcea16],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\settings\settings.js, , [e14d41e4760564d28661a3e727dcea16],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\uninstall\defaults.js, , [e14d41e4760564d28661a3e727dcea16],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\uninstall\uninstall.css, , [e14d41e4760564d28661a3e727dcea16],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\uninstall\uninstall.html, , [e14d41e4760564d28661a3e727dcea16],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\uninstall\uninstall.js, , [e14d41e4760564d28661a3e727dcea16],

Physical Sectors: 0
(No malicious items detected)

(end)



#6 reaper61

reaper61
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:03:10 PM

Posted 01 April 2014 - 07:02 PM

Looks like something took over my Outlook as well. I now have thousands of failed delivery notices in the Inbox.



#7 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,323 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:10 PM

Posted 01 April 2014 - 09:22 PM

There are many issues on here. Did you run ESET yet? If  not do that.


How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#8 reaper61

reaper61
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:03:10 PM

Posted 02 April 2014 - 07:33 PM

C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application deleted - quarantined
C:\Program Files\AskPartnerNetwork\Toolbar\APNSetup.exe a variant of Win32/Bundled.Toolbar.Ask.E potentially unsafe application deleted - quarantined
C:\Program Files\AskPartnerNetwork\Toolbar\UpdateManager.exe a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application deleted - quarantined
C:\Program Files\AskPartnerNetwork\Toolbar\BCPA5-V7\Source\AskToolbarInstaller-12.10.2_BCPA5-V7.msi a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application deleted - quarantined
C:\Program Files\AskPartnerNetwork\Toolbar\BCPA5-V7\Source\program files\AskPartnerNetwork\Toolbar\apnmcp.exe a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application deleted - quarantined
C:\Program Files\AskPartnerNetwork\Toolbar\BCPA5-V7\Source\program files\AskPartnerNetwork\Toolbar\searchhook.dll a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application deleted - quarantined
C:\Program Files\AskPartnerNetwork\Toolbar\BCPA5-V7\Source\program files\AskPartnerNetwork\Toolbar\ServiceLocator.exe a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application deleted - quarantined
C:\Program Files\AskPartnerNetwork\Toolbar\BCPA5-V7\Source\program files\AskPartnerNetwork\Toolbar\SO.dll a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application deleted - quarantined
C:\Program Files\AskPartnerNetwork\Toolbar\BCPA5-V7\Source\program files\AskPartnerNetwork\Toolbar\toolbar.dll a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application deleted - quarantined
C:\Program Files\AskPartnerNetwork\Toolbar\BCPA5-V7\Source\program files\AskPartnerNetwork\Toolbar\Toolbar.exe a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application deleted - quarantined
C:\Program Files\AskPartnerNetwork\Toolbar\BCPA5-V7\Source\program files\AskPartnerNetwork\Toolbar\ToolbarPS.dll a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application deleted - quarantined
C:\Program Files\AskPartnerNetwork\Toolbar\BCPA5-V7\Source\program files\AskPartnerNetwork\Toolbar\toolbar_x64.dll a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application deleted - quarantined
C:\Program Files\AskPartnerNetwork\Toolbar\BCPA5-V7\Source\program files\AskPartnerNetwork\Toolbar\UpdateManager.exe a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application deleted - quarantined
C:\Program Files\AskPartnerNetwork\Toolbar\BCPA5-V7\Source\program files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application deleted - quarantined
C:\Program Files\AskPartnerNetwork\Toolbar\BCPA5-V7\Source\program files\AskPartnerNetwork\Toolbar\{PartnerID}\Passport.dll a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application deleted - quarantined
C:\Program Files\AskPartnerNetwork\Toolbar\BCPA5-V7\Source\program files\AskPartnerNetwork\Toolbar\{PartnerID}\Passport_x64.dll a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application deleted - quarantined
C:\Program Files\AskPartnerNetwork\Toolbar\BCPA5-V7\Source\program files\VNT\vntldr.exe a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application deleted - quarantined
C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application deleted - quarantined
C:\Program Files\ConduitEngine\ConduitEngine.dll a variant of Win32/Toolbar.Conduit.B potentially unwanted application deleted - quarantined
C:\Program Files\RegServe\RSRegistryUtil.dll a variant of Win32/Adware.RegDefense application cleaned by deleting - quarantined
C:\Program Files\uTorrentBar\tbuTor.dll a variant of Win32/Toolbar.Conduit.B potentially unwanted application deleted - quarantined
C:\Program Files\VNT\vntldr.exe a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application deleted - quarantined
C:\Users\Bryan\AppData\Local\Temp\APNSetup.exe.tmp a variant of Win32/Bundled.Toolbar.Ask.E potentially unsafe application deleted - quarantined
C:\Users\Bryan\AppData\Local\VNT\vntldr.exe a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application deleted - quarantined
C:\Users\Bryan\AppData\LocalLow\uTorrentBar\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.1.1\bin\PriceGongIE.dll a variant of Win32/PriceGong.A potentially unwanted application deleted - quarantined
C:\Users\Bryan\Documents\APNSetup.exe a variant of Win32/Bundled.Toolbar.Ask.E potentially unsafe application deleted - quarantined
C:\Users\Bryan\Documents\APNSetup1.exe a variant of Win32/Bundled.Toolbar.Ask.E potentially unsafe application deleted - quarantined
C:\Users\Bryan\Downloads\regserve-setup.exe a variant of Win32/Adware.RegDefense application cleaned by deleting - quarantined
C:\Users\Chasity\AppData\LocalLow\uTorrentBar\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.6.12\bin\PriceGongIE.dll a variant of Win32/PriceGong.A potentially unwanted application deleted - quarantined
C:\Users\Rebekah\AppData\LocalLow\uTorrentBar\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.1.1\bin\PriceGongIE.dll a variant of Win32/PriceGong.A potentially unwanted application deleted - quarantined
C:\Users\Sandy\AppData\LocalLow\uTorrentBar\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.1.1\bin\PriceGongIE.dll a variant of Win32/PriceGong.A potentially unwanted application deleted - quarantined
C:\Users\Sandy\Downloads\Unconfirmed 584034.crdownload Win32/Toolbar.Conduit potentially unwanted application deleted - quarantined
C:\Users\Sandy\Downloads\Unconfirmed 790564.crdownload Win32/Toolbar.Conduit potentially unwanted application deleted - quarantined
C:\Windows\Installer\9f851e1.msi a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application deleted - quarantined
 



#9 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,323 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:10 PM

Posted 02 April 2014 - 08:05 PM

Run Malwarebytes (MBAM) again.
2.0 Threat Scan
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • IMPORTANT
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
Post the new log

Edited by boopme, 02 April 2014 - 08:06 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#10 reaper61

reaper61
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:03:10 PM

Posted 03 April 2014 - 03:37 PM

Let's try that again...

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 4/3/2014
Scan Time: 3:03:09 PM
Logfile: mbam-2.txt
Administrator: Yes

Version: 2.00.0.1000
Malware Database: v2014.04.03.08
Rootkit Database: v2014.03.27.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Chameleon: Disabled

OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: Bryan

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 496220
Time Elapsed: 19 min, 8 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Shuriken: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 1
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\SearchProtect\bin, Delete-on-Reboot, [e70da283b4c731052c1272e3f30fa45c],

Files: 1
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\SearchProtect\bin\SPVC32Loader.dll, Delete-on-Reboot, [e70da283b4c731052c1272e3f30fa45c],

Physical Sectors: 0
(No malicious items detected)


(end)

#11 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,323 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:10 PM

Posted 03 April 2014 - 09:00 PM

reboot if you haven't and Run MSE.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#12 reaper61

reaper61
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:03:10 PM

Posted 05 April 2014 - 11:31 AM

MSE found DOS.Rovnix.W

Category: Virus

Description: This program is dangerous and replicates by infecting other files.

Recommended action: Remove this software immediately.

Items:
boot:\\.\PHYSICALDRIVE0\Partition0 (NTFS)

#13 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,323 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:10 PM

Posted 05 April 2014 - 09:07 PM

Sorry for the delay.. It does appear that it's protected and we need a deeper look. Please follow this Preparation Guide, do steps 6,7 and 8 and post in a new topic.
Let me know if all went well.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#14 reaper61

reaper61
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:03:10 PM

Posted 07 April 2014 - 09:04 PM

I ran DDS.exe as required, but it only produces attach.txt and not DDS.txt.
I started a new topic as instructed.

#15 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,323 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:10 PM

Posted 07 April 2014 - 09:43 PM

Ok, the new  topic is good. We can start there.. http://www.bleepingcomputer.com/forums/t/530314/dosrovnixw-infection/

 

Now that your log is properly posted, you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a Malware Removal Team member, nor should you continue to ask for help elsewhere. Doing so can result in system changes which may not show it the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.
From this point on the Malware Removal Team should be the only members that you take advice from, until they have verified your log as clean.
Please be patient. It may take a while to get a response because the Malware Removal Team members are very busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the Malware Removal Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another MRL Team member is already assisting you and not open the thread to respond.
The current wait time is 1 - 5 days and ALL logs are answered.
If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.
To avoid confusion, I am closing this topic.


How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users